TEST BANK
ACCOUNTING INFORMATION SYSTEMS THE PROCESSES AND CONTROLS 2ND EDITION BY LESLIE TURNER, ANDREA WEICKGENANNT SOLUTIONS MANUAL Chapter 1 Concept Check 1. d 2. d 3. b 4. c 5. c 6. c 7. b 8. b 9. b 10. a
Discussion Questions 11. (SO 1) How might the sales and cash collection processes at a Wal-Mart store differ from the sales and cash collection processes at McDonald’s? Wal-Mart sells items that are pre-priced and bar coded with that price. Therefore the cash registers at Wal-Mart use bar code scanners. However, McDonalds sells fast foods that are not bar coded. The cash registers at McDonalds use touch screen systems that require a cashier to indicate the items purchased. The cash collection processes are not different. In both cases, the employee collects the cash or credit card, and returns any change. 12. (SO 1) Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order? Student responses may vary, however, following are a few examples: Often, at either the drive-through or the inside cash register, the customer can see a screen that displays the items ordered. In addition, a fast food restaurant uses pre-designed slots to hold certain types of menu items. When a customer orders a particular sandwich, the person filling the order knows exactly which slot to pull the sandwich from. Each customer receives a printed receipt with the items listed and the customer can verify the accuracy. 13. (SO 1) How might the sales and cash collection processes at Boeing Co. (maker of commercial passenger jets) differ from the sales and cash collection processes at
Page 1-1
Chapter 1 Solutions
Introduction to AIS
McDonald’s? Boeing does not sell to end-user consumers; rather, it sells to companies such as airlines. Therefore Boeing does not have stores, nor inventory in stores, nor cash registers to process sales. Boeing is more likely to maintain a sales force that visits potential customers to solicit sales. Those sales may be entered by the salesperson into a laptop computer connected to Boeing’s network. McDonald’s, on the other hand, sells to consumers, uses order input touch screens at each location, and maintains supplies of perishable food products. 14. (SO 1) Are there business processes that do not in some way affect accounting records or financial statements? There may be processes that do not directly affect accounting records (such as recruiting and hiring a new employee), but all processes have a direct or indirect affect on accounting records. All processes use resources such as material or employee time. Therefore, all processes have expenses related to those processes that will affect the accounting records. 15. (SO 2) Briefly describe the five components of an accounting information system. 1. Work steps within a business process that capture accounting data as the business process occurs. 2. Manual or computer-based records that capture the accounting data from the business processes. 3. Internal controls within the business process that safeguard assets and ensure accuracy and completeness of the data. 4. Work steps that process, classify, summarize, and consolidate the raw accounting data. 5. Work steps that generate both internal and external reports. 16. (SO 2) Describe how sales data are captured and recorded at a restaurant such as Applebee’s. At most Applebee’s restaurants, a server writes the order on a pad and carries that pad to a cash register. The server enters the order on a touch screen terminal. The order information is then displayed on a terminal in the kitchen. When the customer has finished the meal, the server prints a check and delivers the check to the table. The customer pays the server by using cash or a credit card. The server processes the payment on the touch screen register and returns the change or credit card slip to the customer. 17. (SO 2) What occurs in an accounting information system that classifies accounting transactions? For each business process that affects accounting records, the accounting information system must capture any resulting accounting data, record the data, process it through classification, summarization, and consolidation, and generate appropriate reports. 18. (SO 2) What are the differences between internal reports and external reports generated by the accounting information system? Internal reports are used by management to oversee and direct processes within the organization. External reports are the financial statements used by investors and creditors to make
Page 1-2
Chapter 1 Solutions
Introduction to AIS
decisions about investing or extending credit to the organization. 19. (SO 3) What types of businesses are in the supply chain of an automobile manufacturer? The types of businesses in an automaker’s supply chain are often manufacturers of parts used in cars. This would include manufacturers of tires, batteries, steel, plastic, vinyl and leather, as well as many other manufacturers making the thousands of parts in a car. 20. (SO 3) When a company evaluates a supplier of materials, what kinds of characteristics might be evaluated? The supplier’s characteristics that are likely to be evaluated include price and payment terms, quality, reliability of the materials, as well as whether the supplier can deliver materials when needed. 21. (SO 3) How do you think a company may be able to influence a supplier to meet its business processing requirements? A company may be able to influence a supplier by choosing only suppliers that meet expectations regarding the terms of price, quality, and delivery timing. Those suppliers that do not meet these expectations may not be used in the future. This exerts some influence over suppliers, as the suppliers will lose business if they do not meet the buyer’s requirements. 22. (SO 4) Describe any IT enablement that you have noticed at a large retail store such as Wal-Mart or Target. The most noticeable IT enablement is the use of bar coded systems on the products and how they are read by the cash registers. 23. (SO 4) How do you think the World Wide Web (WWW) has led to business process reengineering at companies such as Lands End or J.Crew? Prior to the World Wide Web, customers placed orders either on the phone or by mail. Both phone and mail orders require employees to take the order and enter it into the computer system. Using online sales, customers enter their own orders and no company personnel are needed to key orders into the computer system. Therefore, there was a major change in the number of people employed to key orders. 24. (SO 4) What two kinds of efficiency improvement result from business process reengineering in conjunction with IT systems? The use of IT systems usually leads to two kinds of efficiency improvements. First, the underlying processes are reengineered (through rethinking and redesign) to be conducted more efficiently. Second, the IT systems improve the efficiency of the underlying processes. 25. (SO 5) Explain the differences between a field, a record, and a file. A field is one set of characters that make up a single data item. For example, last name would be a field in a customer database. A record is a collection of related fields for a single entity. For example, last name, first name, address, phone number, and credit card number fields might make up a single customer record. A file is a collection of similar records. For example, all customer records together make up a customer file.
Page 1-3
Chapter 1 Solutions
Introduction to AIS
26. (SO 5) Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee. When the desired action is to access a single record, random access is preferable. If sequential access storage is used, all records must be read in sequence until the desired record is reached. On the other hand, random access allows a single record to be accessed without the necessity of reading other records. This makes it more efficient to access a particular employee record to change the pay rate. 27. (SO 5) Why do real-time systems require direct access files? If transactions are to be processed online and in real-time, it is necessary that the computer access a single record immediately. Thus, direct access files are required so the records can be accessed in real-time. 28. (SO 5) Why is data contained in the data warehouse called nonvolatile? Each time a new transaction is completed, parts of the operational data must be updated. Therefore, the operational database is volatile – with constantly changing information. However, the data warehouse does not change with each transaction. The data warehouse is only changed when periodic updates occur. The data in the data warehouse are nonvolatile because they do not change constantly. 29. (SO 5) How is an extranet different from the Internet? The extranet allows access only to selected outsiders, while the Internet is open to an unlimited number of outsiders (essentially anyone having access to the Internet). On the other hand, extranets are typically used by companies to interact with specific suppliers and customers who have been granted access to a company’s network. 30. (SO 6) Prepare a list of the types of businesses that you have been in that use point of sale systems. Student responses may vary, but would likely include department stores, grocery stores, specialty stores, restaurants, gas stations, and car washes. 31. (SO 6) What do you think would be the advantages of an e-payables system over a traditional system that uses paper purchase orders and invoices? An e-payables system should be faster and more efficient than a paper-based system. In addition, fewer processing errors should be expected from an e-payables system. 32. (SO 7) Describe why enterprise risk management is important. All organizations face risks and Enterprise Risk Management (ERM) assists managers in reducing and controlling risk. ERM also involves personnel across the entire business organization, as they implement strategies to achieve the organization’s objectives. 33. (SO 7) What is the difference between general controls and application controls? General controls apply overall to the IT accounting system. They are controls that are not restricted to any particular accounting application. An example of a general control is the use of passwords to allow only authorized users to log into an IT-based accounting system. Application controls are used specifically in accounting applications to control inputs, processing, and output. Application controls are
Page 1-4
Chapter 1 Solutions
Introduction to AIS
intended to insure that inputs are accurate and complete, processing is accurate and complete, and that outputs are properly distributed, controlled, and disposed. 34. (SO 7) In what way is a code of ethics beneficial to an organization? If top management institutes a code of ethics and emphasizes this code by modeling its principles and disciplining or discharging those who violate the code, it can help reduce unethical behavior in the organization. 35. (SO 8) What roles do accountants have in relation to the accounting information system? Accountants are users of the AIS, they assist in the design of the AIS, and they are auditors of the AIS.
Brief Exercises 36. (SO 1) For each category of business processes (revenue, expenditure, conversion, administrative), give an example of a business process. Student responses are likely to vary greatly, as they may refer to any of the subprocesses within each category. For example, the revenue processes include sales, sales returns, and cash collections; the expenditure processes include purchasing, purchase returns, cash disbursements, payroll, and fixed asset processes; the conversion processes include planning, resource management, and logistics; administrative processes include capital processes, investments, and general ledger processes. Accordingly, any type of business process can be cited to answer this question, but the student must match the example with the appropriate process. 37. (SO 2) Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems? Student responses are likely to vary greatly, as nearly every department within a business organization uses reports generated by the accounting information systems. For example, sales departments need customer account information to help in their efforts to sell products to customers. Purchasing departments need product information to help in their efforts to purchase products needed in the business. These types of information are maintained in accounting information systems. There are numerous additional examples that could apply. 38. (SO 3) Explain a supply chain linkage and give an example. A supply chain linkage is the connection of activities in the supply chain, including the entities, processes, and information flows that involve the movement of materials, funds, and related information through the full logistics process – from the acquisition of raw materials to the delivery of finished products to the end user. It therefore includes the linked activities of vendors, service providers, customers, and intermediaries. In addition to the example of McDonald’s buns given in the text, another example would be a shirt sold by the Gap. The Gap’s supply chain linkage would likely include a supplier from whom the shirt was purchased, a manufacturer who assembled and sewed the shirt,
Page 1-5
Chapter 1 Solutions
Introduction to AIS
a secondary supplier that provided the fabric from which the shirt was constructed, and a farmer who raised cotton used to make the fabric. 39. (SO 4) Explain how business process reengineering occurs. Also, explain how it differs from the typical changes in company policies. With business process reengineering (BPR), the underlying business processes are reengineered to be conducted more efficiently. In other words, a comprehensive rethinking and redesign takes place in order to enhance performance of the process. A key component of BPR is the leveraging of IT capabilities to improve process efficiencies. BPR differs from typically organizational change in that it involves “thinking outside the box” in order to offer completely new and improved methods for business processes. 40. (SO 5) For an accounts receivable system, what kind of data would be found in the master files and transaction files, respectively? An accounts receivable master file would include relatively permanent data necessary to process customer transactions. This would include a record for each customer. The data in the master file would likely include customer name, address, phone numbers, credit limit, and current balance. A transaction file for accounts receivable would contain the relatively temporary data that must be processed to update the master file, such as details from individual sales and cash collection transactions from customers. 41. (SO 5) Describe the differences in the following three types of processing: a. Batch processing involves the grouping of similar transactions to be processed together; b. Online processing involves processing individual transactions, one-at-a-time; and c. Real-time processing is an online processing method that involves the immediate processing of individual transactions. 42. (SO 5) The networks discussed in this chapter were LANs, Internet, intranet, and extranet. Explain each. A LAN is a computer network that spans a relatively small area such as a building or group of buildings within a business organization. The Internet is the global computer network made up of millions upon millions of computers and subnetworks throughout the world. An intranet is an organization’s private computer network, accessible only by employees of that organization to share data and manage projects. An extranet is an expansion of an intranet that allows limited access to designated outsiders such as customers and suppliers. 43. (SO 7) Give a brief summary of each of the following: a. enterprise risk management is an ongoing strategy-setting and risk assessment process that is effected by top management but involves personnel across the entire entity. b. corporate governance is an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process.
Page 1-6
Chapter 1 Solutions
Introduction to AIS
c. IT governance is the corporate governance process that applies specifically to the proper management, control, and use of IT systems. 44. (SO 9) Describe why accountants should be concerned about ethics. Accountants should be concerned about ethics because accounting information systems are often the tools used to commit or cover up unethical behavior. Accountants need to be aware of the possibility of fraud within the AIS so that they can help develop and implement effective internal controls to reduce the risk of such unethical acts. In addition, accountants need to be prepared to resist the temptation to commit unethical acts and to avoid being coerced into assisting with a fraudulent cover-up. 45. (SO 9) Kelli Droyer is currently pursuing her accounting degree at Bromfeld University. She has excelled in each of her major courses to date; however, she tends to struggle in her computer classes and with assignments requiring use of computer technology. Nevertheless, Kelli confidently claims that she will become an excellent accountant. Comment on the practical and ethical implications of her position. Kelli is mistaken in her position for the following reasons: Practically speaking, accountants need to be well-informed about the operation of accounting information systems, which nearly always involve computer technology. The AIS is the foundation of most accounting functions, so to resist computer technology would be unreasonable, if not impossible. Also, in order to assist in developing internal controls, accountants must understand the processes within the AIS, including the use of technology, so that effective controls can be developed and implemented to reduce risks. Ethically speaking, accountants need to be well-informed about the operation of the AIS so that they are poised to recognize fraud and errors that may occur. Without an understanding of the underlying technology, accountants would be unable to effectively capture and monitor business processes. Rather than fulfilling her responsibility as an accountant to develop and implement internal controls, Kelli’s ignorance of the AIS could actually allow fraud to be perpetrated without being prevented or detected. For these reasons, Kelli’s viewpoint is quite dangerous.
Problems 46. (SO 2) If an accounting information system were entirely a manual system (no computers used), explain how data would be captured, recorded, classified, summarized, and reported. Discuss how the sophistication of the company’s computer system impacts the accounting output and, alternatively, how the requirements for accounting outputs impact the design of the accounting information system. In a manual accounting information system, data would be captured on source documents and recorded by hand in subledgers or special journals. Account classifications would be determined by the accountants responsible for recording the transaction. The accountants would perform mathematical computations to summarize the records and post them to a general ledger. The general ledger would be manually summarized at the end of the period so that financial statements
Page 1-7
Chapter 1 Solutions
Introduction to AIS
could be prepared. The financial reports would be manually compiled based on the ending general ledger balances. Since a great deal of paper and human processing are required for a manual system, it is prone to error. More sophisticated, computerbased systems tend to produce more output that is more accurate because they are programmed to process data consistently. They also use programming to perform mathematical computations, which promotes accuracy and time savings. Therefore, IT usage to support business processes results in increased accuracy, increased efficiency, and reduced costs. The requirements for accounting outputs impact the design of the AIS. Work steps within a business process can be designed to capture data in a manner that is consistent with the desired content and format of the related output. This promotes efficiency and effectiveness of the overall process. When business process reengineering is used to design business processes, IT systems can be introduced to take advantage of the speed and efficiency of computers to enhance the AIS. 47. (SO 1,3) Classify each of the following processes as either a revenue process, expenditure process, conversion process, or administrative process: a. Selling common stock to raise capital - ADMINISTRATIVE b. Purchasing electronic components to manufacture DVD players EXPENDITURE c. Moving electronic components from the stockroom to the production floor to begin making DVD players - CONVERSION d. Paying employees at the end of a payroll period - EXPENDITURE e. Preparing financial statements - ADMINISTRATIVE f. Receiving cash payments from customers - REVENUE g. Buying fixed assets - EXPENDITURE h. Moving manufactured DVD players from the production floor to the warehouse CONVERSION 48. (SO 1) Business processes are composed of three common stages: an initial event, a beginning, and an end. For items a through h listed in Problem 47, identify the applicable initial event, beginning, and end of the process. Student responses may vary as their experiences are likely to be different. Different businesses may have different events that trigger these processes; however, the following are common examples: a. Selling common stock to raise capital: Initial Event – Contacting and communicating with investors; Beginning – Receiving consideration from investor; End – Recording transactions in the accounting records. b. Purchasing electronic components to manufacture DVD players: Initial Event – Receiving a purchase request from operations personnel; Beginning – Placing an order with a supplier; End – Recording the payment for the component parts. c. Moving electronic components from the stockroom to the production floor to begin making DVD players: Initial Event – Receiving a request from the Production department for the movement of materials; Beginning – Removing
Page 1-8
Chapter 1 Solutions
Introduction to AIS
inventory from the stockroom; End – Recording the receipt of goods in the production area. d. Paying employees at the end of a payroll period: Initial Event – Receiving a time sheet or other record of time worked; Beginning – Recording hours in the payroll records; End – Distributing paychecks or depositing paychecks in employee accounts. e. Preparing financial statements: Initial Event – Preparing end-of-period adjusting entries; Beginning – Summarizing adjusted account balances; End – Compiling data in financial statement format and writing related disclosure notes. f. Receiving cash payments from customers: Initial Event – Communicating with customer about a sale; Beginning – Notifying customer of amounts owed related to the sale; End – Recording the receipt of cash and deposit in a bank account. g. Buying fixed assets: Initial Event – Planning for an expenditure as part of a capital budgeting process; Beginning – Placing an order for the fixed asset; End – Receiving the asset and recording it in a subsidiary ledger. h. Moving manufactured DVD players from the production floor to the warehouse: Initial Event – Receiving notification from the Production department regarding completion of products; Beginning – Removing finished goods from the production floor; End – Recording the receipt of finished goods in the warehouse. 49. (SO 1,2,7) Each of the points listed next represents an internal control that may be implemented within a company’s accounting information system to reduce various risks. For each point, identify the appropriate business process (revenue, expenditure, conversion, administrative). In addition, refer to the description of business processes under Study Objective 2 in the chapter, and identify the appropriate subprocess. (Some subprocesses may be used more than once, and others may not be used at all.) a. Customer credit must be authorized before a business transaction takes place. Revenue process, sales subprocess b. An authorized price list of goods for sale is provided. Revenue process, sales subprocess c. A shipping report is prepared for all shipments of goods so that customers may be billed in a timely manner. Revenue process, sales subprocess d. Access to personnel files and paycheck records is available only in accordance with management specifications. Expenditure process, payroll subprocess e. New vendors are required to be authorized before a business transaction takes place. Expenditure process, purchasing subprocess f. Access to cash is restricted to those employees authorized by management. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively g. Costs of goods manufactured is properly summarized, classified, recorded, and reported. Conversion process, resource management subprocess h. Amounts due to vendors are reconciled by comparing company records with statements received from the vendors. Expenditure process, cash disbursements subprocess
Page 1-9
Chapter 1 Solutions
Introduction to AIS
i.
Employee wage rates and paycheck deductions must be authorized by management. Expenditure process, payroll subprocess j. Specific procedures such as the performance of a background check are carried out for all new employee hires. Expenditure process, payroll subprocess k. The purchasing manager is notified when stock levels are low so that items may be restocked to prevent backorders. Conversion process, resource management subprocess l. Two signatures are required on checks for payments in excess of $5000. Expenditure process, cash disbursement subprocess m. When excess cash is on hand, the funds are invested in short-term securities. Administrative process, investment subprocess n. Goods received are inspected, and any damaged or unmatched items are promptly communicated to the vendor. Revenue process, sales subprocess o. The monthly bank statement is reconciled to the company’s cash records by an outside accountant. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively 50. (SO 3) Using an internet search engine, search for the terms “RFID” and “supply chain.” Put both of these terms in your search and be sure that “supply chain” is in quotation marks. Read some of the resulting web sites you find and answer these questions: a. What is RFID? Radio-frequency identification (RFID) technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. These tags can be instantly read and recorded by the company through the use of antennae or battery-operated transmitters and radio waves. b. How is RFID related to the supply chain? RFID enhances supply chain management by significantly reducing the time required to record purchases and inventory tracking. The instantaneous reading of RFID tags allows the items to move swiftly through the logistics process with increased speed and accuracy of the underlying records. c. How will RFID improve the accuracy of data from the supply chain? Accuracy is increased by the use of tags containing company and product identifiers. These tags reduce the risk of recording items in duplicate. They also aid in inventory tracking through enhanced security of products being moved between locations. 51. (SO 7) Go to the COSO web site and locate the guidance on enterprise risk management. The executive summary of the article “Enterprise Risk Management – Integrated Framework” can be downloaded at no cost. Read the sections titled “Roles and Responsibilities” and “Use of this Report.” Describe the roles that various parties should play in enterprise risk management. Although everyone within a business entity has responsibility for its ERM processes, the chief executive officer is ultimately responsible and must assume ownership of the process. Accordingly, the CEO should bring together key managers from each functional area to plan,
Page 1-10
Chapter 1 Solutions
Introduction to AIS
implement, and monitor the process. The board of directors should provide necessary oversight and maintain contact with top management, internal auditors, and external auditors regarding the ERM process. Other managers should support the organization’s philosophy, promote compliance with its risk appetite, and manage risks within their areas of responsibility. The CFO and internal auditors typically have a support role. External to the business organization, three groups are key to the effective use of ERM: regulators, professional organizations, and educators. Regulators are expected to refer to the COSO framework in the development of expectations as well as the conduct of their examinations for business organizations they oversee. Professional organizations should consider the COSO framework in the development of guidelines for financial management, auditing, and related topics. Educators are urged to incorporate the framework into university curricula, as well as to conduct research and analysis on potential enhancements to the ERM process. 52. (SO 9) Using an internet search engine, search for the term (in quotations) “earnings management.” From the items you read, answer the following questions: a. Is earnings management always criminal? No, earnings management is not always illegal. Since accounting principles allow for some flexibility, accountants may use the discretion at their disposal in preparing financial statements. b. Is earnings management always unethical? No, earnings management is not always unethical, due to the materiality constraint. Yet earnings management becomes unethical when it “crosses the line” to reflect management’s desires rather than an accurate representation of the company’s financial performance. If earnings management deceives or distracts investors, it is unethical. 53. (SO 9) Using an internet search engine, search for “HealthSouth” and “fraud” or “Scrushy” (the name of the company’s CEO). Explain the fraud that occurred at HealthSouth Corporation. What was the ultimate result of the prosecution of HealthSouth officials? HealthSouth’s fraud was an elaborate earnings management scheme whereby earnings were overstated by at least $1.4 billion. False revenues were recorded with corresponding decreases in contra-revenue accounts, expenses, and/or liabilities and increases in assets. Ultimately, after a long and dramatic trial, Scrushy was acquitted of all criminal charges due to lack of evidence tying him to the fraud.
Cases 54. Gas-Up & Go Mart and the accounting information system. 1. Accounting data is likely to be captured at Gas-Up & Go at the gas pump if the customer uses a debit card or credit card to pay for a gas purchase at the pump. Even if the customer chooses to pay inside, the information pertaining to the sale of gasoline is recorded at the pump. The snacks must be purchased inside the store, but can be added to the gasoline charge. The accounting effect is that the
Page 1-11
Chapter 1 Solutions
Introduction to AIS
sale and the payment collected should increase the Sales account and Cash or Accounts Receivable, respectively. 2. The records that capture the accounting data would be maintained within the computer system. Although a manual process is required to operate the gas pump and cash register, the remainder of the system is computer-based, so the system records the sale and all related data. 3. Internal controls would include the security cameras in the store and gas filling area, as well as reconciliation procedures. Like the McDonalds’ example, a manager is likely to close and reconcile the cash register and gas pump sales at the end of the day. 4. The summarization of accounting data is likely to occur at the end of the period when financial reports are prepared. These steps are probably accomplished by the computer software. 5. Financial reporting occurs at the end of the period, as data are summarized into reports used for internal and external purposes. This likely includes a combination of manual and computerized processes. There are likely to be separate classifications for the sales of gasoline versus snack items. 55. Business processes and IT enablement at fast food restaurants. Student responses may vary, but are likely to consistent with the following: a. List and describe four different activities that are manual parts of business processes at a restaurant such as Wendy’s. Manual processes are required to: greet customers at the drive-through window or counter enter customer orders on the cash register touch-screens prepare the food gather the customer’s order collect payment from the customer clean the dining area refill the condiment dispensers, etc. reconcile the cash in the cash register to amounts included in the sales summaries b. List and describe four different activities that are IT enabled parts of business processes at a restaurant such as Wendy’s. IT enables processes are used to: record customer orders input in the cash registers. The system accumulates sales data based on the orders transacted prepare sales amounts based upon the pre-programmed prices of items ordered and applicable tax rates determine the amount of change due to customers based on the amount of cash collected prepare a sales receipt upon completion of a sales transaction transfer order details to the food preparation stations so that the items can be prepared and assembled prepare a daily summary for each cash register at the end of the shift 56. Business processes at department stores.
Page 1-12
Chapter 1 Solutions
Introduction to AIS
a. Describe any necessary supporting processes that precede the sale of a product to you. Some of the supporting processes that precede a sale to a customer include acquiring, pricing and display of the merchandise, hiring and training sales personnel and cashiers, preparation of cash register drawers with adequate change, and programming the system to recognize the items when they are read by a bar code scanner. b. Describe any necessary supporting processes that occur after a sale to you. Some of the supporting processes that occur after a sale to a customer include handling customer returns, summarization of the sales data, reconciling the cash registers with the computerized data from the registers, preparation of a bank deposit, periodic sales reporting, and reconciliation of the bank statements. 57. Business processes at Culpe’s Cues Co. a. What are the business processes that apply to this business? The business processes described include the expenditure process involved in purchasing materials needed to manufacture pool cues and disbursing cash to suppliers for materials purchased. The case also describes revenues processes for sales of pool cues over the internet, customer collections, and sales returns (replacements). This business would also include subprocesses for payroll expenditures to pay James and Rebecca Culpe for their time worked, and fixed asset processes to handle any capital assets acquired (such the workshop, office space, furniture and computers, tools and equipment, delivery vehicle, etc.). In addition, conversion processes would involve planning of the manufacturing process, planning and managing materials and resources needed for production, and logistics (movement of the manufactured goods through the production process through delivery to a customer). b. How would the business processes change if Culpe’s Cues expanded to a regional focus? If Culpe’s Cues expanded to a regional focus, it is likely that its business would grow. James and Rebecca Culpe may have difficulty managing a regional business on their own, so they would likely need to hire and train employees to join their business. As more people became involved in the business processes, they would need to determine how responsibilities would be divided and how to implement internal controls in the processes. James Culpe may no longer be able to personally handle all deliveries. The company’s website may also need to be enhanced to handle the additional volume anticipated in connection with the business expansion. c. How would the business processes change if Culpe’s Cues began selling pool balls and other billiard equipment in addition to cues? If Culpe’s Cues began selling pool balls and other billiard equipment in addition to its pool cues, its business processes would change. If Culpe’s acquired this type of merchandise, it would have to enhance its expenditures processes to include the types of suppliers of these billiard accessories. It would also need to consider the logistics of inventory storage. In addition, its revenue processes would need to be enhanced to differentiate sales of manufactured cues versus other billiard merchandise. Its website would need to be updated to handle the additional product lines.
Page 1-13
Chapter 2 Solutions
Foundational Concepts of the AIS
Turner/Accounting Information Systems, 2e Solutions Manual Chapter2 Concept Check 1. d 2. c 3. b 4. c 5. a 6. b 7. b 8. c 9. c 10. c 11. b 12. d
Discussion Questions 13. (SO 1) What is the relationship between business processes and the accounting information system? As the systematic steps are undertaken within a business processes, the corresponding data generated must be captured and recorded by the accounting information system. 14. (SO 1) Why is it sometimes necessary to change business processes when IT systems are applied to business processes? When IT systems are applied to business processes, some of the detailed transaction data may no longer be taken from paper-based source documents, and manual processing may no longer be needed to summarize and post that data. Accordingly, some of the related manual steps within the business process can be eliminated or changed. 15. (SO 2) Are manual systems and processes completely outdated? No, manual systems and business processes are not completely outdated. Manual records and tasks may still be involved in the business processes of even the largest and most sophisticated accounting information systems. 16. (SO 2) What is the purpose of source documents? Source documents capture the key data of a transaction, including date, purpose, entity, quantities, and dollar amounts.
Page 2-1
Chapter 2 Solutions
Foundational Concepts of the AIS
17. (SO 2) What are some examples of turnaround documents that you have seen? An example of a turnaround document, as described in the chapter, is a credit card statement, where the statement itself (as received in the mail by the credit card holder) represents the output of the credit card company’s accounting information system. When the credit card holder returns the top portion of the statement with his or her payment, it then becomes an input to the company’s cash collection process. 18. (SO 2) Why would the training of employees be an impediment to updating legacy systems? One of the advantages of legacy systems is that they are well supported and understood by existing personnel who are already trained to use the system. Since those legacy systems are not generally based on user-friendly interfaces and they tend to be use software written in older computer languages, there is likely to be a significant investment of time and human resources required to maintain the system. In addition, legacy systems are often difficult to modify. Employees may be reluctant to forego their investment or to commit additional time in support of an updated system that becomes more challenging to maintain. 1. 19. (SO 2) Why is it true that the accounting software in and of itself is not the entire accounting information system? The accounting software is not the entire accounting information system; rather, it is a tool that supports the organization’s unique business processes. The software must often be customized to meet the needs of the organization and to integrate well with the manner in which transactions are processed. The human resources and/or manual records and documents that are part of the business processes are also an integral part of the accounting information system. 20. (SO 2) How is integration across business processes different between legacy systems and modern, integrated systems? Integration across business processes within a legacy system is extremely challenging and costly, as those systems are usually not based on user-friendly interfaces that are difficult to modify. It is also difficult to find programmers to perform such tasks. The result is that organizations which integrate business processes between legacy systems typically must resort to enhancements to their existing software or bridging their existing software to new systems or interfaces. On the other hand, modern, integrated systems are based on a single software system that integrates many or all of the business processes within the organization, thus eliminating the coordination and updating efforts required by the older systems. 21. (SO 3) How does client-server computing divide the processing load between the client and server? In client-server computing, the processing load is assigned to either the server or the client on the basis of which one can handle each task most efficiently. The server is more efficient in managing large databases, extracting data from databases, and running high-volume transaction processing software applications. The client is more efficient at manipulating subsets of data and presenting data in a user-friendly, graphical-interface environment.
Page 2-2
Chapter 2 Solutions
Foundational Concepts of the AIS
22. (SO 3) Why do you think the client computer may be a better computer platform for presentation of data? The client computer is better for presentation of data because it manipulates subsets of data without being bogged down by the processing load of the entire data set. In addition, the client computer maintains presentation software in a user-friendly format for reporting purposes.
23. (S04) What are the distinguishing characteristics of cloud computing? Cloud computing is a centralized approached to computing, whereby computing services are outsourced to a third party provider. Accordingly, a company’s software and data may reside on the server of the provider. This offers many advantages, including the ability to scale the level of service to the needs of the company, as well as cost savings associated with the reduced infrastructure. 24. (S04) Why do you think a company would benefit from using cloud computing rather than client server computing? The primary benefits of cloud computing are in the areas of access, scalability, and cost savings. Companies are likely to benefit from using cloud computing when their employees may need to access and read data from many different locations while using different types of computing devices. In addition, since cloud computing is a pay-for-service model, companies only pay for the level of service they need, so it is not necessary to invest in capacity that may not yet be required. Also, the cost savings result from the reduced infrastructure (including equipment, hardware, software, maintenance, and technical employees). 25. (SO4) If your personal data were stored on a computer in cloud computing, would you have any concerns about it? Student responses may vary, and although the risks of cloud computing are discussed in a later chapter, students may identify concerns about security of private data stored in the cloud and access to data in the event of a service interruption. 26. (SO 5) Why do you think there are different market segments for accounting software? There are different market segments for accounting software to support the different needs of organizations depending on their size and the complexities of their business processes. 27. (SO 5) How would accounting software requirements for large corporations differ from requirements for small companies? Larger companies tend to need more power and functionality from their software systems because of their size and the complexities of their business processes. This may especially be true of large, multinational corporations which need to integrate business processes located all around the globe. Small companies are not likely to need such extensive power and functionality from their systems. 28. (SO 5) What are some of the differences between ERP systems and accounting software for small companies? ERP systems are multimodule software systems designed to manage all aspects of an enterprise. The modules (financials, sales,
Page 2-3
Chapter 2 Solutions
Foundational Concepts of the AIS
purchasing, inventory management, manufacturing, and human resources) are based on a relational database system that provides extensive set-up options to facilitate customization to specific business needs. Thus, the modules work together to provide a consistent user interface. These systems are also extremely powerful and flexible. Many of the software systems in the small and mid market categories are not true ERP systems with fully integrated modules; however, these systems assimilate many of the features of ERP systems. 29. (SO 5) Why would accounting software development companies be interested in expanding their software products into other market segments? Software development companies and software vendors often attempt to increase the appeal of their software products to more than one market segment when the features of their products may fit the needs of different sized organizations. In addition, there is a trend toward increasing the functionality of existing systems to offer increased flexibility and functionality to meet such diverse needs. Since business organizations make considerable investments in the software products that comprise their accounting information systems, it is not surprising that there is much competition among the companies that provide these systems. 30. (SO 6) Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data? Manual input of data is still important to understand in today’s accounting environment. Many business organizations still use some manual processes for reading source documents and keying the relevant information into the accounting information system. Even hightech point of sale systems require manual processes to input the accounting data contained on bar codes. 31. (SO 6) What are the advantages to using some form of IT systems for input, rather than manual input? Using IT systems for input has the advantages of reducing the time, cost, and errors that tend to occur with manual data input. 32. (SO 6) Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system? With manual input, human efforts are required to write on the source documents and to manually key in the data. Errors tend to occur from time-to-time with such a system. On the other hand, the manual steps of writing and keying are eliminated when using a bar code system, thus reducing the likelihood of error. 33. (SO 7) In general, what types of transactions are well suited to batch processing? Batch processing is best suited to applications having large volumes of similar transactions that can be processed at regular intervals, such as payroll. 34. (SO 7) Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing? By necessity, batch systems involve a time lag while all transactions in the batch are collected. This means that available information in files will not always be current, as it would be in real-time systems.
Page 2-4
Chapter 2 Solutions
Foundational Concepts of the AIS
Therefore, when constantly up-to-date information is needed by users on a timely basis, batch processing is likely to be unsuitable for transaction processing. 35. (SO 7) How would real-time processing provide a benefit to managers overseeing business processes? Real-time processing is beneficial for business managers because it provides for system checks for input errors. Therefore, errors can be corrected immediately, thus increasing the quality of the information for which the manager is held accountable. In addition, real-time systems enhance the efficiency of information availability. 36. (SO 8) How do internal reports differ from external reports? Although internal and external reports are both forms of output from an accounting information system, they have different purposes. Internal reports provide feedback to managers to assist them in running the business processes under their control. On the other hand, external reports (such as the financial statements) are used by external parties to provide information about the business organization. 37. (SO 8) What are some examples of outputs generated for trading partners? Invoices and account statements are examples of outputs generated for customers; whereas checks and remittance advices are examples of outputs sent to vendors. 38. (SO 8) Why might it be important to have internal documents produced as an output of the accounting information system? It is important to produce internal documents as an output of an accounting information system because internal documents provide feedback needed by managers assist them in running the business processes under their control. These internal documents can be customized to allow a manger to “drill down” into the details of the process being managed. 39. (SO 9) How does documenting a system through a pictorial representation offer benefits? A pictorial representation of an accounting information system is beneficial because it provides a concise and complete way for accountants to analyze and understand the procedures, processes, and the underlying systems that capture and record the accounting data.
Brief Exercises 40. (SO 1) Think about your most recent appointment at the dentist’s office. Describe the business process that affected you as the patient/customer. In addition, describe the administrative and accounting processes that are likely to support this business. As a patient, you would experience the revenue processes as you receive services from the hygienist and dentist. You would also be affected by the billing and
Page 2-5
Chapter 2 Solutions
Foundational Concepts of the AIS
collections processes when you receive an invoice for services rendered and submit payment for those services. The dental office would need to have specific steps in place for recording the services provided to each patient so that they can be properly billed and reported. These steps may be very detailed, especially in instances where patient fees must be allocated between dental insurance companies and the patients themselves. There would also need to processes in place for purchasing, as a dentist’s office is expected to make regular purchases of supplies as well as to handle the other operating costs of the business. Payroll processes would also be needed to account for the time and pay of each employee in the dentist’s office, and fixed asset processes would be needed to support the investments in and depreciation of office furniture and equipment, fixtures, and dental equipment. Finally, it is possible that the business may have administrative processes in place to handle investment, borrowing, and capital transactions. Once these transactions are recorded, the business must have processes in place to post the related data to the general ledger and summarize it in a manner that facilitates the preparation of financial statements and other accounting reports. 41. (SO 2) Describe the purpose of each of the following parts of a manual system: a. source document – captures the key data of a transaction, including the date, purpose, entity, quantities, and dollar amounts. b. turnaround document – provides a connection between different parts of the accounting system by serving as the output of one system and the input to another system in a subsequent transaction. c. general ledger – provides details for the entire set of accounts used in the organization’s accounting systems. d. general journal – captures the original transactions for non routine transactions, adjusting entries, and closing entries. e. special journal – captures the original transactions for routine transactions such as sales, purchases, payroll, cash receipts, and cash disbursements. f. subsidiary ledger – maintains detailed information regarding routine transactions, with an account established for each trading partner. 42. (SO 2) Consider the accounting information system in place at an organization where you have worked. Do you think that it was a manual system, legacy system, or an integrated IT system? Describe one or two characteristics of that accounting information system that lead you to your conclusion. Student responses are likely to vary greatly, as they may refer to any work experience. Characteristics of manual systems may include paper-based documents and records, and manual processes performed by humans. Characteristics of legacy systems may include older technology including a mainframe computer and the use of software languages such as COBOL, RPG, Basic, and PL1. Characteristics of an integrated IT system include powerful,
Page 2-6
Chapter 2 Solutions
Foundational Concepts of the AIS
technologically advanced computer systems with Internet interfaces, which are typically marked by efficiencies in terms of limited paperwork and user-friendly interfaces. 43. (SO 2) Suppose that a company wants to upgrade its legacy system, but cannot afford to completely replace it. Describe two approaches that can be used. One approach to updating a legacy system is to use screen scrapers, or frontware, which add modern, user-friendly screen interfaces to an existing system. Another approach is to bridge the legacy system to new hardware and software using enterprise application integration, or EAI. 44. (SO 4) Both Gmail and iCloud for iTunes were mentioned as examples of cloud computing. Can you describe any other examples of cloud computing? Student responses are likely to vary greatly, but may include examples such as the following: video and photo storage in the cloud, as well as document storage; online collaboration tools to facilitate groups who hold meetings and/or work on projects requiring participation from multiple locations; online data sharing between trading partners; virtual office space for people who travel or telecommute. 45. (SO 5, 7) Consider the real world example of Cole Haan presented in this chapter. a. Use Exhibits 2-3 and 2-4 to help you determine the approximate range of Cole Haan’s annual revenues. Since Cole Haan’s ERP system, falls in the High End or Tier 1 market segment, the company’s revenues must be over $100 million. b. What are the advantages Cole Haan likely realized as a result of having real-time data available? The advantages to real-time data processing include: reduced errors, since the system checks inputs and corrects errors immediately more timely information constantly up-to-date data files integrated business processes into a single database so that a single system can be achieved. 46. (SO 6) Using IT systems to input accounting data can reduce costs, time, and errors. Give an example showing how you think IT systems can lead to these reductions (cost, time, and errors). Student responses may vary. The responses below apply to the savings a company would be expected to realize upon implementation of a bar code system as a method of inputting data. Using IT systems to input data can help reduce costs, such as when bar code systems at a self-checkout line eliminate the human resource costs of using a checkout clerk.
Page 2-7
Chapter 2 Solutions
Foundational Concepts of the AIS
Using IT systems to input data can help save time, such as when bar code systems at a checkout line can reduce the checkout time to a fraction of the time required to manually record the transaction. This is because it eliminates the manual processes involved in writing data on a source document and/or keying the data into the software system. Using IT systems to input data can help reduce errors, such as when bar code systems eliminate the duplicate manual processes involved in writing data on a source document and later keying the data into the software system. 47. (SO 8) Identify whether the following reports would be categorized as trading partner documents, internal documents, internal reports, or external reports: a. daily cash receipts listing – internal document b. accounts receivable aging – internal report c. wire transfer of funds to a vendor – trading partner document d. customer price list – trading partner document e. general ledger – internal report f. statement of cash flows – external report g. sales invoice – trading partner document h. production schedule – internal document i. customer address list – internal document j. payroll journal – internal report 48. (SO 8) Which type of accounting information system reports would likely be prepared most frequently by financial accountants? By managerial accountants? Financial accounts are most likely to prepare external reports (such as financial statements and other reports provided to external users of the company’s accounting information); whereas managerial accountants are most likely to prepare internal reports (such as journals and other reports that provide feedback to managers about their areas of responsibility). 49. (SO 9) Identify which of the cardinal relationships apply, from the following: a. component part – product b. customer – product c. employee ID badge – employee d. employee – supervisor e. vendor – check
Problems
Page 2-8
Many to many Many to many One to one One to many One to many
Chapter 2 Solutions
Foundational Concepts of the AIS
50. (SO 2) Suppose that a large company is considering replacing a legacy system that is nearing obsolescence. Describe any aspects of this decision that the company should consider. When considering whether or not to replace a legacy system, a company should conduct a cost-benefit analysis. A business organization may decide to maintain a legacy system if it determines that the replacement costs would be too high. In such cases, the organization would likely place strong emphasis on the advantages of its legacy system, including its degree of customization and the extent of historical data that it contains which would be difficult to integrate into a new system. On the other hand, if the organization decided to replace its legacy system, it is likely that its reasons included such things as difficulty in supporting the older hardware, software, and programming language of its legacy system, difficulty in integrating the legacy system with newer business applications, and lack of user-friendly interfaces and supporting documentation from the legacy system. 51. (SO 1, 9) Visit the campus bookstore at your university. From what you see happening at the bookstore, try to draw a process map of how the processes at that store serve students, the customers. Refer to the separate Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls 52. (SO 5) Look at Exhibit 2-4 and pick one accounting software product from the midmarket segment and one software product from the tier 1 ERP segment. Using those brand names of software, search the Internet for information about those products. Based on your investigation, what are the differences between the two software products you chose? (Hint: To begin your search, you might try examining the following websites. www.accounting-software 411.com , www.findaccountingsoftware.com, and www.2020software.com) Student responses are likely to vary greatly, depending upon the software brands selected. However, the modules within the midmarket products may not be fully integrated or may be less complex than the Tier 1 ERP systems. 53. (SO 6) Using an Internet search engine, search for the term “RFID.” From the results you find, describe how RFID will be used as an input method. RFID stands for radio-frequency identification. RFID technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. RFID is used as an input method whereby the tags can be instantly read and recorded by using antennae or battery-operated transmitters and radio waves.
Page 2-9
Chapter 2 Solutions
Foundational Concepts of the AIS
54. (SO 3) Using an Internet search engine, search for the terms “client-server” and “scalable.” From the results you find, explain why client-server systems are scalable. Scalable systems have the ability to handle growth or increased capabilities. Thus, client-server systems are deemed to be scalable because of the manner in which tasks are divided. Since client PCs normally accomplish local processing tasks, additional client PCs could be added to the network to handle new or growing subsets of data from the server.
55. (SO 4) Using an Internet search engine, search for the terms “Amazon elastic cloud.” Describe what you find. Why do you believe it is called elastic? Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2’s simple web service interface allows users to obtain and configure capacity with minimal friction. It provides complete control of users’ computing resources and allows users to run on Amazon’s computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing users to quickly scale capacity as their computing requirements change. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios. The term “elastic” likely refers to the ability for users to quickly scale capacity both up and down as their computing requirements change. Thus, users can create, launch, and terminate server instances as needed.
Cases 56. Pictorial representations of a drive-through window at a fast food chain. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls 57. Pictorial representations of a college’s parking services processes. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls
Page 2-10
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 3
Concept Check 1. b 2. c 3. a 4. d 5. d 6. b 7. b 8. a 9. a 10. d 11. c 12. b 13. c 14. d
Discussion Questions 15. (SO 1) Management is held accountable to various parties, both internal and external to the business organization. To whom does management have a stewardship obligation and to whom does it have reporting responsibilities? Management has a stewardship obligation to the shareholders, investors, and creditors of the company, i.e., any parties who have provided funds or invested in the company. Management has a reporting responsibility to business organizations and governmental units with whom the company interacts. 16. (SO 2, 4) If an employee made a mistake that resulted in a loss of company funds and misstated financial reports, would the employee be guilty of fraud? Discuss. No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is no theft or concealment, so fraud does not exist. 17. (SO 2, 3) Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss. Student responses may vary. Those agreeing that it is possible may refer to the fraud triangle and note that the incentive may be job-related (such as opportunities to produce enhanced
Page 3-1
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
financial statements, which may increase the company’s stock price, increase compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization may involve plans to make restitution. On the other hand, some students may reject the notion that management fraud could be in a company’s best interest, as it puts the company at great risk. When frauds are discovered, they are often devastating due to the financial restatements and loss of trust. 18. (SO 7) Distinguish between internal and external sources of computer fraud. Employees are the source of internal computer fraud. When employees misuse the computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is known as internal computer fraud. On the other hand, external sources of computer fraud are people outside the company or employees of the company who conduct computer network break-ins. When an unauthorized party gains access to the computer system to conduct hacking or spoofing, this is known as external computer fraud. 19. (SO 7) Identify and explain the three types of internal source computer fraud. The three types of internal source computer fraud are input manipulation, program manipulation, and output manipulation. Input manipulation involves altering data that is input into the computer. Program manipulation involves altering a computer program through the use of a salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves altering reports or other documents generated from the computer system. 20. (SO 7) Describe three popular program manipulation techniques. The salami technique accomplishes a fraud by altering small “slices” of computer information. These slices of fraud are difficult to detect because they are so small, but they may accumulate to a considerable amount if they are carried out consistently across many accounts. This is often accomplished by rounding or applying minor adjustments. The perpetrator typically steals the amounts represented by these slices or uses them to his or her benefit. A Trojan horse program is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud. For example, a customer account may be automatically written off upon the processing of a new batch of transactions. A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud. Trap doors are unique hidden entrances to computer programs that are written into the software applications to provide a manner of testing the systems. Although they should be removed prior to implementation, they may remain to provide a tool for misusing the system to perpetrating fraud. 21. (SO 7) Distinguish between Internet spoofing and e-mail spoofing. Internet spoofing involves a person working through the Internet to access a computer network while pretending to be a trusted source. The packet of data containing the Internet
Page 3-2
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
protocol (IP) address contains malicious data such as viruses or programs that capture passwords and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to scam the recipients. 22. (SO 10) What are the objectives of a system of internal control? The objectives of an internal control system are as follows:
To safeguard assets from fraud or errors To maintain accuracy and integrity of accounting data To promote operational efficiency To ensure compliance with management directives
23. (SO 10) Name and distinguish among the three types of internal controls. The three types of internal controls are preventative controls, detective controls, and corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any undesired acts before they occur. Detective controls help employees uncover or discover problems that may exist. Corrective controls involve steps undertaken to correct existing problems. 24. (SO 10) Identify the COSO report’s five interrelated components of internal controls. According to the COSO report, there are five interrelated components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring. 25. (SO 10) Name the COSO report’s five internal controls activities. According to the COSO report, there are five internal control activities: authorization of transactions, segregation of duties, adequate records and documents, security of records and documents, and independent checks and reconciliations. 26. (SO 10) Distinguish between general and specific authorization. General authorization is a set of guidelines that allows transactions to be completed as long as they fall within established parameters. Specific authorization means that explicit approval is needed for that single transaction to be completed. 27. (SO 10) Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks? Close supervision may serve as a compensating control to lessen the risk of negative effects when other controls, especially segregation of duties, are lacking. 28. (SO 10) Why is a policies and procedures manual considered an element of internal control? Formally written and thorough documentation on prescribed policies and procedures should establish clarity and promote compliance within a business organization, thus providing an important element of internal control. The policies and procedures should cover both manual and automated processes and control measures, and must be communicated to all responsible parties within the company.
Page 3-3
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
29. (SO 10) Why does a company need to be concerned with controlling access to its records? Securing and protecting company records is important to ensure that they are not misused or stolen. Unauthorized access or use of records and documents allows the easy manipulation of those records and documents, which can result in fraud or a concealment of fraud. 30. (SO 10) Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls. Mandatory vacations and periodic job rotation policies provide for independent monitoring of the internal control systems. Internal control responsibilities can be rotated so that someone is monitoring the procedures that are typically performed by someone else, which enhances the effectiveness of those procedures. 31. (SO 10) Name the objectives of an effective accounting system. An effective accounting system must accomplish the following four objectives:
Identify all relevant financial transactions of the organization. Capture the important data of these transactions. Record and process the data through appropriate classification, summarization, and aggregation. Report the summarized and aggregated information to managers.
32. (SO 10) What does it mean when information flows “down, across, and up the organization”? A business organization must implement procedures to assure that its information and reports are communicated to the appropriate management level. This communication is described by COSO as “flowing down, across, and up that organization”. Such a communication flow assists management in properly assessing operations and making changes to operations as necessary. 33. (SO 10) Provide examples of continuous monitoring and periodic monitoring. Any ongoing review activity may be an example of continuous monitoring, such as a supervisor’s examination of financial reports and a computer system’s review modules. An example of periodic monitoring is an annual audit performed by a CPA firm or a cyclical review performed by internal auditors. 34. (SO 10) What are the factors that limit the effectiveness of internal controls? It is not possible for an internal control system to provide absolute assurance because of the following factors that limit the effectiveness of internal controls:
Flawed judgments Human error Circumventing or ignoring established controls
In addition, excessive costs may prevent the implementation of some controls.
Page 3-4
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
35. (SO 11) Identify and describe the five categories of the AICPA Trust Services Principles. The AICPA Trust Services Principles are divided into the following five categories of risks and controls:
Security. Security is concerned with the risk of unauthorized physical and logical access, such as breaking into the company’s facilities or computer network. Availability. Availability is concerned with the risk of system interruptions or failures due to hardware of software problems such as a virus. Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete, or improperly authorized information due to error or fraud. Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a customer’s personal information. Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of company information.
36. (SO 11) Distinguish between the Trust Services Principles of privacy and confidentiality. Both privacy and confidentiality are concerned with the risk of in appropriate access or use of information. However, privacy is focused on protecting the privacy of a customer’s personal information; whereas confidentiality is focused private information about the company itself and its business partners. 37. (SO 10) Identify the four domains of high-level internal control. As set forth in Appendix B, COBIT establishes four domains of high level control objectives. These include planning and organization, acquisition and implementation, delivery and support, and monitoring.
Brief Exercises 38. (SO 2, 3) What possible motivation might a business manager have for perpetrating fraud? Management might be motivated to perpetrate fraud in order to improve the financial statements, which may have the result of increasing the company’s stock price and increasing incentive-based compensation. Altered financial information might also have the effect of delaying cash flow problems and/or bankruptcy, as well as improving the potential for business transactions such as mergers, borrowing, stock offerings, etc. 39. (SO 5) Discuss whether any of the following can be examples of customer fraud:
An employee billed a customer twice for the same transaction. This is not an example of customer fraud; rather, the customer is being defrauded in this scenario. This is an example of employee fraud (assuming that the double-billing was intentional and the resulting cash receipts are stolen by employees).
Page 3-5
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
A customer remitted payment in the wrong amount. This may be an example of customer fraud, assuming that the payment was made as a deceptive tactic to avoid the full amount of the customer’s liability. A customer received merchandise in error, but failed to return it or notify the sender. Although this scenario involves a customer’s improper receipt of goods, it would not be considered customer fraud since it was the result of an error. Regardless of whether the error was committed by the company or the customer, deception is a required element of fraud.
40. (SO 7) Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business. Computer hacking is the term commonly used for computer network break-ins. Hacking may be undertaken for various purposes, including theft of proprietary information, credit card theft, destruction or alteration of data, or merely thrillseeking. Industrial espionage is the term used for theft of proprietary company information. Although computer hacking provides one method of conducting industrial espionage, a computer is not always required to steal company information. Fraudsters trying to conduct industrial espionage may also resort to digging through the trash in order to gain information about a target company. 41. (SO 9) What are some ways in which a business could promote its code of ethics? The best way for a company to promote its code of ethics is for its top managers to live by it on a day-to-day basis. If the code is well documented and adhered to by management, others in the organization are likely to recognize its importance. Furthermore, if discipline and/or discharges are applied to those who violate the code, this will serve as a strong message regarding the importance of the code. 42. (SO 10) Describe why the control environment is regarded as the foundation of a business’s system of internal control. The control environment is regarded as the foundation of a system of internal controls because it sets the tone of an organization and influences the control consciousness of its employees. Thus, the tone at the top flows through the whole business organization and affects behavior at every level. It also provides the discipline and structure of all other components of internal control. COSO identifies the tone set by management as the most important factor related to providing accurate and complete financial reports. 43. (SO 10) Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why. Student responses will vary. Characteristics of a risky control environment include absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management philosophy and operating style, overlapping duties and vague lines of authority, lack of employee training, and an inactive board of directors. On the other hand, a conservative control environment is characterized by a rigidly enforced code of ethics, a conservative management philosophy and operating style, clearly established job descriptions and lines of authority, a focus on employee training and organizational development, and an accountable and attentive board of directors.
Page 3-6
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
44. (SO 10) Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? The steps involved in risk assessment include:
Identify the sources of risk, both internal and external. Determine the impact of such risks in terms of finances and reputation. Estimate the likelihood of such risks occurring. Develop an action plan to reduce the impact and probability of identified risks. Execute the action plan on an ongoing basis.
It would not likely be effective for an organization to hire consultants to develop its risk assessment plan because company-specific experience and expertise are needed in order to do this work effectively. For instance, members of management who are actively involved in day-to-day operations and reporting will likely have the best ability to identify risks, determine the impact of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may be useful in assisting with the development and implementation of the action plan, the first three steps of the risk assessment process would likely depend upon the working knowledge of members of the company’s management. 45. (SO 10, 11) Discuss the accuracy of the following statements regarding internal control:
The more computerized applications within a company’s accounting system, the lower the risk will be that fraud or errors will occur. It is not necessarily true that extensive computerized application will lower a company’s risk of fraud. This is because computerized systems also increase vulnerabilities such as unauthorized access, business interruptions, and inaccuracies. The technological complexities that accompany sophisticated computer applications call attention to the need for extensive internal controls to reduce the risk of fraud and errors. The more involved top management is in the day-to-day operations of the business, the lower the risk will be that fraud or errors will occur. It is certainly true that the tone at the top (the tone set by top management) is the most important factor of internal control. Accordingly, it can be implied that involved managers would promote strong internal controls. However, although this is often true, it will be true only when top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a conservative approach to operations and financial reporting, and cultivating clear communications and responsibilities.
Problems 46. (SO 10) Identify whether each of the following accounting positions or duties involves authorization, recording, or custody:
Page 3-7
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
cashier - Custody payroll processor - Recording credit manager - Authorization mailroom clerk - Custody data entry clerk - Recording deliver paychecks - Custody deliver the bank deposit - Custody prepare the bank reconciliation - Recording check signer - Authorization inventory warehouse supervisor - Custody staff accountant - Recording
47. (SO 10) Identify whether each of the following activities represents preventative controls, detective controls, or corrective controls:
job rotation - Detective preparation of a bank reconciliation - Corrective segregation of duties - Preventative recalculating totals on computer reports - Detective use of passwords - Preventative preparing batch totals for check processing - Detective establishing a code of ethics - Preventative use of a security guard - Preventative verifying source documents before recording transactions - Preventative matching supporting documents before paying an invoice - Preventative independent review of accounting reports - Detective performing comparisons of financial statement items - Detective
48. (SO 10) Shown is a list of selected sources of internal control guidelines, given in order of issuance, followed by a list of primary purposes. Match each guideline with its primary purpose. I. Foreign Corrupt Practices Act – b. Prevented bribery and established internal control guidelines. II. COSO – d. Established internal control concepts based on comprehensive study. III. SAS 99 – a. Required auditors to focus on risks and controls and to conduct audits with skepticism. IV. Sarbanes-Oxley Act – c. Curbed fraud by requiring additional internal control reporting within annual reports. V. Trust Services Principles – e. Established essential criteria for evaluating reliability of business systems. a. Required auditors to focus on risks and controls and to conduct audits with skepticism. b. Prevented bribery and established internal control guidelines.
Page 3-8
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
c. Curbed fraud by requiring additional internal control reporting within annual reports. d. Established internal control concepts based on comprehensive study. e. Established essential criteria for evaluating reliability of business systems. 49. (SO 1, 3, 10) Using a search engine on the Internet, find articles or descriptions of the collapse of Enron. The collapse began in November 2001, and many articles appeared over the next two to three years. Required: a. Briefly describe the fraud that occurred. Student responses are likely to vary, but should focus on the accounting frauds which attempted to hide the company’s debt and losses. For instance, Enron created special purpose entities (related partnerships) for the purpose of off-balance sheet financing. Other deceptive transactions are known to have taken place for the sole purpose of creating false financial results, such as transactions involving the sale and buy-back of barges near year-end and prepaid commodities deals that were never delivered. b. Discuss what you see as weaknesses in the control environment. It is likely that students will focus on the tone at the top, and conclude that management did not set a good example of the company’s code of ethics. They may also provide evidence of aggressive management practices. 50. (SO 3) Using a search engine on the Internet, search for articles on fraud that occurred in 2000 to 2002 in the following companies: Adelphia Enron Global Crossing WorldCom Xerox Try to locate articles or information about stock prices, how the fraud was conducted. You might wish to look at the following websites: edgar.sec.gov, www.hoovers.com and www.forbes.com Required: a. Find information to help you complete the following table: Students are not likely to find all of this information, but what they do find may help them better understand the massive size and scope of these frauds. Some of the stock prices or loss to investors can be found by web searches. For example, the Xerox stock prices can be found by searching on Xerox, fraud and “stock price”.
Brief Description of Fraud Company Name Adelphia
Position of Those Conducting Fraud
Stock Price when fraud was uncovered
Off balance CEO, CFO, VP sheet financing, of Operations
Page 3-9
Stock Price Shares Loss to one year later outstanding Investors ~$750 mil.
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
inflated (Rigas family earnings, members) improper use of company funds Off balance CEO (Ken sheet financing Lay), CFO through special (Andrew purpose Fastow), entities, inflated Pres./CEO (Jeff Enron earnings Skilling) Inflated revenue through network capacity swaps, misFounder (Gary management Winnick), CEO, and excessive CFO, and Pres. Global Crossing spending Of Finance Off-balance sheet credit, inflated earnings through improper capitalization of CFO & Controller operating WorldCom expenses (possibly CEO) Accelerated revenue recognition on Senior Xerox leased assets executives
$90
$0.70
$60
$0.20
$11.24
$4.30
b. Discuss the common characteristics that you see in each of these examples. Most of these frauds involved misstated financial statements involving inflated earnings and off-balance sheet financing. Most of these frauds were perpetrated by members of top management, including top ranking financial executives. 51. (SO 3) Using a search engine on the Internet, search for information on the following two companies, which were paying bribes in foreign countries: Student responses are likely to vary, but the information below highlights the main facts of these cases. Siemens: a. How it was discovered. The Siemens frauds were discovered after being exposed by a middleman/consultant who helped carry out some of the transactions to pay bribes and kickbacks to government officials in exchange for being awarded contracts in foreign countries. These types of bribery transactions were being carried out for years and in countries all over the globe. It was only a matter of time before investigators began examining the suspicious transactions.
Page 3-10
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
b. The end result of the investigation. In 2008, Siemens pleaded guilty to criminal violations of the corrupt practices act, and has paid over $1.6 billion in fines and settlements. In late 2011, civil bribery charges were brought against several former Siemens executives. c. What you think the company might have done to prevent this, or lessen the impact. These frauds involved high-ranking company officials, so internal controls should have been enhanced through practicing tone at the top. All of the funds and bank accounts that were established to carry out these acts should have been under the supervision of top executives. Senior managers at Siemens assumed that they would be supported by top executives, but they found out that they were wrong. After the bribes were discovered, Siemens worked hard to quickly remove many senior managers and reform company policies; however, there should have been controls in place to prevent these actions much sooner; it should have provided more thorough corporate governance and management oversight. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices. Johnson & Johnson: a. How it was discovered. The J&J frauds were discovered internally and were reported to the SEC. Most of the frauds involved paying bribes to European doctors and hospital administrators in exchange for using J&J medical devices. It also paid kickbacks to Iraq to obtain contracts under the United Nations Oil for Food Program. b. The end result of the investigation. J&J paid over $70 million in civil and criminal fines. Its penalties were reduced because of the level of cooperation the company provided throughout the investigation. c. What you think the company might have done to prevent this, or lessen the impact. Like Siemens, top management should have had better controls in place from the beginning, rather than having to work so hard on damage control and subsequent compliance efforts. In particular, if the cash payments had been more closely monitored, these bribes and kickbacks could have been detected and stopped at a much earlier point in time. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices.
Cases 52.
Fraud at Wooten’s city hall. Required:
Page 3-11
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
a. Which internal control activity was violated in order for Mr. Peterman to perpetrate this fraud? A case could be made for any or all of the internal control activities were violated in this scenario. With regard to authorization, it can be said that Mr. Peterman abused his authority by circumventing the established controls in order to carry out these transactions on his own. His interference in the mailroom procedures made it impossible for any segregation of duties to occur. There was apparently inadequate security and documentation for the assets and transactions with which he was involved, and there was no one willing to come forward to review or reconcile these transactions. b. Do you consider this case to be an example of management fraud or employee fraud? Although it involves misappropriation of assets, which is typically an employee fraud, this was conducted by the chief financial officer. Accordingly, it would be considered a management fraud. It is not likely that Mr. Peterman would have been able to carry out his fraud if it had not been for his high-ranking position, which apparently prevented anyone from stopping him. c. Was the city’s procedural manual adequate for prescribing internal controls to prevent this type of fraud? Why or why not? Although the case states that written guidelines were in place regarding the mailroom and bank deposit policies, requirements for logging checks received and performing an independent verification of receipts, these guidelines were obviously not followed when Mr. Peterman stepped in. Rather than being a problem with the documented policies, this case seems to present a situation marked by circumvention of controls. d. Why do you think no one reported the unusual mailroom practices of Mr. Peterman? To whom would such a violation be reported? Since Mr. Peterman was the highest ranking financial officer in the organization, employees who suspected misconduct likely believed that there was no one with authority over Mr. Peterman to whom the problem could be reported. If management is involved in fraud, it should be brought to the attention of the board of directors. In the case of a municipality, the problem could be reported to the chief administrator, mayor, or the city’s advisory council. e. Do you think a business in Wooten could be guilty of customer fraud if it agreed to deliver its payments to Mr. Peterman personally rather than send them to the city’s mailing address? A business that agreed to deliver its payments to Mr. Peterman personally would not likely be guilty of fraud. Customer fraud requires the intent to deceive, so unless the business had knowledge or was otherwise involved in Mr. Peterman’s fraud scheme, it would not be guilty of customer fraud. f. The comments made by the neighbor CFO express which type of limitation of internal control systems discussed in this chapter? The limitation of small staff size typically means that the business organization does not have sufficient resources to accomplish segregation of duties. Accordingly, controls can be easily circumvented. The comment
Page 3-12
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
regarding the tight operating budget reflects upon the cost/benefit limitations of internal controls. 53.
Coupon accounting abuse. Required: a. Discuss whether the situation described can happen to a company with a good control environment. This situation would not be likely to happen to a company with a good control environment. In a conservative control environment, management would not place so much emphasis on profitability, would not likely tie compensation to profitability and then give employees responsibility for preparing their own profitability reports, and would have likely provided for other controls (such as supervision and review of Larry’s figures). b. Describe any steps a company could take to prevent such abuse. If the firm was going to compensate brand managers based on profitability of their brands, then those managers should not have responsibility for preparing their own profitability reports. Rather, an independent accounting function should be in place to account for Larry’s brands. In addition, independent reconciliations should be performed with specific emphasis on risky financial items such as coupon drops. c. List those parties who might be harmed by this situation. The following parties are likely to be harmed as a result of Larry’s fraud: investors and creditors who rely upon the fair presentation of the firm’s financial statements as a basis for business decisions shareholders to whom the firms owes a stewardship obligation, especially as they are deceived with respect to the firm’s current financial status fellow employees in the firm who will begin the next year with an inflated expense for the coupon drop (and whose compensation will be tied to financial performance) fellow employees who share in Larry’s bonus pool, whose bonuses would have been larger had Larry’s figures been accurate d. Do you consider this example to be management fraud or employee fraud? Describe how it fits the definition of your choice. This case describes management fraud, as it involves misstatement of financial records, which is typically perpetrated by managers who are attempting to realize benefits (such as increased compensation).
54.
Ethical dilemma involving a CEO. Required: a. Discuss whether Mr. Brocamp’s violation of corporate ethics policy affects or reflects the control environment of the company. Yes, Mr. Brocamp’s actions affect the control environment of Mega Motor Company. As its CEO, Mr. Brocamp has primary responsibility for setting the tone at the top and living by the code of ethics. If others in the organization are aware
Page 3-13
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
of this violation, it sends the message that the code of ethics is not important. This is likely to lead to other problems, including fraud. b. Since the violation is personal in nature, should Mr. Brocamp have been forced to resign? Since the code of ethics specifically prohibits personal relationships between managers and members of their management chain, then Mr. Brocamp should be held accountable for his actions. Even though it could be argued that the relationship did not affect his ability to perform his job effectively, the company must have thought otherwise when it established its code of ethics. c. Should Bozeman State have hired him to teach business strategy courses? Student responses are likely to vary and may provide the basis for an interesting class discussion. Some students may agree that someone who violated a company ethics policy should not be teaching students about the proper management of organizations. Others may agree that faculty members are not questioned about their personal lives and that Mr. Brocamp’s wealth of experience is beneficial to students. 55.
Ethical dilemma involving mail order fraud. Required: a. Discuss which type of fraud is involved in this case, from the perspective of the mail order company. This case presents an example of customer fraud, as Janie deceived the mail order company. She obtained property and lied about it in order to avoid the corresponding liability. b. Which of the AICPA Trust Services Principles most closely related to this situation? Processing integrity is the Trust Services Principle that most closely relates to this situation. Since Janie provided false information and the company had no way to substantiate it, inaccurate information was processed and became part of the financial records of the company. c. Describe a preventative control that could be performed by the carrier to avoid the possible recurrence of this type of fraud. If the carrier had documented the address where the package was dropped off or obtained a signature from Janie’s neighbor at the time of delivery, the deception would have been prevented. This would have provided documentation of the delivery, which could have been investigated.
56.
Ethical dilemma involving charitable fundraiser. Required: a. Do you think Evan’s actions were justified? What would you have advised him to do in this situation? No, Evan’s actions were not justified because he did not use the donated funds for their intended purpose. Since Evan represented to the donors that the monies were to be used for a charitable purpose, he had an ethical obligation to fulfill that commitment. Even though he invested more time than he planned, he knew that his efforts were not to be compensated. This is a variation of an employee fraud. As a representative of a charitable cause, he carried out a cash receipts theft for his personal gain.
Page 3-14
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
b. What internal control activities could the fraternity have implemented in order to prevent Evan’s actions? The fraternity should have required its treasurer to handle the cash receipts related to this fundraising campaign. This would separate the custody of the cash receipts from the recordkeeping that Evan was conducting. c. Can you think of a detective control that could uncover the omission of the $200 check? A review of all receipts – or in this case, acknowledgement letters – could be performed and reconciled to the cash contributions records. Unless Evan concealed the letter written to the donor of the $200 that he stole, such a reconciliation procedure would uncover the difference.
Page 3-15
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 4
Concept Check 1. d 2. b 3. c 4. a 5. a 6. a 7. b 8. d 9. c 10. d 11. a 12. b 13. b
Discussion Questions 14. (SO 1) What is the difference between general controls and application controls? General controls are internal controls that apply overall to the IT accounting systems; they are not restricted to any particular accounting application. Application controls apply within accounting applications to control inputs, processing, and outputs. They are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. 15. (SO 1) Is it necessary to have both general controls and application controls to have a strong system of internal controls? Yes, it is necessary to have both types of controls in a strong system of internal controls. Since they cover different aspects of the IT accounting systems and serve different purposes, both are important and necessary. An IT system would not have good internal control if it lacked either general or application controls. 16. (SO 2) What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems? If an organization does not authenticate users of its IT systems, a security breach may occur in which an unauthorized user may be able to gain access to the computer system. If hackers or other unauthorized users
Page 2-1
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
gain access to information to which they are not entitled, the organization may suffer losses due to exposure of confidential information. Unauthorized users may gain access to the system for the purpose of browsing, altering, or stealing company data. They could also record unauthorized transactions, shut down systems, alter programs, sabotage systems, or repudiate existing transactions. 17. (SO 2) Explain the general controls that can be used to authenticate users. In order to authenticate users, organizations must limit system log-ins exclusively to authorized users. This can be accomplished by requiring login procedures, including user IDs and passwords. Stronger systems use biometric identification or security tokens to authenticate users. In addition, once a user is logged in, the system should have established access levels and authority tables for each user. These determine which parts of the IT system each user can access. The IT system should also maintain a computer log to monitor log-ins and follow up on unusual patterns. 18. (SO 2) What is two-factor authentication with regard to smart cards or security tokens? Two-factor authentication limits system log-ins to authorized users by requiring them to have possession of a security device such as a smart card or token, and also have knowledge of a user ID and/or password. Both are needed to gain access to the system. 19. (SO 2) Why should an organization be concerned about repudiation of sales transactions by the customer? Repudiation is the attempt to claim that the customer was not part of a sales transaction that has taken place. Organizations may suffer losses if customers repudiate sales transactions. If companies do not have adequate controls to prevent repudiation, they may not be able to collect amounts due from customers. However, organizations may reduce the risk of such losses if they require log-in of customers and if they maintain computer logs to establish undeniably which users take particular actions. This can provide proof of online transactions. 20. (SO 2) A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow? Yes, it is possible for a firewall to restrict legitimate data flow as well as unauthorized data flow. This may occur if the firewall establishes limits on data flow that are too restrictive. In order to prevent blocking legitimate network traffic, the firewall must examine data flow and attempt to determine which data is authorized or unauthorized. The packets of information that pass through the firewall must have a proper ID to allow it to pass through the firewall. 21. (SO 2) How does encryption assist in limiting unauthorized access to data? Encryption is the process of converting data into secret codes referred to as cipher text. Encrypted data can only be decoded by those who possess the encryption key or password. It therefore renders the data useless to any unauthorized user who does not possess the encryption key. Encryption alone does not prevent access to data, but it does prevent an unauthorized user from reading or using the data.
Page 2-2
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
22. (SO 2) What kinds of risk exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID? WEP, WPA, and SSIDs can limit the risk of unauthorized access to wireless networks, which transmit network data as high frequency radio signals through the air. Since anyone within range of these radio signals can receive the data, protecting data is extremely important within a wireless network. This can be accomplished through encryption via wired equivalency privacy (WEP), through encryption and user authentication via wireless protected access (WPA), and through password protection of the network sending and receiving nodes via service set identifiers (SSIDs). 23. (SO 2) Describe some recent news stories you have seen or heard regarding computer viruses. Student responses will vary greatly depending upon the date this is discussed, but should describe situations of computer malfunctions caused by network break-ins where damaging actions were upon an organization’s programs and data. 24. (SO 2) What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related? Business continuity planning is a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks so that continuation of the IT system is always possible. On the other hand, disaster recovery planning is a reactive program for restoring business operations, including IT operations, to normal after a catastrophe occurs. These two concepts are related in that they are both focused on maintaining IT operations at all times in order to minimize business disruptions. 25. (SO 2) How can a redundant array of independent disks (RAID) help protect the data of an organization? RAID accomplishes redundant data storage by setting up two or more disks as exact mirror images. This provides an automatic backup of all data. If one disk drive fails, the other (maintained on another disk drive) can serve in its place. 26. (SO 2) What kinds of duties should be segregated in IT systems? In an IT system, the duties to be segregated are those of systems analysts who analyze and design the systems, programmers who write the software, operators who process data, and database administrators who maintain and control the database. No single person should develop computer programs and also have access to data. 27. (SO 2) Why do you think the uppermost managers should serve on the IT governance committee? An IT governance committee should be comprised of top management in order to ensure that appropriate priority is assigned to the function of governing the overall development and operation of the organization’s IT systems. Since the committee’s functions include aligning the IT systems to business strategy and to budget funds and personnel for the effective use of IT systems, it is important that high-ranking company officials be aware of these priorities and involved in their
Page 2-3
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
development. Only top management has the power to undertake these responsibilities. 28. (SO 3,4) Why should accountants be concerned about risks inherent in a complex software system such as the operating system? Accountants need to be concerned about the risks inherent in the organization’s software systems because all other software runs on top of the operating system. These systems may have exposure areas that contain entry points for potential unauthorized access to software and/or data. These entry points must be controlled by the proper combination of general controls and application controls. 29. (SO 4) Why is it true that increasing the number of LANs or wireless networks within an organization increases risks? Increasing the number of LANs or wireless networks within an organization increases exposure areas, or entry points through which a user can gain access to the network. Each LAN or wireless access point is another potential entry point for an unauthorized user. The more entry points, the more security risk the organization faces. 30. (SO 4) What kinds of risks are inherent when an organization stores its data in a database and database management system? Since a database management system involves multiple use groups accessing and sharing a database, there are multiple risks of unauthorized access. Anyone who gains access to the database may be able to retrieve data that they should not have. This multiples the number of people who potentially have access to the data. In addition, availability, processing integrity, and business continuity risks are also important due to the fact that so many different users rely on the system. Proper internal controls can help to reduce these inherent risks. 31. (SO 4) How do telecommuting workers pose IT system risks? The network equipment and cabling that enables telecommuting can be an entry point for hackers or other break-ins, and the teleworker’s computer is another potential access point that is not under the company’s direct control. Therefore, it is difficult for the company to monitor whether telecommuters’ computers is properly protected from viruses and other threats. These entry points pose security, confidentiality, availability, and processing integrity risks. 32. (SO 4) What kinds of risks are inherent when an organization begins conducting business over the Internet? The Internet connection required to conduct web-based business can expose the company network to unauthorized use. The sheer volume of users of the World Wide Web dramatically increases the potential number of unauthorized users who may attempt to access an organization’s network of computers. An unauthorized user can compromise security and confidentiality, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, the existence of e-commerce in an organization poses online privacy risks.
Page 2-4
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
33. (SO4) How does the use of public cloud computing reduce costs? Since cloud computing is usually a pay-for-service model, it means that companies need to pay only for the level of service needed. There is no need to maintain (and incur the costs associated with) a large IT system to accommodate peak demand periods. In addition, cloud computing allows a company to reduce its investment in IT hardware and personnel. 34. (SO4) Why is a private cloud less risky than a public cloud? A private cloud is developed, owned, maintained, and used by the user company; therefore, the company controls the security, availability, processing integrity, and confidentiality of its data. Accordingly, there is significantly less risk of losing data and applications. 35. (SO 4) Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files? EDI involves transferring electronic business documents between companies. Because EDI involves the use of a network or the Internet, risks of unauthorized access are prevalent. In order to authenticate trading partner users to accomplish the transfer of business documents, other company data files may be at risk of unauthorized use. 36. (SO 5) Why is it critical that source documents be easy to use and complete? Source documents should be easy to use and complete in order minimize the potential for errors, incomplete data, or unauthorized transactions are entered from those source documents into the company’s IT systems. Since source documents represent the method of collecting data in a transaction, they need to be easy to use in order to reduce the risk of incorrect or missing data in the accounting system. 37. (SO 5) Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited. Student responses are likely to vary, but may include field checks, validity checks, limit checks, range checks, reasonableness checks, completeness checks, or sign checks. Although sequence checks and self-checking digits are additional input validation checks, they are not likely to be cited because they are applicable to transactions processed in batches, which is not likely to apply to students’ web transactions. 38. (SO 5) How can control totals serve as input, processing, and output controls? Control totals can be used as input controls when they are applied as record counts, batch totals, or hash totals to verify the accuracy and completeness of data that is being entered into the IT system. These same control totals can be used as processing controls when they are reconciled during stages of processing to verify the accuracy and completeness of processing. Finally, to ensure accuracy and completeness, the output from an IT system can be reconciled to control totals, thus serving as an output control. Therefore, totals at any stage can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 39. (SO 5) What dangers exist related to computer output such as reports? Output reports contain data that should not fall into the wrong hands, as the information
Page 2-5
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
contained in reports is often confidential or proprietary and could help someone commit fraud. Therefore, the risk of unauthorized access must be controlled through strict policies and procedures regarding report distribution, retention, and disposal.
Brief Exercises 40. (SO 2,5) Categorize each of the following as either a general control or an application control: a. validity check – application control (input) b. encryption – general control c. security token – general control d. batch total – application control (input, processing, and output) e. output distribution – application control (output) f. vulnerability assessment – general control g. firewall – general control h. antivirus software – general control 41. (SO 5) Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error. a. The zip code field was left blank on an input screen requesting a mailing address. – Completeness check b. A state abbreviation of “NX” was entered in the state field. – Validity check c. A number was accidentally entered in the last name field. – Field check d. For a weekly payroll, the hours entry in the “hours worked field was 400. – Limit check or range check e. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. – Reasonableness check 42. (SO 3) For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. In a similar manner, list a risk and control in each of the following categories: a. Security. Risk: an unauthorized user could record an invalid transaction. Control: security token to limit unauthorized users. b. Availability. Risk: An unauthorized user may shut down a program. Control: intrusion detection to find instances of unauthorized users. c. Processing Integrity. Risk: environmental problems such as temperature can cause glitches in the system. Control: temperature and humidity controls. d. Confidentiality. Risk: an unauthorized user could browse data. Control: encryption.
Page 2-6
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
43. (SO 4) For each of the following parts of an IT system of a company, write a onesentence description of how unauthorized users could use this as an “entry point”: a. A local area network (LAN). Each workstation or the network wiring on the LAN are access points where someone could tap into the system. b. A wireless network. The wireless signals broadcast into the air could be intercepted to gain access to the system. c. A telecommuting worker. The telecommuter’s computer may be infected with a virus that allows a perpetrator to see the login ID and password. d. A company website to sell products. A hacker may try to break through the web server firewall to gain access to company data. 44. (SO 5) Explain the risk categories for cloud computing and how these risks may differ from a company that maintains its own IT hardware, software, and data. Security – All processing, storing, and reading data occur over the Internet under a cloud computing model; therefore, the third party provider must maintain good security controls. For a company that maintains its own data, it is responsible for its own security. Availability – In a cloud computing model, any service interruptions are under the control of a third party provider; whereas, a company that maintains its own data would need to implement its own backups, business continuity, and disaster recovery plans. Processing Integrity – All control of software installation, testing, and upgrading is transferred to the third-party provider of cloud computing services; whereas, a company that maintains its own data is responsible for the accuracy and completeness of its own processing. Confidentiality – Under cloud computing, the control of maintaining confidentiality is transferred to the third-party provider rather than resting in the hands of the user company. 45. (SO 5) Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls: a. Form design. A well-designed form will reduce the chance of erroneous or incomplete data. It could also increase the speed at which the form is completed. b. Form authorization and control. Forms should have a signature line to indicate that the underlying transaction was approved by the correct person. Blank documents should be properly controlled to limit access to them. c. Retention of source documents. Source documents should be maintained as part of the audit trail. They also serve as a way to look up data when queries are raised.
Page 2-7
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
46. (SO 5) Explain how control totals such as record counts, batch totals, and hash totals serve as input controls, processing controls, and output controls. Control totals serve as expected results after input, processing, or output has occurred. At each stage, the current totals can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 47. (SO 6) Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical. Student responses will vary significantly. Some possibilities include copyrighted music or video downloading from an unauthorized source, viewing pornography on computers at work, shopping or other browsing while at work, using a work computer to store personal files or process personal work, using company e-mail systems for personal e-mail (some companies may not consider this as problematic as other potential unethical acts).
Problems 48. (SO 1, 2) Explain why an organization should establish and enforce policies for its IT systems in the following areas regarding the use of passwords for log-in: a. Length of password. Passwords should be at least eight characters in length. This would make it difficult for a hacker to guess the password in order to gain unauthorized access to the system. b. The use of numbers or symbols in passwords. Passwords should contain a mix of alphanumeric digits as well as other symbols. There may also be a mix of case sensitive letters. This would make it difficult for a hacker to guess the password. c. Using common words or names as passwords. Names, initials, and other common names should be avoided as passwords, as they tend to be easy to guess. d. Rotation of passwords. Passwords should be changed periodically, approximately every 90 days. This will limit the access of a hacker who has gained unauthorized access. e. Writing passwords on paper or sticky notes. Passwords should be committed to the user’s memory and should not be written down. If they are documented, this increases the likelihood that an unauthorized user may find the password and use it to gain access to the system. 49. (SO 2) The use of smart cards or tokens is called two-factor authentication. Answer the following questions, assuming that the company you work for uses smart cards or tokens for two-factor authentication. Required:
Page 2-8
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
a. What do you think the advantages and disadvantages would be for you as a user? As a user, the advantages of two-factor authentication would be the security of the information in the system that I am using. I would know that it would be difficult for an unauthorized user to alter a system that uses two-factor authentication, so I have more confidence in the data within such a system. In addition, it is relatively easy to remember a password and to transport a smart card or security token. On the other hand, I might consider the use of two-factor authentication to be a disadvantage because it places more responsibility on me, the user. For instance, in order to access the system, I have to remember my password and maintain control of a security device. It might be considered an inconvenience to a user to maintain a smart card or security token and remember to keep it accessible at all times that I may need to access the system. It might also be susceptible to loss, similar to a set of keys. b. What do you think the advantages and disadvantages would be for the company? From the company’s perspective, the advantage of two-factor authentication is the strength of the extra level of security. The company has additional protection against unauthorized access, which makes it difficult for a hacker to access the system. The disadvantage is the cost of the additional authentication tools that comprise the dual layer of security. 50. (SO 4) Many IT professionals feel that wireless networks pose the highest risks in a company’s network system. Required: a. Why do you think this is true? Wireless networks pose the highest risks in a company’s network computer system because the network signals are transported through the air (rather than over cables). Therefore, anyone who can receive radio signals could potential intercept the company’s information and gain access to its network. This exposure is considered greater than in traditional WANs and LANs. b. Which general controls can help reduce these risks? A company can avoid its exposure to unauthorized wireless network traffic by implementing proper controls, such as wired equivalency privacy (WEP) ore wireless protected access (WPA), station set identifiers (SSIDs), and encrypted data. 51. (SO 5) Control totals include batch totals, hash totals, and record counts. Which of these totals would be useful in preventing or detecting IT system input and processing errors or fraud described as follows? a. A payroll clerk accidentally entered the same time card twice. Any of the three control totals could be used: A batch total could detect that too many hours were entered; A hash total could detect that an employee number summation was overstated; A record count could detect that too many time cards were entered.
Page 2-9
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
b. The accounts payable department overlooked an invoice and did not enter it into the system because it was stuck to another invoice. Any of the three control totals could be used: A batch total could detect the missing amount; A hash total could detect that the vendor number summation was misstated; A record count could detect that too few invoices were entered. c. A systems analyst was conducting payroll fraud by electronically adding to his “hours worked” field during the payroll computer run. A batch total could detect this fraud by revealing that the hours worked on the inputs did not agree with the hours worked on the output reports. d. To create a fictitious employee, a payroll clerk removed a time card for a recently terminated employee and inserted a new time card with the same hours worked. A record count could detect this fraud only if there was a control in place to compare the number of records processed with the number of active employees and the number of active employees had been updated to reflect a reduction for the recently terminated employee. 52. (SO 5) Explain how each of the following input validation checks can prevent or detect errors: a. A field check examines a field to determine whether the appropriate type of data was entered. This will detect mistakes in input, such as erroneous input of numeric information in an alpha field. b. A validity check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values. This will detect mistakes in input, such as nonsense entries caused by the input personnel striking the wrong key. c. A limit check verifies field inputs by making sure that they do not exceed a pre-established limit. This prevents gross overstatements of the data beyond the acceptable limit. d. A range check verifies field inputs by making sure that they fall within a pre-established range limit. This prevents gross overstatements and understatements of the data beyond the acceptable limits. e. A reasonableness check compares the value in a field with similar, related fields to determine whether the value seems reasonable. This can detect possible errors by identifying “outliers”. f. A completeness check assesses the critical fields in an input screen to make sure that an entry has been input in those fields. This detects possible omissions of critical information. g. A sign check examines a field to determine that it has the appropriate positive or negative sign. This can prevent misstatements caused by misinterpretation of information. h. A sequence check ensures that a batch of transactions is sorted and processed in sequential order. This ensures that a batch will be in the same order as the master file. This may prevent errors in the master file by ensuring that the sequence is appropriate to facilitate an accurate update of the master file.
Page 2-10
Chapter 4 Solutions i.
Internal Controls and Risks in IT Systems
A self-checking digit is an extra digit added to a coded identification number, determined by a mathematical algorithm. This detects potential errors in input data.
53. (SO 2) The IT governance committee should comprise top level managers. Describe why you think that is important. What problems are likely to arise with regard to IT systems if the top level managers are not involved in IT governance committees? It is important for an IT governance committee to be comprised of members of top management so it can appropriately align IT investments with the company’s overall business strategies. If top level managers were not involved in this committee, it is likely that IT changes could be approved which do not enhance the company’s overall goals and strategies. In addition, it is possible that IT changes could be discussed and developed without receiving proper approval or funding. 54. (SO 2) Using a search engine, look up the term “penetration testing.” Describe the software tools you find that are intended to achieve penetration testing. Describe the types of systems that penetration testing is conducted upon. Software tools that perform penetration tests must be able to replicate a successful unauthorized access attempt or recreate an attack on a company’s security, but it must be able to do so without altering of damaging the systems upon which these tests are conducted. This will reveal weaknesses in the system so that the company can implement controls to strengthen the security of its system. Penetration testing is typically conducted upon network systems. 55. (SO 2) Visit the AICPA website at www.aicpa.org. Search for the terms “WebTrust” and “SysTrust.” Describe these services and the role of Trust Services Principles in these services. WebTrust services are professional services that build trust and confidence among customers and businesses which operate on the Internet. SysTrust services build trust and confidence between business partners who use and rely upon each other’s computer systems. These services are built upon the Trust Services Principles of Security, Privacy, Availability, Confidentiality, and Processing Integrity to help companies create trustworthy systems. Both of these services are represented by seal on the company’s Web site. 56. (SO 2) Using a search site, look up the terms “disaster recovery,” along with “9/11.” The easiest way to search for both items together is to type into the search box the following: “disaster recovery” “9/11.” Find at least two examples of companies that have changed their disaster recovery planning since the terrorist attacks on the World Trade Center on September 11, 2001. Describe how these companies changed their disaster recovery plans after the terrorist attacks. Students’ answers may vary greatly, as there are numerous examples of companies who operated in or near the World Trade Center or were otherwise affected by the events of September 11, 2001 and who have revised their business disaster recovery plans as a result. A few examples are the financial services companies of Lehman Brothers, Merrill Lynch, and American Express. An article at www.cio.com includes interviews with
Page 2-11
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
the IT executives at these companies as they look back to the events of 9/11. In particular, Lehman Brothers has worked hard to increase its redundant storage and real-time back-ups. It also updated its phone systems so that all direct lines to customers would not terminate at the same place, as they did at the World Financial Center. In addition, it has developed a new business continuity plan, with variations that are now tied to the Homeland Security Advisory System’s color-coded warning levels. At Merrill Lynch, disaster recovery efforts focused on diversification of vendors to relieve the concentration from Lower Manhattan. In addition, it outfitted its buildings used for recovery with wireless LANs; this allows for increased flexibility through the broadcast of signals to multiple access points. For American Express, disaster recovery planning and business continuity planning have changed to a geography-based approach, recognizing that disasters are likely to affect large geographic areas. The events of 9/11 proved that Amex’s previous building-based program was not effective. 57. (SO 5) Go to any website that sells goods. Examples would be BestBuy, Staples, and J.Crew. Pretend that you wish to place an order on the site you choose and complete the order screens for your pretend order. Do not finalize the order; otherwise, you will have to pay for the goods. As you complete the order screens, attempt to enter incorrect data for fields or blanks that you complete. Describe the programmed input validation checks that you find that prevent or detect the incorrect data input. Student’s responses are likely to vary significantly, as different Web sites have different input validation checks. However, most Web sites have a warning message that will appear if invalid information is entered. (For instance, the message “The billing city, state, zip code, and country entered do not match up. Please revise your selections below” was encountered on jcrew.com when bogus city and zip code information was entered.) The warning message will typically prevent the user from proceeding to the next step in the transaction until the error is corrected. 58. (SO4) Using an Internet search engine, search “cloud computing” and create a list of at least ten companies that provide cloud computing services. List the names of the companies and a brief description of the cloud computing services provided by each company. Student’s responses are likely to vary significantly but are likely to include companies such as GoogleApps, MicroSoft Office 365, Windows Azure, Amazon, OrangeScape, Onlive, Heroku, Mendix, Cloud Foundry, Joyent, Terremark, etc.
Cases 59. Authentication and hacking controls at an environmental consulting company. Required: a. From the list of general controls shown in Exhibit 4-5, list each authentication and hacking control that you think the EnviroCons Company should have in place. Any of the Authentication controls could
Page 2-12
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
be used, including user IDs, passwords, security tokens or smart cards, biometric devices, login procedures, access levels, computer logs, and authority tables. In addition, any of the hacking controls could be used, including a firewall, security policies, security breach resolution, secure socket layers, a virtual private network, wired equivalency privacy, service set identifiers, antivirus software, vulnerability assessments, penetration testing, and intrusion detection. Encryption is also likely to be necessary in order to protect the confidential data of the companies throughout the US that EnviroCons serves. b. Explain how each control that you list can prevent IT related risks for EnviroCons. Login procedures, including passwords, security tokens or smart cards, and biometric devices, are needed to limit access to the system to authorized users. Login procedures should always include passwords, and may be strengthened to include two-factor authentication by requiring a security token or smart card in addition to the password. In addition, the company’s system policies should be documented and administered consistently, including authority tables and establishment of appropriate access levels and securities breach resolutions, and the maintenance of computer logs. This will provide for limiting access to authorized employees, monitoring and resolving problems, and recording access times so as to establish accountability. Regarding hacking controls, firewalls are needed to block unauthorized external network traffic. Encryption will convert the data into cipher text, or secret codes that will be deemed useless to any hacker who intercepts it. SSL can be built into the Web server to encrypt data transferred on the Web site. A VPN is needed for authentication and encryption of Internet traffic, which is important for the EnviroCons consultants working offsite who need to access the company’s database. For the wireless network, WEP would also be useful for encrypting the data and unique SSIDs would require passwords between the network’s sending and receiving nodes. Antivirus software is needed to scan the system for viruses or worms and delete them before they infect the data or system. Finally, vulnerability assessments, penetration testing, and intrusion detection testing could each be used to locate weaknesses in the company’s systems so that they can be controlled to prevent unauthorized access. c. Are there any general controls that you think would not be cost-beneficial? Biometric devices, such as fingerprint or retina scans or voice recognition software is probably not cost beneficial in the case of EnviroCons, as other forms of two-factor authentication could be used just as effectively at a lower cost. 60. Consideration of Internet EDI in a plastics manufacturing company. Required: a. Describe the extra IT system risks that Plaskor should consider as it evaluates whether to buy or develop an Internet EDI system. As Plaskor converts to an Internet EDI system, it will become susceptible to a wide range of risks
Page 2-13
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
concerning the security, availability, processing integrity, and confidentiality of its system. As new business partners may be granted access to Plaskor’s systems, the potential exists for those users to browse, alter, destroy, or steal data or programs, make unauthorized transactions, or otherwise sabotage the systems in order to make them inoperable or unavailable. These risks are increased if the company does not implement controls to detect and prevent them. b. Describe the IT internal controls that should be incorporated into an Internet EDI system. In a well-controlled Internet EDI system, the external users should be required to log with a user ID and password. Security tokens, smart cards, or biometric devices may also be used. Authority tables should limit the access level of the user and computer logs should monitor the activity of the user. A firewall should be installed to limit access to recognized external users, and data should be encrypted to ensure that its privacy is protected. The standard form of encryption used to protect Internet exchange of data is SSL. 61. Fraud at PT&T. Required: List and describe internal controls from this chapter that may helped prevent or detect Jerry Schneider’s fraud. Keep in mind that this case occurred before there was an Internet and large company computer networks. PT&T’s authority tables should have limited Jerry Schneider’s computer access levels to selected vendor information. He should not have been able to access the entire files and program code for the company’s inventories and ordering systems. In addition, he should not have had the authority to alter programming in order to erase evidence of his activities. If access had been properly limited, the company’s computer logs would have been able to detect the types of activities that Schneider had performed while accessing PT&T’s systems. Finally, a simple physical control should have prevented the issuance of keys to suppliers.
Page 2-14
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 5
Concept Check 1. b 2. c 3. d 4. d 5. a 6. c 7. d 8. d 9. c 10. c 11. b 12. d
Discussion Questions 13. (SO 1) Why is tone at the top so important to corporate governance? Tone at the top is so important because it is the set of values and behaviors in place for corporate leaders. As the term suggests, it sets the tone, or pattern, for the entire organization. Thus a “bad” tone at the top is likely to filter down and affect all levels of the enterprise. 14. (SO 1) Why do you think companies that practice good corporate governance tend to be successful in business? Good corporate governance means that the company leadership is held accountable for building shareholder value and creating confidence in financial reporting processes. This accountability means that corporate leaders are more likely to do the right thing: that is, they operate efficiently, effectively, and ethically. Such companies tend to be more successful. 15. (SO 2) Which stakeholder group, internal or external, is more likely to be affected by corporate governance, and which has a direct affect on corporate governance? External stakeholders are most affected by
5-1
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
corporate governance. Bad corporate governance is likely to lead to negative consequences for external stakeholders such as creditors or stockholders. Internal stakeholders have a more direct effect on the state of corporate governance. Those external to the company do not have as much influence or control. 16. (SO 2) Explain how it is possible that a shareholder could be considered both an internal and external stakeholder. Shareholders are owners of the company and could therefore be considered internal; stakeholders. However, in many large corporations, most shareholders own such a small percentage of outstanding shares that they have little to no influence on the corporation. Thus, they could be considered external stakeholders. 17. (SO 2) Why is the Board of Directors considered an internal stakeholder group, when it is required to have members who are independent of the company? Because the board of directors has the highest level of authority with respect to company objectives and strategies, it is considered an internal stakeholder group. Therefore, it has a direct and strong influence on the governance of the enterprise. 18. (SO 2) How can internal auditors maintain independence, since they are employees of the company? Internal auditors should not have any reporting relationship or conflicting roles that impact their objectivity on the job. For example, internal auditors often report to the audit committee so that they are not reporting to a manager who would lead to a conflict of interest. If internal auditors report to the CEO or CFO, those parties are more likely to have an interest in hiding any fraudulent or unacceptable behavior. 19. (SO 3) Identify the four functions of the corporate governance process. The four functions of the corporate governance process are: management oversight, internal controls and compliance, financial stewardship, and ethical conduct. 20. (SO 3) Describe the key connection between tone at the top and management oversight. Management oversight is the set of policies and practices in place to lead the directorship of the company. This set of policies and practices, if consistently demonstrated by management, should set a good tone at the top.
5-2
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
21. (SO 3) Explain the connection between fiduciary duty and financial stewardship. Fiduciary duty means that management has been entrusted the power to manage assets of the corporation, which are in turn owned by the shareholders. Financial stewardship is the obligation of the fiduciary to treat these assets with discipline, respect, and accountability. 22. (SO 4) Why do many accountants claim that corporate governance was born in the 1930s? The stock market crash of 1928 is believed to have been caused by misleading accounting and reporting practices. The federal government responded by passing both the Securities Act of 1933 and the Securities Exchange Act of 1934. These were the first regulations to attempt to require management accountability to investors, so they are thought of as the birth of corporate governance. 23. (SO 4) What is the primary difference between the Securities Act of 1933 and the Securities Exchange Act of 1934? The Securities Act of 1933 requires full financial disclosure before securities can be sold, while the Securities Exchange Act of 1934 requires ongoing disclosure for registered companies. 24. (SO 5, 6) Why did the SEC establish the PCAOB? The PCAOB was established to govern the work of auditors of public companies. The PCAOB provides standards for audits, and has investigative and disciplinary authority over public accounting firms. 25. (SO 5) Why can auditors no longer be involved in helping their audit clients establish accounting information systems? Around the period of discussion on the upcoming Sarbanes-Oxley act, there was a general perception in public that this type of consulting engagement impaired the independence of auditors. There was concern that a firm that helped design an accounting system could not be independent in assessing the effectiveness and reliability of that accounting system. To enhance independence, the Sarbanes-Oxley Act prohibited such consulting engagements. 26. (SO 5) Under what conditions are auditors permitted to perform nonaudit services for their audit clients? Non-audit services are permitted only if the auditor has obtained prior approval from the client’s audit committee.
5-3
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
27. (SO 5, 6) How has the Sarbanes-Oxley Act increased the importance of audit committees in the corporate governance process? The SOX Act places much more responsibility on the audit committee. On financial matters, the audit committee is to supervise the board of directors, which in turn supervises corporate management. The audit committee must be independent and it is responsible for hiring, firing, and overseeing the external auditors. The external auditors report to the audit committee on all audit related matters. Some companies may have followed these practices prior to 2002, but SOX now requires the use of these practices. 28. (SO 5) Identify the six financial matters that must be certified by a company’s top officers under the requirements of Section 302 of the Sarbanes-Oxley Act. The following matters must be certified by a company’s top officers: (1) the signing officers have reviewed the report in detail; (2) based on the signing officer’s knowledge, the report does not misstate any facts; (3) based on the signing officer’s knowledge, the financial statements and related disclosures are fairly presented; (4) the signing officers are responsible for the establishment, maintenance, and effectiveness of internal controls; (5) the signing officers have disclosed to the auditors and audit committee any instances of fraud or internal control deficiencies; (6) the signing officers indicate whether or not any significant changes in internal controls have occurred since the date of their most recent evaluation. 29. (SO 5) Explain the relationship between Section 401 of the SarbanesOxley Act and the concept of transparency. Transparency in financial reporting implies that nothing is hidden from the view of readers of financial statements. Section 401 requires new disclosure information on the financial statements for off-balance-sheet transactions. This ensures that off-balance-sheet transactions are not hidden from readers. 30.(SO 5) Explain the difference between management’s responsibility and the company’s external auditors’ responsibility regarding the company’s internal controls under Section 404 of the Sarbanes-Oxley Act. Under section 404 of the SOX Act, the CEO and CFO have the responsibility to maintain a proper system of internal control. Management must assess the effectiveness of the internal control system based on an established framework such as COSO. The
5-4
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
external auditor must review the internal controls and attest to the effectiveness of the internal controls. 31. (SO 5) Explain why Section 409 of the Sarbanes-Oxley Act has placed more pressure on members of IT departments within public companies. Section 409 of the SOX Act requires real-time disclosures of important corporate events such as bankruptcy, new contracts, acquisitions and disposals, and changes in control. This real-time reporting requires that the company’s accounting systems track such events in real-time. Therefore, IT departments must help establish and maintain IT systems capable of achieving these reporting requirements. 32. (SO 5) How is the Sarbanes-Oxley Act forcing corporations to become more ethical? The SOX Act requires all public companies to have a code of ethics in place. This does not guarantee that ethical conduct will occur, but it at least informs managers and employees that they are expected to act ethically. 33. (SO 6) Why do corporate leaders see their jobs as more risky since the Sarbanes-Oxley Act became effective? There are several “sign-offs” that corporate leaders must do. If a corporate officer signs-off without due care or fraudulently, he or she can be subject to penalties. 34. (SO 6) Which governing body holds the top position of management oversight? The corporate board of directors holds the top management oversight position . 35. (SO 6) Identify two ways that companies are making efforts to improve the financial stewardship of their managers. In order to improve the financial stewardship of their managers, some companies are offering training programs to assist managers in understanding their stewardship responsibilities and some have made adjustments to management incentive compensation packages to reduce the temptation to manage earnings. 36. (SO 7) How can IT departments assist corporate managers in fulfilling their corporate governance roles? A company’s IT infrastructure is a very important system for allowing management access to the information they need to ensure compliance with corporate governance guidelines. The IT system can also help ensure managers and
5-5
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
employees are trained on ethics and corporate governance. The chapter mentions the example of BASF that supplies ethics training via the Internet. 37.(SO 8) How is it that management’s role as financial stewards may be considered a conflict of interest with their position as employees of the company? Managers often have compensation plans in which incentives are tied to company earnings. This may lead to a conflict between what is in the best interest of shareholders and the best interest of the manager or employees. Often what is in the best interest of employees or management is not in the best interest of the shareholders.
Brief Exercises 38. (SO 2) Why are shareholders sometimes considered internal stakeholders and sometimes considered external stakeholders? Shareholders are owners of the company and could therefore be considered internal stakeholders. However, in many large corporations, most shareholders own such a small percentage of outstanding shares that they have little to no influence on the corporation. Thus, they could be considered external stakeholders. 39. (SO 3) Is it possible for financial information to be accurate and complete, but not transparent? Similarly, is it possible for financial information to be transparent, but not accurate and complete? Explain. Yes, it is possible for information to be accurate but not transparent. For example, if a company accurately reports information on the face of the financial statements but neglects to disclose appropriate explanatory information in the footnotes, then transparency is compromised. On the other hand, a company can be thorough in providing supplementary information that is needed to understand and analyze the financial statement amounts, even though there are errors in the reporting of those amounts. 40.(SO 3) Earnings management involves lying about the company’s financial results in order to provide a more favorable impression to investors. Earnings management is discussed in the section on financial stewardship. Explain how the other three functions of corporate governance can work together to help prevent earnings
5-6
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
management within a corporation. Besides financial stewardship the other three functions of corporate governance are management oversight, internal controls and compliance, and ethical conduct. Even if there are weaknesses in financial stewardship that allow for the possibility of earnings management, these other three functions should prevent this. If effective management oversight is practiced whereby supervision and communication are key to the ongoing processes, manipulations of financial information should be caught by the diligent managers who oversee the financial reporting function. In addition, the system of internal controls should provide for the assignment of rights and responsibilities and compliance with accounting conventions in a manner that encourages accuracy and transparency of financial information. Furthermore, creating and maintaining a culture of honesty and accountability is inconsistent with the practice of earnings management. Accordingly, these strengths of the other components of corporate governance are expected to overcome any weakness in financial stewardship that might create an opportunity for earnings management. 41. (SO 4) Describe how the characteristics of the financial markets in the 1980s eventually led to the creation of the Sarbanes-Oxley Act of 2002. In the 1980s, there was intense pressure for companies to met or beat their earnings targets. As a result, creative accounting practices became more common. Even in the following decade, these irregularities became so severe that a series of high-profile corporate accounting scandals erupted. The losses suffered as a result of these corporate scandals were so significant that many investors demanded that new legislation be introduced in order to prevent repeat instances of these problems. The SOX Act was the result. 42. (SO 5) Although the Sarbanes-Oxley Act of 2002 applies to public companies, many private business organizations have been impacted by this legislation, especially if they are suppliers to a public company. Explain how this external stakeholder relationship can lead to the widespread application of Section 404 of the Act. For many of the public companies which are doing business with private companies, the requirements of the SOX Act are being superimposed upon the private companies. In order for the public company to comply with the SOX Act, it must be assured that its trading partners also maintain effective controls. As a result, many private companies are complying with the SOX Act in order to protect their business relationships.
5-7
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
43. (SO 6, 7) Describe at least three ways that the Sarbanes-Oxley Act and the increased attention to corporate governance have put more emphasis on the role of those responsible for the company’s accounting information systems. IT departments are expected to help management achieve compliance with new legislation by leveraging technology so that financial processes can be relied upon to provide accurate information. Secondly, many corporate managers are demanding more electronic recordkeeping to provide timely information, but that requires an IT infrastructure that supports the company’s strategies and goals. Finally, since most corporate managers do not have time to collect data, they need to have information that is readily accessible. 44. (SO 8) Why do you think it is particularly challenging for companies to maintain ethical behavior during difficult financial times? During difficult financial times, it is particularly challenging for companies to maintain ethical behavior because of the conflict of interest for managers in their role as financial stewards of the business. Management may be inclined to act in a way that protects their job or their employees at the expense of the shareholders. Earnings management techniques are an easy solution to this conflict.
Problems 45. (SO 3) List the six steps for establishing internal controls and describe how this process leads to stronger overall corporate governance. The six-step process for internal controls includes the following: 1. Define the key activities and resources involved in each business activity. 2. Define the objectives of each activity. 3. Obtain input from experienced users and advisors on the effective design of controls. 4. Formally and thoroughly document the details of the controls. 5. Test the effectiveness of controls to make sure they are operating as designed. 6. Engage in continuous improvement to fix problems and upgrade controls. These steps help to establish a thorough understanding of processes as the foundation for an effective system. It also provides
5-8
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
for documenting, monitoring, and improving the system as needed. This provides for accurate and transparent financial reporting. 46. (SO 5, 6) List the items that must be certified by corporate management in accordance with the provisions of the Sarbanes-Oxley Act. Discuss how these responsibilities have likely changed the period-to-period activities of the certifying managers. Top managers must submit a certified statement to accompany each annual and quarterly report to acknowledge their responsibility for the contents of the financial reports and the underlying system of internal controls. The specific points include acknowledgments that: 1. They have reviewed the report in detail. 2. The report does not misstate any facts. 3. The financial statements and related disclosures are fairly presented. 4. They are responsible for the establishment, maintenance, and effectiveness of internal controls. 5. They have disclosed any instances of fraud or internal control deficiencies. 6. They have indicated whether or not any significant changes in internal controls have occurred since the date of their most recent evaluation. The responsibilities inherent in these certified statements have likely resulted in significant changes in the activities of the signing officers. Specifically, the certifying officers can no longer delegate responsibility for the detailed accounting functions to their subordinates. These officers must become knowledgeable about the details in order to facilitate these certifications. Moreover, since the certifications must be filed quarterly, this new attention to detailed accounting information must be a continuous responsibility. 47. (SO 6) Identify the costs and benefits of complying with the SarbanesOxley Act of 2002. Do you think the costs are justified? The costs of complying with SOX are high, and have ranged from some companies’ complete overhaul of operations to other companies’ mere revisions in reporting and documentation. In addition, most companies have also seen increases in their audit costs, as auditors also have increased responsibilities as a result of SOX. On the other hand, some companies have realized benefits from the requirements of SOX, including enhanced performance as a result of improved internal controls.
5-9
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
Students’ responses to the question of SOX’s justification are likely to be mixed. Some may criticize SOX for its extreme requirements and minimal benefits, as well as the resulting shift in managerial focus from large scale, strategic issues to detailed reporting requirements. They may agree that SOX was enacted hastily in response to a few bad cases of corruption that are not necessarily representative of America’s corporate control environment as a whole. However, others may appreciate the opportunity that SOX has presented for improving corporate controls. Some SOX proponents believe that the benefits are likely realized gradually as companies increase their awareness of internal controls and streamline their business processes accordingly. 48. (SO 2, 5) Using an Internet search engine, determine who the whistleblower was at Enron. Summarize the circumstances. What was the relationship of this person with the company? Was this an internal or external stakeholder? The whistleblower at Enron was Sherron Watkins, an internal stakeholder who held the position of Vice President for Corporate Development. In 2001, she wrote a letter to Enron founder Ken Lay to warn him of the company’s impending financial problems if he did not come clean about potentially disastrous accounting tricks. She also shared her concerns with a friend at Arthur Anderson, her former employer and Enron’s audit firm. 49. (SO 3, 8) Using an Internet search engine, search for the terms “guilty as charged” + “California Micro Devices” in order to find an article about the company, California Micro Devices. Identify the related corporate governance issues. Two top-ranking executives at California Micro Devices were convicted of accounting fraud, including securities fraud and insider trading. As top executives, they were in a position of trust. The federal prosecutors in their case indicated that it was important to send a message about the seriousness of their crimes, the importance of their roles within the company, and the need for severe punishment for the abusive accounting schemes that were carried out. 50. (SO 3, 8) There are five types of management earnings techniques presented in this chapter. Provide two or three specific examples of how corporate leaders could pull off these types of fraud, as well as the internal control activities that could be used to prevent them. Student responses are likely to vary but may include the following fraud schemes, each of which may be particularly effective if conducted near year-end:
5-10
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
Early recognition of revenues, such as when management loads the sales pipeline with customer transactions that will actually be carried out in the next accounting period rather than the current period; i.e., channel stuffing. Early shipment of products, such as when management authorizes premature shipment of goods to customers. This is often done for customers who place routine or recurring orders, so management assumes that it will be able to pull off this accounting stunt by sending a shipment for a transaction that has not yet been taken place. Even if the customer refuses the shipment and returns the goods, such is likely to occur in the next accounting period, so the fraudulent sale would still be recorded in the current period. Falsification of customers, such as when bogus customers are created in the accounting records and bogus sales transactions are developed to inflate the company’s revenues. Fictitious supporting documents may be created to give the impression of a legitimate transaction with a valid customer. Falsification of invoices or other records may occur in an attempt to force more sales transactions into the current period’s accounting records. For instance, sales invoices and related shipping documents may be backdated so that they are included in the prior period. Allowing customers to take products without taking title to the products, such as forcing a trial period upon them. Management may attempt this, hoping that the customers may decide to carry out the transaction. Even if the customer returns the goods, such is likely to occur in the next accounting period, so the fraudulent shipment and sales would still be recorded in the current period.
Cases 51. Do you think the tone at the top of organizations like Enron and WorldCom led to their demise? In support of your answer, identify specific actions of top managers at each of these companies. In order to answer this question, you may wish perform research on the conditions that brought these companies down. Student responses will vary, but there is likely to be consensus on the issue of poor tone at the top leading to a company’s demise. At Enron, there are multiple
5-11
Corporate Governance and the Sarbanes-Oxley Act
Chapter 5 Solutions
examples of unscrupulous actions of deception, including the creation of offshore entities under the leadership of CFO Andrew Fastow. These special purpose entities provided management with freedom to move funds and a place to hide corporate losses. In addition, COO Jeff Skilling promoted mark-to-market accounting, where future profits were recorded early. At WorldCom, Bernie Ebbers started a fraud ring that spiraled out of control even after he was ousted as CEO. He persuaded WorldCom’s board of directors to loan him millions of dollars to cover his margin calls so he would not have to sell his company stock. Management also authorized the misclassification of expenses as capitalized costs and the recording of bogus revenue transactions. 52. Through online research, locate a code of conduct for the top management of a real world company. Discuss the importance of each component of this code in terms of ethics and its relation to the concept of corporate governance. Student responses will vary significantly, as there are numerous examples that may be found online of company’s ethics codes. Each component of a code of ethics should address one or more of the functions of corporate governance, including management oversight, internal controls and compliance, and financial stewardship. Although these functions are interrelated, integrity and ethical behavior should be pervasive. As such, ethical conduct is often regarded as the most important part of corporate governance.
5-12
Chapter 6 Solutions
IT Governance
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 6
Concept Check 1. b 2. b 3. c 4. a 5. d 6. a 7. b 8. d 9. d 10. a 11. c 12. d
Discussion Questions 13. (SO 3) At the beginning of the chapter, the real world example of Allstate’s IT expenditure is mentioned. Prior to the implementation of their IT governance committee, "whoever spoke the loudest or whoever had the biggest checkbook," got to select IT projects. What do you think the problems were with this kind of approach? There would be no long-term strategy in how they spent money on IT projects. Therefore, it would be less likely that the company is buying and using the type of IT systems that support what the company wished to accomplish in the long-term. 14. (SO 1) Why is it important that IT systems be aligned with the business strategy? IT systems are critical systems that support and enhance business processes and business strategy. If the IT systems do not support the business strategy, the company will find it much more difficult to achieve the long-term goals.
Page 6-1
Chapter 6 Solutions
IT Governance
15. (SO 1) Why would IT governance include measuring the performance of IT Systems? IT governance is the proper management of IT. Without monitoring the performance of IT, there is no feedback to determine whether it is meeting the needs of the company, and meeting the objectives it was intended to achieve. 16. (SO 3) What is the difference between technical feasibility and operational feasibility? Technical feasibility examines whether technology exists to accomplish the objectives in a proposed IT system. Operational feasibility is an examination of whether the organization could operate the proposed IT systems, given the limitations of the personnel and resources within the company. 17. (SO 3) How does the analysis of feasibilities in the systems planning phase help to prioritize system changes? A feasibility analysis may eliminate some proposed IT systems as not feasible. Of those remaining under consideration, the feasibility analysis helps determine which proposed IT systems are most feasible. Thus, those that are more feasible would have a higher priority and those that are less feasible have a lower priority. 18.(SO 4) What is the advantage of studying the current system within the systems analysis phase? It is easier to determine how to improve ther efficiency and effectiveness of a system if that system is well understood. A study of the current system helps determine which areas need improvement. 19. (SO 4) During the systems analysis phase, which two data collection methods help determine user requirements? Interviews and questionnaires both solicit information or opinions from users. These methods allow users to have input in determining system requirements. 20. (SO 5) What are the advantages of purchased software when compared with software developed in-house? Purchased software is usually less costly, more reliable, and has a shorter implementation time. 21. (SO 5) Why might it be important follow some or all of the SDLC phases for purchased software? Even when software is purchased, it often must be modified or customized. The SDLC phases help organize and manage those steps to modify or customize the software. 22. (SO 5) How is conceptual design different from detailed design? The detailed design is much later in the process and creates the entire set of specifications necessary to build and implement the system. The conceptual design is earlier and is much more general in nature. It establishes alternative conceptual designs.
Page 6-2
Chapter 6 Solutions
IT Governance
23. (SO 5)Within the system design phase, what are the purposes of evaluation and selection? The purpose is to assess the feasibility of each alternative conceptual design and to select the alternative design that best fits the organization’s needs. 24. (SO 5) Which part of the system design phase would include designing rows and columns of output reports? Why is it important to design reports? The detailed design part of system design includes creating the details of output reports. Output reports include the information that users need to accomplish their jobs and without properly designed outputs, they cannot efficiently do these jobs. 25. (SO 6) What is the purpose of software testing? The purpose is to uncover problems in the system that would lead to erroneous accounting data. 26. (SO 6) How are accountants involved in data conversion? Accountants should do two things in data conversion. The first is to oversee the data conversion to make sure all data are completely and accurately converted. Accountants should also reconcile the converted data with the old data to insure it was accurately converted. They would compare control totals of the old and converted data to accomplish the reconciliation. 27. (SO 6) Why is a direct cutover conversion risky? It is risky because the old system is no longer in operation, and therefore, the old system cannot be used as a backup system in the event of errors or problems with the new system. 28. (SO 6) Why is parallel conversion costly? It consumes more time and money because it requires running two systems at the same time. 29. (SO 6) Why is user acceptance important? The project team is more likely to solicit and use feedback from users if they know that users must sign off on the new system. In other words, the project team cannot say their job is finished until the user sign off occurs. 30. (SO 6) Why is post-implementation review undertaken? It is undertaken to help those involved in the SDLC to learn from any mistakes they made during the process. 31. (SO 8) How does the SDLC serve as an internal control? It is an internal control in the sense that it helps ensure that IT systems meet organizational needs and that the development and implementation of new IT systems is properly controlled. 32. (SO 9) What ethical obligations do employees have as IT systems are revised? Employees should make an honest effort to participate as requested in the SDLC, learn new system processes that result, and properly use the new systems and processes.
Page 6-3
Chapter 6 Solutions
IT Governance
Brief Exercises 33. (SO 1) Describe the role that the Board of Directors should play in IT governance. The board must oversee all aspects of IT within the organization. They must articulate and communicate the direction for IT, stay aware of development, investments, and costs in IT. They should receive and review reports on major IT projects and regular performance reports, and ensure that there are suitable resources and infrastructure available. 34. (SO 3, 5) Two feasibility studies occur during the SDLC: one during systems planning, and one during systems design. Describe the differences between these two feasibility studies. In the systems design phase, the feasibility study is more detailed and the scope is different. At this part of the system design phase, the alternative system conceptual designs have been narrowed to one alternative. Thus, the feasibility study focuses on the details of that one design. The estimates of the technology needed, the operational requirements, the costs, and the implementation schedule can be more precise. In the systems planning phase, the purpose is to assess the feasibility of several alternative conceptual designs and to narrow the alternative conceptual designs. 35. (SO 4) There are four methods of data collection used in the study of the current system: observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods. In observation and documentation review, the project team views strengths and weaknesses of the system from their own perspective and they are not asking for user feedback. Interviews and questionnaires are methods to ask for user input. Interviews are faceto-face and verbal in the collection of user feedback. Questionnaires can be anonymous and written. Both interviews and questionnaires can be structured or unstructured. 36. (SO 4) Describe the purpose of Business Process Reengineering during the System Design phase. During the system design phase, the changes inherent in a new IT system may require changes in the underlying business processes. BPR is as radical rethinking and redesign of a business process to take advantage of the speed and
Page 6-4
Chapter 6 Solutions
IT Governance
efficiency of computers. BPR allows the company to make sure they are leveraging the capabilities of IT to improve the efficiency of the business processes. 37. (SO 6) There are four methods of system conversion: parallel, direct cutover, pilot, and phase-in. Describe these four methods and how they differ. A parallel conversion is the operation of both the old system and the new system for a limited period of time. A direct cutover occurs when the new system begins as of a certain date and the old system is discontinued on that same date. In a pilot conversion, the new system is implemented in a subunit or subunits within the organization. The old system would continue in other parts of the organization. In a phase-in conversion, the new system is introduced in modules, rather than the entire system at once. In comparing the four methods, the direct cutover is the most risky and the parallel is least risky. The pilot and phase-in approaches may take a longer total time to achieve a conversion to the entire new system across the organization. 38. (SO 7) Operation and maintenance is the longest and costliest part of the SDLC. Explain why this is true. When a company has completed the SDLC and implemented a new system, the intent is to operate it for a few years to capture the benefits of the new system. Therefore maintaining and operating the system may last for several years and therefore, be the most costly part also. 39. (SO 7) Describe how IT performance reports are important in IT governance. Regular monitoring of IT systems is necessary to ensure that the systems are meeting their objectives and performing as expected. If management never received performance reports, it would be difficult to know whether systems improvements or revisions were needed. 40. (SO 9) What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes Oxley Act? These restrictions are intended to increase the independence of CPA firms that provide audit services for companies. The concern was that if a company receives fees from a client for consulting work, they may be less independent of the client’s wishes and more likely to allow clients to provide misleading accounting information to the investing public.
Page 6-5
Chapter 6 Solutions
IT Governance
Problems 41. (SO 1) Mega Corporation just became a public corporation when shares of stock were sold to the public three months ago. A new board of directors has been appointed to govern the corporation. Assume that you will be giving a presentation to the board members on their responsibilities for IT systems. Write a report that could be delivered to the board. The board of directors of a company has a set of very important responsibilities related to IT systems. As top management of the company, the board must take responsibility to ensure that the organization has processes that align IT systems to the strategies and objectives of the company. To carry out this responsibility, the board must do certain functions, or ensure there are processes to carry out the following functions: * Align IT strategy with the business strategy * Cascade strategy and goals down to lower levels of the organization * Provide structures that facilitate implementation of strategy and goals * Insist that an IT control framework be adopted and implemented * Measure and review IT performance The more detailed activities needed to carry out these board responsibilities are as follows: * Articulate and communicate long-term strategy * Stay aware of latest developments in IT * Insist that IT be a regular agenda item at board meetings * Stay aware of the company’s investments, and competitors investments in IT * Ensure the senior IT official’s reporting level is appropriate to the role of IT. * Ensure the board has a clear view of the risks and returns of current or proposed IT systems * Receive and review regular reports on the progress of IT projects, and on IT performance. * Ensure adequate resources, skills, and infrastructures to meet strategic goals for IT systems If the board of directors focuses on these activities, it will help the
Page 6-6
Chapter 6 Solutions
IT Governance
board to ensure that IT systems do support long-term strategic objectives of the company. 42. (SO 2) Brumarch MultiMedia Stop is a regional retailer of consumer electronics, with warehouses and stores located in several large cities in California. The board and top management of Brumarch are considering updating their accounting, inventory, and retail sales software and hardware. The current systems are approximately 15 years old. Assume that you have been hired as a consultant to guide them through the process of upgrading their systems. Write a document that could be presented to the board of directors that summarizes the SDLC. Memorandum To: Board of Directors From: Jennifer Starnes, IT Consultant Re: Systems Development Life Cycle This memo is intended to provide an executive summary on the System Development Life Cycle (SDLC) and the importance of it for your company. IT systems are crucial to the success and profitability of Brumarch. To enhance long-term performance, the company must choose and use the IT systems that best support the company’s goals and objectives. To ensure you are selecting and using the most effective IT systems, you should follow a systematic and formal process to select, design, and implement IT systems. A failure to follow a systematic and formal process in selecting and implementing IT systems is likely to lead to a mismatch between Brumarch’s strategic objectives and the capabilities of its IT systems. One popular way of using a systematic and formal process is to follow a SDLC method. The SDLC is a set of systematic phases and steps to follow in selecting, designing, and implementing IT systems. Given limited funds and time, following an SDLC process is a planned and controlled method of ensuring a proper match between Brumarch’s IT needs and the IT system implemented.
Page 6-7
Chapter 6 Solutions
IT Governance
The phases of the SDLC are: systems planning; systems analysis; systems design; systems implementation; and operation and maintenance. These phases occur in the sequence given as a planned and controlled approach to implementing new IT systems. The following are brief descriptions of each of these phases. Systems planning involves examining the long-term objectives of your company and based on these objectives, planning and prioritizing the type of IT systems that can help you achieve those objectives. For example, if your company’s objective is to minimize inventory levels in your warehouses, you are likely to need IT systems that give you realtime and accurate information about inventory levels, and you are likely to need IT systems that help you predict or forecast sales of the various inventory items. Systems analysis is the study of the current IT system to determine its strengths and weakness, and to get user feedback about the needs in a new IT system. Systems design is the creation of the system that meets user needs as and improves the weaknesses of the old IT system. In other words, the data collected and analyzed in the systems analysis phase will guide the design of the new IT system. Systems implementation is the set of steps undertaken to program, test, and activate the IT system that was designed during the systems design phase. Operation and maintenance is the regular, ongoing functioning of the IT system and the process to fix smaller errors or problems in the IT system. Following these phases, in this order, will help you to have IT systems that best match your company’s needs. 43. (SO 4) Assume that you are the project team manager that is engaged in a systems analysis. The company is a large, national retailer with several stores and warehouses located throughout the United States. The corporate headquarters are in Atlanta, and all major accounting takes place at the corporate headquarters. Describe how you would
Page 6-8
Chapter 6 Solutions
IT Governance
use the various data collection techniques of observation, documentation review, interviews, and questionnaires. Observation and documentation review are both methods that allow a project team to better understand the IT system without soliciting input from users. That is, these methods do not interrupt the work of users, but they only uncover strengths and weaknesses in the IT systems that are evident to the project team. These two methods would be used at the corporate headquarters by the project team. It may be necessary for the project team to also visit and observe at a couple of stores and a couple of warehouses. However, it would not be necessary, nor would it be cost effective, to visit all stores and all warehouses. Interviews and questionnaires both solicit feedback from users. Due to the number of stores and warehouses, it would be more effective to send surveys to these locations for certain users to complete. At the corporate headquarters, it would be possible to use both interviews and questionnaires. Because of the time consuming nature of interviews, they would be used on the smaller set of managers who use the IT system. The questionnaires would be used to survey the larger group of users who are not managers. 44. (SO 5) CEEMCO Corp. is a small, privately owned manufacturing company in Cincinnati. CEEMCO manufactures custom products as well as store display products to sell to other companies such as retailers. Using an Internet search engine, do a search using the search terms “CEEMCO” and “Cincinnati.” Examine the kind of manufacturing the company does. Once you have completed that, examine an accounting software site such as www.2020software.com or www.accountingsoftware411.com. Complete the following: a. Describe the process Ceemco should undertake to determine which accounting software might be the best fit for the company. For a small company, CEEMCO is not likely to have an IT staff that could assist with an SDLC process to develop specifications for any software systems needed. The more likely approach would be to hire a consulting firm to help select and install an accounting software system. b. Although you do not know much about the company, develop a list of requirements you believe any accounting software should have for CEEMCO to consider the software as a viable alternative. Since it produces many different categories of products (store displays, metal
Page 6-9
Chapter 6 Solutions
IT Governance
fabrication, plastic parts fabrication, medical case carts, HVAC products such as radiators, and retail products such as window ornaments), the company is very likely to have an extensive array of raw material inventories and the need to track many different types of work-in-process. Therefore, the most critical need may be for manufacturing and inventory tracking modules. The software would also need basic accounting modules such as accounts receivable, accounts payable, and general ledger. It is not possible to determine whether CEEMCO does its own payroll or whether it outsources payroll. If payroll is handled in-house, CEEMCO would need a payroll module. In addition, since the company sells the window-ornament products online, there would be a need for an e-commerce module. There is no mention of locations other than two in Cincinnati. Therefore, there is not likely to be any need for a system that handles international currencies. c. Choose an accounting software from your Web search, and describe why you believe it is a good match for CEEMCO. There is no single correct answer to this question, but there are some answers that would be incorrect. For example, Quickbooks would not have the power necessary for this business. Also, enterprise level systems such as SAP or Oracle would be too expensive for a small company such as CEEMCO. Products such as MAS 200, MAS 500, Dynamics GP, or ACCPAC would be more appropriate. 45. (SO 2) There are several approaches to applying an SDLC methodology to IT system change. Using an Internet search engine, search for these terms: SDLC, waterfall, JAD (joint application development), RAD (rapid application development), build and fix, and spiral model. For example, you might try entering these search terms: SDLC waterfall. Write a brief definition of these various approaches to the system development life cycle. The student answers to this will vary depending on which web sites they use and when they access web sites. A sample answer is provided. The SDLC waterfall approach is the oldest approach to system development. In a waterfall approach, there is a sequence of steps and the output of one sequence becomes the input for the next step. The method described in this chapter is a waterfall approach. Joint application development (JAD) is intended to reduce
Page 6-10
Chapter 6 Solutions
IT Governance
development time and to increase customer (end user) satisfaction with the system. It is a method that involves a series of meetings with the end users or clients that will use the system. These meetings with end users are called JAD sessions. Rapid application development (RAD) usually involves object-oriented programming, a method that encourages the reuse of programmed modules. RAD includes: 1) workshops or focus groups to gather requirements, 2) Protoyping, and testing of those prototypes, 3) Strict time limits on each development phase that delays immediate fixes and defers these improvements to the next prototype, and 4) Less formality in team communications. The build and fix method is very open-ended and can be very risky. The method does not have formal steps such as in the waterfall method. In this method, a system is simply built (code is written) and then it is fixed until the customer is happy with it. In the spiral approach, an initial model of the system is developed and then successively refined with input from end users. The development of each successive version of the system is undertaken using the carefully controlled steps in the SDLC waterfall approach. In addition, after each development of each successive version, a risk assessment is undertaken to determine whether it is worthwhile to move to the next development version, or to stop. The web sites used for this solution are: http://www.computerworld.com/developmenttopics/development/story/ 0,10801,71151,00.html http://eproj.net/cgi-bin/pblog/index.php?entry=entry071106-131621 http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci214 246,00.html http://www.ctg.albany.edu/publications/reports/survey_of_sysdev/surve y_of_sysdev.pdf http://www.garywwright.com/sdlc.php
46. (SO 9) Tannell Johnson is an accounting software consultant at Fipps and Associates Consulting. Fipps is a value-added reseller of accounting software for midsize companies, which normally have revenue between 50 million and 500 million dollars. One of Johnson’s
Page 6-11
Chapter 6 Solutions
IT Governance
responsibilities is to solicit new client companies and to meet with their management to recommend the best accounting software system for them. Midmarket accounting software typically offers several modules that the client may choose from. For example, not all clients would need an e-business module for their accounting software. Since part of Johnson’s compensation is a percentage of software sales and consulting revenue that he generates, what are the ethical conflicts he faces when soliciting new clients and recommending software and software modules? The nature of a consultant’s business can cause ethical issues to be raised because there can be a conflict between what is best for the client and what is best for the consultant. There are at least three important ethical traps that a consultant could easily fall into: excessive billing of hours; recommending only software products that have a high profit margin for the consultant; and recommending unnecessary modules. All three of these ethical issues have a common thread. In each of these situations, the consultant is trying to maximize his own wealth and is not putting the highest priority on the client’s needs. A consultant could inflate hours worked and/or bill for extra hours not really worked for that client. In both cases, the consultant is dishonest and unethical. These fictitious billing acts are also fraudulent and illegal. The other two ethical issues mentioned above are not as easily proven to be illegal, but they are unethical. If a consultant feels two different software systems may meet the customer’s needs, but chooses the one with the higher profit margin solely for the higher profit, he is acting unethically. Also if a consultant recommends additional software modules that are not really needed by the client, he is acting unethically.
Cases 47. The Electronics Shak is a retailer of electronics such as cell phones, satellite radios, mp3 players, and high-end LCD and plasma TVs. The Electronics Shak is a large chain with stores in strip shopping centers throughout the United States. However, each store is small, with generally five to six employees and a manager. Each store sells much less volume than large electronic retailers such as Best Buy or Circuit City.
Page 6-12
Chapter 6 Solutions
IT Governance
Top management has recently become concerned with what appears to be an excessive amount of inventory loss (shrinkage) at many of its stores. At this point, the management team is uncertain as to whether the excessive loss is due to weaknesses in its IT system that tracks inventory or to customer and employee theft at the stores. Top managers are concerned that the IT system may be a contributing factor to the loss and would like to study whether a new system should be implemented. Through their industry contacts, they know that large retailers such as Best Buy and Circuit City use much more sophisticated inventory management systems than The Electronics Shak does. A systems analysis would require a cost benefit analysis and a feasibility study. Describe steps that The Electronics Shak should undertake to complete a cost-benefit analysis and a feasibility study for a new IT system to track inventory. A feasibility study assesses feasibility in four areas: technical, operational, economic, and scheduling feasibility. To conduct the technical feasibility, The Electronics Shak should determine the kind of inventory management software systems that are available in the market. For example, some companies are now using Radio Frequency Identification systems (RFID). These newer technology systems are the kind of inventory systems that The Electronics Shak should investigate during the technical feasibility study. The company should try to determine the latest technology in tracking inventory systems. That is, what does current technology allow the company to achieve in tracking inventory? The company could also consider whether it could build an inventory system internally, but this is not a likely option. To examine operational feasibility, The Electronics Shak should compare its current system hardware and personnel to the system hardware and personnel needed to operate the new inventory systems identified in the technical feasibility study. The Electronics Shak will find that some systems are more likely to be the type that the company could operate given the hardware and personnel available to them. Of course, some new hardware could be purchased and new personnel hired, but the more of this activity is required for a particular system, the less feasible it is from an
Page 6-13
Chapter 6 Solutions
IT Governance
operational standpoint. An examination of economic feasibility is a cost-benefit analysis. To conduct economic feasibility, The Electronics Shak should compare cost estimates for each potential system to the monetary benefits expected for each system. Usually, the monetary benefits are cost savings that result from efficiencies of the new system. The Electronics Shak would need to estimate the costs of new systems and the cost savings of those systems. Those potential systems in which benefits are greater than costs are more feasible. To assess schedule feasibility, The Electronics Shak must try to estimate the time required to implement each of the potential systems. As the length of time to implementation increases, a system becomes less feasible. A very long implementation period may mean that the system will take too long to begin recognizing benefits and it may also mean that the hardware and software could be out of date by the time it is implemented. 48. Schibey International is in the process of purchasing a new accounting software system. Schibey is in a very specialized industry, with an international market. The company manufactures specialized parts to sell to companies in the oil exploration and drilling industry. The corporate headquarters are in Fort Worth, Texas, and a significant number – approximately one-half – of their operations are U.S.-based. They also maintain production plants and a sales and support staff in most oil-producing countries. Explain the factors that Schibey should consider when determining which software system will best suit its needs. The items mentioned in the question are some of the important factors. For example, the accounting system must have the capability to work with various international currencies. The software must also have the capability to use a large account numbering system to easily identify the various locations and purposes of the various accounts. The chart of accounts will likely have a large number of accounts that are subdivided by location and purpose. Schibey also must consider its specialized industry. Therefore the software must be able to match to the special processes or information needs of the industry. In addition to the unique factors that Schibey should consider, it should examine the
Page 6-14
Chapter 6 Solutions
IT Governance
same kinds of feasibility that any company should consider. Therefore, for any accounting software under consideration, Schibey should assess technical, operational, economic, and schedule feasibility. 49. Refer to case 48. Describe which parts of the design phase Schibey should undertake to ensure that the purchased software matches with the business processes that it will use. First, Schibey must determine whether it should employ a consulting firm to assist in the purchase and implementation of the software. If a consulting firm is hired, Schibey should interview, request bids, and select a consulting firm early in the process. The consulting firm would then assist with all steps in selecting and implementing the software. If so desired, Schibey could also bring in a consulting firm for the later stages of the design. Request for proposals (RFPs) must be sent to any software firm under consideration. The returned RFP (bid) will include details about the software, the support provided for the software, and the price. The project team or IT governance committee should review each RFP in detail to select the best software system. The things that should be considered while reviewing the RFPs are: * The price of the software * The match of the software to user needs * The technical, operational, economic, and schedule feasibility * Technical support provided by the vendor * Reputation and reliability of the vendor * Usability and user friendliness of the software * Testimonials from customers currently using the software If the software selected must be modified to meet any specific needs of the company, the project team should develop design specifications for those modifications. If those modifications are extensive, the entire detailed design phase should be undertaken to design outputs, inputs, processes, and controls.
Page 6-15
Chapter 7 Solutions
Auditing Information Technology-Based Processes
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 7
Concept Check 1. b 2. b 3. d 4. c 5. b 6. a 7. c 8. b 9. d 10. a 11. a 12. c 13. c 14. d 15. c 16. a 17. c 18. a 19. a 20. c 21. d
Discussion Questions 22. (SO 1) What are assurance services? What value do assurance services provide? Assurance services are accounting services that improve the quality of information. Many services performed by accountants are valued because they lend credibility to financial information. 23. (SO 2) Differentiate between a compliance audit and an operational audit. A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness.
Chapter 7 Solutions
Auditing Information Technology-Based Processes
24. (SO 2) Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits. 25. (SO 2) Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems. The IT environment plays a key role in how auditors conduct their work in the following areas: consideration of risk determination of audit procedures to be used to obtain knowledge of the accounting and internal control systems design and performance of audit tests. 26. (SO 3) Describe the three causes of information risk. Information risk is caused by: Remote information; for instance, when the source of information is removed from the decision maker, it stands a greater chance of being misstated. Large volumes of information or complex information. Variations in viewpoints or incentives of the preparer. 27. (SO 3) Explain how an audit trail might get “lost” within a computerized system. Loss of an audit trail occurs when there is a lack of physical evidence to view in support of a transaction. This may occur when the details of accounting transactions are entered directly into the computer system, with no supporting paper documents. If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered. 28. (SO 3) Explain how the presence of IT processes can improve the quality of information that management uses for decision making. IT processes tend to provide information in a timely and efficient manner. This enhances management’s ability to make effective decisions, which is the essence of quality of information. 29. (SO 4) Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting. The standards of fieldwork provide general guidelines for performing the audit. They address the importance of planning and supervision, understanding internal controls, and evidence accumulation. The standards of reporting address the auditor’s requirements for communicating the audit results in writing, including the reference to GAAP, consistency, adequate disclosures, and the expression of an overall opinion on the fairness of financial statements. 30. (SO 4) Which professional standard-setting organization provides guidance on the conduct of an IT audit? The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit. 31. (SO 5) If management is responsible for its own financial statements, why are auditors important? Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP. Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements. To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid.
Chapter 7 Solutions
Auditing Information Technology-Based Processes
32. (SO 6) List the techniques used for gathering evidence. The techniques used for gathering evidence include the following: physically examining or inspecting assets or supporting documentation obtaining written confirmation from an independent source rechecking or recalculating information observing activities making inquiries of company personnel analyzing financial relationships and making comparisons to determine reasonableness 33. (SO 6) During which phase of an audit would an auditor consider risk assessment and materiality? Risk assessment and materiality are considered during the planning phase of an audit. 34. (SO 7) Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic. Auditing through the computer is necessary when the auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form. Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit. 35. (SO 8) Explain why it is customary to complete the testing of general controls before testing application controls. Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested. The effectiveness of general controls is considered the foundation for the IT control environment. If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls. 36. (SO 8) Identify four important aspects of administrative control in an IT environment. Four important aspects of administrative control include: personal accountability and segregation of incompatible responsibilities job descriptions and clear lines of authority computer security and virus protection IT systems documentation 37. (SO 8) Explain why Benford’s Law is useful to auditors in the detection of fraud. Benford’s Law recognizes nonuniform patterns in the frequency of numbers occurring in a list, so it is useful to auditors in the identification of fabricated data within account balances such as sales, accounts receivable, accounts payable, cash disbursements, income taxes, etc. If fraudulent data are presented, they would not likely follow the natural distribution that Benford’s Law sets forth. 38. (SO 8) Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience. Student’s responses are likely to vary greatly. Examples of physical controls may
Chapter 7 Solutions
Auditing Information Technology-Based Processes
include card keys and configuration tables, as well as other physical security features such as locked doors, etc. Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply. 39. (SO 8) Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls. Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data. However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accounting system (i.e., the hash totals are used only for their control purpose and have no other numerical significance). 40. (SO 8) The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques. The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors. The results of the test must be compared with predicted results. An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations. An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system. The testing occurs simultaneously with the company’s actual transaction processing. 41. (SO 9) Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems. Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits. Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances. Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly. 42. (SO 9) What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these tools. CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems. These tools help auditors perform routine testing in an efficient manner. The types of tests that can be performed using GAS or DAS include: mathematical and statistical calculations data queries identification of missing items in a sequence stratification and comparison of data items selection of items of interest from the data files summarization of testing results into a useful format for decision making 43. (SO 10) Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects. On the other hand, an adverse
Chapter 7 Solutions
Auditing Information Technology-Based Processes
opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements. 44. (SO 10) Why is it so important to obtain a letter of representations from an audit client? The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements. In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit. This serves as a significant piece of audit evidence. 45. (SO 11) How can auditors evaluate internal controls when their clients use IT outsourcing? When a company uses IT outsourcing, auditors must still evaluate internal controls. This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center. 46. (SO 12) An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Professional skepticism is most closely associated with the principle of Objectivity and Independence. Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements. This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest.
Brief Exercises 47. (SO 2) Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity. Provide an example of how a personal relationship might impair an auditor’s objectivity. An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates. For example, if an auditor owned stock in a client company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc. Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements. 48. (SO 3) From an internal control perspective, discuss the advantages and disadvantages of using IT-based accounting systems. The advantages of using ITbased accounting systems are the improvements in internal control due to the reduction of human error and increase in speed. The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and review of transactions.
Chapter 7 Solutions
Auditing Information Technology-Based Processes
49. (SO 4) Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement. GAAS provides a general framework that is not specific enough to provide specific guidance in the actual performance of an audit. For detailed guidance, auditors rely upon standards issued by the PCAOB, the ASB, the IAPC, and ISACA. 50. (SO 5) Ping and Pong are assigned to perform the audit of Paddle Company. During the audit, it was discovered that the amount of sales reported on Paddle’s income statement was understated because one week’s sales transactions were not recorded due to a computer glitch. Ping claims that this problem represents a violation of the management assertion regarding existence, because the reported account balance was not real. Pong argues that the completeness assertion was violated, because relevant data was omitted from the records. Which auditor is correct? Explain your answer. The completeness assertion is concerned with possible omissions from the accounting records and the related understatements of financial information; in other words, it asserts that all valid transactions have been recorded. Accordingly, Pong’s argument is correct. Ping’s argument is not correct because the existence assertion is concerned with the possibility of fictitious transactions and the related overstatements of financial information. 51. (SO 6) One of the most important tasks of the planning phase is for the auditor to gain an understanding of internal controls. How does this differ from the tasks performed during the tests of controls phase? During the planning phase of an audit, auditors must gain an understanding of internal controls in order to determine whether the controls can be relied upon as a basis for reducing the extent of substantive testing to be performed. Understanding of internal controls is the basis for the fundamental decision regarding the strategy of the audit. It also impacts the auditor’s risk assessment and establishment of materiality. During the tests of controls phase, the auditor goes beyond the understanding of the internal controls and actually evaluates the effectiveness of those controls. 52. (SO 8) How is it possible that a review of computer logs can be used to test for both internal access controls and external access controls? Other than reviewing the computer logs, identify and describe two types of audit procedures performed to test internal access controls, and two types of audit procedures performed to test external access controls. Internal access controls can be evaluated by reviewing computer logs for the existence of login failures or unusual activity, and to gauge access times for reasonableness in light of the types of tasks performed. Internal access controls can also be tested by reviewing the company’s policies regarding segregation of IT duties and other IT controls, and can test those controls to determine whether access is being limited in accordance with the company’s policies. In addition, auditors may perform authenticity testing to evaluate the authority tables and determine whether only authorized employees are provided access to IT systems. Computer logs can also be reviewed to evaluate external access controls, as the logs may identify unauthorized users and failed access attempts. External access controls may also be tested through authenticity tests, penetrations tests, and vulnerability assessments. Authenticity tests, as described above, determine
Chapter 7 Solutions
Auditing Information Technology-Based Processes
whether access has been limited to those included in the company’s authority tables. Penetration tests involve the auditor trying to gain unauthorized access to the client’s system, by attempting to penetrate its firewall. Vulnerability assessments are tests aimed at identifying weak points in the company’s IT systems where unauthorized access may occur, such as through a firewall or due to problems in the encryption techniques. 53.(SO 9) Explain why continuous auditing is growing in popularity. Identify and describe a computer-assisted audit technique useful for continuous auditing. Continuous auditing has increased in popularity due to the increase in e-commerce. Real-time financial reporting has created the need for continuous auditing, whereby auditors continuously analyze evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter. The embedded audit module is a computer-assisted audit technique that accomplishes continuous auditing. The embedded audit module approach involves placing special audit testing programs within a company’s operating system. These test modules search the data and analyze transactions or account balances that meet specified conditions of interest to the auditor. 54. (SO 11) Distinguish between the various service organization controls (SOC) reporting options available to auditors who evaluate cloud computing service providers. The SOC 1 report addresses internal controls over financial reporting. A SOC 1Type I report contains management’s assessment and the auditor’s opinion on the operating design of internal controls over financial reporting. A SOC 1 Type II report is an extension of the Type I report in that it also evaluates the operating effectiveness of those internal controls. A SOC 2 report considers controls over compliance and operations, including the Trust Services Principles. Similar to SOC 1 reports, SOC 2 reporting options also allow for a Type I or Type II conclusion depending upon whether the auditor consider suitability of design or operating effectiveness of those controls, respectively. Finally, a SOC 3 report is an unaudited report that is available to the general public containing a CPA firm’s conclusion on the elements of the Trust Services Principles.
Problems 55. (SO 4) Given is a list of standard-setting bodies and a description of their purpose. Match each standard-setting body with its purpose. I. c. II. a. III. d. IV. b. 56. (SO 8) Identify whether audit tests are used to evaluate internal access controls (I), external access controls (E), or both (B). Authenticity tests (B) Penetration tests (E) Vulnerability assessments (E)
Chapter 7 Solutions
Auditing Information Technology-Based Processes
Review of access logs (B) Review of policies concerning the issuance of passwords and security tokens (I)
57. (SO 9) Refer to the notes payable audit program excerpt presented in Exhibit 7-3. If an auditor had a copy of his client’s data file for its notes receivable, how could a general audit software or data analysis software package be used to assist with these audit tests? GAS and DAS could assist auditors in testing notes payable by performing mathematical calculations of interest amounts, stratification of amounts into current and long-term categories according to maturity dates, and performing ratio calculations as may be needed to assess compliance with restrictions. 58. (SO 11) In order to preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of nonaudit services that auditors can perform for their publiccompany audit clients. The list includes nine types of services that are prohibited because they are deemed to impair an auditor’s independence. Included in the list are the following: financial information systems design and implementation internal audit outsourcing Describe how an auditor’s independence could be impaired if she performed IT design and implementation functions for her audit client. Likewise, how could an auditor’s involvement with internal audit outsourcing impair her independence with respect to auditing the same company? Both of these scenarios would place the auditor in a position of auditing his/her own work. Auditors could not maintain independence if they are involved in both the IT design and implementation as well as the financial statement audit. To the extent that the IT system impacts financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she had designed and implemented. Likewise, auditors are not likely to be unbiased with respect to performing a financial statement audit for the same company as he/she performed internal audit work. Any evaluations performed during the internal audit engagement are likely to have a bearing on the auditor’s professional attitude while performing the financial statement audit. 59. (SO 2) Visit the AICPA website at www.aicpa.org and select the tab for Career Paths. Click on “This Way to CPA” to locate information on audit careers. The AICPA website presents information on various career paths, including public accounting (audit, taxation, financial planning, etc.), business and industry, governmental accounting, not-for-profit accounting, education, and entrepreneurship. Some specialty areas include forensic accounting, environmental accounting, and showbiz accounting. 60. (SO 4, 9) Visit the ISACA website at www.isaca.org and click on the Knowledge Center tab, then select ITAF (Information Technology Assurance Framework) and click on the IT Audit Basics tab to find articles covering topics concerning the audit process. Locate an article on each of the following topics and answer the related question:
Chapter 7 Solutions
Auditing Information Technology-Based Processes
a. Identify and briefly describe the four categories of CAATs used to support IT auditing. The four categories include1: data analysis software, including GAS and DAS Network security evaluation software/utilities OS and DBMS security evaluation software/utilities Software and code testing tools b. List three possible procedures to be performed by auditors who are evaluating controls pertaining to the backup and recovery of a client’s data. The three procedures include2: Review or observe backup procedures Review documentation of a successful restore within the period Personally verify restoration when risk is high or when restoration is an audit objective. 61. (SO 8) Locate the stock tables for the two major stock exchanges in any issue of the Wall Street Journal. Beginning from any point within the table, prepare a list of the first digits of the daily volume for 100 stocks. Determine whether the listed numbers conform to Benford’s Law. Student responses will vary depending upon the timing of carrying out this requirement and the starting point used. However, students should determine whether the number 1 is represented as the first digit of the volume figures for approximately 33% of the items within the list. If so, then the data conform to Benford’s Law. 62. (SO 12) Perform an Internet search to determine the nature of Xerox Corporation’s management fraud scheme and to find out what happened to the company after the problems were discovered. Xerox’s fraud involved earnings management or manipulation of the financial statements in order to boost earnings. This occurred at Xerox to the tune of hundreds of millions of dollars and involved various accounting tricks to hide the company’s true financial performance so that it would meet or beat Wall Street expectations. The most significant trick was the premature recording of revenues. Upon discovery of the fraud, the SEC filed a $10 million civil suit against Xerox, the largest fine in SEC history. In addition, Xerox had to restate its earnings from 1997 through 2001.
Cases 63. Internal Controls and CAATs for a Wholesale client. a. What tests of controls would be effective in helping Draker determine whether Palitt’s vendor database was susceptible to fraud? The following tests of controls could be used: Verify that the database is physically secure and that programs and data files are password protected to prevent unauthorized access. 1 “Using CAATs to Support IS Audit” by S. Anantha Sayana for Information Systems Control Journal, Vol.
1, 2003. 2 “What Every IT Auditor Should Know About Backup and Recovery” by Tommie W. Singleton for ISACA Journal, Vol, 6, 2011.
Chapter 7 Solutions
Auditing Information Technology-Based Processes
Since this situation involves an internal breach of authority, access logs should be reviewed for activity at unusual times (non-business hours). Make sure that system programmers do not have access to database operations so that there is no opportunity to alter source code and the related operational data. Ascertain that database inputs are being compared with systemgenerated outputs. Determine whether run-to-run totals are being generated and reviewed to evaluate the possibility of lost or altered data. Ascertain that computer-generated reports are regularly reviewed by management. Determine whether the client’s field checks, validity checks, and reasonableness checks are all working effectively. b. What computer-assisted audit technique would be effective in helping Draker determine whether Palitt’s vendor database had actually been falsified? Draker could use GAS or DAS to perform audit testing on electronic data files taken from Lea’s database system. Several types of audit tests commonly performed by GAS or DAS systems could be used in this case, including data queries, stratification and comparison of data items, and selection of items of interest. In addition, the following tests can be performed to test the propriety of inputs to the system: Financial control totals can be used to determine whether total dollar amounts or item counts are consistent with journal entry amounts. This can detect whether additions have been made during processing. Validation checks can be performed to scan entries for bogus information. Depending on the type of IT system, a validity check of the vendor number field may prevent the entry of fictitious vendors. Field checks can be performed to identify unrecognized data. If the bogus transactions are being entered during processing, the auditor may use program tracing to evaluate program logic for possible points of entering fraudulent information. Run-to-run totals may also be used to determine whether data have been altered during processing. In addition, output controls such as reasonableness tests could be performed to review the output against authorized inputs, and/or audit trail tests could be performed to trace transactions through the system to determine if changes occurred along the way. 64. Issues with the client representation letter. a. Would it be appropriate for Pannor to reopen the audit testing phases in order to expand procedures, in light of the lack of representative evidence from management? Why or why not? No, Pannor should not expand testing procedures. The purpose of the client’s representations letter is for management to acknowledge its primary responsibility for the fair presentation of the financial statements and the accuracy of evidence provided to the auditors. It is considered the most significant piece of audit
Chapter 7 Solutions
Auditing Information Technology-Based Processes
evidence. Obtaining additional evidence would not compensate for a failure to secure a letter of representations; in fact, it is likely that additional testing would be meaningless unless management represents that the evidence it supplies is accurate. b. Will Pannor’s firm still be able to issue an unqualified audit report if it does not receive the representations letter? Research the standard wording to be included in an unqualified audit report, as well as the typical wording included in a client representations letter. Base your answer on your findings. No, an unqualified report is no longer possible due to the failure to obtain written representations from management. This constitutes a limitation in the scope of the audit. Pannor’s firm may either withdraw from the engagement or issue a disclaimer. The standard wording for a client representations letter can be found in AU section 333. The standard wording for an unqualified audit report can be found in AU section 508.
Chapter 8 Solutions
Revenue and Cash Collection Processes
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 8 Concept Check 1. a 2. c 3. a 4. c 5. d 6. a 7. c 8. d 9. c 10. a 11. d 12. b 13. a 14. d 15. c 16. d
Discussion Questions 17. (SO 2) Why is it important to establish and monitor credit limits for customers? Allow customers to order an excess over what they are able to pay poses a large risk for companies. It is important to review a customer’s credit worthiness and based on that credit worthiness, establish a credit limit. Once the limit is established, the company should have processes or methods to ensure the credit limit is not exceeded. Without a limit, or monitoring that limit, the company has the risk of not being paid for goods or services purchased by customers. 18. (SO 2) Distinguish between a pick list and a packing slip. Although the information on these two documents is essentially the same, they are used for two different purposes. Both documents contain the items and quantities for a particular customer order. However, the pick list is used in the warehouse to pull items from the warehouse shelves, while the packing slip is included in the box or boxes shipped to the customer. The packing slip tells the customer which items should be in the shipment. 19. (SO 2) How can an effective system of internal controls lead to increased sales revenue? When an effective systems of internal controls is in place, managers may be able to spend less time overseeing operations and can therefore, spend more Page 8-1
Chapter 8 Solutions
Revenue and Cash Collection Processes
time on revenue growth strategies and activities. For example, with a proper set of general authorization procedures for sales, a manager would not need to approve each sale individually. This gives the manager more time to focus on activities that could lead to increased revenue. 20. (SO 2) Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts? Custody of assets and responsibility for record keeping should always be segregated. In this case, the person shipping the goods has custody and could therefore, steal assets. Access to customer records would allow that person to also alter records to hide the theft. The alteration to the records could include deleting the sale or writing off the sale as a bad debt. 21. (SO 3) What is the purpose of a credit memorandum? The credit memorandum documents the fact hat a customer has returned goods. The credit memorandum is also used to reduce the customer’s receivable account balance based upon the return of goods. 22. (SO 3) How are sales invoices used (in a manual system) in the preparation of credit memos? The sales invoice is matched to the receiving report that results from returned goods. This match is necessary to verify the fact that the merchandise was in fact sold to the customer, and to verify the selling price that should be refunded. 23. (SO 2) How can a security guard in a warehouse be considered an important component of a company’s accounting system? Internal controls over asses should include physical controls to prevent theft or misuse. For example, cash should be locked in a safe to prevent the theft of cash. Likewise, a security guard can help prevent theft or misuse of assets. This internal control would not prevent all theft, but would help reduce any theft. 24. (SO 3) How could fraud be perpetrated through the sales returns process? In the absence of good internal controls, there are several types of fraud that could occur in sales returns. These include: 1) customers returning goods not originally purchased from the company, 2) customers requesting a refund higher than the original sales amount, 3) requesting refunds for goods that were never returned, but submitting false documentation of a return, and 4) theft of returned goods by an employee. 25. (SO 6,7,8) Identify and distinguish between the three types of IT systems used in the sales process. The three types of IT systems described are EDI, Internet EDI, and point of sale systems. EDI and Internet EDI are used in company to company sales of goods and services. In EDI systems, the buyer and seller computer systems are connected and order data is exchanged electronically. EDI typically uses a value added network (VAN), while Internet EDI uses the internet to exchange data. Internet EDI is usually much more cost effective than EDI because the exchange via the Internet can be cost free. A POS system is used in end consumer sales such as retail stores and restaurants. A POS system usually is a touch screen, or bar code system at the cash register that records the sale and updates the appropriate cash, sales, and inventory accounts. All three systems are IT enablement of the sales process and they each improve the efficiency and effectiveness of sales processes. 26. (SO 6) Distinguish between B2B sales and B2C sales. Other than those presented in this chapter, name a company from your personal experience that uses B2C
Page 8-2
Chapter 8 Solutions
Revenue and Cash Collection Processes
sales. B2B sales are IT enabled sales between two businesses. B2C sales are IT enabled sales between a business and an end consumer. A student could mention any online retailer, online bank, online broker, airline, or travel agent as examples of B2C. 27. (SO 6) List the advantages of e-commerce systems. The advantages are reduced costs, shorter sales cycles, increased accuracy and reliability of sales data, and an increase in the potential market. 28. (SO 6) Identify two of the biggest risks to companies who use e-commerce, along with controls to prevent these risks. Two of the business risks of e-commerce would be availability and security. If a company relies on online sales extensively, any failure in the hardware or software may make the online sales system unavailable and this causes lost sales. These lost sales can at times be very large losses. Unauthorized access or hackers represent a big risk to e-commerce. Placing sales online opens the company to unauthorized access and hacking, and therefore potential loss or destruction of data. 29. (SO 6,7) What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems? Reconciliations and verifications are important in the integration of front end and back end systems. As data moves from a front end system, such as an online sales system, to a back end system, such as warehouse systems, a reconciliation or verification can ensure the data was transmitted between systems accurately. 30. (SO 6) Why is a redundant server system needed in an e-commerce environment? Availability is extremely important in e-commerce systems. Any failure of the system represents lost sales because the system is not available for customer use. A large e-commerce company could lose thousands of dollars in sales from a two or three hour downtime. 31. (SO 6) Why should a company continuously monitor the capacity of its e-commerce system? 32. (SO 7) What are the three components of an EDI system? The three component parts are: 1) intercompany transfer, indicating the sale/purchase is between two companies; 2) computer to computer, indicating the computer system of the two companies are connected; and 3) a standard format for business documents to facilitate the intercompany transference of electronic documents. 33. (SO 7) What are the three standard parts of an EDI data transmission? Header and trailer data, labeling interchanges, and data segments. Header data is data about the file or transmission being sent. The header identifies the beginning and end of a particular transaction data set. Trailer data is also data about the file or transmission and identifies the end of a particular transaction data set. Labeling interchanges identify the type of transactions in the set, such as a set of sales invoices. Data segments include the actual data within the invoices, such as quantities and prices. 34. (SO 7) How could it be possible for two companies to conduct EDI if they are not directly connected with each other? Two companies could use a value added network (VAN) as a third party to serve as the provider of electronic inboxes for EDI exchanges. 35. (SO 7) List the advantages of an EDI system. The advantages are elimination of keying, keying errors, and the time needed for keying, the elimination of mailing time
Page 8-3
Chapter 8 Solutions
Revenue and Cash Collection Processes
and postage costs, reduction of inventory levels, and competitive advantage and/or preservation of existing business. 36. (SO 6,7,8) What is the purpose of maintaining transaction logs? Why are they especially important in IT systems? Transaction logs serve as the audit trail of transactions processed by the computer. Review of these logs can ensure that transactions are lost or unaccounted for. The logs also help ensure a company can avoid repudiation of sales. 37. (SO 8) List some advantages of a POS system. Advantages are: ease of use by employees, the elimination of manually entered data, real-time access to prices and inventory levels, real-time credit card authorization, real-time update of affected accounting records, immediate summaries and reports of sales and cash, and integration with the general ledger accounts. 38. (SO 8) Why are backup systems one of the most important controls for POS systems? A system failure in a POS system would interrupt or halt sales. Such lost sales can be a large dollar amount and there could be future lost sales if customers become irritated by the system failures. To avoid these failures and the resulting lost sales, a company should maintain some type of backup system. 39. (SO 9) Describe a popular fraud scheme where company employees misuse the sales revenues cutoff. This is called leaving sales open. It counts sales from the first few days of the next month in the current month, and thereby inflates sales.
Brief Exercises 40. (SO 2, SO 4) Describe what is likely to occur if company personnel erroneously recorded a sales transaction for the wrong customer? What if a cash receipt was applied to the wrong customer? Identify internal controls that would detect or prevent this from occurring. If the sale is attached to the wrong customer, the wrong customer would be billed and it may cause both the wrong customer and the correct customer to have a negative opinion about the company. In addition, if the company does not maintain adequate documentation, it may be difficult to determine which customer should be billed. Therefore, the company may not be able to collect the cash they should have collected. If a cash receipt is applied to the wrong customer, then two customer balances will be erroneous. The company would continue to bill the customer who paid, while not billing the correct amount to the wrong customer. Without adequate documentation, it would be difficult to correct this situation. The internal controls that would help prevent these errors are maintaining adequate documentation, including source documents such as sales orders and remittance lists; the matching of key documents before recording; reconciliations and verifications of invoices to receivables; and supervision. 41. (SO 4) Debate the logic used in the following statement: “The person responsible for handling cash receipts should also prepare the bank reconciliation because he is most familiar with the deposits that have been made to the bank account.” It is true that if a person could be absolutely trusted to do both duties, it may be more
Page 8-4
Chapter 8 Solutions
Revenue and Cash Collection Processes
efficient. However, having both duties provides opportunity and temptation for that person to steal cash and cover up the theft. In addition, a single person doing both duties might make an error affecting both the receipts and reconciliation. Segregating these duties may slightly decrease the efficiency of bank reconciliations, but the positive benefits of fraud prevention or detection and error detection outweigh any efficiencies. 42. (SO 7) Revenue systems are crucial in the healthcare industry, where hundreds of billions of dollars are spent annually reconciling revenues and billing data from the perspectives of providers (doctors and clinics, etc.) and payers (insurance companies). Briefly describe how EDI would be beneficial in this industry. Describe the purpose of the header data and trailer data. In an EDI system, the computer systems of the biller and payer are connected and they would greatly speed up the billing and paying process, as well as decrease the errors in the process. Without EDI, the would be keying errors, delays related to keying data and mailing bills and payments. The header and trailer data identify the transaction data set so that the two computer systems can ensure the correct transaction data is matched. The header and trailer also identify the beginning and end of a transaction data set. 43. (SO 2, SO 3, SO 4) Use the process maps in this chapter to answer the following questions: a. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? The sale should be disapproved (rejected). b. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order? The goods are shipped, an invoice is prepared and mailed; the following records are updated: sales, general ledger; and a month end statement is prepared and mailed to the customer. c. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000? The clerk should first check to make sure of the balance. Then, that customer’s balance would be decreased to $900. d. When is it necessary for an accounts receivable clerk to notify a customer? An accounts receivable clerk would not need to notify customers. 44. (SO 2) Describe how the matching of key information on supporting documents can help a company determine that its revenue transactions have not been duplicated. For any sale, return or cash transaction, only one set of matching documents should exist. Once the documents are matched and recorded for a particular transaction, they should be filed as a completed transaction. Thus, that same transaction would not be recorded again since the source documents are filed. 45. (SO 2,3) Describe how the use of pre-numbered forms for receiving reports and credit memos can help a company determine that sales return transactions have not been omitted from the accounting records. When pre-numbered forms are used, it is much easier to ensure that the entire series of transactions have been accounted
Page 8-5
Chapter 8 Solutions
Revenue and Cash Collection Processes
for. Conversely, a missing number in the sequence of pre-numbered documents is a clear indication that a transaction has been omitted. This may be easier to understand if you think about what it would mean if your own personal check book record was missing a check numbered 154. 46. (SO 8) Describe how a POS system could be useful to a company’s marketing managers. How could it be useful to production managers? A POS system can provide immediate feedback about product sales and inventory levels. Therefore, a marketing manager can get immediate feedback about which products sell well, which do not, and how price changes may affect sales of individual products. A purchasing agent could use the real-time inventory level feedback to more appropriately plan when to purchase certain products. They may not have to purchase as frequently or in as large batches if they are better able to monitor inventory levels on a real-time basis. They might also get better information about seasonal or weather related fluctuations in sales of certain products and this would help them better plan purchases. 47. (SO 8) Briefly describe an example from your personal experience where you purchased something from a company that uses a POS system. How might your experience have been different if the POS system did not exist in the experience you described? There are many possible experiences students could describe. Each student would probably describe. Most often students see or use POS systems at fast food restaurants and retail stores. Many students will have been employees who have used POS systems and may have very good examples. In regards to the differences if the POS system did not exist, the check out experience would be slower, thereby leading to longer lines, and more errors in the process. Errors such as incorrect prices and incorrect orders.
Problems 48. (SO 6) In 1956, Nicolai Rizzoli opened a pizza restaurant that he named Rizzoli’s in St. Louis, Missouri. Over the years, he opened both company and franchise locations and grew the business to include over 40 restaurants that serve the three states around the St. Louis area. In 1993, Rizzoli introduced a centralized phone ordering system with one phone number for customers to use. This meant that the customer did not need to look up the phone number of a local restaurant and call that restaurant to order. Rather, customers call one number and the employees taking the order can determine the closest Rizzoli’s location and process the order. This system also centralized the pricing, ordering, and inventory systems for Rizzoli’s. In 2004, Rizzoli’s began offering online pizza orders through its Web site. Rizzoli’s advertises this Web ordering as more convenient for the customer. For example, its ads suggest that a customer can examine the entire menu on the Web site prior to ordering; something that is not possible with phone orders. While there are many customer advantages of Web ordering, there are also many advantages to the company. From an accounting and internal control perspective,
Page 8-6
Chapter 8 Solutions
Revenue and Cash Collection Processes
describe the advantages of Rizzoli’s system, and any risks that it reduces. Advantages: The Web ordering system provides the advantages of: cost savings through lower marketing, employee, and paperwork costs; shorter sales cycles due to reduced time to place an order, increased accuracy and reliability of the order data; and increased potential market for the company’s products. Accordingly, Rizzoli’s Web ordering system reduces the risks of misplacing an order, filling an order incorrectly, losing a sale due to a long wait time, and recording erroneous data due to errors in manual paperwork processing. Although some of these advantages and risk reductions are also realized through the company’s centralized phone ordering system, that phone system still involves manual processes to input customer orders, so there remain some costs and risks associated with employees, accuracy, and wait times. 49. (SO 8) You are the recent heir of $40,000 cash, with which you are considering opening a sushi bar in the university community. You would accept cash and credit card payments, which would be handled primarily by your servers. You also plan to offer introductory specials to attract customers during the initial months of business. Identify some advantages and disadvantages of investing in a POS system as part of this new business venture. What internal controls should be implemented to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons? The advantages of investing in a POS system as part of a new business venture include the following: Ease of use and ease of training servers. This is expected to lead to fewer errors and more accurate sales and inventory data. Time savings related to the elimination of manual input processes. This includes increased efficiency and reduced fraud related to processing of credit card payments from customers. Increased accuracy due to the real-time access to inventory and price data. For instance, if the sushi bar’s daily special is sold out, that information can be immediately changed online so that servers can quickly inform customers of the change. Enhanced accounting features such as real-time update of cash, sales, and inventory records, immediate summaries and analyses, and the potential for integration with a general ledger system will save manual steps and provide timely information for management purposes. Despite these many advantages, a new business venture would need to be especially careful of the extensive hardware and software costs that are necessary to support a POS system. In addition, availability risks may be significant, as any hardware and software failures could make the system unavailable and interrupt efficient business processes. Therefore, it is important that a new business venture consider these risks, analyze the costs and benefits of the system, and implement backup systems should be in place to reduce the availability risk. In order to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons, the sushi bar should be sure that its POS system includes all relevant payment information, including options to enter the use of coupons and
Page 8-7
Chapter 8 Solutions
Revenue and Cash Collection Processes
method of payment. In addition, summaries can be provided immediately, so servers should be required to reconcile their transactions at the end of their shifts. 50. (SO 2,4,6) Chris Hargrove is the owner of AP’s Instant Replay, a consignment shop for used sporting goods. Chris accepts consigned goods and offers them for sale to the general public. Chris rents business space, including a retail store where the consigned goods are displayed and sold, with adjoining office space where an Internet site is maintained and other administrative functions are performed. The Internet site includes photos and descriptions of items available for sale worldwide. If the goods sell, Chris’s consignment fee is 40% of the sale price, and 60% is remitted to the consignor. Shipping costs on electronic orders are paid by the customers. Identify internal control considerations for the following: a. the e-commerce portion of the business. Internal control considerations associated with e-commerce should address the risks of security and confidentiality, processing integrity, and availability. Regarding security and confidentiality, Chris should ensure that customers accessing the website and conducting sales transactions are valid customers with valid payment authorization and that transactions are logged so that an audit trail is established to avoid repudiation. Regarding processing integrity, Chris should be concerned with data input checks that verify the completeness, accuracy, and validity of the data entered on the website. In addition, he should implement back-end controls, such as reconciliations and verifications, to ensure the accuracy of information taken from this system to the company’s accounting systems. Finally, Chris should implement controls to minimize service disruptions that could reduce sales. Accordingly, he should implement controls for redundant systems, disaster recovery, testing of software changes, and capacity planning and testing. b. the retail portion of the business, assuming that the accounting systems are mostly manual and handled by Chris and his wife. The five internal control activities should be considered with respect to the retail business and manual accounting systems involving sales and cash collections. Even though segregation of duties will be difficult considering that only Chris and his wife are operating the business, they can perform business processes in a manner to promote good control. For instance, they can check each other’s work in instances where they are performing incompatible duties involving combinations of custody and record keeping. They can ensure that prices are properly authorized by consignors and credit card payments are authorized at the time of the sale. Thorough documentation (such as detailed sales receipts) should be maintained and accounted for purposes of performing reconciliations and supporting the general ledger. Also, physical controls should be in place at the retail store in order to protect the company’s assets and records. 51. (SO 2,3,4) Identify an internal control procedure that would reduce each of the risks that follow in a manual system. Also describe how (or if) an IT system could reduce these risks: Student responses may vary, as more that one control may
Page 8-8
Chapter 8 Solutions
Revenue and Cash Collection Processes
apply to risk reduction in these circumstances. However, following are some likely answers: a. Revenues may be recorded before the related shipment occurs. Shipping documentation should be matched with sales order data and presented to the billing department as the basis for recording the sale and preparing the bill. The IT system can perform an automatic match whereby shipping data are required as a basis for recording the revenue. b. Employees responsible for shipping and accounts receivable may collude to steal goods and cover up the theft by recording fictitious sales. To prevent this type of problem, sales orders should be reviewed for proper customer and authorized by an independent member of management prior to shipment. The IT system can include validity checks or other controls that require a valid customer in order for the transaction to be recorded. In addition, reconciliation procedures can compare manual documentation with system records to determine that valid transactions are recorded. If the collusion involves recording the fictitious sale in the account of a valid, existing customer, the process of sending sales invoices and customer statements, and the subsequent reconciliation procedures, would be important for uncovering this type of fraud. c. Credit memos may be issued at full price, when the goods were originally sold at a discount. Original sales documentation, including key information such as original sales price, must be required as a basis for preparing credit memos. An IT system could automatically match credit memo authorizations with the original sales data so that the credit would be issued at amounts that are consistent with the original sale pricing. d. Sales invoices may contain mathematical errors. Independent checks of sales invoices should occur before the customer is billed. This includes verification of mathematical accuracy. If an automated system is in place, the IT system can perform mathematical computations at a great time savings. e. Amounts collected on accounts receivable may be applied to the wrong customer. Customer account statements should be sent on a regular basis so that customer records can be reconciled to the company’s records. This is likely to detect a misapplication of a customer collection. An IT system could enhance the process by requiring cash receipts to be entered along with a customer account number as well as an invoice number to ensure that the receipt is applied properly. f. Duplicate credit memos may be issued for a single sales return. A comparison of the receiving log with the credit memo listing would indicate if duplicate credit memos have been issued for a single sales return. An IT system could also prevent this risk by requiring that credit memos be generated only upon entering key information from the original sale and blocking the issuance of another credit memo for an item for which credit had already been issued. g. Sales invoices may not be prepared for all shipments. Shipping records should be compared with the sales invoices records. This may be done through the verification of the sequence of shipping documents to ensure that
Page 8-9
Chapter 8 Solutions
Revenue and Cash Collection Processes
an invoice was prepared for each item shipped. An IT system may enhance this process by matching shipping document numbers with invoices, and preparing a warning report for any instances of unmatched shipping documents. h. Shipments may contain the wrong goods. Companies should require the matching of key information on related documents prior to shipment. This includes inventory quantities and descriptions on approved sales orders and packing lists. An IT system may make this process more efficient by performing the match automatically; it can verify whether product numbers and quantities on the sales orders match those on the shipping documentation. i. All sales transactions may not be included in the general ledger. A regular reconciliation should be performed to compare the sales journal with the amounts recorded in the general ledger. An IT system may perform a periodic automatic post of the sales journal to the general ledger, thereby eliminating the potential for missing sales transactions. 52. (SO 3,4,5) The following list presents various internal control strengths (S) or risks (R) that may be found in a company’s revenues and cash collection processes. S
Credit is authorized by the credit manager.
_N/A_ Checks paid in excess of $5,000 require the signatures of two authorized members of management. (Although this is viewed as an internal control strength, it is not applicable to the revenues processes.) R
A cash receipts journal is prepared by the Treasurer’s department. (This type of accounting record should be prepared by those with recordkeeping responsibilities rather than those in a position to perform reconciliations of the cash records.)
S
Collections received by check are received by the company receptionist, who has no additional recordkeeping responsibilities.
R
Collections received by check are immediately forwarded unopened to the accounting department. (This would place the accounting department in an incompatible role combining recordkeeping and custody of cash.)
S
A bank reconciliation is prepared on a monthly basis by the Treasurer’s department.
S
Security cameras are placed in the shipping dock.
S
Receiving reports are prepared on pre-printed, numbered forms.
Page 8-10
Chapter 8 Solutions
Revenue and Cash Collection Processes
R
The billing department verifies the amount of customer sales invoices by referring to the authorized price list. (This price authorization role should be performed before billing. An approved sales order, including verified prices, should be in place at the time the documents reach the billing department.)
S
Entries in the shipping log are reconciled with the sales journal on a monthly basis.
_N/A_ Payments to vendors are made promptly upon receipt of goods or services. (Vendor payments relate to the expenditures processes rather than the revenues processes.) R Cash collections are deposited in the bank account on a weekly basis. (If cash receipts occur daily, they should be deposited promptly – preferably on a daily basis.) S
Customer returns must be approved by a designated manager before a credit memo is prepared.
S
Account statements are sent to customers on a monthly basis.
R
Purchase returns are presented to the sales department for preparation of a receiving report. (Receiving reports should be prepared promptly upon receipt of returned items. This should be done in the receiving area, where the personnel have a custody function, rather than in the sales department, where the personnel initiate sales transactions.)
53. See the completed spreadsheet “Problem 8-53.xls” on the instructor website. That spreadsheet has two tabs. The first tab is a simple spreadsheet in which numbers for invoice and amount are typed into the appropriate column. This spreadsheet is probably similar to what most students would complete. If students have a higher level of spreadsheet skills, or if they are given some instructions and guidelines, they could produce a more complex spreadsheet with formulas to determine the appropriate column. The spreadsheet in the “Complex Spreadsheet” tab uses IF formulas and the AND function to place amounts in the correct aged column 54. See the completed spreadsheet “Problem 8-54.xls” on the instructor website. There is no single correct answer to this problem. However, as a student attempts to design a spreadsheet, it will cause the student to ponder several important issues. For example, the student must consider how to handle data that appears once, such as sales order number, but would have to be repeated for each line item on the sales order. Also, some data would be in separate tables or files. Information such as bill to address, ship to address, item descriptions, and item prices are likely to be established and maintained in other tables or files
Page 8-11
Chapter 8 Solutions
Revenue and Cash Collection Processes
55. (SO 2,4) Following are ten internal control failures related to the revenues and cash collection processes. d
A customer ordered 12 boxes of your product (total of 144 items) for express shipment. Your data entry clerk inadvertently entered 12 individual items.
q
You enter sales and accounts receivable data in batches at the end of each week. Several problems have resulted recently as a result of recording invoices to the wrong customer account.
f
In an effort to boost sales, you obtain some of the stock of unissued shipping reports and create a dozen fictitious shipments. You submit these documents to the billing department for invoicing.
g
Checks are received by the mailroom and then forwarded to the accounts receivable department for recording. The accounts receivable clerk holds the checks until the proper customer account has been identified and reconciled.
p
Several shipping reports have been misplaced en route to the billing department from the shipping department.
h
Several sales transactions were not invoiced within the same month as the related shipment.
c
A sales clerk entered a non-existent date in the computer system. The system rejected the data and the sales were not recorded.
a
Upon entering sales orders in your new computer system, a sales clerk mistakenly omitted customer numbers from the entries.
o
A computer programmer altered the electronic credit authorization function for a customer company owned by the programmer’s cousin.
n
Customer orders were lost in the mail en route from the sales office to the accounting department (located at the company’s headquarters).
Required: Select one internal control from the following list that would be most effective in the prevention of the failure. Indicate the letter of the control next to each failure above. Letters should not be used more than once and some letters may not be used at all. a. Pre-formatted data entry screens b. Pre-numbered documents c. Programmed edit checks d. 100% check for matching of customer orders and sales orders e. 100% check for matching of sales orders, pick list, and packing slips
Page 8-12
Chapter 8 Solutions
Revenue and Cash Collection Processes
f. 100% check for matching of sales orders and invoices g. 100% check for matching of deposit slip and customer check. h. Prompt data entry immediately upon receipt of customer order i. Customer verification j. Independent authorization for shipments k. Independent authorization for billing l. Reasonableness check m. Hash totals n. Data back-up procedures o. Program change controls p. Sequence verification q. Periodic confirmation of customer account balances
56. (SO 2,3,4) Brathert Company is a small company with four people working in the revenue processes. One of the four employees supervises the other three. Some tasks that must be accomplished within the revenue processes are the following: a. Accounts receivable record keeping b. Approving credit of customers c. Authorizing customer returns d. Authorizing new customers e. Billing customers f. Cash receipts journal posting g. Entering orders received h. Inventory record keeping i. Maintaining custody of cash j. Maintaining custody of inventory k. Reconciling records to the bank statement Required: For each of the four employees (supervisor, employee 1, employee 2, and employee 3), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the four people, the duties you assigned to each employee, and a description of why those assignments achieve proper separation of duties. Supervisor: Employee 1: Employee 2: Employee 3:
b., c., and d. (all Authorization functions) a., f., and h. (receivables, collections, and inventory Recordkeeping) e., g., and k. (sales and billing Recordkeeping and cash reconciliation) i. and j. (all Custody functions)
Page 8-13
Chapter 8 Solutions
Revenue and Cash Collection Processes
57. (SO 6) Refer to the Ethical Dilemma: Mail Order Case presented in Chapter 3. What term introduced in this chapter applies to the type of mail order deceit described in that case? What could the mail order company do to avoid a loss resulting from an event, assuming that it uses an e-commerce system? This type of mail order deceit is known as repudiation. The mail order company should have controls in place to make sure that each sale is to a valid customer with valid payment authorization and that an audit trail is maintained to avoid repudiation. Customer authentication through user ID and password should be used, as well as transaction logs and data trails. In this case, it may be most effective if the company uses digital signatures or digital certificates to authenticate and validate a customer. The signature verification would also be important upon delivery.
58. (SO 9) Visit the financial education website created by Equade Internet Ltd. at www.investopedia.com. Note the definition for channel stuffing. According to this site, what is the primary motivation for channel stuffing? Channel stuffing is a deceptive business practice used by a company to inflate its sales and earnings figures by deliberately sending retailers along its distribution channel more products that they are able to sell to the public. By channel studding, distributors temporarily inflate their accounts receivables. However, unable to sell the excess products, retailers will send the excess items instead of cash back to the distributor, who must adjust its accounts receivable and ultimately its net income. In other words, channel stuffing always catches up with the company, because it cannot maintain sales at the rate it is stuffing. The primary motivation for this fraudulent business practice is to raise the value of the company’s stock. 59. (SO 6) Using a search engine, search for an article written by Vangie Beal titled “Top 2012 eCommerce Trend”. Briefly describe the main point of this article. The main point is that companies must shift their focus away from customers who shop online using a computer or laptop computer. Many shoppers now use a mobile device such as smart phone or tablet. One of her sentences says the following: On mobile devices your customers do everything from accessing promotional coupons and scanning QR codes to researching products, comparing prices and making a purchase.” Therefore, as an example, websites have to be designed to be optimized for the smaller screens of smartphones. 60. (SO 9) This chapter mentioned alleged fraudulent revenue reporting at Coca Cola and McAfee. Using a search engine, search the phrase “SEC channel stuffing”. Give one more example of a company that was investigated, or is being investigated by the SEC. What are the facts and status of the case? The student’s answer will depend on when the search is conducted. As of the date this solutions manual was prepared, the following excerpt described an action against Bristol Myers. “The Securities and Exchange Commission announced that on March 27, 2012, the United States District Court in New Jersey entered final judgments against Frederick S. Schiff, former CFO of Bristol-Myers Squibb Co. (Bristol Myers) and Richard J. Lane, former President of the Worldwide Medicines Group for
Page 8-14
Chapter 8 Solutions
Revenue and Cash Collection Processes
Bristol Myers. Schiff and Lane consented to the entry of the final judgments without admitting or denying the allegations of the Commission’s complaint. The Commission’s complaint alleged that for the period January 1, 2000 through December 31, 2001, Schiff and Lane deceived the investing public about the true performance, profitability and growth trends of Bristol Myers and at their direction, Bristol Myers engaged in a “channel-stuffing” scheme. The complaint alleged that Bristol Myers used financial incentives to induce wholesalers to buy its pharmaceutical products in excess of prescription demand in order to artificially inflate its results, which in turn was necessary in order to meet Bristol Myers’ internal earnings targets and the consensus earnings estimates of Wall Street securities analysts. The complaint alleged that by doing so, Bristol Myers improperly recognized revenue from pharmaceutical sales associated with the channel-stuffing. Schiff consented to a final judgment permanently enjoining him from violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933, requiring him to pay disgorgement plus prejudgment interest totaling $130,992, and barring him from serving as an officer or director of a public company for one year. Lane consented to a final judgment permanently enjoining him from violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933, requiring him to pay disgorgement plus prejudgment interest totaling $36,750, and barring him from serving as an officer or director of a public company for one year. [SEC v. Frederick S. Schiff and Richard J. Lane, (U.S.D.C. NJ, Case Number 05cv4132] (LR-22313).”
Cases 61. Sales processes at Sound Redux Company. a. The sales process in the store are very similar to any retail store. When a customer buys a CD or LP record, the product is scanned by a bar code reader, the customer pays the amount b cash, check, or credit card, and then takes the products out of the store. In online sales, Redux would have to implement an IT system and a web server to process online sales. It would be necessary for a customer to browse or search the inventory online; requiring a real-time inventory system integrated with the sales processes. The IT systems for the online system would be more complex. The online sales would be processed through the Web site and mailed to the customer. Payment could only be made by credit card at the time of sale. b. Usually very little, if any, data is collected fro customers during in-store sales. If the customer pays by cash, he can be completely anonymous. Even in the case of a credit card payment, customer data is only used to charge the credit card and that data is usually not kept by the company. c. In an online sale, much more customer data must e collected, used, and stored. Customer name, address, phone number, and credit card data must be collected and stored.
Page 8-15
Chapter 8 Solutions
Revenue and Cash Collection Processes
d. In addition to the data mentioned in part c, Redux may store and analzye the CD titles purchased by individual customers. If Redux had software capable of doing so, this data could be used to recommend other titles to customers. This system would work like the Amazon.com web site. When purchasing a book at Amazon, the customer receives suggested titles of similar books. 62. Sales and collection processes at Kornsen Manufacturing. a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xls”. b. Weakness: The invoice is prepared without comparison to the packing slip. This means the company could bill the customer for items or quantities different from items and quantities shipped. This is especially true if items are out of stock. Improvement: A copy of the packing slip should be forwarded to accountant 1 and the invoice should be based on items and quantities shipped. Furthermore, accountant 2 should file the packing slip copy with the matched invoice and approved sales order. Weakness: Customer credit is not approved until after the order is shipped. Improvement: Credit approval should occur before the documentation is forwarded to the warehouse clerk for filling the order and shipment. Weakness: Inventory records are not updated as orders are filled. Improvement: A copy of the packing slip or stamped sales order should be used by accountant 1 or accountant 2 to update inventory records promptly upon shipment. Weakness: There is no prelisting of checks received with the amounts. Such as list helps prevent theft or accidentally misplacing a check. Improvement: A prelisting of checks received should be prepared to be compared to the bank deposit amount. Weakness: There is no mention of a bank reconciliation for checks received. Improvement: The bank account should be reconciled to cash records on a monthly basis. This reconciliation should be performed by someone who has not responsibility for custody, authorization, or recordkeeping for cash. Weakness: There is no comparison of the check received to the original sales invoice. Under this system, it would be possible to assume an invoice is fully paid when it was not. Improvement: The checks received should be compared to the sales invoice. Weakness: The collections clerk has custody of the checks and also records the transactions in the accounts receivable subsidiary ledger. Improvement: Accountant 1 or 2 should record in the subsidiary ledger upon receiving a list of checks received. This would improve controls regarding segregation of duties, as the collections clerk should have custody responsibilities but not the related
Page 8-16
Chapter 8 Solutions
Revenue and Cash Collection Processes
record keeping responsibilities. Weakness: There is no mention of monthly statements mailed to customers. Such a statement summarizes possibly several invoices for each customer and can show the ages (overdue status) of the amounts. Improvement: A monthly statement should be mailed to each customer. Weakness: There is no mention of performing a reconciliation of subsidiary ledgers and the general ledger. Improvement: A periodic reconciliation of the subsidiary and general ledgers should occur to help prevent or detect errors, omissions, and fraud. c. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xls”. 63. Process maps and internal control considerations for Cluxton’s sales, billing, and collection processes a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xls”. b. Brigston’s sales department personnel are preparing a sales order without an approval for the transaction and without checking the credit status of the customer. Before the sales department prepares a sales order, it should determine the relevant pricing for the items ordered and check the customer’s credit. The sales journal should not be updated at the time a sales order is prepared; rather, the sales journal should be updated upon shipment of the items to the customer. Brigston’s warehouse personnel currently have incompatible duties related to both custody of inventory items and inventory recordkeeping. An inventory control function should be implemented for the purpose of inventory recordkeeping. Also, there is no indication that shipping documents are being prepared by Brigston. A separate shipping function should be established for purposes of preparing a bill of lading to present to the carrier, rather than a copy of the sales order. In addition, a shipping log should be used. Brigston’s billing department is not preparing a billing record or maintaining records of amounts billed. It should be preparing an invoice to be sent to the customer, rather than sending a priced version of the sales order. A copy of the invoice should be retained in the billing department. The accounts receivable department is not updating the receivables records promptly upon the occurrence of a sales transaction; instead, it is delaying this recordkeeping task until the related cash is collected. The accounts receivable subsidiary ledger should be updated promptly upon the shipment of a sales order and the invoicing of that order. Cash collections should not be handled by the accounts receivable department, as this custody function is incompatible with the recordkeeping of customer accounts. A separate company employee should handle
Page 8-17
Chapter 8 Solutions
Revenue and Cash Collection Processes
collections received in the mail, and a cash receipts department should be responsible for preparing the cash receipts journal and bank deposit. Brigston’s general ledger is being updated prematurely. Rather than updating the general ledger upon receipt of a sales order from the sales department, it should be updated at the time the shipment occurs and the related billing and accounts receivable records are prepared. c. Students’ revised process maps for Brigston’s sales and cash collection processes should be similar to those presented in Exhibits 8-2 and 8-12, respectively. 64. Internal control risks at Art’s Artist World The following memo presents internal control weaknesses or potential risks, as well as recommendations for strengthening controls: To : Art Dusing, Owner Art’s Artist World Fr: AIS Student Re: Internal Control Recommendations During the course of my accounting work, the following circumstances were noted which represent internal control weaknesses and potential business risks in the company’s revenue processes. I am proposing potential enhancements to the company’s system of internal controls in order to reduce these risks. I would be pleased to discuss these items with you further.
Sales documentation is not being prepared for all sales transactions, but only for sales on account. This allows for the possibility of fraud or error in the retail store, as there is no basis for reconciling sales with cash register and credit receipts for each shift worked by a sales clerk. In addition, inventory records cannot be updated on a regular basis. If sales clerks prepare a sales receipt for each sale, then a record exists for the purposes of performing daily reconciliations of the summaries of cash collections and updating the cash, accounts receivable, and inventory records. A duplicate copy of the receipt could be given to each customer as a record of the transaction. Walk-in sales on account are approved by a manager upon recognizing a credit customer. This presents a potential problem for a growing company to be able to recognize all of its customers, as well as in the event that the walkin customer may no longer be affiliated with the customer company. The supervisor in the accounts receivable department should verify charge slip information in order to approve the sale before it is transacted, rather than afterwards.
Page 8-18
Chapter 8 Solutions
Revenue and Cash Collection Processes
The accounts receivable supervisor is not effectively utilizing the list of past due accounts. This report should be actively investigated and follow-up should be performed to maximize the likelihood of cash collection. Past due customers should be contacted promptly in order to discuss the reasons for the delay in collections and maximize the likelihood of future collection. Art’s should implement credit and collections functions to investigate and pursue payment on unpaid customer accounts rather than merely writing them off. A cashier should not perform the bank reconciliation because this presents a problem with segregation of duties. The person with custody of cash (who receives payments and prepares the cash receipts listings and bank deposits) should not also have responsibility for reconciling the bank account. This control activity should be performed by someone independent of the cash authorization and recordkeeping functions. The staff accountant does not currently have sufficient information to allow him or her to verify the general ledger postings. For instance, before the general ledger is updated, staff accountants should be able to determine that the cash register totals reconcile to the cash deposit and credit summary information and that the cash receipts listings agrees with the bank deposits.
65. Gorko, LLC.’s internal control checklist. These checklist questions are expected to achieve the internal control purposes as presented in the following list:
Is the sales department separate from the credit office and the IT department? Separation of duties in important in the revenues and receivables processes, so the separation of the sales office, where initial sales records are prepared, should be separated from the authorization duties performed by the credit office and the systems programming and implementation duties performed by the IT department. Are all collections from customers received in the form of checks? Checks provide a record of collections, which can enhance the recordkeeping accuracy of the related cash, receivables, and sales accounts. On the other hand, cash collections are easier for a dishonest employee to steal. Is it appropriate to program the system for general authorization of certain sales, within given limits? Authorizations are important for ensuring that only valid, approved transactions take place. However, as a cost/benefit consideration, limits may be set regarding the minimum amount for which specific authorization is required. Are product quantities monitored regularly? Independent checks of the physical versus recorded inventory quantities is an important control feature that can detect errors or fraud in the inventory records. This can also be an effective tool for preventing the risk of a stock shortage which could impact customer satisfaction. Will all data entry clerks and accounting personnel have their own PCs with log-in IDs and password protection? If employees have their own PCs, then there
Page 8-19
Chapter 8 Solutions
Revenue and Cash Collection Processes
should be no reason for computer sharing. Therefore, instances of unauthorized access should be minimized and each employee’s login information can be monitored so that each person is held accountable for changes made. Will different system access levels for different users be incorporated? Access controls are important for limiting access to areas of the employees’ responsibility as well as monitoring and identifying work performed by each member of personnel. This will limit sensitive information from being viewed or altered by unauthorized members of personnel. Will customer orders be received via the Internet? This will provide for prompt recording of customer orders and reduced errors that could otherwise result if customer orders had to be manually input by company personnel. Has the company identified an off-site alternative computer processing location? If computer processing is necessary for the effective and efficient operation of the business, then the company should have plans in place to minimize the risk of loss due to interruptions in computer service. Does the project budget include line items for an upgraded, uninterrupted power source and firewall? These controls protect against loss of information, loss of a computer processing source, or unauthorized access to the system, which can reduce the risk of data destruction or alteration. Will the system be thoroughly tested prior to implementation? System testing reduces the risk of errors in programming that can cause unreliable financial reporting. Will appropriate file backup procedures be established? Back-up procedures protect a company against a risk of loss due to destruction of data files. They also provide a means for continued processing even if company hardware and software are unavailable or destroyed. Will business continuity plans be prepared? Continuity plans ensure that the company will be able to operate even if there is a disruption in computer processing, destruction of the company’s operating facility, records and/or data, or other unforeseen circumstances. Will an off-site data storage exist? Off-site data storage allows for back-up versions of company information to be maintained in case they are needed or purposes of emergency business continuity. Will intrusion detection systems be incorporated? The company should have this electronic control to monitor for the possibility of unauthorized access to the system. This will protect the data and records within the system.
66. Internal controls at Springtown Pediatrics Evaluate the information in each of the following situations as being either an internal control (1) strength, (2) weakness, or (3) not a strength or weakness. 1. Springtown Pediatrics’ office manager approves the extension of credit to patients and also authorizes write-offs of uncollectible accounts. (2)
Page 8-20
Chapter 8 Solutions
Revenue and Cash Collection Processes
2. Springtown Pediatrics’ office manager may extend credit based on special circumstances rather than using a formal credit search and established credit limits. (2) 3. Springtown Pediatrics extends credit rather than requiring cash or insurance in all cases. (3) 4. The computer software package cannot be modified by the employees of the practice. (1) 5. None of the employees who generate revenues or record revenues are able to write checks. (1) 6. Computer passwords are known only by the individual employees and the managing partner, who has no recordkeeping responsibilities. (1) 7. Individual pediatricians document the services they perform on pre-numbered reports that are used for both recording revenues and patient receipts. (1) 8. Insurance coverage is verified by the office manager before medical services are rendered. (1) 9. The bank reconciliation is prepared by an independent CPA firm. (1) 10. The sequence of pre-numbered service reports are accounted for on a monthly basis by an independent CPA firm. (1) 11. The second accounting clerk receives cash and checks and prepares the daily deposit. (1) 12. The second accounting clerk maintains the accounts receivable records and can add or delete receivables information on the PC. (1) 13. The second clerk receives the cash and checks and also records cash receipts. (2) 14. Springtown Pediatrics is involved only in medical services and does not have diversified business operations. (3) (Excerpt from Adapted CPA Simulation Problem) 67. Internal control weaknesses in cash receipts and sales processes at Gramiko, Inc. a. Refer to the separate Microsoft Excel file for Chapter 8 Solutions Process Maps. b. Internal control weaknesses: The mail clerk should not forward the checks and remittance advices to departments having recordkeeping responsibilities. The mail clerk is not preparing a record of cash received in the mail. Cash collections are not being deposited promptly. Furthermore, the bank deposits are being prepared by accounts receivable department personnel, who also have recordkeeping responsibilities. The sales department, accounting department, and accounts receivable personnel should not have custody of the checks because they have recordkeeping responsibilities. There is no procedure for reconciling the daily cash receipts and bank deposits. Bank reconciliations are being prepared by accounting department personnel, where employees also are responsible for reviewing the past due status of
Page 8-21
Chapter 8 Solutions
Revenue and Cash Collection Processes
customer accounts. These employees have custody of cash for a limited period of time, which places them in a custody role. The bank statement should not be prepared by someone who has custody of cash. Cash sales should not be received by sales clerks (because it violates the segregation of duties principles), but should be directly received by the cashier. The cashier, who has a cash custody role, should not also be responsible for the incompatible authorization task of approving customer credit. The inventory control catalog should not be updated by the sales department because it violates the segregation of duties principles.
Page 8-22
Robatelli’s Continuing Case Solution – Chapter 9 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes.
a. Describe how you believe an efficient and effective purchasing system should be organized at Robatelli’s. Include details such as: There is no single correct response to these questions, but they should generate much discussion among groups within or outside the class. In a smaller company such as Robatelli’s, it would be most reasonable to conduct purchases at the corporate headquarters, or in the commissary. It would not be very likely to have purchasing agents in various locations. All would work at corporate headquarters, or the commissary, whichever has appropriate office space to accommodate them. There may be more efficiency if they were located very close to the accounts payable process location. It is obvious that there would be no need for any purchasing agents to work at any of the restaurant locations. The purchasing system should be organize very much like that described in the chapter. This would include requisitions from the commissary as various ingredients reach the reorder point. Either a software system, or assigned personnel in inventory control should monitor inventory levels and determine when to place orders for various ingredients or supplies. The requisition would be forwarded to purchasing agents. The purchasing agents would solicit bids from two or three vendors, select the best vendor, and prepare a purchase order. The purchase order would be mailed to the vendor, and copies would be forwarded to receiving, accounts payable, and the requisitioner. As goods are received at the receiving dock of the commisary, they should be counted, inspected, and then a receiving report prepared. The receiving report should be forward to accounts payable and inventory control. Goods are stored at the commissary until needed to produce subassemblies (dough, sauce, salads), or needed at the restaurants. Inventory control would update inventory records. Accounts payable would approve payment if the purchase order, invoice, and receiving report match. The subassemblies and ingredients will be delivered to each restaurant as needed. a. How many purchasing agents should be employed? My suggestion would be five purchasing agents. b. Where will these purchasing agents be located? The most effective location is probably corporate headquarters. c. How will the necessary information for purchasing flow between restaurants and these purchasing agents? The sales at each restaurant should be
monitored by the software system. Based on menu items sold, the software can determine food ingredients used. The restaurant manager should also provide information to the commissary about any food items that are lower than the records would indicate. Inventory of items in the restaurant will not always match the records due to mistakes, theft, and shrinkage. The purchasing agents will receive information about what should be purchased via requisitions. d. How will IT systems be used in purchasing? The IT system should have the capability to monitor inventory levels, inventory usage as sales occur, and be able to predict future needs based on sales history. Ideally, the software would have integrated sales, inventory, receiving, and payables modules so that the appropriate information sharing is automatic. e. How and when will purchased items be delivered to the restaurants? (Remember that all 49 locations are within the Pittsburgh area and none would be more than a one-hour drive from the Corporate Headquarters). Each day, a fleet of about ten trucks should load ingredients and supplies needed at a set of restaurants, and the truck driver will deliver to approximately three restaurants during the day. The driver would then have a second set of restaurants to deliver to on the second day. In this system, ea h restaurant receives a truck load at least every other day. (this is a suggested method only. Answers can vary much, but should be reasonable). b. Draw a process map of your proposed purchasing system. See the last page of this document. c. Describe any IT controls that would be necessary or desirable in your purchasing system. The system must have user authentication controls (user ID, password, authority tables) to ensure that only authorized users have access, and that only appropriate personnel are authorizing or initiating orders. A computer log should also be maintained so as to monitor and identify any instances of unauthorized use. The system should also have data validation controls to help minimize input and processing errors. The software system should also be regularly tested to ensure it correctly initiates orders when necessary. That is, it should not trigger purchases at the wrong time, or in the wrong amount. There should be backup files and backup systems to avoid system availability issues. Many other IT controls could be mentioned, but these are the controls mentioned in the chapter. Other controls that might be mentioned by students would include the IT controls from chapter 4.
Spatelli's Purchasing Process Map
Receive puchase
Reject request
Receive and inspect goods
Receive invoice from vendor
Authorize purchase requisition
Accept delivery?
Reject goods
Match?
Reconcile with vendor
Select vendor
Update accounts payable records
Prepare receiving records Prepare Purchase Order and send to vendor Store goods or initiate production
Prepare Purchases Journal
Update inventory records
Update general ledger
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 9 Concept Check 1. d 2. d 3. c. 4. b 5. b. 6. d 7. d 8. c 9. a 10. b 11. a 12. b 13. b 14. a 15. b 16. c 17. b 18. b
Discussion Questions 19. (SO 2) Name the first document that should be prepared when a production employee recognizes that the quantity of goods on hand is insufficient to meet customer demand. Purchase requisition. 20. (SO 2) How does the maintenance of a receiving log enhance internal controls? A receiving log is a sequential listing of all goods received. It serves as an audit trail and allows the physical goods received to be matched against other documentation to ensure that all goods are received 21. (SO 2) Why should a receiving clerk be denied access to information on a purchase order? This practice is called a “blind PO” and the advantage is that it forces a physical count of goods received. A clerk
9-1
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
cannot complete the “quantity received” field of a receiving report until the goods have been counted. If the PO contained quantities ordered, the clerk could assume that the quantity received is equal to quantity purchased and therefore, skip the physical count. However, conducting the physical count is a much better practice and the blind PO serves as a control to force such a count. 22. (SO 2) Under what circumstances would it be necessary to manually update accounts payable prior to the receipt of a vendor’s invoice? When the receipt of goods occurs at the end of a period, but the invoice is not received until the next period, the liability should be recorded in the first period even though the invoice has not yet been received. 23. (SO 4) Which department is responsible for making sure that payments are made in time to take advantage of vendor discounts? It is the responsibility of accounts payable. 24. (SO 4) Why would some checks need to include two signatures? Large checks over a specified amount may require two signatures. Large checks entail more risk for the company and the dual signature lessens risks. 25. (SO 4) During the process of reconciling the bank account, why is it necessary to review the dates, payees, and signatures on the canceled checks? Reviewing dates, payees, and signatures on cancelled checks may help uncover unusual events. These unusual events can then be checked to make sure that they are not part of a fraud scheme. 26. (SO 4,6) What specifically does a cash disbursements clerk do when he or she “cancels” an invoice? How does this compare to the procedures used when computer-based matching exists. To cancel an invoice means to mark or stamp it with the date paid and check number. The purpose is to help prevent duplicate payment of an invoice. In an automated matching system, the system would be programmed to ensure that there were no previous payments that would make a new payment a duplicate payment. 27. (SO 4) Why should accountants periodically review the sequence of checks issued? To ensure there are no missing or unaccounted checks. This helps prevent errors and fraud. 28. (SO 2,4) What accounting records are used by accounts payable personnel to keep track of amounts owed to each vendor? An accounts payable subsidiary ledger is used to record the detail of amounts owed to each vendor. 29. (SO 5) Identify some inefficiencies inherent in a manual expenditures processing system. There is a physical matching of documents by
9-2
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
humans and this process is time consuming and error prone. Even if a software system such as Microsoft Dynamics GP is used, there are many human tasks that are time consuming and error prone. Those tasks are: keying of data for a purchase order; the manual process of comparing an order received to the PO; keying in the receiving report and finding the PO in the system to match it against; keying the invoice into the system and finding the PO in the system to match it against; and the human decision making process of which invoices to approve for payment. These inefficiencies cause a large expenditure in salaries and wages for the personnel who do the matching. 30. (SO 5) What are the advantages of BPR? Using BPR to design IT systems can reduce the amount of paperwork, manual processing and the costs inherent in paperwork and manual processing. The costs include wages and salaries for the time to do manual processing and to correct errors or mismatches that occur in the manual processes. 31. (SO 8) List three examples of BPR used in the expenditures processes. BPR can be used to change a manual matching and payment system into one of three IT systems. These three include computer based three-way matching, Evaluated Receipt Settlement (ERS), and EDI. 32. (SO 8) Explain how system logic errors could cause cash management problems. When there are logic errors in a system, it may cause the system to make the same error repetitively. If the logic error is in approving payments, the system may repetitively approve payments a the wrong times or in the wrong amounts. Since the error is repetitive, it could quickly cause cash flow problems by paying too much cash, too soon. 33. Explain how system availability problems could cause cash management problems. Significant amounts of downtime in the system could delay payments to vendors. In turn, vendors may delay shipments of materials to the company, which would then delay sales to customers and cash inflows. 34. (SO 8) How is an audit trail maintained in an IT system where no paper documents are generated? Backup files and computer logs of transactions can serve as part of an audit trail. 35. (SO 8) What can a company do to protect itself from business interruptions due to power outages? A company should have a disaster recovery plan and they should use uninterruptible power supplies as a backup to the normal power source. 36. (SO 7) What paper document is eliminated when ERS is used? ERS is an invoiceless match system. This means the invoice is eliminated
9-3
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
and the vendor is paid if the purchase order matches the goods received. 37. (SO 7) Identify compensating controls needed for an effective ERS system. Some of the compensating controls needed are: Established procedures in receiving to ensure goods are only accepted when quantities and part numbers match exactly; there must be a much more detailed negotiation with suppliers to establish accepted practices and firm prices with suppliers; vendors must understand that substitutions and partial shipments cannot be accepted; there should be established procedures to handle exceptions that arise, but exceptions should be very rare. 38. (SO 5) What is typically the most time-consuming aspect within the expenditures process? It is the matching of documents in a three-way match system. The time involved is usually very high because of the manual steps and because of the time involved in reconciling mismatches of part numbers, quantities, and prices in many shipments. 39. (SO 8) Identify the category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls. The category of risk that these controls reduce is security and confidentiality risk, and more specifically, unauthorized access. 40. (SO 6) Explain why the availability of computer systems in the receiving department is such an important component of an automated expenditures process. In most automated vendor payment systems, there is a presumption that the receiving personnel must reject shipments that do not match the purchase order. This means that the receiving personnel must be able to look up the desired purchase order at the same time the delivery is at the receiving dock. The receiving personnel must be able to reject the shipment, of necessary, while the delivery person is still at the receiving dock. In this circumstance, the purchase order files must be online and readily accessible to receiving personnel. 41. (SO 5,8) Identify three ways that buyers and sellers may be linked electronically. EDI systems link buyers and sellers electronically, The electronic link may be in the form of private leased lines, third-party networks called value-added networks, or via the Internet. 42. (SO 8) What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems? Penetration testing, vulnerability assessment, and intrusion detection systems all help expose potential unauthorized access.
9-4
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
43. (SO 9) How are Web browsers used in e-payables systems? In many accounting systems, the accounting software has a custom designed screen to view and enter data. In e-payable system, a web browser is used as the interface to receive and review invoices, as well as to make vendor payments. The web browser is perceived to be a more user friendly approach to the interface. 44. (SO 10) Explain how procurement cards provide for increased efficiencies in the accounts payable department. P-cards are used for purchases of things such as supplies, maintenance, and travel and entertainment expenses. Without p-cards, many companies find they have a large volume of these small dollar transactions that would still require the regular matching process in accounts payable. The p-card eliminates this time consuming matching process for items purchased with the p-card. This eliminates soliciting bids, keying PO and invoice data, matching documents, reconciling mismatches, and writing small dollar amount checks. Instead, the company receives one monthly bill from the credit card issuer. Brief Exercises 45. (SO 2,4) Describe what is likely to occur if company personnel erroneously recorded a purchase transaction for the wrong vendor? What if a cash disbursement was posted to the wrong vendor? Identify internal controls that would detect or prevent this from occurring. If a company erroneously recorded a purchase transaction to the wrong vendor, it is likely to make a payment to the wrong party. When the correct vendor does not collect its payment, it will notify the company and demand payment. This will likely result in the company making a duplicate payment for the same transaction. If a cash disbursement was posted to the wrong vendor account, this would also likely result in the company making a duplicate payment for the same transaction. Since the first payment did not get recorded correctly, the company would not have proper record of the payment. When it reviewed its vendor accounts, it would note that it still needed to make a payment. It would be difficult to discover an erroneous posting of a purchase transaction or cash disbursement to the wrong vendor account. (An incorrect posting of a cash disbursement is more likely to be discovered in the document matching and subsequent posting process.) The following internal controls could detect these types of problems:
9-5
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
When invoices arrive from the vendor companies, there should be an attempt to match the invoice to the purchase order and receiving report before the transaction is posted to the vendor account within the accounts payable subsidiary ledger. During this posting, the employee who posts should verify that the transaction is recorded in the proper vendor account. A reconciliation should be performed upon receipt of the vendor statement. This should reveal any differences in terms of purchase or payment information. A review of the vendor file should be performed periodically. The vendor to which the purchase should have been recorded or the vendor to which a payment was erroneously applied may show a negative balance (paid more than recorded purchases). The error may also be discovered when there is a reconciliation of the accounts payable subsidiary ledger to the general ledger, although this is not as likely. The reconciliation would still balance even if an amount is recorded in the wrong vendor account. It is also possible that this error would not be discovered particularly if there are always outstanding balances in vendor accounts. The best internal control to prevent these errors would be to use an automated, rather than manual system. An automated system would automatically post to the correct vendor as the purchase order is created. 46. (SO 4) Debate the logic used in the following statement: “The person responsible for approving cash disbursements should also prepare the bank reconciliation because he is most familiar with the checks that have been written on that bank account.” It may be true that this person is more familiar with the checks, but it would not represent a good internal control process. If a separate person reconciles the account, it prevents the first person from writing fraudulent checks and covering it up by altering the bank reconciliation. 47. (SO 8) Expenditure systems are crucial in the automobile manufacturing industry, where hundreds or thousands of parts must be purchased to manufacture cars. Briefly describe how EDI would be beneficial in this industry. Since there would be such a large volume of purchase orders, invoices, and receiving reports, that handling so many paper document would be inefficient. EDI would eliminate all of the manual steps in handling these paper documents, eliminate the keying of the data on these documents, and eliminate mail delays. An EDI system would be faster, more efficient, and less error prone. Therefore, it would also reduce the cost per transaction.
9-6
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
48. (SO 2,4) Describe how the matching of key information on supporting documents can help a company determine that purchase transactions have been properly executed. If the company has established proper segregation of duties and matches documents, there is a likelihood they have properly insured that purchase transactions are properly executed. Purchasing would not complete a PO and place an order until they receive a purchase requisition. The PO would be forwarded to accounts payable. The receiving department would complete and forward a receiving report upon receiving the goods. The invoice comes from a separate party – the vendor. If these three separate documents match, it is a good assurance that it was a valid, authorized order, it was properly received, and the vendor billed correctly for goods ordered and received. 49. (SO 2,3) Describe how the use of pre-numbered forms for debit memos can help a company determine that purchase return transactions have not been omitted from the accounting records. It is much easier to account for all debit memos if they are pre-numbered. The sequence of numbers can be checked to ensure all have been posted. 50. (SO 5,7) Describe how a ERS system could improve the efficiency of expenditure processes? An ERS is an invoiceless system that pays vendors if the goods received match the purchase order. This system completely eliminates the document matching system that usually occurs in accounts payable. This eliminates the most time consuming aspect of paying vendors. However, it does require much more strictly defined purchasing agreements with vendors. Vendors must understand that the company cannot accept price differences from those negotiated, substitution of products, undershipments, overshipments, or partial shipments. 51. (SO 10) Describe how a procurement card improves the efficiency of purchasing supplies. A procurement card is usually used to purchase supplies or pay for travel and entertainment. Using a p-card for these purchases eliminates the typically process of PO, receiving report, and invoice matching. Individual users have much more control over the purchase of their supplies and central inventories of supplies need not be maintained.
Problems 52. (SO 2,3,4) Identify an internal control procedure that would reduce the following risks in a manual system:
9-7
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
a. The purchasing department may not be notified when goods need to be purchased. Require that an inventory control department monitor inventory records and request purchases (purchase requisition) when goods need to be reordered. b. Accounts payable may not be updated for items received. Require that the receiving department complete a receiving report for all goods received, and that a copy of the report is forwarded to accounts payable. c. Purchase orders may be prepared based on unauthorized requisitions. Require that the appropriate manager approve each purchase requisition by signing the requisition form. d. Receiving clerks may steal purchased goods. Require good physical security such as security cameras and good supervision of receiving employees. Using a “blind” PO at receiving may also help since constant shortages when goods are stolen is more likely to be noticed. e. Payments may be made for items not received. Require a threeway match of the purchase order, receiving report, and invoice before a payment can be approved. f. Amounts paid may be applied to the wrong vendor account. Assuming that the payment was to the correct vendor, but posted to the wrong account, it is very difficult to uncover this error. A reconciliation of subsidiary ledge to the accounts payable account may not uncover this because the total balance would be the same. It may be uncovered if someone notices that the records show payments to a vendor are in excess of that owed. There is no method to completely eliminate errors in posting. g. Payments may be made for items previously returned. Require a debit memorandum be completed for any goods returned, and that a copy of this be forwarded to accounts payable so that the balance owed can be changed. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. First, there must be a clear policy on overshipments that receiving personnel can apply. For example, a policy may be written that overshipments under 5% can be accepted, but all others should be rejected and returned. Second, there must be a policy that all received goods are compared against a purchase order. Also, the use a “blind” PO to force receiving personnel to count goods and they might therefore more easily detect overshipments.
9-8
Chapter 9 Solutions Purchases
i.
Expenditures Processes and Controls –
Duplicate payments may be issued for a single purchase transaction. Require that payment documentation be “cancelled’ when payment is made. This stamp on the documents should help prevent duplicate payments.
53. (SO 1, SO 10) Chris Smith’s coffee and pastry cart and a procurement card. Suggest some controls that should be in place. Identify some resources that need to be purchased for this business. The credit card used should have a dollar amount limit as well as a daily limit. The card can also be restricted to certain kinds of vendors. For example, hotels, air fare, electronics stores, and liquor stores could all be vendors that would be prohibited purchases on this credit card. The types of resources that would be purchased are paper products such as coffee filters, paper cups, napkins, and plates; plastic utensils; ground coffee beans; creamer, sugar, sweetener, and milk; pastries; and various cleaning supplies. Finally, Chris should review all charges on the credit card each month to detect any misuse of the card. 54. (SO 1,5) Thurston Company and business process reengineering project (BPR). BPR involves the radical redesign of processes, along with IT enablement of processes, to improve the efficiency and lower the cost of processes. BPR in a manual expenditure system would involve methods to convert manual processes into automated processes. Any of the IT enablement methods suggested in this chapter are possible solutions. Therefore, computer based document matching, evaluated receipt settlement, e-business or EDI, e-payables, and procurement cards are all possible. Some combination of these would also be possible. For example, ABC could use an EDI system for purchases of inventory, but use a procurement card for small supplies and travel expenditures. 55. (SO 2,4) The following list presents statements regarding the expenditure processes. Each statement is separate and should be considered to be from a separate company. For each statement, determine whether it is an internal control strength or weakness, then describe why it is a strength or weakness. If it is an internal control weakness, provide a method or methods to improve the internal control. a. A purchasing agent updates the inventory subsidiary ledger when an order is placed. This is an internal control weakness.
9-9
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
The purchasing agent is part of the authorization of orders. Therefore, he/she should not have record keeping duties for those purchases. If one person has both duties, unauthorized purchases can be initiated and records can be altered to cover up these unauthorized purchases. These duties should be segregated and someone who does not authorize and does not have custody of purchases should be assigned to the record keeping. b. An employee in accounts payable maintains the accounts payable subsidiary ledger. This is an internal control strength. The payable should be recorded when the invoice arrives and it matches a purchase order and receiving report. c. Purchasing agents purchase items only if they have received an approved purchase requisition. This is an internal control strength. The purchasing agents cannot initiate purchases without proper approval from a separate department or person. d. The receiving dock employee counts and inspects goods and prepares a receiving document that is forwarded to accounts payable. This is an internal control strength. The counting and inspecting of goods ensures that goods are not damaged and that the proper amount was received. This count and inspection prevents companies from paying full price for damaged goods or missing goods. e. The receiving dock employee compares the packing list to the goods received and if they match, forwards the packing list to accounts payable. This is an internal control weakness. Goods should not be compared to the packing list, they should be compared to the purchase order. A comparison to the packing list will not reveal any undershipments, overshipments, or product substitutions. The improvement would be to compare the goods received to the purchase order and forward a receiving report, not the packing list, to accounts payable. f. An employee in accounts payable matches an invoice to a receiving report before approving a payment of the invoice. This is an internal control weakness because there is one more document that should be matched. The purchase order should also be matched to the invoice and receiving report. g. A check is prepared in the accounts payable department when the invoice is received. This represents two internal control weaknesses. First, there is no document matching mentioned (po, invoice, and receiving report). Second, acoounts payable
9-10
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
should authorize payment by check, but should not write the check. The matched documentation should be forwarded to cash disbursements and the check is written by cash disbursements. 56. (SO 2) Chasner, Inc. computerization. Required: Assume that Chasner, Inc. is preparing to computerize the manual input processes such as completing a receiving report. Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used at the receiving dock to enter information from the packing slip in the company’s expenditure system. See the excel file Problem 9-56.xls. 57. (SO 4) Since the accounts payable system of matching purchase orders, invoices, and receiving reports can often be complex, organizations must routinely check to ensure they are not making a duplicate payment. The text book Web site contains a spreadsheet titled “invoices.xls”. Using your knowledge of spreadsheets and the characteristics of duplicate payments, identify any payments within the spreadsheet that appear to be duplicate or problem payments. For the following PO’s, there are duplicate payments in which the invoice amounts are exactly the same, and the same PO is referenced. PO 1514; invoices 5644 and 6871. PO 2635; invoices 7176 and 7700. PO 3477; invoices 7957 and 8340. PO 2818 was invoiced twice, but in different amounts and it could be a duplicate payment, or it could be two partial payments. We would need the amount of the purchase order to determine. 58. (SO 8) Volpner and EDI Controls. Required: Describe the IT controls that Volpner should include when it implements an internet EDI system. For each control you suggest, describe the intended purpose of the control. Since Volpner will be sending data electronically using a computer system, there are many general and application controls that should be a part of this IT system. Volpner may not be able to afford all of the general controls mentioned below, but they should implement as many as are cost
9-11
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
effective. General controls include: user IDs, passwords, log-in procedures, access levels, authority tables, firewalls, encryption of data, vulnerability assessment, penetration testing, intrusion detection, software testing, and computer logs, These general controls limit unauthorized access to the IT system. To help prevent availability risks, general controls such as business continuity planning, backup data and backup systems, firewalls, encryption of data, vulnerability assessment, intrusion detection, and penetration testing. The purchasing software and the EDI translation software should also incorporate application input controls such as field check, validity check, limit check, and reasonableness check 59. (SO 2,3,4) Zifner Company and segregation of duties: a. Accounts payable record keeping. b. Authorization of new vendors c. Authorization of purchase returns d. Authorization of purchases e. Cash disbursements record keeping f. Check-signing authority g. Custody of inventory in the receiving area. h. Maintaining custody of cash. i. Preparation of a debit memo for a purchase return Required: For each of the three employees (supervisor, employee 1, and employee 2), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the three people, the duties you assigned to each employee and a description of why those assignments achieve proper separation of duties. There are likely to be a few possible answers that could be effective. The critical aspect is to try to segregate authorization, custody, and record keeping for related events as much as possible. There is no “perfect” segregation since there are only three employees. Supervisor: duties F, G, and H. The supervisor would be the most logical person to sign checks. As a supervisor, he/she can override internal controls so it is not as much a problem that there may be some incompatibility for a supervisor.
9-12
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Employee 1: duties A, E, I. This places all record keeping and document preparation with employee 1. He/she has no custody or authorization. Employee 2: duties B, C, and D. He/she can authorize vendors, purchases, and purchase returns, but has no custody or record keeping responsibility.
60. (SO 7) Using a search engine, search the internet for information about Evaluated Receipt Settlement, or ERS. You may have more success by searching for the terms ERS and invoices together in one search. Based on what you read about ERS on the web, what appears to be the difficulties encountered when a company chooses to implement ERS? The most frequent problem appears to be the reluctance of suppliers (vendors) to adopt the new processes. The switch to an ERS system is a complete change of the invoice and payment process and it requires that the company and its vendor have negotiated firm prices, and polices on shipments. Since this is such a radical change from the older way of doing business, vendors resist the change. ERS does require extremely good working relationships between a company and its vendors. The company must trust the vendor to bill only “agreed upon” prices and not estimated prices. They must also have greater trust that the vendor ships the appropriate quantity and quality of goods. This would mean that they do not ship more than requested, nor do they ship lower quality items.
61. (SO 9) Using a search engine, search the internet for information about Electronic Invoice Presentment and Payment. You may have more success by searching for the terms EIPP and invoices together in one search. Based on what you read about EIPP on the web, what are the advantages and disadvantages of EIPP? One of the concepts about EIPP is that is should benefit both the buying company and the selling company. What do you think the benefits are to buyer, and what are the benefits to the seller? The website http://www.accountis.com/overview/supplierbenefits/ indicates that the supplier benefits are: (1) Time and cost savings by reducing the labor, material and posting costs associated with traditional payment systems. This includes an 82% cost reduction per transaction and a
9-13
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
33% increase in invoice processing efficiency; (2) error reduction; (3) quicker settlement which leads to the supplier receiving payment more quickly; (4) Improved visibility from the 24/7 availability of archived edocuments. This improves the ability to forecast cash flow and makes audits more efficient. The website http://www.accountis.com/overview/buyerbenefits/ indicates that the buyers benefits are: (1) No manual data entry and rekeying of data is eliminated; (2) real-time invoice access for customers. Each customer has online access to each of their invoices; (3) faster dispute resolution. Rather than requesting assistance via telephone, the buyer can query the invoice set using any line item (4) One, consistent view of all invoices because an EIPP uses a standard format; (5) reduced costs by reducing the number of workers in accounts payable; a 50% - 75% processing cost savings; reduction of overbilling and invoice errors. A large bank Website described the benefits as follows: Bank XYZ’s Electronic Invoice Presentment and Payment (EIPP) solution allows billers and payers to manage the entire invoice and payment cycle online, shortening days sales outstanding and eliminating costs traditionally associated with paper-based systems. With Bank XYZ’s EIPP solution, invoices are available for review on the same day they are issued. All steps and procedures typically associated with a paper-based system are eliminated. From a single invoice menu, your customers can view unpaid invoices, perform invoice inquiries, authorize invoices for payment and view payment history. With EIPP, clients can enjoy: Improved cash-flow visibility as the status of each invoice can be viewed online Accelerated payment settlement due to the elimination of mail time and float typically associated with paper-based processes Reduced costs from substituting a people and time-intensive process with an electronic process Easy integration with existing systems (e.g. Oracle, SAP, etc.)
9-14
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
And, EIPP is user-friendly and easy to use. Clients only need a Web browser. Training is simple and customer service is available 24/7
62. (SO 9) Using a search engine, search the Internet for an article titled “B2B EIPP: The Mystery Unraveled”. Briefly describe what the article calls “customer advantages” of adopting EIPP. It is called eSettlements. See
63. (SO 11) You are an accounts payable clerk for a small home improvements contractor. Speculate on the type of fraud that could be in process here. What (if anything) could you do to ascertain the propriety of the transaction and still make the payment today? It is possible that the site supervisor has created a fictitious vendor name and a fictitious invoice and is seeking reimbursement for this false documentation. In an attempt to verify whether the company exists, you could examine telephone books or online listings of the address and phone number for the company. It would be important to confirm that any address is not a PO Box and it is not the same address as an existing employee. This approach is not a guarantee because it is easy to set up a “false storefront”. Ideally, the best controls are the approval of a vendor before any purchases occur with that vendor and payment through the existing accounts payable processes. 64. (SO 11) Two of the most common ways that employees commit fraud against their employers is the misstatement of reimbursable expense accounts and the misuse of office supplies for personal purposes. Although these schemes are usually not individually significant, their magnitude can be damaging if these practices are widespread. Develop suggestions for internal controls that could curb the occurrence of such fraudulent activities. Some useful controls would be: approval of these transactions before they occur; requiring the submission of original invoices or receipts before payment is made; and periodic audits of these expenditures.
Cases 65. Kludney Incorporated has the following processes related to purchasing.
9-15
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Required: 1. Draw a document flowchart of the purchase processes of Kludney. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xls”. 2. Identify any weaknesses in internal controls within the purchase processes and indicate the improvements you would suggest. Weakness: No one person or department has been assigned responsibility to monitor inventory levels and determine when to order. Improvement: Assign responsibility to a department such as inventory control. Weakness: There is no purchase requisition completed and forwarded to purchasing to initiate the purchasing process. Improvement: Use a purchase requisition, approved by inventory control, to initiate purchases. Weakness: No copy of the purchase order is forwarded to accounts payable for a document match. Improvement: Forward a copy of the PO to accounts payable. Weakness: the inventory control department updates inventory records based on a PO, not the goods received. Improvement: the inventory control department should update inventory from the receiving report. Weakness: No copy of the receiving report goes to inventory control or accounts payable. Improvement: Copies of the receiving report should be forwarded to accounts payable and inventory control. Weakness: The packing slip is forwarded to accounts payable instead of the receiving report. Improvement: The receiving report is forwarded to accounts payable. Weakness: The accounts payable matches the invoice to the packing slip. Improvement: the accounts payable department should match the invoice to the purchase order and receiving report. Weakness: the cash disbursements department forwards a copy of
9-16
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. These subtotals are posted to the general ledger, not each individual check. 66. Jounta Enterprises is a wholesaler that purchases consumer merchandise from many different suppliers.
Required: 1. List any strengths and weaknesses in the internal control procedures of Jounta enterprises. STRENGTHS: A manager in purchasing approves the PO before it is mailed. The PO is prepared in 4 parts and these copies are forwarded to appropriate departments for future use. If no PO exists for a shipment, it is returned. The receiving report is prepared with three copies and those copies are forwarded to appropriate departments (one improvement would be a copy to a separate inventory control department; see first weakness below. Accounts payable does a three-way match of PO, receiving report, and invoice before approval of payment. The matched documents are reviewed by a manager, The check signer (treasurer) is segregated from the preparation of the check. WEAKNESSES: There is no separate inventory control department to maintain inventory records. The requisition should come from inventory control, not the warehouse. The packing slip is compared to the purchase order instead of counting and inspecting the order. The quantities on the receiving report are from the packing slip instead of a separate count by receiving employees. If a separate inventory control department existed, a copy of the receiving report should be forwarded there. In general, there is nothing in the description about record
9-17
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
keeping – such as who updates inventory, accounts payable, and general ledger records. 2. Draw a document flowchart of the expenditure processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xls”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document flows, it is easier to see where some potential control weaknesses exist when viewing the document flowchart. 3. Describe any benefits that Jounta may receive by installing a newer, IT system to process purchases, goods received, accounts payable, and checks. Be specific as to how IT systems could benefit each of the processes described. There are many types of IT systems for purchases, so the exact benefits would be somewhat dependent on the system chosen. However, any IT system would reduce the number of manual tasks which would improve efficiency, reduce costs, and decrease errors. Examples would be: An IT system could monitor inventory levels and automatically generate a purchase order when quantities if individual items reach a reorder point. An IT system could store documents such as POs or receiving reports online so that there need not be actual paper handling in forwarding documents between departments. An IT system could match the PO, receiving, report, and invoice and leave accounts payable personnel free to work on reconciliations of those that do not match correctly. An IT system could prepare and print checks. An IT system could update related records in realtime as goods are ordered, received, or paid. An IT system would provide better and more timely feedback to management about inventory levels, items on order, future expected cash flow, and details about expenditures. 67. Crandolf Metals. is a manufacturer of aluminum cans for the beverage industry. Required:
9-18
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
a. Draw two process maps to reflect the business processes at Crandolf. One process map should depict the purchase processes and the second process map should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xls”. b. Draw two document flowcharts to reflect the records and reports used by these processes at Crandolf. One flowchart should depict the purchase processes and the second flowchart should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xls”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document flows, it is easier to see where some potential control weaknesses exist when viewing the document flowchart. c. Describe any weaknesses in these processes or internal controls. As you identify weaknesses, also describe your suggested improvement. Weakness: Inventory is ordered when it “seems low”. Improvement: There should be pre-established reorder levels for each inventory item. Weakness: The inventory control department is not initiating orders by a purchase requisition. Improvement: An inventory control department should maintain inventory records and to complete purchase requisitions when inventory items reach the reorder level. Weakness: The purchase automatically goes to the last vendor used. Improvement: Purchasing agents should find the best price and not automatically use the last vendor. Weakness: No purchasing journal is used. Improvement: Purchasing updates the purchases journal as purchase orders are completed. Weakness: There is no mention of rejecting goods received for which there is no purchase order. Improvement: Have receiving compare goods to PO and reject shipments for which a PO does
9-19
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
not exist. Weakness: No copy of the purchase order is forwarded to accounts payable. Improvement: A copy of the PO should be forwarded to accounts payable. Weakness: The receiving report is prepared from the packing slp rather than a separate count and inspection. Improvement: require receiving personnel to count and inspect goods and complete the receiving report based on this count. Weakness: No copy of the receiving report is forwarded to accounts payable. Improvement: A copy of the receiving report should be forwarded to accounts payable. Weakness: No copy of the receiving report is forwarded to inventory control. Improvement: A copy of the receiving report should be forwarded to inventory control so that inventory records can be updated. Weakness: Accounts payable prepares a cash disbursements voucher for all invoices and does not match the PO, invoice, and receiving report before preparing the voucher. Improvement: Match the three documents to ensure it is a valid order that was received in good condition before the voucher is approved. Weakness: the cash disbursements department forwards a copy of the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. These subtotals are posted to the general ledger, not each individual check. Weakness: there is no indication of who signs (authorizes) the check. Improvement: some appropriate manager should review the documentation supporting the check, ensure sufficient cash exists, and sign the check.
9-20
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Weakness: There is no mention of a reconciliation of the bank account. Improvement: The Treasurer should reconcile the bank account. d. Draw two new process maps that include your suggested improvements. One process map should depict the purchase processes and the second process map should depict the cash disbursement processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xls”.
68. The United States General Accounting Office (GAO), Office of Special Investigations was charged with investigating a potential purchase fraud case. The man who committed the alleged fraud was a former civilian employee of the Air Force, Mark J. Krenik. Required: Describe internal controls that should be in place at the Air Force to help prevent such fraud. Internal controls that may help prevent or detect this are: A policy requiring that any special handling instructions be approved by a manager above the person requesting the payment. A policy requiring that a vendor cannot be paid unless that vendor has been approved and established in the system through the regular vendor approval system. A segregation of approval so that the person requesting the payment cannot also verify that work was completed or deliveries made. A policy requiring a periodic audit of expenditures by the internal audit department. 69. The following document flowchart shows part of the purchases and cash disbursements processes for Roufler, Inc., a small manufacturer of gadgets and widgets. Some of the flowchart symbols are labeled to indicate operations, controls, and records. Required:
9-21
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
For each of the symbols (numbered 1. through 12.), select one response (lettered A. through T.) from the answer lists below. Each response may be selected once or not at all. 1. 2. 3. 4.
C R F L
5. 6. 7. 8.
M O P H
9. 10. 11. 12.
9-22
T N I K
Robatelli’s Continuing Case Solution – Chapter 10 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes.
a. Describe how you believe an efficient and effective payroll system should be organized at Robatelli’s. This answer can vary depending on the type of payroll system recommends. An inhouse payroll system can have various levels of IT integration. Many companies of a similar size choose to outsource payroll. The suggested answer in parts a to c assume an in-house payroll system. Since most restaurants with several locations use point of sale software at the cash register, this solution assumes employees at the restaurants clock in and clock out using the point of sale software. First, there should be a separate human resources department and this department provides the authorization for who is in the payroll system and can receive pay checks. In addition, human resources maintains personnel records that include employee name, address, social security number, birth date, pay rate, withholding information and authorizations, and performance review information. Timekeeping will be a little different for different types of employees. Restaurant employees would use the Point of sale software at the restaurant to clock in and clock out. Thus, timekeeping at the restaurant is automated. At the commissary and headquarters, hourly employees could use a time clock or written time cards for timekeeping. A time clock is preferable as it increases the accuracy and internal control of timekeeping. Supervisor approval of time worked at both the restaurants and the commissary and office locations should occur as an internal control. All time keeping information would be forwarded to headquarters and a payroll department would calculate gross pay, deductions, and net pay based on time keeping records and personnel records regarding deductions. If the company has instituted such a policy, it would pay based on direct deposit rather than paper checks. Direct deposit is more efficient, effective, and less subject to fraud. If the company does not require direct deposit, it should institute such a policy. If paper checks are written, they would have to be distributed by the appropriate managers. This is less effective as an internal control, but it would not be practical to have an independent paymaster visit the various restaurants, commissary, and office. That is why direct deposit is a more desirable approach. If payroll is in-house, Robatelli’s should use the payroll module of their accounting software to input time and calculate payroll. An alternative would be a stand-alone
payroll software system. The payroll module within the accounting system is preferable because it would automatically integrate with other modules such as general ledger. A separate payroll bank account should be used and accounts payable should authorize a check for the total amount of the payroll. This check would be deposited in the payroll bank account and payroll direct deposits to employees (or pay checks) are drawn from this account. The payroll software should complete reports and schedules such as reports for deductions from employee pay. These reports are used to determine the amounts to be paid to the various withholding entities. Some reports must be filed with Federal, state, and local governments. The appropriate deposits for taxes and other withholdings should be prepared by payroll and deposited in the appropriate accounts. Include details such as: a. What types of payroll documentation should be prepared at the restaurant locations? Ideally, there would be very little paper documentation. Each new employee would complete a paper W-4 form to indicate tax exemptions. Time keeping should be as automated as possible. Thus, time cards would not be prepared at the restaurants. b. How will the necessary information for payroll flow between restaurants and the home office? At the restaurants, the POS software can record hours work as employees clock in and clock out at the cash register. Thus, only summary information needs to be forwarded to the payroll department by each restaurant. The method of forwarding summary time information would depend on how sophisticated the IT systems are at Robatelli’s. Each restaurant manager could e-mail a summary report, or ideally, the manager would log into the software at corporate headquarters and file a time keeping report for the restaurant online. This would reduce the chance for data input errors and would increase the efficiency of payroll. Headquarters should provide periodic summary reports to each restaurant that provides labor cost information to each manager. c. How should IT systems be used in the payroll processes? IT systems should be employed to the full extent that is possible. IT systems of payroll increase the accuracy, efficiency, and reporting capability in payroll. As mentioned above, time keeping, payroll processing, check distribution (direct deposit), and reporting should be in the IT systems and not done manually.
b. How could Robatelli’s prevent the occurrence of a ghost employee at one of its restaurant locations? The best protection is to segregate timekeeping from check distribution. If a manager at a restaurant had the authority to record employee time, and to distribute checks, he could create a ghost employee. If checks are distributed by someone else, that opportunity is lessened. Because of the 53 different restaurant locations, it is not practical to have a paymaster visit each restaurant on pay day. Therefore, direct deposit of employee pay is a much more effective approach. Since it is difficult to establish a bank account for fictitious person, this reduces the chances of ghost employees. Outsourcing payroll, such as to ADP, can also reduce the risk of ghost employees. c. From a cost/benefit perspective, what risks factors exist in Robatelli’s payroll processes that make it worthwhile to implement thorough internal controls? Generally, restaurant employees are paid weekly. This frequency is a risk factor. Also, restaurants such as Robatelli’s tend to have high turnover in employees. Describe the related internal control that could help detect or prevent each risk. As described above, Robatelli’s should use IT systems for payroll as much as possible. These IT systems have built-in internal controls. For example, the clock in and clock out of employees through the POS software decreases the chance that employees can clock in for a friend who is absent. The efficiency and accuracy of IT systems would also lessen risks associated with frequent pay periods. A separate human resource department that authorizes hiring and performs appropriate background checks can lessen the risks associated with high turnover. If Robatelli’s wished to reduce the payroll risks identified above, it could consider outsourcing much of the payroll processing. (ADP is an example of a payroll processing company.) Search the Web site of a payroll processing firm to determine the benefits to Robatelli’s of outsourcing a substantial portion of its payroll processing. Describe these benefits, the risks avoided by outsourcing, and the risks still borne by Robatelli’s after outsourcing. Also, describe the payroll record keeping functions that Robatelli’s must still maintain even if it outsources a substantial portion of its payroll processing. The risks, benefits, and record keeping borne by Robatelli’s and the outsourcing company are dependent on how much Robatelli’s wishes to outsource. ADP’s website indicates that it can be contracted to handle all payroll and human resources functions. If Robatelli’s outsources both payroll and human resources, most of the risks are transferred to ADP. Risks of errors in payroll, ghost employees, and employee character are transferred to ADP.
If we assume that Robatelli’s outsources payroll, but not HR, then Robatelli’s assumes the risks inherent in hiring employees. For example, an employee who has a criminal background can cause very large legal risks for a company, and can also be a risk for fraud or a risk to other employees. The benefits to outsourcing are that the time, costs, and risks of payroll are reduced. ADP’s website lists the following benefits of outsourcing payroll: Outsourcing your payroll can provide your small business with a number of important benefits: Save time Using an outsourced payroll solution is typically more efficient for a small business than processing payroll internally. Leaving payroll to experts frees up hours that you can devote to other important parts of your business. Whether it is your time, staff time, or a combination, chances are the hours could be better spent winning more business, improving customer service, fine-tuning business operations or launching a new product line. Among the areas where outsourcing will save time are: Processing payroll Cutting and distributing paychecks Calculating and paying withholding and employment taxes Preparing and distributing W-2s and 1099s at year-end Handling employee payroll inquiries Save money Many business owners underestimate the cost of processing payroll internally by failing to account for all hours spent and resources allocated to pay employees and maintain payroll paperwork. A thorough cost assessment usually proves that a small business saves money by outsourcing the processing, tracking and filing of payroll documents. To assess your own internal payroll costs, consider: How much the time spent is actually worth: consider the cost of your time and the time of anyone who processes or "touches" payroll. Often, many people in a small company are involved in the various parts of payroll processing. What savings would outsourcing provide: since an outside provider can handle all the responsibilities involved in managing payroll and answering employee questions, a small business can often eliminate or reallocate an internal payroll resource. Avoid penalties Calculating federal, state, and local employment taxes and filing payroll-related tax paperwork can be more than just a hassle. If it's done incorrectly, your small business may face penalties and even interest on money owed since the mistake was made. In fact, it is estimated that one in three small businesses receive a tax penalty costing over $800 each year. Outsourcing payroll does away with the risk of many of these costs and hassles because:
An outsourced payroll provider calculates payroll taxes, based on its expertise and close tracking of regulation changes Monthly or quarterly employment tax reports are managed by the payroll service, ensuring they are submitted correctly and on time Payroll providers may assume penalties that come as a result of incorrect tax calculations End-of-year paperwork — such as W-2s and 1099s — are handled directly by the payroll provider, so they are sent out on time (From: http://www.smallbusiness.adp.com/outsource/index.asp)
d. Describe how you believe an efficient and effective system of fixed assets accounting should be organized at Robatelli’s. Robatelli’s should ensure they have proper procedures to authorize the purchase and retirement of fixed assets. This would include policies that require a cost benefit analysis of asset purchases, approval of fixed asset purchases by high level managers, appropriate approval for retirement of fixed assets, and procedures for the proper sale or disposal of retired fixed assets. The cost benefit analysis prior to a purchase should include a discounted cash flow analysis and a narrative description of the benefits of the fixed asset. In addition, top management should develop a yearly capital budget and fixed assets should be purchased only after a high level manager has compared the request to the capital budget and ensured adequate funding in the capital budget. The ordering, receiving, and record keeping of fixed assets should be segregated so as to reduce the chance of fraud and to reduce errors in fixed asset purchasing or record keeping. The purchase of a fixed asset should follow typical purchase procedures that include a requisition, purchase order, receiving and inspection. Adequate records of fixed assets should be maintained that include purchase price, estimated life, salvage value, location of the asset, and repair and maintenance records. Such records should include a fixed asset subsidiary ledger to maintain detailed information about each asset. These records should be used to accurately calculate depreciation expense for fixed assets. When assets are to be retired and disposed, depreciation must be recorded to date, the assets should be removed from the fixed asset subsidiary ledger, and any gains or losses recorded. Be sure to include the following issues in your response: a. How should the fixed assets accounting department maintain control over fixed assets in the various restaurant locations? The best control over fixed assets at the restaurants is supervision. Each restaurant manager must be responsible for the supervision of fixed assets at his/her restaurant. Any change in fixed assets such as break down or theft should be reported to the
home office so that records can be changed and appropriate steps taken to repair or replace the asset. b. How should IT systems be used in the fixed assets process? IT systems should be used to the full extent possible. The number of fixed assets, and the high dollar value of these assets are reasons that the fixed asset accounting system should be as efficient and effective as possible. IT systems provide a much better method of maintaining fixed asset accounting than manual systems or spreadsheets. If Robatelli’s accounting software includes a fixe asset module that meets their needs, it should be used. If not, Robatelli’s should purchase a separate fixed asset software system to maintain fixed asset accounting.
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 10 Concept Check 1. c 2. a 3. b 4. b 5. c 6. d 7. c 8. a 9. a 10. d 11. a 12. a 13. d 14. a 15. d 16. a 17. c 18. d
Discussion Questions 19. (SO 1) Sales and inventory purchases are routine processes that occur nearly every day in a business. How are these routine processes different from payroll or fixed asset processes? The major difference is the frequency of occurrence. As stated in the question, sales and purchases are often undertaken daily. Payroll occurs on a fixed schedule such as every week, biweekly, or at month-end. Payroll transaction volume might be large, but only at these time intervals. Some payroll events occur only when employees are hired or fired. Fixed asset processes occur on an “as needed” basis. The volume of fixed asset transactions is relatively small compared to sales or purchase transaction volume. Depreciation of fixed assets occurs on a fixed interval, such as at year-end.
10-1
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
20. (SO 1) Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important? They are important because payroll and fixed asset transactions are related to two very critical resources. An organization must have employees and facilities (fixed assets) to operate. 21. (SO 2) Why do you think management should specifically approve all employees hired? It is a nonroutine process, and therefore, the volume of hiring is usually small enough to allow specific approval of each hire. Specific approval is important because hiring the right people is one of the most important keys to success in an organization. Also, hiring unethical people, or people with criminal backgrounds can be very detrimental to the company. 22. (SO 2) Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck? First, state or federal laws require that employees authorize (allow) deductions from their salary or wages. Secondly, without adequate records, it would be difficult to ensure the correct deductions have been taken from employee wages. 23. (SO 2) Explain why an employee’s individual record is accessed frequently, but changed relatively infrequently. Typically, an employee’s basic information does not change frequently. For example, name, birth date, SSN, either never change, or rarely change. Other employee information such as address, pay rate, or deductions change infrequently. However, some of this information, such as pay rate and deductions must be accessed every time payroll checks are prepared. 24. (SO 2) Explain two things that should occur to ensure that hours worked on a time card are accurate and complete. Each employee should update their time card daily and a supervisor should check the time card and sign or initial it before it is forwarded to payroll for processing. If an employee does not update it daily, they are more likely to put inaccurate information on it simply because it will be harder to remember the specific start and end times of work. The supervisory approval serves as an independent check of the accuracy of the time card. 25. (SO 2) Explain the reasons that an organization would have a separate bank account established for payroll. A separate bank account for payroll makes it easier to account for payroll transactions and to distinguish these transactions from other cash disbursements.
10-2
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
26. (SO 3) What is the purpose of supervisory review of employee time cards? The supervisory approval serves as an independent check of the accuracy of the time card. 27. (SO3) Why is it important to use an independent paymaster to distribute paychecks? It is the best segregation of duties to have a separate paymaster to distribute any paper checks. A separate paymaster segregates the custody from authorization, preparation, and recording of paychecks. If these duties were combined, a person could commit payroll fraud such as creating a fictitious employee. A separate paymaster helps ensure only active employees receive paychecks. 28. (SO 3) Why do payroll processes result in sensitive information and what is the sensitive information? The amount of salary or wages is sensitive, as well as the types and amounts of deductions. Also, personal information such as SSN, dependents, address and phone numbers are sensitive. 29. (SO 4) Why is batch processing well-suited to payroll processes? Because it involves transactions that can be grouped and processed at a particular time. For example, all hourly workers might be required to turn in all time cards on Friday afternoon and be paid the next Tuesday. All of these time cards can be processed as a group on Monday. 30. (SO 4) What are the advantages of automated time keeping such as bar code readers or ID badges that are swiped through a reader? Using these automated methods eliminates human steps that are error prone. Thus, timekeeping becomes more efficient and more accurate. 31. (SO 4) What are the advantages of outsourcing payroll? Outsourcing payroll provides increased convenience, confidentiality, and protection from risk of liability for failure to submit tax withholdings and reports. 32. (SO 5) Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary? Not only must the cost and resale value be accounted for properly, but depreciation can only be calculated accurately with proper records, and any gain or loss on sale is computed based on accurate records. 33. (SO 5) Why is it important to conduct an investment analysis prior to the purchase of fixed assets? Since the dollar investment can be large, and there is usually a limited capital budget, there must be an orderly process to determine the best use of capital funds. 34. (SO 5) Explain why categorizing fixed asset expenditures as expenses or capital assets is important. Miscategorization can have a dramatic
10-3
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
impact on financial statements and therefore, can mislead users of these statements. These amounts are usually large and therefore, have a larger impact than would other transactions such as sales or inventory purchases. If a fixed asset expenditure is classified as an expense, it will understate the balances sheet assets and understate net income. 35. (SO 5) What are some of the practical characteristics of fixed assets that complicate the calculation of depreciation? For many companies, there is a large number and type of fixed assets. These different asset types may have different service lives and different methods of depreciation. In addition, there are offer additions or retirements of fixed assets. Finally, the tax methods of depreciation for fixed assets may require two different sets of asset and depreciation records; one for financial statement purposes, and one for tax purposes. 36. (SO 6) What is different about the nature of fixed asset purchasing that makes authorization controls important? Fixed asset purchases can be very large amounts of money and in addition, choosing the right fixed assets is very important. Management should be purchasing the fixed assets that have a good return on investment. For these reasons, fixed asset authorization usually requires a higher level of management approval, and usually requires an investment analysis such as net present value. 37. (SO 6) Explain the necessity of supervision over fixed assets. Fixed assets must be located throughout the company where employees have direct access to them. Employees could not do their jobs without these fixed assets. Since fixed assets are readily accessible to many employees, supervision is necessary to ensure that the assets are used for their intended purpose, and that they are not stolen. 38. (SO 6) Why are some fixed assets susceptible to theft? In some cases, fixed assets are small or very portable. Examples would be laptop computers, hand tools, or vehicles. These would be easy to steal. Conversely, a large fixed asset such as a manufacturing robot would not be easy to steal. 39. (SO 7) Explain why a real-time update of fixed asset records might be preferable to batch processing of fixed asset changes. Often, fixed asset changes are non-routine transactions. Since the volume of these transactions could be small, and any one transaction might affect only a single asset record, real-time updates may be more appropriate. 40. (SO 7) Why is the beginning of a fiscal year the best time to implement a fixed asset software system? Because it eliminates any mid-year adjustments for depreciation that would be necessary.
10-4
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
41. (SO 7) What negative things might occur if fixed asset software systems lack appropriate access controls? It would be much easier for an employee to steal a fixed asset and alter the records to hide this theft. 42. (SO 8) Why might a supervisor collude with an employee to falsify time cards? In some cases, the supervisor might agree to the fraud so as to share in the extra money that results from the fraudulent pay. 43. (SO 8) How does the misclassification of fixed asset expenditures result in misstatement of financial statements? If something should have been recorded as a fixed asset gets recorded as an expenditure, it will understate assets and understate income. The opposite is true if an expenditure is misclassified as a capital asset. Assets are overstated and income is overstated.
Brief Exercises 44. (SO 2) Describe the type of information that a human resources department should maintain for each employee. They should maintain personnel records that include employee application, contract, resume, recommendation letters, interview reports, wage authorization, and and background investigation report. The records should also include employee address, SSN, employment history, information about authorized deductions, vacation and sick time accrued, attendance and performance evaluation records, work schedule, and promotion or termination records. 45. (SO 2) The calculation of gross and net pay can be a complicated process. Explain the items that complicate payroll calculations. Each employee’s deductions are likely to be different. In addition, the payroll formulas must be applied to every employee in the company, one at a time. The process is further complicated the fact that the inputs tend to change constantly. Each payroll period will include some changes in the number of hours worked, pay rates or withholdings. 46. (SO 3) Explain how duties are segregated in payroll. Specifically, who or which departments conduct the authorization, timekeeping, recording, and custody functions? Authorizing, timekeeping, record keeping, and custody of the paychecks should all be separated. Namely, the human resources department, which is responsible for authorizing new employee hiring and maintaining personnel files, should be separate from the payroll time reporting and record keeping functions, performed primarily by the payroll, cash disbursements, and general ledger departments. In addition, employees in each of these
10-5
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
departments should not have check-signing authority and should not have access to the signed checks or cash account. The person who distributes paychecks to employees, often referred to as a paymaster, should not have responsibility for any of the related payroll accounting functions and should not have custody of cash. The paymaster should also be independent of the departmental supervision responsibilities, so that it can be determined that paychecks are being distributed to active employees. Finally, information systems operations and programming related to the payroll processing should be separate from those responsible for custody of payroll cash and record keeping for these processes. 47. (SO 3) Explain the various reconciliation procedures that should occur in payroll. The number of hours reported on time sheets should be reconciled to the payroll register, and time sheets should be reconciled with production reports. Each of these reconciliations should be performed before paychecks are signed in order to ensure the accuracy of the underlying payroll information. In addition, the payroll register should be reconciled to the general ledger on a regular basis. Someone separate from the payroll processing functions should reconcile the bank statement for the payroll cash account on a monthly basis. 48. (SO 4) Explain the ways in which electronic transfer of funds can improve payroll processes. EFT can be used to directly deposit p[ay to employee bank accounts. This eliminates the printing and distribution of pay checks. The company can also use EFT to deposit taxes withheld and other employee withholdings. Finally, wage attachments that result from court proceedings can be transmitted via EFT. All of these EFT processes are faster and more efficient than the use of printed checks and mailing of checks. 49. (SO 5) Explain the kinds of information that must be maintained in fixed asset records during the asset continuance phase. For each fixed assets, there must be records of the asset cost, estimated life and salvage values, depreciation, maintenance records, and repair or improvement costs. 50. (SO 6) The authorization to purchase fixed assets should include investment analysis. Explain the two parts of investment analysis. The first part is financial justification using a model such as net present value, payback period, or internal rate of return. The use of these models requires that dollar estimates be determined for costs and benefits of the fixed asset. The second part would be a written narrative of the benefits; especially any benefits that are difficult to
10-6
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
quantify in dollars. A written narrative of the need for investment can help justify the expenditure when financial benefits do not immediately exceed costs. 51. (SO 8) Explain the types of unethical behavior that may occur in the fixed assets area. The use of estimates for useful lives and salvage values are an area that unethical managers can use to manipulate income statement or balance sheet amounts. Showing lower depreciation amounts can increase income and asset values above what they should be. In addition, misclassification of expenses as fixed asset expenditures can be used to show higher income and asset values.
Problems 52. (SO 2) Following is a time sheet completed by an hourly wage earner at Halfrid, Inc.
Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used in the payroll department to enter information from this time sheet in the company’s payroll software program. See the excel file Problem 10-52.xls. b. Prepare a payroll journal. See the excel file Problem 10-52.xls.. 53. (SO 2) The text book Web site has a Microsoft Excel spreadsheet titled payroll_problem.xls. This spreadsheet is used by Neltner Company to calculate its bi-weekly payroll. Using the information in that spreadsheet, calculate all details for the February 22, 2008 payroll. Hours worked by each employee are contained in the first worksheet. The following four worksheets contain details for each of the three employees and a total of the three employees. The last worksheet contains federal tax withholding tables to calculate federal tax to withhold. You will calculate gross pay and deductions for all three employees. See the excel file payroll_problem_solution.xls. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a payroll software program would improve the efficiency and accuracy of the payroll process.
10-7
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
54. (SO 5) The text book Web site has a Microsoft Excel spreadsheet titled fixed_asset.xls. The spreadsheet represents a fixed asset subsidiary ledger for Brazos Corporation. On July 3, 2008, Brazos purchased for the office a multifunction printer/fax/copier from Brereton Office Supplies for $2,000. The machine has no salvage value and a four year life. Add a new ledger record for this machine and calculate and record the 2008 depreciation expense for all fixed assets. Brazos uses straight-line depreciation with a half-year convention. See the Excel file fixed_asset_solution.xls. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a fixed asset software program would improve the efficiency and accuracy of the fixed asset processes. 55. (SO 6) Explain the process of approval of purchases for fixed assets. How does this process differ from that of purchasing raw materials? When a request to purchase a fixed asset is initiated by a manager, a formal investment analysis should occur. This would include a costbenefit analysis such as net present value, and a written justification of the benefits and costs, as well as any benefits and costs that are not easily quantifiable. There should also be an established capital budget and any fixed asset purchase request should be analyzed in comparison to other requests within that budget, and a determination made of the best use of the limited capital budget funds. Since fixed asset expenditures can involve large dollar amounts, there should also be specific authorization by a manager for the purchase. The company should have an established policy that identifies the level of managerial approval needed for various levels of expenditure. The processes mentioned above are most of the different processes for fixed asset purchases when compared to raw material purchases. One other difference is that requests to purchase raw materials generally originate in inventory control or production scheduling, the requests for fixed asset purchases would come from various managers of operating units within the enterprise. The other processes of the purchase, such as POs, document matching, and cash disbursements are similar to those processes for raw material purchases. 56. (SO 3) Using an Internet search engine, search for the phrase “biometric time clock” (be sure to include the quotation marks). Based
10-8
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
on your search results, describe a biometric time recording system and its advantages. A biometric time clock system uses unique physical characteristics of human beings to identify and record time for employees. Such biometric characteristics are finger print, hand print, face, retina, or voice pattern. The most commonly used biometric characteristic is the finger print. In a biometric time recording system, a company installs a scanner that reads the fingerprint and records the arrival and departure times. The advantage to the employee is the ease of use. The employee does not need to record times on a time card and does not have to use or keep track of an employee ID badge. The employer sees many advantages. Time keeping is more accurate and complete, payroll accuracy is increased, employees are identified with certainty and building security is increased. In addition, it eliminates “buddy punching” where one employee “punches” the time clock for his buddy who is actually absent. 57. (SO 7) Using an Internet search engine, search for the phrase “fixed asset software” (be sure to include the quotation marks). Examine the results to find companies that sell fixed asset software. List and explain some of the features of fixed asset software that these companies use as selling points for their software. One software vendor (http://www.realassetmgt.com/rsd/asset_accounting/fixed_asset_mana gement.htm) lists the following benefits: Easily access a complete audit trail with history/actions performed by all users. Calculate depreciation for one book or multiple books (state, federal and corporate). Compute and retain depreciation figures for past, current and future periods. Create ‘Parent/Child’ asset relationships to establish key dependencies and hierarchies. Produce a full range of standard and customized reports and forecasts. Set user-defined data and description fields (up to 30 levels of analysis). Conduct full and partial asset disposals, transfers, relifes, revaluations and splits. Generate Section 179 charges and bonus depreciation for applicable assets. Upload asset images for identification purposes.
10-9
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Adapt quickly to the familiar Windows® inspired interface. Comply with corporate governance regulations such as SarbanesOxley (SOX), GAAP, US Tax and GASB 34. Utilize seamless links to Project4000, RAMI’s project cost control module. Take advantage of fixed asset tracking capabilities available with Track4000. Directly import raw data, in a range of formats, using the Data Import Wizard. Employ Asset4000i for remote access to your fixed asset register. Login with a valid username and password combination prior to accessing the database. Establish individual or group access rights for security purposes. Quickly add new asset details in a single input screen. A simple process for depreciation calculations whether for individual assets or groups of assets. Several methods of depreciation including Straight Line, Double Straight Line, Reducing Balance, Variable Rate, Adjusted Declining, Digressive, MACRS, ACRS, adjustments and Residual, Multiple Units of Production (MUOP) and Non Depreciating The ability to forecast depreciation as far into the future as desired. The ability to recalculate the current period’s depreciation to reflect updates in the asset register. A powerful, built-in report engine that provides more than 100 standard reports and thousands of customizable reports. A full audit history for events including disposals, transfers, asset splits, relifes and revaluations can be accessed in seconds. The ability to physically and financially move an asset from one cost center to another without re-keying information. The software can display asset images and associated documents such as emails, invoices, purchase orders and contracts. 58. (SO 8) Read the article at this link: http://www.itnews.com.au/News/121683,in-car-spy-units-to-catchmisuse.aspx Describe any ethics considerations in using such technology. Consider both the company and employee perspectives. Also discuss whether you believe the use of this device could be an internal control for the company. Yes, it is ethical for a company to use such devices because they have a valid business related purpose. As stated in the article, they would use it to prevent company funds or assets being used for non-
10-10
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
business reasons. Without these devices the company may pay expenses (gasoline and maintenance) that should be personal expenses. Also, the company is not likely to have insurance coverage that would cover a driver other than the employee and this could cause many problems if other family members drive the car. Therefore the company has many valid reasons to monitor the use of these vehicles. Students may wish to advance an argument that such “spying” by the company is unethical. This could be a very rich and fruitful discussion. If the asset is owned by the company, and the operating expenses are paid by the company, and the employee is “on the time clock”, such monitoring should be considered ethical. From the employee perspective, the ethical behavior is to only use vehicles for work related purposes. Certainly, common sense may dictate minor use outside of company expectations might be Acceptable. For example, is it unethical for an employee to deviate slightly off course while driving to a company appointment so that he/she could buy aspirin? This line of thinking should also be an interesting and fruitful class discussion. Yes, it is an internal control to prevent or detect misuse or abuse of company assets; namely the vehicles. This type of internal control is intended to contribute to accomplishing two objectives of internal control: safeguarding assets, and promoting operational efficiency. The GPS tracking helps ensure that the vehicle is not misused and that company funds are not used to pay for family/weekend use or other unauthorized use of vehicles. It helps ensure that the car and the expenditures related to it are used for valid company purposes. As is true for any internal control, the company would have to determine whether it is cost effective. There are two types of cost. One cost is the tangible, measurable cost of buying and maintaining the GPS systems. The second type of cost is intangible and is the cost of potential lower employee morale if employees feel they are constantly monitored by “big brother”. This could lead to lower productivity among employees. The company must determine if cost savings from using the GPS system offsets the tangible and intangible costs.
10-11
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
59. (SO 8) Using an Internet search engine, search for the terms “Patti Dale” and theft (be sure to include the quotation marks around the name). Explain the unethical behavior that occurred. Also, explain any internal controls that you believe were missing or not followed in this case. Patti Dale was a 20 year employee of the University of North Texas who organized a payroll fraud scheme that resulted in the theft of $255,185 from UNT. She allowed students and friends of her son to falsify payroll time sheets. She issued paychecks for work not done and received a kickback from these students. She also fraudulently hired friends of her son and paid them for work they did not do. It appears the most important internal control missing is segregation of duties. No single person should authorize hiring and approve time cards. It appears her supervisor, the Dean, should have been approving time cards. An automated system of time keeping such as ID badge swiping or biometric record keeping systems would have reduced the falsified time records. Ms. Dale also had submitted over $65,000 in falsified travel expenditures.
Cases 60. Flozner Company is a small manufacturing firm with 60 employees with seven departments. Required: Describe any improvements you would suggest to strengthen the payroll internal controls at Flozner. Currently, the department managers hire employees and distribute paychecks. This gives managers the opportunity to create fictitious workers and have custody of those checks. The improvement would include two things. Final hiring approvals should be in the HR department, not the department managers. Paychecks should be distributed by independent paymasters, not the department managers. Currently, the pay rate is written on the employee W-4 by the department manager. The HR department should determine pay
10-12
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
rates. Time cards are now kept in a holder near the door and workers keep them all day. This gives employees too much opportunity to misuse time cards. They can easily be stolen, altered, or use for “buddy punch” where an employee clocks in for his buddy. Time cards should be more secure or the company should use a more advanced solution such as automated time keeping through ID badges or biometric time recording. Currently, the time cards are removed fro the holder on Friday and taken to payroll by “an employee who is not busy”. Two improvements are needed. First, the supervisor should review and approve each time card. Second, there should be a designated person charged with delivering time cards to payroll. Rather than the manager calling the payroll department to report pay rate changes, there should be written documentation of pay rate changes using a personnel action form. Without such documentation, there is no audit trail of rate changes. In addition, a manager may suggest rate changes, but final approval should occur in the HR department. The company should use an imprest payroll account for paychecks rather than the regular checking account. There is no mention of the cash disbursements department approving a check from the regular account to be deposited in the payroll account. This should occur if a separate payroll account exists. 61. Alomna Industries has payroll processes as described in the following paragraphs. Required: a. Prepare a process map of the payroll processes at Alomna. Refer to the separate Microsoft Excel file “Chapter 10 Solutions Process Maps.xls. b. Identify both internal control strengths and internal control weaknesses of the payroll processes. STRENGTHS
10-13
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
There is a separate HR department involved in hiring, and completing and approving documents related to hiring and terminations. Hiring, terminations, pay rate changes are all initiated by HR on personnel action forms. This creates proper approval and an audit trail. Two copies of each paycheck are generated. The original is forwarded to cash disbursements and the copy goes to accounts payable. Cash disbursements, not payroll signs the checks. The payroll department, the proper department to do so, is updating the payroll ledger.
WEAKNESSES An automated time keeping system would be more accurate and less susceptible to fraud. There is no supervisory approval of time cards. There is no reconciliation or independent check of employee hours worked. There is no separate payroll checking account. There is no mention of vouchers for payroll that are forwarded to cash disbursements so that a check can be written to the payroll account for the total of the payroll. There is no independent paymaster to distribute checks. Unclaimed checks are returned to payroll, not a paymaster. c. For any internal control weaknesses, describe suggested improvements. Purchase and use an automated time keeping system. Have supervisors approve time cards before they are forwarded to payroll. There should be a reconciliation to job cards or an independent verification of hours worked. Use a separate bank account for payroll. Accounts payable should prepare a voucher for the total payroll amount and cash disbursements would write a check to be deposited in the payroll account. An independent paymaster should distribute checks. Unclaimed checks should go to a department not involved in the
10-14
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
authorization or preparation of paychecks. For example, they could be returned to internal audit. 62. Breightner Enterprises is a mid-size manufacturing company with 120 employees and approximately 45 million in sales. Required: a. Identify any internal control strengths and weaknesses in the fixed asset processes at Breightner. Explain why each of those that you identify are strengths or weaknesses. STRENGTHS There is a process to identify benefits and costs for new asset requests. There is an independent review of costs and benefits of proposed assets by the finance department. A discounted cash flow analysis is undertaken before purchase. There is a pre-established capital budget. A high level manager must approve asset purchases. Payment is not made until the PO, receiving report, and invoice are matched. The accounts payable department updates the accounts payable subsidiary ledger and fixed asset records. WEAKNESSES A set of levels of approval, dependent on the amount of the asset, have not been established. The VP of operations may not necessarily need to exhaust all funds. If there are not enough asset proposals with acceptable cost-benefit, then it would be better to not spend all funds. Buyers should receive bids on assets, especially those assets with very high purchase price. Assets are always delivered to a user department, rather than receiving. b. For each internal control weakness, describe improvement(s) in the processes to address the weakness. Establish higher levels of managerial approval for assets with higher costs. Establish a policy that assets must meet some minimum level of
10-15
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
discounted cash flow return before the purchase can be approved. Establishing a bid process for assets that exceed a certain dollar amount. When practical, fixed assets should be delivered to receiving for count and inspection. This may not be possible for fixed assets such as those that must be installed at the user location. 63. The Rampart Company has the following processes related to fixed assets. Required: Describe any improvements you would suggest to strengthen the fixed asset internal controls at Grundoll. There should be a more formal approval process that would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager. There should be established expectations of return on investment that assets must be expected to achieve before purchase is approved. A bid process should be established for assets of high value. When practical, fixed assets should be delivered to the receiving department. This may not be possible for fixed assets such as those that must be installed at the user location. Expected life and salvage values should be estimated for each asset instead of using the same values as the previous purchase. 64. (CMA Adapted) Rophna Co. makes automobile parts for sale to major automobile manufacturers in the United States.
Required: Identify any internal control weaknesses and suggest improvements to strengthen the internal controls over machinery and equipment at Rophna. Weakness: The asset purchase approval process lacks many important processes. Improvement: There should be a more formal approval process that would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager.
10-16
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Weakness: Asset purchases are approved as long as funds exist. Improvement: There should be established expectations of return on investment that assets must be expected to achieve before purchase is approved. Weakness: There is no bid process, or a process to find the best price on the asset. Improvement: A bid process should be established for assets of high value. Assets of lesser value may not need a bid process, but there should be a price comparison of two or more vendors to find the best price. Weakness: Assets are not inspected at the receiving dock. Improvement: When practical, fixed assets should be delivered to the receiving department and inspected for damage before delivery to the user department. This may not be possible for fixed assets such as those that must be installed at the user location. Weakness: Depreciation methods, rates, and salvage values have not been changed for 10 years. Improvement: Depreciation methods, rates, and salvage values should be reviewed each year. Weakness: It appears the characteristics of each assets are not evaluated in setting salvage values and life. Improvement: Expected life and salvage values should be estimated for each asset. Weakness: The plant manager notifies property accounting of retirements, but it does not indicate that any documents are prepared, or that approval is necessary. Improvement: There should be formal documents prepare for asset disposal or retirement, this should have proper managerial approval, and there should be an established policy on what happens to retired assets. Weakness: There is no reconciliation of fixed assets to fixed asset records. Improvement: a yearly count of fixed assets and reconciliation to the fixed asset records should occur.
10-17
Robatelli’s Continuing Case Solution – Chapter 11 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Briefly describe Robatelli’s conversion processes, i.e., what gets converted, how is it done, and where are the underlying processes performed (at which Robatelli’s location(s))? In general, the conversion process is a two stage conversion process to convert raw food into prepared meals for customers in the restaurant, take-out, and delivery orders. The first stage would be to convert certain raw food ingredients are converted into “subassemblies”. For example, both pizza dough and pizza sauce and made in a commissary using food ingredients such as flour, tomatoes, salt, sugar, etc. Salads are also assembled at the commissary and treated as a subassembly. These subassemblies, and other meal ingredients such as meats, vegetables, buns, and cheese are delivered to each individual restaurant for stage two of the conversion process. The final conversion (food preparation) takes place at each individual restaurant. As an example, the subassemblies of dough and sauce are combined with meat, vegetables, and cheese to create and bake a large deluxe pizza. These meals are then delivered to tables within the restaurant by servers, or to take-out customers at the cash register, or to customers by delivery drivers. A similar process occurs for sandwiches, spaghetti, calzones, and other menu items. Soft drinks, wine, and beer are most likely delivered directly to each individual restaurant from distributors. There would be very little conversion processes for these drinks except to pour them into glasses and deliver to customers in the restaurant. b. What procedures and internal controls would you recommend to Robatelli’s to minimize the risk of lost sales due to stock-outs, i.e., running out of ingredients, and the resulting idle time that may be incurred while awaiting delivery from the commissary. The ideal solution would be to use as sophisticated IT system, such as an ERP, that would included internal controls and integrated sales, inventory, and purchasing systems that would continuously monitor inventory levels, automatically decrease inventory levels as deliveries are made to restaurants, and purchases are automatically triggered as predicted sales levels and current inventory levels indicate a need to purchase ERP systems can include the appropriate internal controls within the system to segregate duties and make sure the correct people and events
are triggering purchases at the appropriate time. Without a sophisticated IT systems, there would be some manual processes in the inventory and purchasing systems. There must be internal control policies and procedures to monitor and control inventory levels. First, there must be clear policies as to who is assigned responsibility accomplish tasks such as monitoring inventory, authorizing purchases, and receiving goods. In addition there must be clear policies about which persons can authorize the vendors to use. Unreliable vendors who do not deliver on time can affect inventory levels negatively. Someone must be assigned responsibility to select new vendors and go monitor the performance of current vendors. This is true in both IT and manual purchasing systems. The chance of stockouts can also be reduced by internal controls that ensure the accuracy of inventory records. If receiving includes internal controls that ensure counts and inspections of all goods received, the inventory records should be more accurate. Periodic physical counts can also improve the accuracy of inventory levels. c. Following is an example of the structure of a bill of materials. Revise this example to show details of the sub-assembly of the dough and the various components (sauce, toppings, and cheese) and underlying materials (ingredients) that would likely be included on Robatelli’s bill of materials for a large deluxe pizza. See the last page of this document.
Parmesan Cheese
Chapter 11 Solutions
Conversion Processes and Controls
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 11
Concept Check 1. d 2. d 3. c 4. c 5. a 6. c 7. c 8. a 9. c 10. d 11. c 12. b 13. b 14. d 15. d
Discussion Questions 16. (SO1) What are the three resources that an organization must have to conduct a conversion (or transformation) process? The three resources are materials, labor, and overhead. 17. (SO1) Does a conversion process occur in manufacturing companies only? Why or why not? All companies have a conversion process. That is, all companies use resources to provide an output for customers. Even in the case of service companies, or non-profit organizations, there are conversion processes. Manufacturing companies typically have more complex conversion processes. 18. (SO1) Why are conversion activities typically considered routine data processes? Within conversion processes, there are daily, routine processes that occur. For example, laborers may assemble parts every day. Since these processes occur daily, and repetitively, they are routine. 19. (SO2) Differentiate between a bill of materials and an operations list. The bill of materials is a list of materials and components that are ingredients to manufacture a particular product. The operations list is the set of steps or operations, in the necessary sequence, to manufacture a product. The operations list includes the locations, resources, and standard timings. 20. (SO2) Differentiate between the role of engineering and the research and development department. Research and development focuses on improvement of 11-1
Chapter 11 Solutions
Conversion Processes and Controls
products or product lines. It is intended to develop new products, or improvements to existing products. Engineering designs the detailed specifications for each product to be manufactured. Research ad development would have a more future focus that engineering. 21. (SO2) What are the two types of documents or reports are likely to trigger the conversion process? A sales order or a sales forecast would trigger the conversion process. Manufacturing would not be started until a need for products was documented on either a sales order or sales forecast. 22. (SO2) What are the three primary components of logistics? They are planning, resource management, and operations. Planning is concerned with which products will be made, how many of each of these products, which resources are required, and the timing of production. Resource management is the monitoring and controlling of the use of resources such as the facilities, human resources, and inventory. Operations is the day-to-day performance of production activities. 23. (SO2) What types of information must be taken into consideration when scheduling production? The information that should be considered includes all open sales orders, inventory needs, and resources available. 24. (SO2) Differentiate between a routing slip and an inventory status report. A routing slip documents materials removed from the storeroom and placed into production. An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 25. (SO2) What are the conversion responsibilities of the maintenance and control, inventory control, inventory stores, and human resources departments? Maintenance and control maintains the fixed assets such as production facilities, machinery, equipment, and vehicles. Inventory control manages and records the movement of materials and inventory. Inventory stores controls the raw materials held in storage that will eventually be used to produce goods. 26. (SO2) What is the purpose of an inventory status report? An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 27. (SO2) What is the overall goal of the inventory control department? Its purpose is to manage and record the movement of materials and inventory throughout the production process. 28. (SO2) What is the purpose of the Quality Control department? The purpose is to inspect products and to allow products that meet quality standards to be moved to a warehouse or shipping area. Products that do not meet quality standards are returned to production for rework or they are scrapped. 29. (SO3) What is the purpose of determining standard costs? Standard costs are used as benchmarks of comparison for actual costs. Comparing actual costs to standard costs allows managers to determine whether excessive resources are being used in production. 30. (SO3) What should be done when unfavorable variances are discovered? These differences (variances) help pinpoint problem areas in production. Since unfavorable variances result from actual costs that exceed standard costs, they may indicate that excessive resources are being used in production. This information could be used to improve logistics in the conversion processes.
11-2
Chapter 11 Solutions
Conversion Processes and Controls
31. (SO3) Why would perpetual inventory records be preferable to periodic inventory records in a manufacturing company? With perpetual inventory records, management always has up-to-date information about inventory levels. Having such information improves the ability to plan production schedules and to plan purchases of material. 32. (SO4) Which three activities in the conversion process should require specific authorization before they are begun? The three processes that should require specific authorization are: initiation of production orders; issuance of materials to production; and transfer of finished goods. 33. (SO4) Why is it important to separate the functions of inventory control and the production stations? What could go wrong if these functions were not separated? Inventory control maintains records of inventory, while production stations have custody of materials during production. Custody duties and recording duties for raw materials and good being produced should always be segregated. If these duties are not segregated, one person has both custody and record keeping duties. That person could steal materials or goods and alter records to cover up the theft. 34. (SO4) Why is it so important that variance reports be prepared in a timely manner? Variances serve as independent checks on the accuracy and completeness of production costs. They also indicate to management where changes may need to be made to improve the production processes. If variances are not examined on a timely basis, they are much less effective in serving the functions of independent checks. 35. (SO4) Explain how a physical inventory count would be used differently by a company using a perpetual inventory system vs. a period inventory system. In a perpetual inventory system, a physical inventory count is used to verify the accuracy of inventory records. If a difference exists between the inventory balances and a physical count, perpetual inventory records are adjusted to ensure that the recorded balances equal the physical count. In a periodic system of inventory, there is no ending balance in the records and the physical count is used to determine the balance to place in the inventory control records. 36. (SO5) When IT systems are used in conversion processes, what are some of the resulting advantages to the organization? There are often gains in productivity and flexibility, with reductions in time and cost. Also, IT systems often integrate processing applications, planning, resource management, operations, and cost accounting. This increases workforce efficiency and reduces paperwork and costs. 37. (SO5) How can programmed controls within the IT system for conversion processes enhance internal controls? There are several ways that programmed controls enhance internal control. First, validation of data can detect input errors before actions are initiated. Also, the system may be programmed to issue error reports for errors or unauthorized events in production. As examples, the system could issue error reports if a work-in-process record is not generated for a production order, or if the same operation is performed at multiple work stations, or when an employee performs incompatible operations. 38. (SO5) What is the difference between CAD, CAM, and CIM? CAD is computer aided design. By using the computer in the design process, it becomes more effective ad efficient. CAM is computer aided manufacturing. I usually involves
11-3
Chapter 11 Solutions
Conversion Processes and Controls
computer controlled robotics to perform production procedures. CIM is computer integrated manufacturing. It encompasses more than CAM because it integrates financial and cost accounting, along with computer controlled manufacturing. That is, the computer controls robotic manufacturing, and also captures, records, and maintains accounting information about production processes. 39. (SO5) What is the difference between MRP, MRP-II, and ERP? All three are software systems. MRP is materials requirement planning and it is used to plan, coordinate and track materials in a manufacturing process. MRP II is manufacturing resources planning software. An AMR II system is more comprehensive and includes the ability to plan, coordinate, and track manufacturing resources. This would include materials, labor, and facilities. ERP is enterprise resource planning system. It is software that helps plan, coordinate, and track all enterprise resources. Thus ERP is more encompassing than MRP II, and MRP II is more encompassing than MRP. 40. (SO6) How can conversion processes be manipulated to show higher earnings? Cost accounting uses absorption costing in which fixed overhead is applied to units produced. When excess units are produced, these excess units become part of ending inventory, and the fixed overhead attached to those units is set aside in ending inventory. Therefore, as more units are added to ending inventory, more fixed overhead is deferred and net income becomes higher. Income can be manipulated by producing more units than needed and putting those units in ending inventory.
Brief Exercises 41. (SO1) Consider a company that is in the business of producing canned fruits for grocery stores. (It is not in the business of growing the fruit.) List the items that would likely be included as this company’s direct materials, direct labor, indirect materials, and other overhead. The direct materials would be many different kinds of fruits such as pineapple, peaches, grapes, cherries, pears, and mandarin oranges. The direct materials could also include sugar or fructose. The indirect materials might be water. Direct labor would be those workers that work directly in the cleaning, peeling, slicing, and packaging of the fruit. Even if these processes are automated, rather than manual, the workers who operate the slicing or packaging machinery are direct labor. Other overhead includes other costs of running the canning operation that are not direct materials or direct labor. This could include utilities, rent, depreciation, machine maintenance, and supplies. 42. (SO2) Give some examples of manufacturing processes that would fit into each of the three different types of production processes: continuous processing, batch processing, and custom made-to-order. Continuous processing examples: Soft drink bottling, beer bottling, frozen meal processing (Lean Cuisine, Banquet), cereal, toy making such as dolls, electronics
11-4
Chapter 11 Solutions
Conversion Processes and Controls
manufacturing such as i-pods, power generation as in coal-fired plants. Examples of batch manufacturing might be: wine making, gasoline production, prescription pill production. Many things that could be continuous production might also be made in batches for convenience or efficient use of machinery. For example, equipment to bottle soft drinks might be used for a few hours to bottle a batch of Pepsi, then be cleaned and set to produce a batch of Mountain Dew. Examples of custom, made-to-order manufacturing would include consumer products identified as customized. For example, BeyondBikes.com makes custom mountain bikes using specific parts chosen by the customer. Also, many companies make custom manufactured products for other companies. Examples would include specially machined parts or components, custom made manufacturing machinery or tools, and print shops that print custom made printed material. 43. (SO2) List and describe each activity within the Planning component of the Logistics function. Planning includes: research and development, capital budgeting, engineering, and scheduling. Research and development is the design of new products, or the redesign of existing products to improve the existing products. Capital budgeting is the planning needed in the outlay of funds to acquire capital assets. Capital assets include the facilities and equipment needed to conduct operations. Engineering develops the product specifications for each product, to include the bill of materials and the operations list. Scheduling sets the timing for production activities. Scheduling should minimize idle time and schedule products to meety the demands of the sales forecast or inventory needs. 44. (SO2) Some companies use the same facility for both inventory stores and warehousing. Describe the difference between these two inventory control activities, and how the respective areas might be distinguished within the facility. Inventory stores usually is the term used for raw materials or components used as inputs to manufacture products. A warehouse is the storage location for finished products. Thus, inventory stores is the storage for inputs, while the warehouse is storage for the out puts. Since both are physical storage locations for manufacturing facilities, they have common needs for security and physical controls, as well as proper and accurate record keeping. 45. (SO2) For the following activities within the conversion process, place them in sequence that indicates the order in which they would normally be performed: Preparation of a production schedule Preparation of a bill of materials Materials issuance Preparation of time sheets Inspection of goods
11-5
Chapter 11 Solutions
Conversion Processes and Controls
Preparation of an inventory status report
46. (SO 2, 3) Describe the purpose of each of the following cost accounting records or reports: a. Work-in-process and finished goods inventory accounts. Both are inventory accounts to track the amount of goods in process and the quantity of completed goods respectively. b. Bill of materials. It specifies the quantities needed of each raw material or component to manufacture a particular product. c. Variance reports. Variance reports show differences between actual costs and standard costs (expected costs). These reports are used to pinpoint problem areas that may require logistics changes to improve the manufacturing process. d. Routing slips. The routing slip is used to document the movement of material. This tracks the physical movement of materials in the conversion process. 47. (SO3) Describe how a cost accountant would cancel a production order upon completion of the related product. Why is this important? The documentation for the order, called the production order, should be marked in a manner to show it is complete. For example, a cost accountant might sign a particular line to show it is completed, or stamp the production order with the word “Completed”. This cancelling of the document is important so that the exact status of the order is clear and so that the document may not be misused to commit fraud. For example, an production order not cancelled could be used to fraudulently begin a new production run so that the products could be stolen. 48. (SO4) When taking a physical inventory count at a typical manufacturing facility, which category of inventory (raw materials, work-in-process, or finished goods) is likely to be the most time-consuming to count and determine the relevant costs? Why? Work-in-process is likely to be the most time consuming. This is because the workin-process includes all units in production at various stages of completion and these units could be located at many different work stations or work centers. Tracking the location, quantity, and stage of completion for each work-in-process unit would be more complex than tracking units of raw materials or finished goods. 49. (SO4) Identify several factors that indicate the need for more extensive internal controls covering conversion processes. The factors include: the number of products made; the value or size of products (valuable or small products are more likely to be stolen), high levels of inventory movement, inventory held at various locations, and inventories that are difficult to
11-6
Chapter 11 Solutions
Conversion Processes and Controls
value. 50. (SO5) Match the IT systems on the left with their definitions on the right: CAD – a. A network including production equipment, computer terminals, b and accounting systems. CAM – b. Electronic workstation including advanced graphics and 3-D g modeling of production processes. MRP – c. Automated scheduling of manufacturing resources, including f scheduling, capacity, and forecasting functions. MRP-II d. The minimization of inventory levels by controlling production so –c products are produced on a tight schedule in time for their sale. RFID - e. A single software system that includes all manufacturing and h related accounting applications. ERP – f. Automated scheduling of production orders and materials e movement. CIMs – g. Production automation, including use of computers and robotics. a JIT –d. h. The use of tiny tags affixed to inventory items to automatically monitor movement and to account for the various stages of processing.
Problems 51. (SO2) Suppose a company has 1,000 units of a raw material part on hand. If 750 of these units are routed into production, should the company place an order to stock up on more of these parts? In order to answer this question, determine the economic order quantity (EOQ) for this part assuming that: a. the company plans to use 10,000 units during the coming year b. the company orders this part in lots of 1,000 units, and each order placed carries a processing cost of $2.50 c. each unit of inventory carries an annual holding cost of $6.40. Take the square root of (2 x 10,000 x 0.)/6.4 = 2.8 batches, round to 3 batches of 1,000. The reorder point 52. (SO4) Suppose a company is experiencing problems with omitted transactions in the conversion process; i.e., inventory transactions are not always being recorded as they occur. Use Exhibit 7-7 to describe at least three internal controls that should be in place to help alleviate such problems.
53. (SO5) Using an Internet search engine, search for the terms “CAD” + “industrial robots”. Identify a company (name and location) that provides manufacturing
11-7
Chapter 11 Solutions
Conversion Processes and Controls
automation using robotics. Describe some of the robotic operations that are featured on the company’s website. FANUC Robotics America is the leading supplier of robotic automation in the US. They provide robotics for assembly, packing, parts transfer, material removal, welding, and painting. There are too many robotics to explain each, but as an example, FANUC sells a P-10 door opener that is a vertically articulated robot designed specifically for opening automobile and truck doors to facilitate robotic interior painting. There are other companies that provide industrial robots, including KUKA, Epson Robotics, Fischerteknic, Denso, Motoman. There are many other companies and a student might find names other than these. 54. (SO5) Using an Internet search engine, search for the terms “just in time” + “automotive”. Based on the results you find, explain why just in time inventory systems are such an important factor in the competitive automotive industry.
Just-in-time production systems are intended to be efficient methods to produce cars, but yet maintain smaller inventories of the various parts and pieces needed to produce a car. Under a just-in-time system, the parts are delivered to the production floor right at the time they are needed. It saves companies the cost of storing and moving these parts and can save related costs such as insurance and taxes on inventories. It is part of the entire philosophy of “lean manufacturing” that increases manufacturing efficiency and reduces costs. In the automotive industry, Toyota developed the use of JIT in the 1970s and othr auto manufacturers adopted it soon thereafter. However, many auto manufacturers have begun to rethink the use of JIT. In March of 2011, Japan experienced a large earthquake that shutdown auto manufacturers and many of the companies that supply parts. The sales of Japanese manufactured cars were really reduced because auto assembly lines had to be shut down due to lack of parts. In addition, the manufacture of auto parts is a very competitive market. Many automotive part makers have shut down, leaving only a few suppliers of some types of parts. If a natural disaster occurs that affects one or more of those few plants, the auto manufacturers are at risk of running out of parts. For example, one German plant made one-fourth of the world-wide supply of a nylon component used in plastic fuel lines. An explosion at the plant interrupted production and the impact on auto manufacturers could be drastic. 55. (SO6) Explain how the over-production of inventories can be seen as unethical in an absorption costing environment. In absorption costing, fixed overhead is allocated to each unit of inventory. Thus, overproduction that leads to increased levels of finished goods inventory results in more fixed overhead in the ending inventory valuations. A higher ending inventory valuation leads to lower cost of goods sold and thereby, higher net income. If the
11-8
Chapter 11 Solutions
Conversion Processes and Controls
only purpose for this overproduction is to manipulate net income, it is unethical because it misleads those who use the financial statements. 56. (SO6) Price discounts are commonly used in the business world as incentives for customers. How is it that this practice (or its misuse) may be deemed unethical? If it is used as a coercive tactic to lure customers into purchasing early, and therefore increasing profit in a given year, it can be unethical. This is true if the major intent is to inflate profits. Certainly, there are legitimate reasons to grant discounts, but it becomes unethical when the intent is to use discounts to inflate sales. 57. SO3) Texas Bar Supply manufactures equipment for bars and lounges. While the company manufactures several different products, one product is a blender that bartenders use to make certain kinds of drinks. Using information in a spreadsheet template provided, complete the requisition form to calculate the quantity and cost of the parts needed to manufacture a batch of 500 bar blenders. From the book Web site http://www.wiley.com/college/turner, you can download a spreadsheet template named requisition.xls. To look up the cost from the price list sheet, you will use a spreadsheet function called VLOOKUP. Be sure to design your formulas in a way that will incorporate changes in the batch size, or changes to costs of individual parts. See “requisition solution.xls” on the book website.
58. (SO 5) Using an Internet search engine, locate a publication entitled “RFID Journal”. Find a recent article that describes the use of RFID in manufacturing. Briefly describe the example(s) discussed in the article. This answer will vary tremendously depending on the article chosen by the student. As of the July 2012, a recent article described the use of RFID tags at New Sunshine, a manufacturer and distributor of tanning lotion products sold to tanning salons. These are expensive lotions that sell for prices up to $140 per bottle. New Sunshine had been searching for a way to reduce product diversion and counterfeiting. Product diversion is the, “rerouting of items for sale through unauthorized, unofficial or unintended channels.” Such diversion damages the brand and customer loyalty. These RFID tags monitor the bottle during shipping to the customer (the tanning salons). A summary paragraph from the article best describes the use of the RFID tags. In this way, the lotion company can maintain a record of when each specific carton and bottle packed within that carton was shipped, as well as its intended recipient, such as a distributor or a salon. If the product then appears within another supply chain stream, such as being sold by an unauthorized merchant, a
11-9
Chapter 11 Solutions
Conversion Processes and Controls
record has been established as to when that product was initially shipped, and to whom, thereby enabling New Sunshine to more easily trace the diversion.
Cases 59. Compton Falls Enterprises documentation and internal controls..
Required: a. Draw a process map of the conversion processes at Compton Falls Enterprises. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. b. Draw a document flowchart showing the records used in Compton Falls’ conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Compton Falls’ internal control procedures. For each weakness, suggest an improvement. STRENGTHS When a production schedule is prepared, the quantities of raw materials are check and if needed, a purchase requisition is prepared. The initiation of the purchase requisition is segregated from Purchasing. Cost accounting is segregated from authorization and custody functions. Standard costs are used and variances are calculated and monitored. The general ledger responsibility is segregated from all other authorization, custody, and record keeping functions. The general ledger is only updated based on journal vouchers received from other departments. WEAKNESSES Henry Prayne, in the stores department, has custody of inventory and the record keeping responsibility for inventory. The record keeping responsibility should be assigned to someone who does not have authorization or custody of inventory. Berta Aler, in production planning, is ordering materials from stores based on a sales forecast and material requisition forms. However, it is not possible to know how much material is needed until the bill of materials is analyzed. As the case reads, she prepares the bill of materials after ordering materials. These steps should take place in the opposite order. She should take the sales forecast, then analyze the bill of materials for that product, multiply the number of units to be produced times the quantities on the bill of materials,
11-10
Chapter 11 Solutions
Conversion Processes and Controls
and then prepare a materials requisition based on these quantities. Berta Aler has custody of inventory as the supervisor, and is also responsible for authorization of production. These two duties should be segregated. Ideally, production planning should be completely segregated from the production room activities. An inventory subsidiary ledger is mentioned, but there is no mention of a reconciliation to the general ledger. There should be a periodic reconciliation of the subsidiary ledger to the general ledger. Job cards are not reconciled to time cards. Cost accounting should reconcile to lessen the chances or errors or fraud. d. Describe any benefits that Compton Falls may receive by installing newer IT systems within its conversion processes. Be specific as to how IT systems could benefit each of the processes described, or how they could eliminate any weakness identified per c. above. IT systems could enhance Compton Falls’s IT system. If the conversion process components were integrated, the related inventory and personnel records could be maintained online. This would enable job cards to be automatically prepared from time cards, so the reconciliation would be conducted by the system. In addition, an inventory/general ledger interface would eliminate the need for a manual reconciliation of the two records. Furthermore, this would ease Berta Aler’s responsibility for ordering materials, as she could easily access the bill of materials to facilitate accuracy of her ordering. These features would greatly enhance efficiencies in the conversion processes at Compton Falls. Some IT systems could even monitor inventory levels and automatically order and dispatch materials as needed. These systems, such as MRP II or ERP systems may be too expensive for this size company. 60. Bokka Ski Line, Inc. documentation and internal control weaknesses. Required: a. Draw a process map of the conversion processes at Bokka. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. b. Draw a document flowchart showing the records used in Bokka’s conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Bokka’s internal control procedures. For each weakness, suggest an improvement. i. Weakness: Ted Drescoll, in the storeroom has physical custody of inventory and also maintains inventory records. Improvement: Assign the maintenance of inventory records to a person who does not have access to inventory. ii. Weakness: Thom Ells prepares authorization documents such as production schedules and production orders, and he also manages the
11-11
Chapter 11 Solutions
Conversion Processes and Controls
production process. Improvement: Ideally, the authorization to begin production should be segregated from those doing or managing the production. iii. Weakness: Ted Drescoll forwards his copies of the bill of materials and routing slips to cost accounting. Since these are the only copies that are forwarded to cost accounting, and since Thom has custody of inventory, he could steal inventory and alter these documents to hide the theft. Improvements: segregation of duties as mentioned in (i) above, as well as separate copies of the bill of materials and routing slips could be forwarded to cost accounting from production planning. iv. Weakness: Job cards are not reconciled to time cards. Improvement: Cost accounting should reconcile to lessen the chances or errors or fraud. v. Weakness: There is no mention of an inventory subsidiary ledger. Improvement: An inventory subsidiary ledger should be maintained by someone who does not have authorization or custody functions within inventory. Ideally, an Inventory Control department would maintain such records, but this company may not be large enough to have a separate inventory control department. vi. Weakness: There is no mention of a reconciliation of the subsidiary ledgers to the general ledger. Improvement: An inventory subsidiary ledger should be reconciled to the general ledger.
61. Brock Footwear, Inc. and automated systems. Required: a. List the problems with the existing system at Brock. The problems are late deliveries to customers, delayed production, out-of-stock and backordered materials, inventory and production records that are not up-todate, and an inability to accurately predict delivery dates for customers. b. Identify the relevant information that the production and inventory managers need to accumulate in order to support the decision to automate the conversion process. The relevant information would be proposed automated systems that would lessen these problems, the estimated costs and benefits of these systems, and the time necessary to implement these systems. There are probably several alternative types of automated systems and this data should be collected for all viable alternatives. As an example, the company could choose a very new type of system such as RFID systems (Radio frequency ID), or slightly older technology based on bar coding systems. To make the best decision about the best fit for Brock, management would need the information suggested above. Ideally, when investigating and implementing new systems, the company should follow the process described in chapter 6, the System Development Life Cycle (SDLC). Such a process would involve feasibility studies and cost-benefit analyses for all alternatives considered.
11-12
Chapter 11 Solutions
Conversion Processes and Controls
c. List specific items that could be provided by an automated system, and describe how this would be essential to the company’s continued success. The items that could be provided by an automated system are: i. A record-keeping system that could be real-time. Changes in inventory could be recorded as they occur. This single feature would dramatically lessen all the problems described in the case. Out-of-stock materials, delayed production and delivery, and inaccurate estimates would all improve if the company had realtime inventory information. Real-time inventory levels allow purchases and usage to be properly planned and production flow can be improved with better material flow. These improvements would help lessen delays in production, out-of-stock material, and the inability to predict delivery dates. ii. Fewer human errors in an automated system. Inventory records will become more accurate with an automated system. There are many reasons that an automated system would reduce errors. First, manual record keeping and posting would be eliminated. Second, certain types of IT systems could eliminate keying of information and any keying errors. For example, bar code or RFID systems would eliminate or reduce keying of information because the system would read the bar codes or ID chips. These advanced IT systems could also reduce human errors inherent in physically counting inventory or tracking its movement. More accuracy in inventory records will also improve the problems with delays and inability to accurately predict delivery dates. iii. Labor savings from eliminating or reducing manual steps. iv. More accurate, timely, and flexible feedback information to management. Automated systems will provide more timely reports and these reports could be more easily customized to management needs. The case mentions the week backlog in clerks updating accounting records. The elimination of this backlog, as well as the real-time aspect of automated systems will allow much more timely feedback information about inventory status and flows. v. The ability to integrate inventory transactions directly into related modules such as production planning, accounts payable, and general ledger. This would eliminate manual recording or rekeying of information into the related modules. 61. (CMA Adapted) Arbol Dynamics Inc. and ethical issues. Required: a. What should Jamie Trogg do? Explain your answer and discuss the ethical considerations that she should recognize in this situation. (Since this is adapted from a CMA question, you might wish to direct students to the “Resolution of Ethical Conflict” section of the IMA Statement of Ethical professional Practice at www.imanet.org). The ethical conflict arises because
11-13
Chapter 11 Solutions
Conversion Processes and Controls
of the competing interests involved. There is a disclosure issue that might suggest that the board should know about the defects. There is also the opposite side that it is not possible or practical to bring every defect issue to the board of directors. The ethical conflict involves how and who should decide which issues are important enough to bring to the board. There are always two sides to any story and in this case, there are two sides to the chip defect story. Jamie Trogg believes her report should be presented to the board of directors, while the plant manger and the controller believe it would be too alarming to the board. From the brief description in the case, it is not possible to know which of these two views is most defensible. That is, it may be possible that Jamie is correctly concerned about this issue. It could just as well be true that the plant manger is correct. Thus, Jamie must exercise care in how she proceeds. While she may be an expert in the cost aspect of manufacturing the chips, she would know less about how the board of directors is informed of things and the impact the negative report could have on the board of directors. Thus, she may need to do further investigation of the negative impact of the defects. Once she is clear that she has correct information, her first step should be to meet with her supervisor, the controller, to discuss why she believes the board should have her report. She should provide a fully documented report of why she believes the board should be informed. If she does not believe the ethical conflict has been resolved, she should inform the controller that she will meet with the next level of management, the plant manager, to discuss the issue. If there is no satisfactory resolution of the issue with the plant manager, Jamie should continue up the chain of management, but she should always inform each manager that she is planning to meet with the next level of management. Going up the chain of management allows those who have the responsibility to decide which information to report to the board to make the decision. Jamie is not the correct person to be making the decision about which information the board should have, but she can be an advocate for her report as she works up the chain of management. The IMA guidelines do not support taking any such ethical conflict to parties outside the company unless there is a clear violation of the law. In addition, Jamie can call the IMA’s confidential ethics counselors for guidance on how to proceed. If the company does have a less ethical environment, Jamie could face retaliation for pushing to bring this information before the board. So, Jamie should be aware of the implications within the environment of her company. If, in fact, the company management is unethical and would retaliate, she may find it would be better for her to work elsewhere. Leaving the company may be in her best interest if she would rather work in an ethical company and it may also best protect her from future blame if things go wrong in the company. Often, unethical people will try to shift blame to others. b. What corporate governance functions are missing at Arbol? Be specific and describe the facts of the case and their relevance to corporate governance. There is no mention in the case of a code of ethics. A good code of ethics might help guide the upper management, or Jamie as they consider these
11-14
Chapter 11 Solutions
Conversion Processes and Controls
ethical issues. The case does no give enough detail to truly assess the aspect of tone at the top. The ethical tone or example set by the board of directors and upper managers is a very important part. It is possible that plant manager’s behavior could be ethically suspect, but we cannot know for certain. It is also possible he raises very real concerns that the report is more alarming than it need be. So without knowing the tone at top, we can only suggest that an ethical tone at the top is one of the most important aspects. If the board of directors and top management had set out some objectives and guidelines of how they wish to operate ethically, it would help all involved in the ethical conflict to know how to proceed. It may also set an environment in which lower level managers such as the plant manger would know that upper level managers would be disappointed in his performance if he did not bring forth such issues. That is, what kind of behavior does the board and top management encourage and reward? The tone at the top sets the expectations of lower level managers as to whether they are more likely to be rewarded for open disclosure, or not disclosing problems. There have been companies that have a culture of hiding information, such as the Enron example. All other aspects such as management oversight, internal controls, and financial stewardship are not addressed in the case so it is difficult to know whether these corporate governance functions are missing. Each of these should be in place if the company had good corporate governance structures.
11-15
Robatelli’s Continuing Case Solution – Chapter 12 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes.
a. Refer to the process map showing accounting cycle processes in Exhibit 12-5. Which typical special journals and subsidiary ledgers would be needed at Robatelli’s? Which ones would not be needed and why? The special journals that are probably needed are: Sales Purchases Cash disbursements Payroll The subsidiary ledgers that are probably needed are: Accounts payable Inventory Payroll Robatelli’s purchase, accounts payable, and inventory systems are likely to be similar to what most companies have. They purchase, pay for, and maintain a vast inventory of food items, ingredients, and other supplies. Thus, they should have need of purchases, cash disbursements, and payroll special journals, as well as accounts payable, inventory, and payroll subsidiary ledgers. Robatelli’s would maintain detailed information about sales, such as in a sales special journal. It is not likely to be a paper based sales journal. As a retail restaurant, the sales occur within the individual 53 restaurants, from online, and telephone orders. Thus, there may be different forms of sales records. Sales in the restaurant are likely to be collected by the Point of Sale software used at the cash registers. As stated in the case, the sales summaries from each restaurant would be forwarded to the home office and recorded in the general ledger. Online and telephone orders are taken by phone operators at the home office, using the one number ordering system. Online sales are transacted via the website. Therefore the collection and recording of sales data from telephone and online orders are in different software systems. In all of these cases, sales summaries are posted to the general ledger software. Each of these special journals and subsidiary ledgers would be part of the IT systems, and would not be in paper form.
Robatelli’s would not need an accounts receivable subsidiary ledger, nor a cash receipts journal. Robatelli’s does not have sales that are paid at a later date. Sales are cash or credit card transactions. The cash registers record and track cash collections. b. How do the daily close procedures and summarizations that are the responsibility of Robatelli’s restaurant managers fit into the company’s overall accounting cycle process? Use information from the chapter to describe this scenario. These daily close and forwarding of sales summaries serves as the journal voucher to record sales and cash in the general ledger. These summaries are manually keyed into the accounting software.
Chapter 12 Solutions
Administrative Processes and Controls
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 12
Concept Check 1. c 2. d 3. b 4. b 5. b 6. b 7. a 8. d 9. b 10. a
Discussion Questions 11. (SO 1) What characteristics of administrative processes are different from the characteristics of revenue, expenditure, or conversion processes? The characteristics of administrative processes that are different from revenue, expenditure, or conversion processes are the frequency of occurrence and the extent of management authorization. Whereas revenue, expenditure, and conversion processes typically occur on a regular, recurring basis (usually daily), administrative processes occur on a non-regular basis, either as the need arises or on a periodic basis. Therefore, revenue, expenditure, and conversion processes usually involve established procedures and controls that allow these processes to occur without intervention or specific authorization by management. Administrative processes, on the other hand, typically require that specific authorization for each transaction would be necessary. 12. (SO) How do other processes (revenue, expenditure, conversion) affect the general ledger? Revenue, expenditure and conversion processes affect the general ledger periodically through the administrative processes of financial reporting. This is the process of funneling all of the transactions into the general ledger accounts so they can be included in various financial reports. 13. (SO 2) How would you describe capital?
12-1
Chapter 12 Solutions
Administrative Processes and Controls
Capital can be described as the funds used to acquire the long-term capital assets of an organization. Capital usually comes from long-term debt or equity. 14. (SO 2) Describe the nature of the authorization of source of capital processes. Source of capital processes are those processes that authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. Because of the magnitude and importance of these methods of raising capital, these financial instruments should be used only when necessary. The transactions and resulting processes related to loans, bonds, and stock should be executed only when management authorizes, and the use of the resulting capital must be properly controlled and used. 15. (SO 2) How does the specific authorization and management oversight of source of capital processes affect internal controls? Since top management authorizes and controls the capital transaction processes, there is inherent control. The fact that these transactions and processes cannot occur without specific authorization and oversight by top management is a strong internal control. 16. (SO 3) Describe when an organization would have a need to undertake investment processes. An organization would need to undertake investment processes when it finds that it has more funds on hand than necessary to operate the business. The proper performance of the stewardship function would suggest that management should park (or invest) the excess funds in a place that it can earn a return. 17. (SO 3) Why is the monitoring of funds flow an important underlying part of investment processes? The monitoring of funds flow is an important part of the investment process because funds should be invested only if management has no immediate plans for their use. Therefore, future cash needs of the organization should be monitored regularly in comparison with cash balances to determine if there are excess funds available for investment. 18. (SO 3) How are IT systems potentially useful in monitoring funds flow? IT systems can help management to monitor the organization’s cash needs by forecasting future cash payments and collections. The system can continually compare current cash balances to forecasted needs and sources and provide feedback to top management about potential excess funds that would be available for investing. 19. (SO 4) Explain how cash resulting from source of capital processes may be handled differently than in revenue processes. The cash resulting from source of capital processes is likely to be handled differently than in revenue processes because of the large sums of money involved in source of capital transactions. Whereas collections from revenue processes are typically
12-2
Chapter 12 Solutions
Administrative Processes and Controls
handled by the organization’s employees, these employees are not likely to handle the large sums of cash that tend to result from stock sales or other source of capital transactions. Instead the funds are usually transferred electronically between brokers and banks. 20. (SO 4) What advantages would motivate management to conduct fraud related to source of capital processes? Management may be motivated to conduct fraud through the source of capital processes because of the large sums of money that tend to result from these transactions. In addition, there is a lack of traditional controls covering this process; there are no other employees responsible for reporting or controlling these transactions. Internal controls are not as effective in this area because of their nonregular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 21. (SO 4) Why are internal controls less effective in capital and investment processes? Internal controls are not as effective in this area because of their non-regular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 22. (SO 5) How is a special journal different from a general journal? A special journal is a chronological record of specific types of transactions (such as a sales journal, purchases journal, cash receipts journal, etc.); whereas a general journal records irregular, non-recurring transactions that are not included in a special journal. 23. (SO 5) How is a subsidiary ledger different from a general ledger? A subsidiary ledger is a detailed record of routine transactions, with an account established for each entity; whereas a general ledger is a summary of information from special journals, with specific accounts established for each type of transaction. A subsidiary ledger is updated whenever new transactions occur. A general ledger is updated periodically for the summarization of the special journal details. 24. (SO 5) In what way are subsidiary ledgers and special journals replicated in accounting software? Subsidiary ledgers and special journals are replicated in accounting software as they are summarized for the general ledger postings at the end of the period. Although transaction recording in the special journals and subsidiary ledgers takes place at the time the transaction occurs, their replication in the general ledger is an end-ofperiod summarization process. 25. (SO 6) Within accounting software systems, what is the purpose of limiting the number of employees authorized to post to the general ledger?
12-3
Chapter 12 Solutions
Administrative Processes and Controls
Limiting the number of employees authorized to post to the general ledger allows management to give general authority to certain employees to post to the general ledger. Through the assignment of limited access to the general ledger module, management can limit the capability of general ledger posting to selected employees. When an employee with the appropriate access level logs into the accounting system, he can process the general ledger posting. Employees who have not been given access to general ledger posting will be unable to post to the general ledger. In this manner, management may be able to prevent the recording of unauthorized general ledger transactions. 26. (SO 6) In a complex IT system, how may a customer actually “authorize” a sale? A customer may actually authorize a sale in a complex IT environment when their inventory systems interact. For example, When a customer’s inventory levels fall below an establish reorder point, the IT system may authorize a transfer of products from the supplier to the customer. This means that the sale and subsequent update of sales and receivable accounts are triggered by the customer’s computer system. Therefore, these systems require pre-existing and negotiated relationships between buyer and seller companies. Both parties must have already approved these processes and established IT systems that execute the processes. 27. (SO 6) To properly segregate duties, what are the three functions that general ledger employees should not do? Three important segregations should be in place in a manual general ledger system. The three segregations are that the general ledger employees should record journal vouchers, but they should not (1.) authorize journal vouchers, (2.) have custody of assets, or (3.) have responsibility for recording the transactions in the subsidiary ledgers. 28. (SO 6) In an IT accounting system, which IT controls assure the security of the general ledger? In an IT accounting system where the records are electronic file images, access to the system is limited through the use of user IDs, passwords, and resource authority tables. These general controls establish which employees have access to specific records or files. 29. (SO 7) Describe the nature of reports for external users. Since external users do not need detailed balance information on every existing account in the general ledger, certain accounts may be combined or “rolled up” into a single line item that appears on a financial statement. This summary process may occur for all of the line items on the general purpose financial statements. The four general purpose financial statements, the balance sheet, income statement, statement of cash flows, and statement of retained earnings, are each derived from general ledger account balances. These general ledger balances are rolled up in such a manner as to provide summarized information that is useful to evaluate business performance.
12-4
Chapter 12 Solutions
Administrative Processes and Controls
30. (SO 7) Does the general ledger provide all information necessary for internal reports? The general ledger does not provide all information necessary for internal reports. Internal reports often rely on information from various parts of the organization. For instance, manufacturing, retail, service, and charitable organizations would each use different types of information to manage the details of their revenue and expenditure processes. In each of these scenarios, non-financial information is often useful to managers in order to supplement the financial information derived from the general ledger. In addition, there may be detailed financial and non-financial information in an organization’s accounting system that is useful for internal reporting purposes but may not be readily apparent in the general ledger. In addition, internal reports may contain past or future information that is not included in the current period’s general ledger. 31. (SO 7) How would operational internal reports differ from financial internal reports? Operational internal reports focus on non-financial details of operations, such as machine hours, down-time, inventory and sales units, headcounts for human resources, etc. These types of operational reports may not be prepared from data in the general ledger. However, as transactions are recorded in the accounting processes, financial as well as non-financial data is accumulated. Therefore, the accounting system often records both financial and operational data that can be used in reports. Financial reports, on the other hand, are prepared directly from ledgers, journals, and other accounting records. 32. (SO 7) How does time horizon affect the type of information in internal reports? In day-to-day management, managers are more likely to use unit measures and physical counts. For time horizons of one month or longer, however, managers are more likely to use financial measures such as those generated by information in the general ledger. 33. (SO 8) Why are managers, rather than employees, more likely to engage in unethical behavior in capital and investment processes? There are three main reasons why management may be more likely to engage in unethical behavior in the capital and investment processes: Employees typically do not have access to the assets or records in the capital and investment processes. These assets and records are controlled by management because of their non-routine nature and because of the high amounts of related funds. Internal controls for these processes are dependent upon the close scrutiny and specific authorization of top management, whereas employees typically have no authority over these types of transactions. However, managers are most likely to be tempted to alter or hide financial information in an effort to improve the appearance of the organization’s financial results for investors and creditors. The non-routine nature of these transactions makes it more difficult to hide fraudulent transactions. Fraud as committed by employees would be
12-5
Chapter 12 Solutions
Administrative Processes and Controls
much easier to hide within the volumes of transactions in the routine processes like revenues, expenditures, etc. 34. (SO 8) How do processes with large volumes of transactions make fraudulent behavior easier? The routine nature and large volumes of transactions in the processes for sales, purchases, payroll, etc. make it easier for employees to hide fraudulent transactions or unethical behavior. Fraud may be hidden in the large masses of transactions within these processes. 35. (SO 8) Explain the importance of full disclosure in source of capital processes. Full disclosure is extremely important in the source of capital processes so that creditors can be fully informed of all relevant information in making credit decisions. Accordingly, financial reports and other disclosures must be complete and accurate in order to avoid misleading any current or potential creditors.
Brief Exercises 36. (SO 2) Describe the steps in source of capital processes and explain how top management is involved. When the need for capital arises, the Board of Directors is consulted for approval and for determination of whether debt of equity capital will be pursued. If equity capital is chosen, a stock underwriter will be contracted to sell the shares of stock and collect the proceeds. The company will need to determine whether or not to pay dividends. If debt capital is chosen, the company will need to decide whether it should issue bonds or borrow the funds. If bonds are chosen, the company will contract with a bond underwriter, who will sell the bonds and collect the proceeds, as well as handle the periodic payment of interest. If funds are borrowed, arrangements must be made for the bank loan by contracting with creditors. The proceeds will be collected and periodic interest will be paid. Throughout this process, management is involved in most of these steps. Management would present the need for capital to the Board of Directors. Depending on the source of capital determined by the Board, management would then be responsible for contracting with the appropriate party (stock or bond underwriter or bank creditor). Finally, management would be involved in the arrangements for collecting proceeds from the source of capital processes as well as the payment of interest or dividends. 37. (SO 3) Describe the steps in investment processes and explain how top management is involved. When excess funds are identified, they are to be evaluated in comparison with upcoming needs of the organization. If it is decided that the excess should be invested, the type of investment must be determined. The company may invest in marketable securities, in which case it would contract with a stock broker to buy stocks or bonds (and sell these securities as necessary). Alternatively, the company may invest in treasury stock, in which case it would contract with a stock broker to buy the treasury shares and reissue shares as desired. Throughout this process,
12-6
Chapter 12 Solutions
Administrative Processes and Controls
management involvement occurs at many points. Management is responsible for monitoring cash flows to determine if excess funds exist and if they are available for investment or needed for upcoming operations. Management would also be responsible for contracting with a stock broker for the purchase of stocks, bonds, or treasury stock (as well as the subsequent sale of these investments, as needed). 38. (SO 4) Explain the internal control environment of source of capital and investment processes. For both source of capital and investment processes, the important control is the specific authorization and oversight by top management. The very close supervision of these transactions helps prevent risks related to the theft or misuse of the cash that is related to capital and investment processes. In addition, the large sums of money involved in capital and investment decisions usually dictates that the cash not be handled by the regular company employees. Instead, the funds are likely to be transferred electronically between brokers and banks. Because of the high risk of management fraud in these processes and the potential for management circumvention of controls, typical internal controls such as segregation of duties and reconciliations are not as effective in the prevention or detection of fraud surrounding these processes. As an added control feature, auditors are often urged to carefully examine capital and investment transactions. 39. (SO 5) Describe the steps in a manual accounting cycle. When a transaction occurs, it must be identified as either routine or non-routine. Routine transactions are recorded in a special journal and subsidiary ledger; nonroutine transactions are recorded in the general journal. At the end of the day, week, or other period, the journals and ledgers are summarized and posted to the general ledger. General ledger totals are summarized in a trial balance, and end-ofperiod adjusting entries are prepared. The adjusted general ledger is used to prepare financial statements. Once the financial statements are completed, closing entries are prepared, then the cycle may begin anew. 40. (SO 6) Describe why it is true that there may be two authorizations related to sales, revenue, and conversion processes before they are posted to the general ledger. In a properly controlled accounting system, transactions within the revenue and conversion processes must be authorized before they are carried out. In addition, another authorization is needed to begin the process of posting entries from the special journals and subsidiary ledgers to the general ledger. Thus, there may be two authorizations related to these routine processes. 41. (SO 8) For each report below, indicate whether the report is likely to be for internal or external users (some reports may be both), and whether data would come exclusively from the general ledger. The format would be: Report Name
Internal or External
Exclusively G/L Data?
The reports are: Income statement
External
Yes
12-7
Chapter 12 Solutions Aged accounts receivable Inventory stock status Open purchase orders Machine down-time Cash flow statement Production units produced
Administrative Processes and Controls Both Internal Internal Internal External Internal
No No No No No No
Problems 42. (SO 1, SO 2) Compare the source of capital processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) source of capital processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), source of capital transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that a source of capital transaction occurs. In addition, (c.) the magnitude of an individual source of capital transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, source of capital transactions require specific authorization of management. 43. (SO 1, SO 3) Compare the investment processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) investment processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), investment transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that an investment transaction occurs. In addition, (c.) the magnitude of an individual investment transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, investment transactions require specific authorization of management. 44. Exhibit 12-9 shows a screen capture from Great Plains accounting software. The following modules in Great Plains are shown:
12-8
Chapter 12 Solutions
Administrative Processes and Controls
Financial Sales Purchasing Inventory Payroll Manufacturing Fixed Assets For each of the transactions listed, explain which module would you choose and why. a. Entering an invoice received from a supplier. b. Entering the receiving of materials at the shipping dock. c. Enter a check received in payment of an account receivable. d. Posting a batch of sales invoices to the general ledger. e. Enter hours worked by employees. f. Print checks for suppliers a. Entering an invoice received from a supplier- this would fall under the Purchasing module. The purchasing module is appropriate because it would record the purchase or expenditure in the purchases journal, as well as the related payable to the supplier in an accounts payable subsidiary ledger. b. Entering the receipt of material at the shipping dock – this would fall under the Inventory module. The inventory module is appropriate because it would record the items on hand and the movement of goods available for production. c. Entering a check received in payment of an account receivable – this would fall under the Sales module. The sales module is appropriate because it would include collections of sales in the cash receipts journal and the related customer accounts in the accounts receivable subsidiary ledger. d. Posting a batch of sales invoices to the general ledger – this would fall under the Financial module. The financial module is appropriate because it includes all accounting cycle functions, including the summarization of special journals and their posting to the general ledger. e. Entering hours worked by employees – this would fall under the Payroll module. The payroll module is appropriate because it records all periodic workforce activities in a payroll journal. f. Printing checks for suppliers – this would fall under the Purchasing module. The purchasing module is appropriate because it would record the payment to the supplier in an accounts payable subsidiary ledger as well as the related release of funds in a cash disbursements journal. 45. Enderle Sound, Inc. internal control weaknesses. Weakness 1: Stefan prepares and posts journal vouchers. Journal vouchers
12-9
Chapter 12 Solutions
Administrative Processes and Controls
should be prepared by the personnel in the other processes of revenue, expenditures, payroll, and conversion. Those journal vouchers should be forwarded to Stefan for posting. Weakness 2: The journal vouchers are not prenumbered. Journal vouchers should be prenumbered and the sequence should be accounted for. Any missing numbers in sequence should be reconciled or explained. Weakness 3: Journal vouchers are frequently voided or revised. While it may not be possible to completely eliminate such errors, voided and revised journal vouchers should occur rarely. Weakness 4: Journal vouchers are posted biweekly. Ideally, they should be posted more frequently, and at least weekly. Weakness 5: The voucher log is chronological. It should be in order of the prenumbered sequence. Weakness 6: Stefan reconciles the subsidiary accounts to the control accounts in the general ledger. Reconciliation is a good internal control, but ideally, someone other than Stefan should do this reconciliation. Weakness 7; The general journal reconciliation occurs bimonthly. It should be reconciled at the end of each month.
12-10
Robatelli’s Continuing Case Solution – Chapter 13 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Describe the purpose of a data warehouse and describe how Annheuser-Busch uses data warehousing. A data warehouse is a collection of enterprise wide data and external data gathered into a large database. The data warehouse is used by management to support decision-making. As an example, the Anheuser-Busch article regarding BudNet describes a data warehouse of Anheuser-Busch sales data and sales of its competitors. Anheuser-Busch collects detailed data about sales at convenience and grocery stores. When this data is collected into a data warehouse, it can be analyzed to help predict future customer behavior and can allow Anheuser-Busch to better predict sales and inventory stocking levels. b. Describe the purpose and use of data mining and describe how Anheuser-Busch uses data mining. Data mining is the process of analyzing the data in a data warehouse to determine trends, patterns, or relationships in the data. For example, Anheuser-Busch uses data mining to analyze sales of its beer products and its competitors. This analysis helps the company determine stock levels in various stores or neighborhoods. Sales can be compared based on weather conditions, holidays, or other important factors. Such analysis can allow the company to predict future sales of its products on certain days or by location. Anheuser-Busch uses this data to determine sales promotions and can then refine sales promotions based on data mining. c. Describe how data warehousing and data mining can facilitate reporting and analysis at Robatelli’s. A data warehouse and data mining could be similarly used Robatelli’s. Robatelli’s would first need to build a data warehouse that would include detailed sales data by source: store, phone and web. In addition to this internal sales data, the company may be able to buy or develop external data such as weather, neighborhood demographics, sales of competitors, or general local economic conditions. The analysis of this data would help Robatelli’s predict future sales and determine sales promotions that would be effective. For example, Robatelli’s could gain a better understanding of sales volume for certain weather conditions, certain holidays, and various promotional pricing structures. This could possibly be done without data mining, but it would be a much
more time consuming and labor intensive task. Data mining uses the power of the computer to analyze large volumes of data to search for sales patterns or trends.
Chapter 13 Solutions
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 13
Concept Check 1. b 2. a 3. c 4. b 5. d 6. a 7. c 8. c 9. c 10. b 11. c 12. b 13. a
Discussion Questions 14. (SO 1) How does data differ from information? Data is the basic facts collected from a transaction. Information is data that has been manipulated by summarizing, categorizing, or analyzing to make that data useful to a decision maker. 15.(SO 1) Why is it important for companies to store transaction data? There are four reasons that a company must collect and store transaction data. Those reasons are: 1) to complete transactions; 2) for follow-up on later transactions or for reference regarding future transactions with the same entity; 3) to prepare external reports such as financial statements; and 4) to provide information to management as they attempt to run the organization efficiently and effectively. 16. (SO 2) Which type of data storage media is most appropriate when a single record of data must be accessed frequently and quickly? Random access storage works best for situations in which a single record must be accessed quickly and easily. 17. (SO 3) Identify one type of business that would likely use real-time data processing rather than batch processing. Describe the advantages of realPage 13-1
Chapter 13 Solutions time processing to this type of business. A business that sells items on a web site, such as Amazon, would be likely to use real-time data processing. This is true because the system must be able to determine information such as whether an item ordered is currently in stock. The main advantage of realtime processing is its ability to provide information immediately. There are many examples of the need for real-time data processing. Airline reservation systems are another example. 18. (SO 4) Differentiate between data redundancy and concurrency. Data redundancy occurs when the same data are stored in more than one file. Thus, there is redundant, or repeated data. Concurrency means that all of the multiple instances of the same data are exactly the same. It is harder to achieve concurrency when there is much data redundancy. 19. (SO 4) What is the term for the software program(s) that monitors and organizes the database and controls access and use of data? Describe how this software controls shared access. This software system is called a Database Management System, or DBMS. The DBMS manages the access of users or processes to the online database. The DBMS manages the data sharing by updating the data available to users immediately upon recording any changes. 20. (SO 4) Describe the trade-offs of using the hierarchical model of database storage. A hierarchical model database is very efficient for processing large volumes of similar transactions. It is not efficient for accessing or processing a single record from a large database. Therefore, it works well with batch processing, but would not be efficient in those situations where accessing a single record, or answering flexible queries, is necessary. 21. (SO 4) Describe the organization of a flat file database. Flat file records are two dimensional tables with rows and columns. The records are stored in text format in sequential order, and all processing must occur sequentially. No relationships are defined between records. These systems must use batch processing only and batches must be processed in sequence. The system makes the processing of large volumes of similar transactions very efficient. 22. (SO 4) What four conditions are required for all types of databases? 1) Items in a column must all be the same data type. 2) Each column must be uniquely named. 3) Each row must be unique in at least one column. 4) Each intersection of a row and column must contain only one data item. 23. (SO 4) Within a hierarchical database, what is the name for the built-in linkages in data tables? Which data relationships can be contained in a hierarchical database? Record pointers are used to link a record to the next record having the same attribute. Using a record pointer system, one-to-one
Page 13-2
Chapter 13 Solutions and one-to-many relationships can be represented in a hierarchical database. 24. (SO 4) Which database models are built on the inverted tree structure? What are the disadvantages of using the inverted tree structure for a database? Both the hierarchical database model and the network database model are based on an inverted tree structure. The network model is more complex because it uses more than one inverted tree structure. This allows two or more paths into the data. Two disadvantages are that new data cannot be added until all related information is known, and deleting a parent record can delete all child records. 25. (SO 4) Which database model is used most frequently in the modern business world? Why do you believe it is frequently used? The relational database model is now used most frequently. It is frequently used because it is the most flexible database model. An English-like query language, SQL, can be used to retrieve data from the database in a very flexible manner. In addition, the increasing computer power and decreasing cost of computing power have made any inefficiencies in a relational database less significant. 26. (SO 5) How is the primary key used in a relational database? The primary key is the unique identifier for each record in the table and it is used to sort, index, and access records from that table. 27. (SO 5) What language is used to access data from a relational database? Why is the language advantageous when accessing data? Structured Query Language, SQL, is the language used to access data in a relational database. Its advantage is its English-like query language that allows easy access to the data in the database and presentation in a manner most useful to the user. 28. (SO 5) Which type of database model has the most flexibility for querying? How does this flexibility assist management? The relational database model is the most flexible database model for querying. It provides important assistance to managers through its flexibility in answering an unlimited number of queries about customers, products, vendors, or any other information in the database. 29. (SO 5) What are the first three rules of normalization? What is meant by the statement that the rules of normalization are additive? 1) Eliminate repeating groups. 2) Eliminate redundant data. 3) Eliminate columns not dependent on the primary key. Additive means that if a table meets the third rule, it has also met the preceding rules: one and two. 30. (SO 6) Differentiate between a data warehouse and an operational database. An operational database is the database in which data is continually updated as transactions are processed. The operational database includes data for the current fiscal year and it supports day-to-day operations and record Page 13-3
Chapter 13 Solutions keeping for the transaction processing systems. The data warehouse is an integrated collection of enterprise-wide data that includes five to 10 years of non-volatile data, and it is used to support management in decision making and planning. Periodically, new data is uploaded to the data warehouse from the operational data, but other than this updating process, the data in the data warehouse does not change. 31. (SO 7) How is data mining different than data warehousing? Data mining is the use of data analysis tools to analyze data in a data warehouse. Tools such as OLAP are used in data mining. An example of data mining is analyzing sales data to determine customer buying patterns. The data warehouse is the database in which the data to be analyzed is stored. 32. (SO 7) How has Anheuser-Busch used data warehousing and data mining successfully? Anheuser-Busch has used a data warehouse and data mining to analyze sales history, price-to-consumer, holidays and special events, daily temperature, and forecasted data such as anticipated temperature to create forecasts of sales by store and by product. Data are used by salespeople and distributors to rearrange displays, rotate stock, and inform stores of promotion campaigns. Using these buying trends, Anheuser-Busch creates promotional campaigns, new products, and local or ethnic target marketing. 33. (SO 7) Identify and describe the analytical tools in OLAP. The analytical tools that are usually part of OLAP are: drill-down, consolidation, pivoting, time-series analysis, exception reports, and what-if simulations. Drill down is the successive expansion of data into more detail, going from high-level data to successively lower levels of data. Consolidation is the aggregation or collection of similar data; it is the opposite of drill down in that consolidation takes detailed data and summarizes it into larger groups. Pivoting is examining data from different perspectives. Time series analysis is the comparison of figures over several successive time periods to uncover trends. Exception reports present variances from expectations. What-if simulations use changing variables to examine interactions between different parts of the business. 34. (SO 8) Differentiate between centralized data processing and distributed data processing. In centralized data processing, data processing and databases are stored and maintained in a central location. In distributed data processing, the processing and the databases are dispersed to different geographic locations of the organization. A distributed database is actually a collection of smaller databases dispersed across several computers on a computer network. 35. (SO 8) Why would a small company with 400 employees find it advantageous to use a cloud database (DaaS)? A cloud database (Database as a Service) is a database that is hosted by a third party. That third party takes Page 13-4
Chapter 13 Solutions responsibility for the hardware, software, and security measures necessary to store, use, and access the data. For a small company, this would be a more cost effective way to maintain a database since it would not have to purchase the hardware and software necessary to maintain the database. In addition, it would not need a large IT staff to manage the data, hardware, and software for the database. Since the third party assumes responsibility for the security and backup of the database, the small company would not have to establish and maintain the internal controls over the database. Finally, a DaaS is more easily scaled in size if the company grows. The company would simply purchase more data storage from the provider and would not need to expand any internal hardware or software. DaaS, like other cloud services is a service that is paid depending on the use. Therefore, a small company could avoid the cost of buying hardware and software that could meet the extra capacity if the company grows. Instead, it would simply buy more space from the third party. 36. (SO 10) Why is control over unauthorized access so important in a database environment? Data are valuable resources that must be protected with good internal controls such as those that prevent unauthorized access. Access controls help prevent unauthorized users from accessing, altering, or destroying data in the database. The database is such a critical resource for most organizations that they must insure the data is accurate and complete. 37. (SO 10) What are some internal control measures that could prevent a hacker from altering data in your company’s database? Measures that prevent hackers from accessing and altering data include authentication and hacking controls such as login procedures, passwords, security tokens, biometric controls, firewalls, encryption, intrusion detection, and vulnerability assessment. In addition to these controls, the database management system (DBMS) must be set up so that each authorized user has a limited view (schema) of the database. 38. (SO 10) Why are data considered a valuable resource that is worthy of extensive protection? The database of an organization is a critically important component of the organization. Data are a valuable resource that must be protected with good internal controls. Missing or incorrect data can have a negative impact on the ability to conduct the necessary business processes.
Brief Exercises 39. (SO 2) Arrange the following data storage concepts in order from smallest to largest, in terms of their size: File, Record, Database, Character, and Field. The hierarchy of terms is character, field, record, file, and database.
Page 13-5
Chapter 13 Solutions 40. (SO 2) Think of a database that would be needed at a professional service firm to maintain the contact list of clients or patients at the office of a CPA, attorney or medical doctor. Identify the fields likely to be used in this database. If you were constructing this database, how many spaces would you allow for each field? The fields and suggested sizes that usually be needed are: last name (24), first name (24), middle initial or name (24), address line 1 (50), address line 2 (50), apartment number (12), city (24), state (2), zip code (9), home telephone number (10), office telephone number (10), mobile telephone number (10). Some field sizes could be more or fewer spaces. Of course, fields sizes for fields such as zip code and phone number are more certain. It is important that the field size must be slightly larger than the longest item to appear in that field. In the case of items for which we know the size precisely, the field size can be set accordingly. For example, zip codes will never include more than 9 digits. These fields would represent a minimal number of necessary fields. Depending on the type of firm, there may be many other fields that would be needed. For example, a doctor’s office would need emergency contact information, while a CPA firm would not need this information. In addition, there would be many other fields to be designed if the company desired more than contact information. 41. (SO 3) Suppose that a large company uses batch processing for recording its inventory purchases. Other than its slow response time, what would be the most significant problem with using a batch processing system for recording inventory purchases? A company would not know its true inventory balance until the batch of transactions was processed. There would be no online, current balance of inventory to be used to respond to inquiries from managers, employees, or customers. Therefore, purchases and sales of inventory might need to be delayed until the batch processing occurs and new balances are known. This delay can cause the company to maintain higher or lower levels of inventory than may be desired. With a longer time to place an order, the company might need to maintain higher inventory levels to avoid a stock out. 42. (SO 4) Arrange the following database models in order from earliest development to most recent: Network Databases, Hierarchical Databases, Flat File Databases, and Relational Databases. The historical order is flat file, hierarchical, network, and relational databases. 43. (SO 4) Categorize each of the following as one-to-one, one-to-many, or many-to-many relationships. Subsidiary ledgers and general ledgers. This is best categorized as a one- to-many relationship. A general ledger account, such as accounts receivable, could have many supporting sub-accounts in the accounts receivable subsidiary ledger. It is also true that a general ledger would have many subsidiary ledgers (accounts receivable, accounts payable, inventory, payroll). Page 13-6
Chapter 13 Solutions
Transactions and special journals. This is best categorized as a one- tomany relationship. A special journal, such as sales journal, would have many supporting transactions recorded in the special journal. General ledgers to trial balances. This is best categorized as a one-toone relationship. For each time period, one set of general ledger balances would result in one trial balance.
44. (SO 6) How might a company use both an operational database and a data warehouse in the preparation of its annual report? A company would use the operational database for the current fiscal year reports, but may need past information from the data warehouse to prepare comparative financial statements from previous years. The company might also use the data warehouse to examine and report important trends in financial information. 45. (SO 7) Using Anheuser-Busch’s BudNet example presented in this chapter, think about the list queries that might be valuable if a company like Gap Inc. used data mining to monitor its customers’ buying behavior. The Gap could use queries related to: the effects of promotional pricing; dates or holiday buying patterns; dates when seasonal style updates should be introduced in stores; regional clothing preferences; ethic group clothing patterns; and GAP sales in relation to competitors.
Problems 46. (SO 3) Differentiate between batch processing and real-time processing. What are the advantages and disadvantages of each form of data processing? Which form is more likely to be used by a doctor’s office in preparing the monthly patient bills? Batch processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. The alternative to batch processing is real time processing. Real-time processing occurs when transactions are processed as soon as they are entered. Real-time processing is interactive because the transaction is processed immediately. The advantages of batch processing are that it is an efficient way to process a large volume of like transactions, it is less complex than real-time systems, it is easier to control and maintain an audit trail; and the data can be stored in less complex, sequential storage. The major disadvantage of batch processing is the slow response time. Balances are not updated in real-time and therefore, management does not have current information at all times. The major advantage of real-time processing is the rapid response time. Since balances are updated in real-time, management always has current information. The disadvantages of real-time processing are that it is less Page 13-7
Chapter 13 Solutions efficient for processing large volumes of like transactions; it is more complex than batch systems; it is more difficult to control and maintain an audit trail; and data must be stored in random access databases. Monthly processing of patient bills could be batch processing. There would be a high volume of like transactions at month-end. 47. (SO 4) Abylli Company does not use a database system; rather, it maintains separate data files in each of its departments. Accordingly, when a sale occurs, the transaction is initially recorded in the sales department. Next, documentation is forwarded from the sales department to the accounting department so that the transaction can be recorded there. Finally, the customer service group is notified so its records can be updated. Describe the data redundancy and concurrency issues that are likely to arise under this scenario at Abylli. There would be much data redundancy in this system. For example, customer name, address, and other contact information must be maintained in separate files in both the sales department and the customer service department. Customer service and the sales department would have nearly identical fields in their data, but maintained in separate files. It may take hours our days for the sale documentation to move from one department to the next. Therefore not all departments have the same information stored in their files at the same time. After a sale is recorded in the sales department, it may be days before that sale is recognized in the customer service department. Therefore on any given day, managers in the two departments will be operating with feedback from data sets that do not match. If someone in the sales department needs to check with customer service regarding a particular sale, it is possible that the customer service department has not yet received information for that sale. This lengthens response time in answering queries or following up on orders. 48. (SO 6) List and describe the steps involved in building a data warehouse. The steps are: identify the important data to be stored in the data warehouse; standardize that data across the enterprise; scrub or cleanse the data; and upload that data to the data warehouse. Identifying the proper data requires examining user needs and high-impact processes (HIPs). HIPs are the processes that are critically important and that must be executed correctly if the organization is to survive and thrive. Data needed by users and data from HIPs should be in the data warehouse. The data must then be standardized across the enterprise. Various subunits within the enterprise might have conflicting definitions or field names for the same type of data. The designers of the data warehouse must design a Page 13-8
Chapter 13 Solutions standard format for the data. The data must also be scrubbed or cleansed to remove errors and inconsistencies in the data. The data must then be uploaded to the data warehouse. Also there should be a periodic upload of data from the operational databases into the data warehouse. 49. (SO 8) Describe the advantages and disadvantages of using a distributed database and distributed data processing. Do you think the advantages are worthwhile? Explain your answer. The advantages are: 1) Reduced hardware cost. Distributed systems use networks of smaller computers rather than a single mainframe computer. This configuration is much less costly to purchase and maintain. 2) Improved Responsiveness. Access is faster since data can be located at the site of the greatest demand for that data. Processing speed is improved since the processing workload is spread over several computers. 3) Easier incremental growth. As the organization grows or requires additional computing resources, new sites can be added quickly and easily. Adding smaller, networked computers is easier and less costly than adding a new mainframe computer. 4) Increased user control and user involvement. If data and processing are distributed locally, the local users have more control over the data. This control also allows users to be more involved in the maintenance of the data and users are therefore more satisfied. 5) Automatic integrated backup. When data and processing are distributed across several computers, the failure of any single site is not as harmful. Other computers within the network can take on extra processing or data storage to make up for the loss of any single site. The disadvantages are: 1) Increased difficulty of managing, controlling, and maintaining integrity of the data. 2) Increased likelihood of concurrency problems. Yes, I think it is worthwhile to have distributed, local control of the data and automated, integrated backup of a distributed system. However, greater attention must be paid to controls that ensure the security and concurrency of the data in a distributed system. 50. (SO 6) Read an online article from http://www.xconomy.com/boston/2010/09/20/netezza-sold-to-ibm-for-1-7bwill-help-big-blue-tackle-big-data/. Describe the services that Netezza offered and why IBM decided to purchase the company. This article indicates that IBM announced a purchase of Netezza in September, 2010. Netezza, “makes hardware and software used by big companies like Amazon and Nieman Marcus to combine their storage, server, and database functions in one system.” This acquisition helps IBM expand its offerings in the field of business analytics. Specifically, Netezza helps IBM “make products for
Page 13-9
Chapter 13 Solutions analyzing huge amounts of complicated data and finding trends in the data.” 51. (SO 11) Describe the ethical obligations of companies to their online customers. A company must put processes and safeguards into place to protect the privacy and confidentiality of customer data. The nine privacy practices described by the AICPA Trust Services Principles are a good source of the guidelines a company should follow. 52.(SO 9) Read the article at http://www.eweek.com/c/a/EnterpriseNetworking/IBM-Moves-Customers-to-SmartCloud-for-Collaboration-147563/. Explain how the IBM customers mentioned in the article are using IBM’s SmartCloud. Most of the article is devoted to an IBM client named Newly Weds Foods. This company is a world leader in food ingredient technology in more than 68 countries. SmartCloud allows the chefs doing research and development on recipes to collaborate and share ideas online. The company reduced travel costs by 10 percent using this online collaboration. SmartCloud provides, “business-grade file sharing, social networking, communities, online meetings, instant messaging, e-mail, and calendar”. It allows users to co-edit documents in real time. In addition, the article describes how business students at York University in Canada are using SmartCloud for a semesterlong project to create a comprehensive business plan. They use it for, “online meetings, file sharing, decision making, workload sharing and overall project management. 53. (SO 8) Oracle is the world’s largest enterprise software company. Its business is based on information: helping people use it, share it, manage it, and protect it. Using an Internet search engine, search using the terms “Google” and “distributed database”. Describe how and why Google uses a distributed database. What problems is Google encountering related to its distributed database? Google uses distributed databases in a few ways. One way is to store user settings and user ID information for the many Google services such as gmail, Google Alerts, personalized home page, and Google Answers. This distributed database of user settings is an Oracle database. Whenever a user logs in, and from wherever they log in, the distributed database can access and provide the appropriate user settings. An article at http://www.oracle.com/customers/snapshots/google-oracleberkeley-db-casestudy.pdf indicates that: “Read requests—such as when an existing user returns and logs in—are routed to any device in the partition, be it a master or a replica. However, updates to the database—such as the addition of a new user or modification of an existing user’s data—are routed only to the partition master. That master system records the change and then propagates it to the replicas. It considers the update complete when more than half the replicas have recorded the change. This design ensures that if a system failure occurs, the nodes can replicate the change among themselves and throughout the rest of the partition.”
Page 13-10
Chapter 13 Solutions
Google also uses a distributed database in its search processes. It is a distributed database system that breaks search queries into fragments and distributes them to multiple computers in a network to get faster results. The problem that Google has encountered recently is that it has been sued by Northeastern University and a company named Jarg for patent infringement. The suit claims that Google illegally uses this patented distributed database technology developed at Northeastern University. 54. (SO 10) List and describe the ten privacy practices recommended by the AICPA Trust Services Principles’ Privacy Framework. If you have ever made a purchase online, you have likely seen these practices in use. Provide any examples from your own personal experience. Management. An organization should properly manage privacy. This means that a person or persons must be assigned responsibility to oversee privacy practices. This person should insure that privacy practices are documented and followed. Notice. Notice implies that companies provide their privacy policy to customers. In many cases, the privacy policy is posted on the website. The notice should inform customers of the purpose for collecting the information and how it will be used. Choice and consent. The company should tell customers of any choices the customer might have to opt out of providing information. Also, the online company should gain consent from the customer to collect, use, and retain the information. Consent can be implicit or explicit. Collection. The company should limit collection of customer data to that data for which they have received consent. Use and retention. The company should only use customer data as disclosed in its privacy policy and should retain such data only as long as necessary. Access. The company should provide access that would allow the customer to view, edit, or delete personal information. Disclosure to third parties. Any data collected from customers should not be shared with third parties unless the customer has given consent. Security for privacy. The organization should have protections to insure that customer data is not lost, destroyed, altered, or subject to unauthorized access. Quality. Protection and controls should exist to insure that the data has quality. Quality means it is accurate and complete. Monitoring and enforcement. Privacy practices should be continuously monitored to insure they are followed. Examples that students provide will differ from student to student. Examples would be things such as viewing the privacy policies on the web site, granting consent for data collected, etc.
Page 13-11
Chapter 13 Solutions
Cases 55. The following relationships appear in the screen capture. a. Suppliers table is related to Products table. It is a one-to-many relationship. The linked field is SupplierID. b. Categories table is related to Products table. It is a one-to-many relationship. The linked field is CategoryID. c. Products table is related to Order Details table. It is a one-to-many relationship. The linked field is ProductID. d. Order Details table is related to Orders table. It is a one-to-many relationship. The linked field is OrderID. e. Employees table is related to Orders table. It is a one-to-many relationship. The linked field is EmployeeID. f. Customers table is related to Orders table. It is a one-to-many relationship. The linked field is CustomerID. g. Shippers table is related to Orders table. It is a one-to-many relationship. The linked field is ShipperID. 56. Shuttle-Eze operates airport shuttle vans in twelve large cities. Those cities are Los Angeles, San Diego, San Francisco, Phoenix, Las Vegas, Houston, Dallas, Chicago, New York City, Washington D.C., Miami, and Orlando. Shuttle-Eze operates passenger vans to shuttle travelers to and from the airports for a $25 fee per person. Required: a. Design the tables that the company would need in its database to operate these shuttles. Remember that they must collect, record, and track information about customers, payments, flights, gates, vans, drivers, pick up and delivery addresses. There may be other types of data not mentioned in the previous sentence that you would wish to add. The tables you design should have attributes (columns) for each critical piece of data. See Exhibit 13-4 for the concept of the table layouts. The tables you design should meet the first three rules of data normalization. b. Describe the advantages and disadvantages of using a centralized database for Shuttle-Eze. There is no single correct answer to this question. Also, student responses are not likely to be comprehensive enough to represent the entire set of data needed. The question will, however, generate thought and discussion about which data to keep and how to store it in tables. It also illustrates how complex a database can be with the full scope of data required and the interrelationships between data. A sample answer follows.
Page 13-12
Chapter 13 Solutions Part a: The tables proposed are: Customer table, including fields for Customer ID; first name; last name; address line 1; address line 2, city; state, zip code; home phone; business phone; cell phone; fax number; billing address line 1; billing address line 2, billing city; billing state, billing zip code; credit card number; credit card expiration date Reservation table, including fields for Reservation ID; Customer ID; Arrival date; arrival time; arrival flight airline; arrival flight number; arrival gate; departure date; departure time; departure flight airline; departure flight number; departure gate; deliver to address; deliver to city; deliver to city; deliver to state; deliver to phone; pick up address; pick up city; pick up state; pick up zip; pick up; phone number Employee tables, including Employee ID, first name; last name; address line 1; address line 2; city; state; zip code; SSN; birth date; hire date; review date; pay rate; federal exemptions; state exemptions; fields for all other pay deductions Driver table, including fields for Employee ID; city assigned to; license type; Van table, including fields for VanID; Van make; van model; van VIN; city assigned to; current driver assigned; last service date; mileage at last service Part b: A centralized database could be advantageous for several reasons. First, it avoids the need to keep several distributed databases concurrent. If each location maintains a separate database, it would be more difficult to share customer information between locations. A single customer may use the company’s services in Miami and Chicago. With a single, centralized database, once the customer’s basic data is entered, it need not be reentered when that customer uses the services in another city. Additionally, vans might be shuttled between cities if needed. For example, a shortage of vans in Orlando might be fixed by driving a van or vans from Miami. A centralized database could easily be changed to reflect the new location of the van. If separate databases were maintained, the van details would have to be reentered at the new location. 57. Kroger, a large, nation-wide grocery company, maintains a customer reward system titled the “Kroger Plus Shopper’s Card”. Customers who enroll in this system are entitled to discounts on products at Kroger stores and Kroger gasoline. To earn discounts and other rewards, the shopper must use the “Kroger Plus” card at the time of checkout. The card has a bar code that identifies the customer. For Kroger, the system allows the opportunity to Page 13-13
Chapter 13 Solutions determine customer buying patterns and to use this data for data mining. Required: Using a Web search engine, search for “data mining’ and grocery. Describe what type of information grocery stores collect that they can use for data mining purposes. Also, describe how grocery chains use data mining to improve performance. Grocery stores use these customer reward systems, sometimes called “loyalty cards”, to induce customer loyalty and to track purchases. A grocery store could collect data such as products and brands purchased. So as an example, if a customer’s buying habits include frequent purchase of Tyson chicken products, the store’s system can be set to print chicken or Tyson coupons at the time of check-out. Such data mining can assist the grocery chain in identifying customer buying habits and thereby increase sales through targeted promotions. Many grocers hire a firm named Catalina to assist in the data mining. One article says the following: “Catalina collects loyalty and bulk sales data from more than 20,000 stores, then uses it to create pictures of shoppers over time, says CEO L. Dick Buell. The picture gets clearer the more data stores collect. For example, Catalina can help retailers determine that someone lives in an upscale area, buys diapers, and may be interested in high-end baby food.” (http://www.usatoday.com/tech/news/internetprivacy/2006-07-11-datamining_x.htm) There appear to be many web sites online that discuss that one Midwest chain found a connection between men who buy diapers on Thursday and increased purchase of beer by those men. Other web sites suggest that is an urban myth, but it appears unresolved as to whether it is true. This data collection has also caused privacy concerns. Some have suggested that grocery chains do not need loyalty cards to collect data about sales of products. They believe grocers could collect such data by analyzing sales in general and inventory levels.
Page 13-14
Robatelli’s Continuing Case Solution – Chapter 14 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Discuss whether Robatelli’s Internet order activities can be termed e-commerce. Yes, Robatelli’s is engaged in e-commerce. E-commerce is generally considered to be internet sales between a business and end-user consumers. b. Given the privacy practices described in the AICPA Trust Principles, describe the kind of customer data that Robatelli’s could reasonably collect and store, and also describe some data that Robatelli’s should not collect and store. Explain the reasons for these differences. Robatelli’s must have name, address, and phone number at a minimum. If the customer pays by credit card, they would also need credit card type, number, expiration date, and the name as it appears on the card. Robatelli’s does not need personal information or characteristics about the customer such as age, birth date, height, weight, social security number, marital status, drivers’ license number, or family income. The are two major differences in the types of data above. The first set is absolutely necessary to complete the transaction, while the second set is not needed. In addition, the second set is more personal and people are more often unwilling to share that information with businesses. There is also a “behind the scenes” data collection. If desired, Robatelli’s could maintain data about customers’ order history. As described in chapter 13, Robatelli’s might use such data for data mining and analysis. c. Describe the internal controls related to Internet orders that Robatelli’s should have in place. The entire set of hacking and network break-in controls would be beneficial to Robatelli’s. This would include firewall, encryption, security policies, security breach resolution policies, secure socket layers (SSL), anti-virus software, vulnerability assessment, penetration testing, and intrusion detection. There is no indication in the case that a wireless network is used and therefore, the wireless network controls may not be necessary. Most businesses that sell via the Internet do ask the customer to log-in using a user ID and password, but it would not be practical to use other authentication controls such as biometric devices, security tokens, access levels, or authority tables.
In addition, the software that Robatelli’s uses to process e-commerce orders should have data validation controls in place. These controls would help lessen data input errors as customers place orders. These would include field check, validity check, limit check, and completeness check. The use of drop-down boxes for customer choices can also reduce input errors.
Chapter 14 Solutions
E-commerce and E-business
Turner/Accounting Information Systems, 2e Solutions Manual Chapter 14
Concept Check 1. b 2. c 3. d 4. c 5. b 6. c 7. d 8. a 9. d 10. a 11. b 12. e 13. a 14. c
Discussion Questions 15. (SO 1) How do e-commerce and e-business differ? E-business is a very broad concept that includes any electronically enabled business process. E-business can include electronic enhancements of processes with trading partners, as well as internal processes. E-commerce is a subset of e-business and it includes electronic sales between a retail business and an end consumer. E-commerce is conducted via the Internet, while e-business could use the Internet as well as other electronic means. 16. (SO 2) What was the original purpose of the network of computers that eventually became the Internet? The original purpose was to facilitate communication and sharing of work between universities engaged in research for the Department of defense. 17. (SO 2) Why was ARPANET designed with many different alternative routes for network traffic? ARPANET was designed during the height of the Cold War with the USSR and there were many fears of nuclear attack. A design with many alternative routes could still operate if a nuclear attack destroyed one or more of those routes. 18. (SO 2) Why is a standard protocol necessary in computer networks? There may be many different brands or types of computers on a network, and these computers
Page14-1
Chapter 14 Solutions
E-commerce and E-business
could use different operating systems. In order for these various computer systems to communicate, there must be a standard protocol. The protocol establishes the common communication method. 19. (SO 2) How quickly did Internet usage by the public grow after the Internet was opened to business transactions in 1994? The public use of the Internet exploded in growth after it was opened to business transactions. This was especially true in the 1998 to 2001 period. 20. (SO 3) Describe the relationship between national backbone providers, regional ISPs, and local ISPs? Backbone providers make up the main trunk-lines of the Internet. They are made up of high capacity , high speed lines. Regional Internet Service Providers (ISP) connect to the backbone providers with lines with less speed and capacity than backbone providers. The local ISPS then connect to the regional ISPs and these local ISPs provide Internet connect to local customers. 21. (SO 3) What is the importance of a standard formatting language for Web pages and a standard addressing system? The standard formatting language for web pages is HTML. A standard formatting language is necessary to show a web page in the same form on the many different kind of computers connected to the World Wide Web. There is a similar reason to have a standard addressing system. Varius types of computers need a way to locate the desired web site If a standard method of accessing web sites exists, the computer browsers can be built to use the standard addressing system on the various kinds of computers. 22. (SO 4) Which types of costs can be reduced when a company decides to engage in B2B e-commerce on the Internet? Marketing costs, order processing costs, and distribution costs can be reduced by engaging in B2C sales. 23. (SO 4) What are the differences between brick and mortar retailers and clicks and mortar retailers? Brick and mortar refers to retailers that sell in traditional forms in a building that customers visit to make a purchase. Clicks and mortar refers to retailers who have traditional sales in a building, but also sell to customers via the Internet. 24. (SO 5) According to the Online Privacy section of the AICPA Trust Services Principles, what types of personal information should be protected? All information collected from customers should remain private unless the customer has given implicit or explicit permission to share such information with third parties. In addition, companies should collect only data necessary to conducting the transaction. 25. (SO 5) If you could condense the ten areas of Online Privacy in the AICPA Trust Principles, into a shorter list (three, four, or five point list), how would you word that list? Collect only necessary data, keep that data private unless the customer gives permission to share it, make sure you have enforced policies to store and use the data as the customer intends you to use it, notify the customer of how you intend to use the data. 26. (SO 5) What is meant by “monitoring and enforcement” regarding online privacy practices? It means that a company should continuously monitor how well it follows its privacy practices and that they must put processes in place to ensure privacy practices are followed. 27. (SO 6) How is E-business a more broad concept than e-commerce? E-commerce refers to web-based sales between a business and an end consumer. E-business is
Page14-2
Chapter 14 Solutions
E-commerce and E-business
a much broader concept that includes electronic forms of process improvement throughout the supply chain. Thus it can include processes between a business and its suppliers, a business and its customers, or internal processes. It also includes many forms of electronic enhancement beyond web-based. 28. (SO 6) Describe the concept of a supply chain. It is the set of linked activities from the acquisition and delivery of raw materials, through the manufacture, distribution, and delivery to a customer. 29. (SO 6) Why is it important to insure an efficient flow of goods throughout the supply chain? Any slow-down or bottle neck in the supply chain can slow or stop the entire supply chain. 30. (SO 6) Which functions within the supply chain can be enhanced through the use of e-business? Virtually any process within the supply chain can be enhanced through e-business. 31. (SO 6) How are activities in the supply chain interdependent? They are interdependent in that one step in the supply chain drives the following step. For example, a secondary supplier must provide products to a supplier, who then converts it to a product to be sold to the manufacturer. 32. (SO 6) In what ways are the characteristics of e-business different from ecommerce? E-business is often business to business, while e-commerce is business to consumer. In an e-business order, it is likely to be a large dollar order, with many line items, and with a business that we have a pre-existing relationship. An ecommerce order may be from an unknown customer and each order may be a small dollar amount, but a large volume of orders. E-commerce transactions are likely to be credit card transactions while e-business transactions are likely to involve purchase orders and invoices. 33. (SO 8) What are the three levels of network platforms that are utilized in e-business and which groups use each level? The Internet is used by internal and external users, potentially including anyone in the world. Extranets are used by trading partners and are not available to the entire world. Intranets are used by employees within the company. 34. (SO 8) Which type of users should have access to an intranet? Only those inside the company. 35. (SO 8) Which type of users should have access to an extranet? Trading partners such as suppliers, secondary suppliers, and distributors. 36. (SO 9) What types of controls should be used to properly limit access in intranets and extranets? Authentication controls should be used, including controls such as user Ids, passwords, access levels, computer logs, and authority tables. Also, hacking and break-in controls should be used. These include controls such as firewalls, encryption, security policies, VPN, vulnerability assessment, penetration testing, and intrusion detection. 37. (SO 10) Why is the use of XML advantageous in Internet EDI? XML allows a more rich exchange of data than traditional EDI. For example, it could allow the exchange of product descriptions, pictures, or even databases of information regarding products. 38. (SO 10) In what ways are XBRL financial statements advantageous when compared to traditional paper financial statements? XBRL statements can be viewed by a
Page14-3
Chapter 14 Solutions
E-commerce and E-business
browser, or printed. In addition, the viewing of an XBRL statement on a web browser could be much more interactive. For example a reader of the statements could click on an item such as sales to see more underlying detail of the sales total. 39. (SO 11) What are some of the ethical obligations of companies related to ecommerce? Companies have an obligation to collect, store, and use customer data in a ethical manner. These obligations are described in the ten privacy practices of the AICPA Trust Services Principles. 40. (SO 11) Is there a difference between ethical obligations and legal obligations in regards to online privacy? Yes, for example, there is no legal obligation to have a privacy policy displayed on the company web site. However, companies that wish to be very ethical should display privacy practices.
Brief Exercises 41. (SO 1) Much of the e-business and e-commerce conducted by companies uses the Internet as the form of electronic communication. Describe other electronic means to conduct e-business or e-commerce. Electronic Data interchange (EDI) and Electronic Funds Transfer (EFT) are other communication means. 42. (SO 3) How does the use of HTML, URLs, domain names, and SSL contribute to an Internet that can be used world-wide? There are many different types or brands of computers throughout the world and these computers use different operating systems. There must be some common standards within the Internet to allow these various types of computers to read and interact with the Internet. HTML, URLs, domain names, and SSL are all standards in use world-wide that facilitate a userfriendly Internet. Without such common standards, it would not be as easy to connect to and use the Internet. 43. (SO 4) Describe the benefits to the consumer of B2C sales. Customers benefit in through increased access, speed, convenience, and information sharing inherent in B2C sales. They have access to a broader market, 24 hours a day, every day, and therefore more product choices. B2C also often results in lower prices, q2uicker deliver, and marketing targeted specifically to the customers needs. Customers also sometimes have the opportunity to conduct live chats with company representatives, or can view FAQs about the products. 44. (SO 4) Describe the benefits to the company of B2C sales. Benefits to the company are: a broader market of customers beyond the geographic area of any stores they maintain; reduced marketing, order processing, and distribution costs; higher profits; the ability to conduct richer marketing; and the ability to react quickly to market changes. 45. (SO 5) Describe the benefits to a company that engages in B2B transactions via the Internet. They are a wider potential market, reduced transaction cost, higher profits, faster cycle times for product purchase or sale and cash flow, reduction in keying of
Page14-4
Chapter 14 Solutions
E-commerce and E-business
information and reduced data errors. 46. (SO 5) What are the ten areas of privacy practices described in the Online Privacy section of the AICPA Trust Services Principles? The ten areas are: management, notice, choice and consent, collection, use and retention, access, disclosure to third parties, security for privacy, quality, monitoring and enforcement. 47. (SO 6) Describe the activities that take place in the supply chain of a manufacturing firm. Before a manufacturer can produce goods, it must buy raw materials from suppliers. Often those suppliers also need to purchase raw materials, so there are secondary suppliers in the supply chain. The internal processes of manufacturing are also part of the supply chain. Upon completion, products must be distributed through warehouses or distributors to retailers, who then sell these goods to customers. 48. (SO 6) Describe the differences between B2C and B2B. B2C is a sale between a company and an end consumer. B2B is a sale or purchase between two companies. The differences in these types of transactions causes many differences in the characteristics of the transactions. A B2B sale is likely to be ordered via a purchase order, with many line items on the purchase order, with a relatively high total dollar amount. These B2B sales are between companies with preexisting relationships in which they have negotiated specific shipping instructions or prices. B2C sales are relatively smaller dollar amounts, but with a larger volume of sales transactions. It may be a sale to a customer with no preexisting relationship to the company and it is likely to be a credit card sale. 49. (SO 9) Explain the importance of user authentication and network break-in controls in extranets. Only trading partners such as suppliers, secondary suppliers, distributors, or retailers should have access to an extranet. That is, it should not allow any user on the web to log in. Thus, there must be extensive authentication controls. These controls in include user Id, password, log in procedures, biometric devises or security tokens, computer logs, and authorization tables. Since the extranet often uses internet network facilities, it can be susceptible to hackers or other network break-ins. Controls such as firewalls, encryption, SSL, vulnerability assessments, penetration testing, and intrusion detection must be used. 50. (SO 10) What are the advantages of Internet EDI over traditional EDI? The Internet allows cost-free exchanges of data. In traditional EDI, the companies usually pay a VAN for network capabilities and communication. The software and systems for Internet EDI are also simpler and cheaper than those for traditional EDI. Even very small companies can afford hardware and software to conduct Internet EDI.
Problems
Page14-5
Chapter 14 Solutions
E-commerce and E-business
51. (SO 2) Explain the hardware or standards that were developed during the ARPANET that were an important foundation for the Internet of today. There were hardware items or standards developed during the ARPANET time frame. These include packet switching, routers, and the TCP/IP protocol. Packet switching is the method to send data over a computer network. Data is divided into small packets and sent individually. Packets may travel different routes and as they arrive, they are reassembled into the original data. A router is hardware that serves as a gateway between two or more networks. TCP/IP is an acronym for transmission control protocol/Internet protocol. It is the protocol used today. 52. (SO 4) The Pizza Pit is a local chain of pizza restaurants in Dallas. The chain has 30 locations throughout the city and its suburbs. The management is considering opening a Web site to conduct e-commerce with customers. Describe any benefits that might be derived from this move. A move to sales on the web site may not increase the geographic area from which the Pizza Pit draws customers. This is because the delivery area is not likely to change. However, it may experience increased sales due to the convenience of placing pizza orders online. It will also be likely to increase the accuracy of orders and reduce the costs of filling pizza orders. Pizza Pit may also see a benefit to the marketing available on the web site, For examples, they could put pictures of pizzas on “special” and perhaps increase the sales of promotional items. If these benefits do occur, the company will experience increased profits. 53. (SO 5) Using your favorite search website, enter the term “privacy seal” and search. Answer the following questions: a. What is the purpose of a Web privacy seal? The purpose of a privacy seal is to inform customers that the company web site adheres to high standards of privacy of data. When a company displays a privacy seal, they are alerting customers that the company can be trusted to maintain the privacy of customer data. b. Which organizations provide Web privacy seals to web-based companies? Providers include the Better Business Bureau (BBBOnLine), TRUST-e, CPA WebTrust (AICPA), and The Electronic Frontier Foundation and CommerceNet Consortium, Inc. (TRUSTe). c. What are the advantages to a company that maintains a Web privacy seal? Those parties that provide privacy seals indicated that having a privacy seal leads to increased customer confidence and higher revenue. d. What are the benefits to a consumer of shopping a website that has a privacy seal? The consumer should feel a greater sense of confidence that their data is private. There should also be fewer concerns about negative consequences such as a customers contact information being sold, or identity theft. 54. (SO 5) Visit the website www.cpawebtrust.org and answer the following questions:
Page14-6
Chapter 14 Solutions
E-commerce and E-business
e. What is a WebTrust seal? A Webtrust Seal is placed on a web site of a company that has been examined by a CPA firm to determine that it has appropriate privacy practices and that it adheres to those practices. f. Which organization sanctions the WebTrust seal? The American Institute of Certified Public Accountants (AICPA) g. What kind of professional can provide a WebTrust seal to a company? Licensed CPAs who have been trained in WebTrust service examinations. h. What must this professional do before providing a WebTrust seal? For a firm to become a licensed Webtrust Services provider, the firm must: be in good standing with the AICPA; be a CPA majority owned firm; be part of a recognized quality control system; and, sign a licensing agreement and remit an annual licensing fee to the AICPA. 55. (SO 5) Enter the Web site of a popular retail company that sells a large volume of goods or services on the Internet. Search for company “Privacy Policies” on that Web site. If you do not find any privacy policies, continue visiting other company Web sites until you do find privacy policies. Once you have found a company with privacy policies, describe how the company policies do or do not meet the privacy practices in the AICPA Trust Principles. The solution will depend on which company the student uses in their answer. For any company, the student answer should compare the privacy practices against those in the AICPA Trust services Principles privacy practices. The following sample answer is based on Target ®, the retail department store, www.target.com, accessed on February 15, 2008. The Target web site has privacy practices at http://sites.target.com/site/en/spot/page.jsp?title=privacy%5Fpolicy and it is divided into four main areas: a. What information is collected? b. How is this information used? c. How is this information shared? d. What choices do you have? e. How do you access and update your information? f. How is this information protected? Target identifies the information it collects such as name, address, e-mail address, phone number, drivers’ license number, credit card number, and purchase/return/exchange information. Target also indicates that any information that a customer submits in a public forum, “can be read, collected, or used by us and others, and could be used to personalize your experience.” The site indicates there are several parties they may share information with. Those uses include: use by Target and Target subsidiaries such as Target National Bank, Target Bank, and Target Commercial Interiors to offer products or services; service providers that help them market products and services; and other companies for their marketing purposes.
Page14-7
Chapter 14 Solutions
E-commerce and E-business
The site also discloses how a customer can limit use of data provided. It appears that when information is collected by Target, customers are giving implicit consent to use information as outlined in the privacy practices. Within the privacy policy, there are several instances in which Target identifies a toll free number that a customer must call to opt out. This would include the ability to opt out of receiving postal mail, telephone calls, e-mails, and the sharing of information with other companies. Thus, the Target site does include some of the privacy practices in the AICPA Trust Services Principles, but not all. It does seem to include adequate notice, consent, and disclosure to third parties as described above. However, the site describes little, if any, information about management, collection, access, security for privacy, quality, or monitoring and enforcement. The site does briefly describe use of the information, such as for offering special promotions. There is no information about the retention of data. Therefore, the Target site partially describes use and retention.
56. (SO 8) EDIPipeline is an Internet EDI solution for small to mid-size companies. View the Web page at http://www.edipipeline.com. Click on the link called “Trading Partners”. Examine two or three company names you recognize. Describe how this EDI system might be advantageous for a small or mid-size company seeking to be a vendor to a large corporation such as Coca-Cola. EDIPipeline is an Internet EDI system for small and mid-size entities that allows them to sell products or services to large corporations via an EDI system. It is a simple o user system that is based on a web browser and it gives the company an “Inbox” showing all received EDI purchase orders (POs), and “Outbox” showing all pending outbound documents (i.e. 810 Invoices, 856 Advance Ship Notices, 855 Purchase Order Acknowledgements, and 997 Functional Acknowledgments), and logs for sent, received, and deleted documents. It includes the capability to import the PO information directly into the company’s accounting system. This would eliminate the need to manually key purchase order information into the accounting system. This would save time, costs, and reduce errors. Since the software is web-based and works on a browser, it can be accessed from an computer and very little training is necessary for employees. 57. (SO 10) Read the article at http://xbrl.us/learn/documents/betterreporting.pdf. Briefly describe what this article says about how XBRL has transformed financial reporting. Page 6 of this report has a section entitled “How XBRL Has Transformed Financial Statement Reporting”. It indicates that XBRL for financial reporting to the SEC, “enables greater accuracy, reliability and timeliness for users including regulators, investors, and analysts”. A direct quote from that section that summarizes the advantages is as follows. a. Financial statement data that previously took weeks or even months to put into an electronic format is now available to the public immediately after it is submitted to the regulator.
Page14-8
Chapter 14 Solutions
E-commerce and E-business
b. Most financial statement data reported by public companies is now more comparable from company to company – in the past, one company’s “cash” line item could be defined vastly differently from another company’s “cash.” Today, creators and users have agreed-upon definitions for every term. c. Changes in reporting requirements, like new accounting standards, can be more easily disseminated to the public company universe as companies are required to work with a specified release of the taxonomy, e.g., 2011 Release, 2012 Release. In addition, companies can electronically assess the impact of changes in rules on their filings and quickly assess the impact on future filings. d. Investors and analysts have easier, faster, cheaper access to “asreported” company data and no longer need to rekey data resulting in greater accuracy and timeliness. 58. (SO 5) List and describe the nine privacy practices recommended by the AICPA Trust services Principles Privacy Framework. If you have ever made a purchase online, you have likely seen these practices in use. Provide any examples from your own personal experience. Management. An organization should properly manage privacy. This means that a person or persons must be assigned responsibility to oversee privacy practices. This person should insure that privacy practices are documented and followed. Notice. Notice implies that companies provide their privacy policy to customers. In many cases, the privacy policy is posted on the website. The notice should inform customers of the purpose for collecting the information and how it will be used. Choice and consent. The company should tell customers of any choices the customer might have to opt out of providing information. Also, the online company should gain consent from the customer to collect, use, and retain the information. Consent can be implicit or explicit. Collection. The company should limit collection of customer data to that data for which they have received consent. Use and retention. The company should only use customer data as disclosed in its privacy policy and should retain such data only as long as necessary. Access. The company should provide access that would allow the customer to view, edit, or delete personal information. Disclosure to third parties. Any data collected from customers should not be shared with third parties unless the customer has given consent. Security for privacy. The organization should have protections to insure that customer data is not lost, destroyed, altered, or subject to unauthorized access. Quality. Protection and controls should exist to insure that the data has quality. Quality means it is accurate and complete. Monitoring and enforcement. Privacy practices should be continuously monitored to insure they are followed.
Page14-9
Chapter 14 Solutions
E-commerce and E-business
Examples that students provide will differ from student to student. Examples would be things such as viewing the privacy policies on the web site, granting consent for data collected, etc.
59.
Cases 60. Beach Beauties,Corp. (BBC) and delivery problems. Required: a. Speculate as to potential causes of this problem. It appears that Alex and possibly other sales representatives are making date entry errors as they enter the delivery information. Alex’s original sales order files specify delivery to the retail stores and this would indicate that customers are not making the error as they e-mail sales orders, but that Alex is making data errors as he enters delivery information. b. What additional information would be needed to determine the actual cause of this problem? A computer log of the transactions may help determine the errors. c. What controls could be implemented to avoid repeated instances of this problem? It is probably not possible to avoid some errors, but not all. BBI could possibly reduce these errors by instituting a few policies or practices. One practice might be to sales reps to choose delivery ocati0n via a drop-down box rather than keying in delivery data. Another useful practice would be to require sales reps to print the order data as entered, and compare it to the original sales order before confirming the order in the online system. Another option may be to eliminate one step in the sales order process. Rather than having sales reps enter order information in a web browser, the customer could enter the data. This would eliminate the steps of the customer e-mailing the order and the sales rep entering the order. The customer could also make data entry errors, but typically, removing extra human steps reduces the total number of errors. 61. Caseline Analytics and XBRL. Required: Perform an online research of XBRL at http://www.xbrl.org and determine whether or not XBRL would be appropriate for Case’s business. Would XBRL be more effective and reliable? Why or why not? Your response should focus on the existence of any enhancements or concerns that are likely to result in terms the timeliness of information, internal controls, and security.
Page14-10
Chapter 14 Solutions
E-commerce and E-business
The following paragraphs were excerpted from www.xbrl.org on February 15, 2008. The introduction of XBRL tags enables automated processing of business information by computer software, cutting out laborious and costly processes of manual re-entry and comparison. Computers can treat XBRL data "intelligently": they can recognise the information in a XBRL document, select it, analyse it, store it, exchange it with other computers and present it automatically in a variety of ways for users. XBRL greatly increases the speed of handling of financial data, reduces the chance of error and permits automatic checking of information. Companies can use XBRL to save costs and streamline their processes for collecting and reporting financial information. Consumers of financial data, including investors, analysts, financial institutions and regulators, can receive, find, compare and analyse data much more rapidly and efficiently if it is in XBRL format. These paragraphs indicate that XBRL can reduce costs, processing time, labor, errors when compared to manual processing. The capability of computers to recognize, analyze, store, and exchange the data means that it streamlines the type of processes at Case and makes them more efficient. Thus, Case would find XBRL more effective and reliable. There may, of course, be extra costs involved to implement the hardware and software needed to use XBRL. It may also require that his clients be able to provide data in XBRL format.
Page14-11
Robatelli’s Continuing Case Solution – Chapter 15 Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. What advantages could Robatelli’s expect by upgrading to an ERP system? The general advantages described in chapter 15 would be applicable. That is, there would be advantages related to: a. The interaction of modules so that recording of sales might automatically trigger new orders of the ingredients needed. b. The real time nature of an ERP system that would provide timely feedback to management. c. The “best practices” inherent in an ERP system. Robatelli’s might need to change their processes to match the ERP system, but such a change should increase the effectiveness and efficiency of those processes. d. The single data base that allows sharing of information across functional areas. e. The ability to analyze data such as sales patterns. f. The ability to enhance the web sales that Robatelli’s is engaged in. g. The capability of an ERP system to interact with trading partners. For example, Internet EDI might increase the efficiency and effectiveness of the purchase of ingredients. h. The scalability of the ERP system that would allow the system to grow if Robatelli’s grows. There are some specific advantages related to the specific information described in the case. For example, the current software does not automatically post sales to the general ledger. An ERP system would have automatic and real-time posting to the general ledger and the ability to analyze sales patterns. b. As Robatelli’s considers modules to purchase, which four or five modules do you believe would be most critical? Why? There could be many different answers to this because various software vendors use different terminology regarding modules. The following answer uses generic, high level terminology for modules. Robatelli’s should consider purchasing and using the following modules: financial, human resources, procurement and logistics, sales and services, and analytics. The need for financials and HR are somewhat obvious. Procurement and logistics would help Robatelli’s manage the various ingredients and supplies they purchase, and the movement of those purchased items to the various restaurants. Sales and services
would provide a powerful module to handle sales and e-commerce sales. An analytics module would give Robatelli’s the opportunity to analyze several kinds of operational aspects. For example, data mining could be used (see chapter 13) to analyze sales patterns and improve decisions about pricing, promotions, and inventory levels of ingredients. There are some answers that might be obviously wrong. For example, Robatelli’s might not have as great a need modules related to manufacturing. c. Which method of implementation of an ERP system do you suggest for Robatelli’s? Why? Although any method could be the argued to be the correct answer, the “big bang” is probably the least desirable for a company like Robatelli’s. The company is not large enough to have a large, highly competent IT staff that could accomplish a “big bang” implementation. The modular approach may be the best for Robatelli’s as it would allow them to implement little parts of the system at a time. This would probably be the least risky. A location-wise would probably not work as well for Robatelli’s because most of the ERP system would affect the headquarters and only a few things could be implemented at the various restaurants (locations). Since much of the accounting, purchasing, logistics, and analysis is an the headquarters, there would be little gained by trying to do a location-wise method. d. Recommend two or three ERP systems that would be appropriate for Robatelli’s. Be specific with respect to the name of the ERP software system and the provider company. When making these recommendations, consider the size of Robatelli’s and, therefore, what it might be able to afford. This answer will vary widely because there has been much activity by the vendors of ERP systems to attract all types of businesses. For example, tier one systems such as SAP or Oracle would not have been appropriate selections for small to mid-size businesses in the past. But now even the tier one vendors have products that they market to small to mid-size businesses. For example, SAP sells an ER system called SAP Business One. Some ERP systems that are appropriate for small or midsize enterprises would be: a. Microsoft Dynamics b. Sage MAS 500 c. SysPro ERP d. Epicor e. Netsuite ERP (a Cloud ERP). Accounting software that would not be appropriate for Robatelli would be the software such as Quickbooks or Peachtree. Robtelli’s would be too large aa business these simpler accounting systems.
Chapter 15 Solutions
IT Infrastructure for E-Business
Concept Check 1. a 2. d 3. b 4. c 5. b 6. b 7. a 8. c 9. d 10. c 11. b 12. a
Discussion Questions 13. (S.O. 1) Describe how ERP systems enhance efficiency in a business organization. ERP systems enhance efficiency by controlling all business processes in one software system. That is, a single system collects, processes, stores, and reports data resulting from all sales, purchase, conversion, and administrative processes. In addition, ERP systems enable e-commerce and e-business, thus further enhancing efficiencies. 14. (S.O. 1) Why is real-time processing essential in an ERP system? Real-time processing is essential in an ERP system because all employees in the organization need to use the same information. Since data is stored in a single database, it is important that the most up-to-date information is available because of its usefulness in so many areas of the organization. 15. (S.O. 1) How has ERP increased the responsibilities of customer service representatives? Since customer services representatives have access to complete and timely information through the ERP system, they are able to answer important questions pertaining to availability of stock, timing of production, purchases, deliveries, and shipments, as well as historical information about customer orders and buying habits. The ERP’s ability to integrate company-wide information enables customer service representatives to deliver better service, thus facilitating a higher level of customer satisfaction. 16. (S.O. 1) What is an MRP II system and how is it different than the ERP systems in use today? Manufacturing Resource Planning (MRP II) software systems is focused on the movement and use of resources needed by a manufacturing company, such as purchasing, warehousing, and the scheduling of deliveries, production, and shipping. MRP II systems evolved into ERP systems when the system’s functionality 1
Chapter 15 Solutions
IT Infrastructure for E-Business
increased to include processes related to marketing, distribution, human resources, etc. 17. (S.O. 1) What are the two databases used by ERP systems? The ERP system often utilizes two different databases. These two databases are the operational database and the data warehouse. The operational database contains the data necessary to conduct day-to-day operations and produce management reports. It is continually updated as transactions are processed. The data warehouse contains non-volatile historical information that is used to support management decision-making. 18. (S.O. 1) Differentiate between the “enterprise-wide” and “non-volatile” features of a company’s data warehouse. Data is enterprise-wide when it is pulled from the operational database (which pertains the operations of the entire organization), and is then maintained in the data warehouse for many periods. Data is non-volatile because it does not change rapidly in the same way that operational data changes. Periodically, new enterprisewide data from the operational database is uploaded to the data warehouse, but other than the updating process, the data in a data warehouse does not change. 19. (S.O. 2) What was unique about SAP’s first ERP system? SAP’s first ERP system was unique in that it integrated all business processes (not just manufacturing) and that it made data available in real time. 20. (S.O. 2,5) Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name? SAP differentiated new versions of its software by coding them as R/1, R/2, and R/3, where the “R” stands for “real-time processing” and the number relates to the version. SAP R/1 was SAP’s first release, which integrated all business processes and made data available in real time. R/2 allowed for interactivity between modules and added more features (such as order tracking). R/3 used client-server hardware that allowed the system to run on a variety of computer platforms and allowed for third-party companies to develop software that will integrate with SAP R/3. 21. (S.O. 3) How do ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners? ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners by using EDI, Internet EDI, or extranets to connect with suppliers and customers. Exhibit 15-2 depicts a view of an ERP II system. 22. (S.O. 3) How did the tragic events of September 11, 2001 affect the market for ERP systems? The events of September 11, 2001 caused drastic reductions in sales of ERP systems, as nearly all companies reduced IT spending. The economy experienced a downturn and all most businesses were cutting expenses, including IT expenditures. 23. (S.O. 4) What are some of the activities included in an ERP module for supply chain management? Supply chain management (SCM) is the management and control of all materials, funds, and related information in the logistics process from the acquisition of raw material to the delivery of finished products to the customer. The supply chain involves trading processes from a supplier to a business, as well as trading
2
Chapter 15 Solutions
IT Infrastructure for E-Business
processes between the business and its customers and other intermediaries. Similar to internal processes, these trading processes can experience improved efficiency by using ERP systems to initiate, record, store, and report these processes. 24. (S.O.4) What are some of the features of an ERP module for customer relationship management? Customer relationship management (CRM) allows organizations to manage customer relationships in an organized manner by providing a database of detailed customer information that management, salespeople, and customer service representatives can readily access. This database generally includes historical information regarding customer purchases, which can be used to match customer needs with products, inform customers of service requirements, and analyze customer buying behavior. 25. (S.O.5) Which company is today’s top-seller of ERP systems in the U.S.? SAP is the top-selling tier one manufacturer of ERP systems in the U.S. (through 2007). 26. (S.O.5) Differentiate between Oracle’s “back office” and “front office” modules. Back office modules are the ERP modules such as financial, manufacturing, supply chain, procurement, and human resources applications that typically do not involve interaction with the customer. The front office modules are for sales, marketing, service and call center functions that are visible to customers. 27. (S.O.5) Which tier one company introduced the first ERP system that was “pure internet,” requiring no programming code to reside on the client computer? Peoplesoft is the tier one company that introduced the first “pure internet” ERP system that required no programming code to reside on the client computer. 28. (S.O. 5, 6) Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? For a human resources placement company? SAP is the tier one ERP company that is likely to provide the “best fit” for a manufacturing firm because its systems evolved from MRP II systems. For a human resources placement company, Peoplesoft is likely to be the “best fit” because it evolved from a human resources software system. 29. (S.O.6) Why is business process reengineering an important aspect of ERP implementation? Business process reengineering (BPR) an important aspect of ERP implementation because it aligns business processes with the underlying IT systems used to record processes. In addition, it improves efficiency and effectiveness of these processes. When technology is introduced intro business processes, BPR and IT can have a mutually-enhancing relationship: IT capabilities support the business processes and the business processes can be redesigned to match the capabilities of the IT system. Therefore, BPR is important because of its role in improving process efficiencies. 30. (S.O.6) Why should customization of an ERP system be limited? Customization of an ERP system should be limited because of issues with cost and upgrading. Any customizations may require changing or writing new programming code and this can be a very expensive and time-consuming task. The cost of customization can easily exceed the cost of packaged ERP software. Second, any
3
Chapter 15 Solutions
IT Infrastructure for E-Business
customizations cannot be automatically incorporated when the ERP vendor provides an upgraded version of the ERP software. Therefore, upgrading to the new version may mean losing any customizations. 31. (S.O.6) Differentiate between location-wise and modular implementation approaches to the conversion to an ERP system. In a location-wise implementation of an ERP system, the organization chooses a specific location or sub-unit of the organization and implements the ERP system in that location only. This approach can be considered a “pilot” approach in which the ERP is first carried out in a sub-unit of the larger organization. This means that any resulting problems will be isolated within the pilot unit so that the entire organization is not impacted. In a modular implementation, the ERP system is implemented one module at a time. The implementation team will normally focus on the most critical module first and complete the implementation of modules in descending order. This allows the organization to take advantage of the new features of the module in the ERP system without affecting all processes in the organization. 32. (S.O.7) Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate? The location-wise implementation method is considered a “pilot” approach because the ERP is first implemented in a single location or sub-unit of the organization before it is implemented across the entire organization. This allows any problems to be worked out in an isolated area without impacting the entire organization. Thus, the changes and resolutions experiences in this pilot area can be used to guide the subsequent implementations. 33. (S.O.8) How can an ERP system assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002? ERP systems assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002 by providing real-time financial information to facilitate the reporting requirements of the Act. For instance, enhanced financial modules of an ERP system may provide feedback information to management regarding internal controls, which is important for complying with the reporting requirements of section 404 of the Act. In addition, ERP systems can enhance internal controls by providing for the proper segregation of duties and establishment of authority, as well as the real-time monitoring and reporting of exceptions.
Brief Exercises 34. (S.O. 2) Why was there so much growth in the sales of ERP systems in the late 1990s? There are two major contributing factors to the rapid growth in sales of ERP software in the late 1990s. One factor was the explosive growth of e-commerce and the dotcom boom that occurred during this time period. To enable e-commerce and accelerate business processes in order to meet the demands of e-commerce sales, companies needed integrated systems such as ERP. A second factor was the valid concern about Y2K compatibility of existing software systems in companies. Many companies were rapidly trying to replace legacy software systems in the late 1990s
4
Chapter 15 Solutions
IT Infrastructure for E-Business
before the year 2000 changeover occurred. Many were facing uncertainty as to whether their legacy software would work after 1999. System professionals were concerned that older legacy systems would “blow up” when faced with a date of 2000 or later. 35. (S.O. 3) What are the five most common reasons for increased spending on ERP systems in the early 2000s? Which of these reasons was the impetus for Viper’s ERP implementation in 2003? Some of the reasons for this increased ERP spending are: a. The need to improve customer service through standardizing and combining business processes. This necessitates ERP software that can support standardized and combined processes. b. Global companies that operate in several countries may have separate ERP systems in various countries. Many of these companies decide to replace these various ERP systems with one centrally managed ERP system for the entire company. c. Aging ERP systems that were installed prior to Y2K need replacement to meet competitive demands faced by companies. d. Bigger IT budgets in 2005 replaced leaner budgets between 2001 and 2004. Companies began increasing overall IT spending, including spending on ERP systems. e. To enhance compliance with the Sarbanes-Oxley Act. Viper Motorcycle Company implemented an ERP system primarily to enhance compliance with the Sarbanes-Oxley Act of 2002. 36. (S.O. 4) Match the ERP modules on the left with the purpose of the related processes on the right: Financials b. Maintenance of the general ledger and supporting journals and sub-ledgers. Human Resources d. Accounting for personnel and payroll activities. Procurement and c. Keeping track of purchasing and movement of goods and Logistics materials. Manufacturing f. Planning and scheduling of conversion activities. Sales and Services a. Taking customer orders and preparing for the impending revenue and cash collection. Analytics e. Data mining and other processes for obtaining feedback and supporting managerial decision-making. 37. (S.O.6) What potential advantages and disadvantages exist with respect to engaging a consultant for an ERP implementation? Discuss. The primary advantages of hiring a consulting firm include: a. Experience. The use of consultants may provide for a more effective implementation, as long as it is performed by professionals having experience with similar implementations. The experience of a consultant may be translated into savings for the company, particularly with respect to the avoidance of costly and time-consuming mistakes.
5
Chapter 15 Solutions
IT Infrastructure for E-Business
b. Efficiency. Due to the experience of professional consultants, time savings may be realized in terms of avoidance of unproductive time spent on training, trial-and-error, etc. c. Less strain on employees. The company’s human resources may be relieved so they can engage in their normal activities with minimal disruption to the normal routine. The most significant disadvantages of hiring a consulting firm include: a. Cost. Consultants may be expensive, and can significantly increase the cost of the overall ERP implementation. b. Limited availability. Consultants are typically hired to perform a certain function or are retained for a limited period of time. The ongoing need for the implementation team to address issues may create problems for the company who used consultants that are no longer accessible. 38. (S.O.7) What are the primary benefits of an ERP system? What are the primary risks? The primary benefits of an ERP system are the following: a. The interactive nature of the modules that allows processes to interact with each other. For example, the ordering and receiving processes can automatically trigger payment processes. b. The real-time nature of processing that decreases the total processing time and allows more immediate feedback to management. c. The “best practices” nature of the processes in ERP systems. ERP systems have evolved from many years of software experience with various companies and the software reflects tried and true practices. d. The single database that enhances sharing of information between the business’ functional areas and between processes. e. The capability to analyze large amounts of data in a single database. Analytical tools are incorporated in ERP systems that allow detailed analysis of the data. f. The capability to enhance e-commerce and e-business. The ERP systems of today incorporate modules to fully incorporate e-commerce and e-business. g. The capability to interact in real-time with trading partners. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. h. The capability of ERP systems to be scalable. Scalable means the system can grow with the business. The primary risks of an ERP system are the following: a. The large size, scope, and complexity of ERP systems cause their implementation to be very costly, time consuming, and potentially disruptive to operations. (Implementation risk) b. The potential for failure of the system may cause business disruption across the entire enterprise. (Operation risk) 39. (S.O.7) What are Shang and Seddon’s five dimensions of ERP benefits? The five dimensions of ERP benefits are:
6
Chapter 15 Solutions
IT Infrastructure for E-Business
a. Operational benefits, including reductions in time and costs, and improvements in productivity, quality, and customer service. b. Managerial benefits, including improvements in resource management, planning, decision-making, and performance. c. Strategic benefits, including support for various aspects of business growth. d. IT infrastructure benefits, including increased flexibility and infrastructure capability, as well as cost reductions. e. Organizational benefits, including the facilitation of organizational learning, change management, and employee morale. 40. (S.O.7) Name the AICPA Services Trust Principles’ five operations risks? Why are these risks greater for ERP systems than for other IT systems? The five areas of operations risks are as follows: a. Security. The system is protected against unauthorized (physical and logical) access. b. Availability. The system is available for operation and use as committed or agreed. c. Processing integrity. System processing is complete, accurate, timely, and authorized. d. Online privacy. Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. e. Confidentiality. Information designated as confidential is protected as committed or agreed. These risks are greater for ERP systems than for other IT systems because of its size and complexity. Security becomes a greater risk because the
processes are integrated, and often automatically triggered in ERP systems. Therefore, any unauthorized user can affect more processes than would be true in an older, legacy system. For example, unauthorized access to a purchase module in an ERP system could allow an unauthorized user to trigger not only purchase activities, but the related payment within Accounts Payable. Availability risks are also magnified in ERP systems because of the integrated nature of processes. The failure of an ERP system has the potential to stop or disrupt all processes across the entire enterprise. Processing integrity risks are more significant in ERP systems due to the interconnected nature of an enterprise-wide system. Incorrect data generated in a given process can automatically trigger other processes and post flawed data to other processes. Processes may be triggered at the wrong time and incorrect data can be spread over several processes and ERP modules. It is important to understand that such processing integrity problems are possible in any IT system. But they have the potential to be more damaging in an ERP system. Online privacy and confidentiality risks are also magnified in ERP systems. ERP systems often have sales and customer relationship 7
Chapter 15 Solutions
IT Infrastructure for E-Business
management modules in an e-commerce mode. This means that sales and customer data is exchanged via the Web or EDI. In ERP systems these front-office systems of e-commerce and sales are automatically integrated into the back-office systems of an ERP system. The backoffice modules are the financials, supply chain management, and human resources modules. Therefore, in an ERP system, the e-commerce activity of customers often automatically integrates into the general ledger and related processes. This interconnectivity causes more potential areas for private or confidential information to be available. 41. (S.O.8) Explain how an ERP system can enhance internal controls? Specifically, how can it facilitate the separation of duties? Since the passage of the Sarbanes-Oxley Act of 2002, ERP systems have been improved to include enhancements to internal controls. These enhancements include functions that assist management in complying with sections of the Act by providing feedback information to management regarding internal controls. For processes tracked by the ERP software, a report can be generated that identifies which employees are authorized to initiate and conduct processes. Based on each employee’s ID and password, audit trails can be constructed and reported that indicate which employees initiated or conducted individual processes. This module within the ERP system can map processes to assist management in understanding whether duties are appropriately segregated within the process. Segregation of duties is an important part of internal control that can help prevent errors and fraud. ERP systems can be used to properly segregate duties. The ERP system can incorporate a matrix of tasks that are incompatible duties. For each employee ID and password, the system can check the employee’s access to various tasks to insure that no employee can initiate or conduct incompatible tasks. The ERP system electronically segregates duties by limiting the types of transactions each employee can perform. For example, a single employee should not have system access to initiate a purchase and record it as received. In an ERP system in which integrated modules often automatically trigger events, recording the receipt can automatically initiate a check for payment. Thus, it is important that a single employee not have authorization in the ERP system to initiate a purchase and also record the receipt. In addition to the preventative nature of attempting to restrict incompatible duties, an ERP system also allows real-time monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what was expected, they can be reported to management in real-time. Therefore, an ERP system can assist management in monitoring internal control, monitoring errors and problems, and monitoring exceptions to internal controls.
8
Chapter 15 Solutions
IT Infrastructure for E-Business
Problems 42. (S.O. 1) Describe the ERP’s modular interface that is necessary in a typical manufacturing environment. An ERP system is a multi-module software system that integrates all business processes and functions of the entire organization into a single software system, using a single database. Each of the software modules of an ERP system is intended to collect, process, and store data of a functional area of the organization and to integrate with related processes. For example, a module may be designed to process purchase transactions and record all data about purchase orders. This module must integrate with accounts payable and inventory since the vendor must be paid and inventory increased as the purchased goods arrive. Each module automates business activities of a functional area within an organization. Information is updated real-time in the ERP database, so that employees in all business units are using the same information, and all information is up-to-date. Since the data is stored in a single database, each functional area can easily share information with other areas of the organization. 43. (S.O. 2) Identify and describe the first generation of ERP systems used in the 1970s, and the second generation of ERP systems used in the 1980s. The first generation of ERP software was called Materials Requirements Planning (MRP) software. MRP software of the 1970s allowed plant managers to coordinate the planning of production and raw material requirements. MRP software determined order size and timing of raw materials based on sales forecasts and factoring in lead times for order and delivery of materials. The typical computer hardware of the 1970s that was used to enable an MRP system was mainframe computers, sequential file processing, and electronic data interchange (EDI). The EDI allowed up-to-date information about inventories and status of orders to be processed quickly. As mainframe computers improved in speed and power during the 1980’s, MRP software evolved into Manufacturing Resource Planning (MRP II) systems. MRP II was much more broad and encompassing than MRP software. MRP software was intended to provide for the purchase of raw materials to support manufacturing needs. The purpose of MRP II was to integrate manufacturing, engineering, marketing, and finance units to run on the same information system and to use a single database for these functions. As MRP and MRP II systems became more popular in large manufacturing companies, early pioneers of ERP systems were working on a broader concept of information system software. Five former IBM systems analysts began work on an early version of ERP software in 1972. These five formed a company that was to become Systems, Applications and Products in Data Processing (SAP). SAP designed the first true ERP system that was called SAP. SAP was intended to integrate all business processes, not just manufacturing, and to make data available in real time. To the financial accounting system, they added modules for Materials Management, Purchasing, Inventory Management and Invoice Verification. SAP
9
Chapter 15 Solutions
IT Infrastructure for E-Business
release 2, or SAP R/2 was released in 1978. The new version took full advantage of the current mainframe computer technology, allowing for interactivity between modules and additional capabilities like order tracking. 44. (S.O. 4) Compare and contrast the functionality of the Logistics module and Supply Chain Management activities. The logistics function manages all processes related to the purchase and movement of materials and finished goods. This module incorporates the purchase processes, as well as the processes and data resulting from the movement inventories. It is a subset of the functions included in the supply chain management activities. Supply chain management (SCM) activities encompass the planning and management of all sourcing, procurement, conversion, and logistics functions. SCM also includes coordination and collaboration with suppliers, intermediaries, third party service providers, and customers. 45. (S.O.7,8) Suppose a company is experiencing problems with omitted transactions in the conversion processes: i.e., inventory transactions are not always being recorded as they occur. How can an ERP system help to alleviate such a problem? An ERP system could help alleviate problems with omitted transactions through its internal control enhancements. For example, ERP systems allow real-time monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what is expected (as in the case of omitted transactions), they can be reported to management immediately. In addition, the system can identify employees involved with the recording of specific transactions, which may help identify the source of a problem so that it may be corrected quickly. 46. (S.O.6) Using an internet search engine, search for the terms “best of breed” + ERP. Locate information that addresses the debate/dilemma faced by many companies regarding the decision implementing best of breed technology versus new applications from an ERP vendor. Write a brief memo to discuss this issue. Answers to this questions may vary. Following is a sample response: An ERP system is an integrated system of modules intended to cover the entire range of company activities. But in some cases, there may be advantages to purchasing and using a module from another vendor if that vendor provides the best software module for that activity. Such a module is called the “best of breed”. The best of breed approach is probably most advantageous when the industry specific processes of a company do not match well with an ERP system that is based on the most common processes. An example of best of breed would be purchasing a separate Customer Relationship Management module instead of using a CRM module within the ERP system. ERP modules have CRM modules that allow you to pull up and manipulate customer data at will. The view of the customer may contain summarizations of activities conducted elsewhere in the system that relate to that customer. For example, if a customer places an order with your company, a sales person that is looking at that customer in the hopes of penetrating the account more deeply can see that there is already an outstanding order. This may trigger him/her to offer an appropriate discount on another product or offer add-on product to the one just sold. The ERP approach is, in most cases, the most seamless solution.
10
Chapter 15 Solutions
IT Infrastructure for E-Business
ERP companies like Peoplesoft either developed or acquired CRM modules and integrated them into the larger suite. The downside to this approach is that their CRM modules may not have all the functionality you need in areas like marketing and decision analysis. This approach may require you to spend money extending their baseline functionality to meet your specific business needs. This is true in general for any best of breed module such as fixed asset management, HR, order fullfillment, etc. The best of breed approach aims to integrate a feature-rich system that can integrate into the ERP system. The vendors of these applications often provide outof-the-box connectors to popular ERP systems to ease the difficulties of integration into the ERP system. The advantages of choosing a best of breed approach include: 1) deeper and more industry specific functions, 2) not being tied to a single vendor, 3) fewer changes to industry specific processes within the company. The disadvantages to best of breed include: 1) a greater total cost of purchasing and maintaining the system, 2) it creates a more complex IT environment because of the need to integrate a separate module into the ERP system. The advantages to using an existing ERP module (not best of breed) includes: 1) simpler IT environment, 2) smaller total cost to purchase and maintain, 3) quicker and simpler implementation, 4) better integration into the entire ERP system. The disadvantages to using the existing ERP module include: 1) a greater change in business processes to match with the ERP system, 2) potential gaps between company needs and software functionality 47. (S.O.6) Using an internet search engine, search for the terms “big bang” + ERP. Identify at least one company that represents a success story with regard to this ERP implementation method (other than Marathon, as described in the Real World Example). Also identify at least one company that experienced problems with this approach (other than the city of Tacoma, as described in the Real World Example). Answers may vary for this question. Some sample responses follow: Some companies that have had success with regard to their experiences with big bang implementation of ERP software include the United Nations Development Programme, Hewlitt-Packard, Strategic Petroleum Reserve (63 days ahead of schedule and 4% under budget) , and others. More recent examples include Tata Refractories and Bajaj Electrical in India (http://www.cio.in/case-study/project-smilebrings-end-end-connectivity-across-bajaj-electricals and http://oracledemantra.blogspot.com/2010/01/bajaj-electrical-success-storyoracle.html), Some companies that have experienced problems with the big bang approach to ERP implementation include Nike, Iowa’s Department of Administrative Services, Hersheys, LTV Steel, Fox Meyer, and others. The most recent list of failures is an a 2011 article at http://www.pcworld.com/businesscenter/article/246647/10_biggest_erp_software_fail ures_of_2011.html. Examples from that article include the UK government, Montclair State University, Marin County in California, ParknPool, CareSource Management Group, and Whaley Foodservice Repair.
11
Chapter 15 Solutions
IT Infrastructure for E-Business
48. Using an Internet search engine, search for the terms “SAP” and “SME”. Describe why a small to medium-sized entity might choose SAP as its ERP system. The best available summary of the ERP advantages for a small to medium sized entity is at http://prontopreview.com/download/dynamics/aberdeen/ERPinSME2011.pdf. A summary of those advantages follows. a. Many SME’s anticipate, or at least hope for explosive growth in their business. Such growth will make their companies larger, more complicated, and more distributed. An ERP system can help them better track and maintain operations and ERP systems are scalable as the company grows. ERP systems allow them to better manage the growth. b. ERP software solutions are not as expensive as they used to be, particularly if a company uses SaaS (Software as a Service) in which they do not necessarily need to buy expensive hardware to run ERP software on site. c. ERP systems allow them to better track and serve customers. They improve customer response time and allow the company to provide timely and effective customer service. For example, order tracking and service scheduling are more streamlined. In many cases, an ERP system can enhance the systems so that customers can easily do order tracking or service scheduling as a self-service. It cuts cost for the company and better serves the customers. d. They are better able to keep track of strategic partnerships (such as vendors) e. ERP systems allow them to better “assess demand, react to changes more quickly, provide accurate and consistent data, and engage customers and employees”. f. Their study of 300 SME’s with ERP systems in the top 20% experienced: i. A shorter number of days to close the accounting records at the end of the month (2.69 days average). ii. A shorter time period of days sales outstanding (33.11 days), a measure of cash collection speed. iii. More on-time delivery of products or services (96% complete ontime delivery) iv. A 21% growth in operating margin g. By using ERP systems, they: i. Lowered operating and administrative costs ii. Improved on-time delivery iii. Increased the speed of decision making iv. Increased customer satisfaction v. Gained better knowledge of day-to-day operations.
Cases
12
Chapter 15 Solutions
IT Infrastructure for E-Business
49. ERP Implementation at Zostner Industries. a. An ERP system could improve performance at Zostner in many ways. Because an ERP uses a single, shared database, information sharing and integration of the various processes would occur. This would lead to more efficient processes. Also. Management could receive more real-time feedback about operations and this can lead to improved decision making. Also, analytical tools are available in ERP systems to help managers do more detailed analysis of operations. The time involved in entering data separately into the various systems will be saved and the time and cost of maintaining legacy systems can be reduced. With an ERP system, Zostner would have the capability to automatically interact with IT systems of trading partners and to enhance e-business or e-commerce. All of these aspects improve the efficiency of business processes. Finally, ERP systems are scalable and can grow if Zostner grows. b. A ‘big bang” approach implements all modules of the ERP system across the entire organization at the same time. Because of the scope and complexity of a big bang implementation, there are many risks that can cause a failure. ERP implementation usually requires business process reengineering. So at the same time the new software is implemented, there are many changes to processes. Thus, there is much complexity and employees are unfamiliar with new processes. This means mistakes or omissions within processes are likely. The chapter mentions problems with a big bang implementation in Tacoma, Washington. However, if the big bang approach is well-planned and implemented correctly, it offers the advantage of reducing the time and cost of implementation. A modular approach, in which modules are implemented one at a time, could take more time and money. There is less risk than a big bang approach because focusing on one module at a time reduces the scope and complexity of the implementation. A simple analogy might be to compare remodeling every room of a house at the same time (big bang), or doing one room at a time (modular). Using this analogy, it is easier to see that the whole house approach is more likely to cause problems, delays, and chaos. c. To choose the order of implementing modules, Zostner should analyze and determine which modules more closely relate to their strategic objectives. Those modules most closely related to achieving strategic objectives should be implemented first. 50. Chacon University potential problems in an ERP implementation. There are several areas of potential problems. Those identified or implied are: a. Universities have a different environment than corporations. Corporations are managed top-down with the chief executives holding much influence over everything. Universities are much more decentralized and subunits operate with more autonomy. b. The IT staff at universities are not usually experienced with ERP systems and tend to rush implementation and not test the systems.
13
Chapter 15 Solutions
IT Infrastructure for E-Business
c. Too many “home-grown” legacy systems that may be difficult to convert into ERP systems. The article does mention that middleware can be used to integrate the legacy systems into an ERP system. d. University presidents or administrators may have too high expectations for ERP systems and try to implement too many modules. e. The ERP systems costs more to support than the legacy systems. f. It is difficult to get “buy-in” from everyone across campus for different processes that match the ERP system. This is difficult in universities because of the autonomy mentioned in (a) above. g. Universities have lean staffs and tight budgets which leads to lack of staff training and less testing of the system. h. In some cases the load on the system of all the returning students in the fall caused the web portal to crash. (for example at Massachusetts) i. ERP vendors, such as PeopleSoft did not have as much experience in University implementations and often were unable to provide answers. j. In the Montclair University lawsuit against Oracle, both sides claim the other party is to blame. The project was named the ”Bell Tower Initiative” and it was to take 25 months and cost $15.75 million. Montclair claimed that the Oracle IT staff were subcontractors who were unprepared to conduct the implementation and were constantly rotated on and then off the project. Oracle claimed the university did not have a competent IT staff who understood the technology. The Montclair staff could not properly assist Oracle’s staff.
14
Accounts Receivable Aging Report April 30, 2013
Customer Name Acme Sporting Goods Central Acme Sporting Goods Central Acme Sporting Goods Central Acme Sporting Goods Central Brufton Outdoors Brufton Outdoors Jafferty Sporting Goods Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Pup Scouts of Devron Pup Scouts of Devron Regents Athletic Club Regents Athletic Club Buddy's Sports Buff Buddy's Sports Buff TOTALS
Total Account Balance 1,366.48 4,975.00 4,017.15 659.59 1,946.40 6,763.10 4,067.99 10,646.20 6,653.15 975.63 299.00 1,104.13 655.31 1,843.83 9,737.91 220.04 2,678.59 862.35 8,046.40 1,774.92 69,293.17
Current Balances Invoice # Amount 77341 1,366.48 75118 4,975.00
78021 77216 77089 75663
77911
1-30 days Invoice # Amount
70698
4,017.15
74555
4,067.99
74277 73586
1,104.13 655.31
75559
220.04
77115
8,046.40
10,646.20 6,653.15 975.63 299.00
9,737.91
34,653.37
18,111.02
Past Due Balances 31-60 days Invoice # Amount
67915
65287
659.59
61190
6,763.10
61119
862.35
1,946.40
67644
1,843.83
66268
2,678.59
70564
Over 60 days Invoice # Amount
1,774.92 8,243.74
8,285.04
Accounts Receivable Aging Report April 30, 2013
Customer Name Acme Sporting Goods Central Acme Sporting Goods Central Acme Sporting Goods Central Acme Sporting Goods Central Brufton Outdoors Brufton Outdoors Jafferty Sporting Goods Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Kansas Dept. of Rec & Safety Pup Scouts of Devron Pup Scouts of Devron Regents Athletic Club Regents Athletic Club Buddy's Sports Buff Buddy's Sports Buff TOTALS
Total Account Balance 1,366.48 4,975.00 4,017.15 659.59 1,946.40 6,763.10 4,067.99 10,646.20 6,653.15 975.63 299.00 1,104.13 655.31 1,843.83 9,737.91 220.04 2,678.59 862.35 8,046.40 1,774.92 69,293.17
Current Balances Invoice # Amount 77341 1,366.48 75118 4,975.00
78021 77216 77089 75663
77911
1-30 days Invoice # Amount
70698
4,017.15
74555
4,067.99
74277 73586
1,104.13 655.31
75559
220.04
77115
8,046.40
10,646.20 6,653.15 975.63 299.00
9,737.91
34,653.37
18,111.02
Past Due Balances 31-60 days Invoice # Amount
67915
65287
659.59
61190
6,763.10
61119
862.35
1,946.40
67644
1,843.83
66268
2,678.59
70564
Over 60 days Invoice # Amount
1,774.92 8,243.74
8,285.04
05/27/13 05/27/13 05/01/13 04/14/13 02/13/13 03/22/13 02/01/13 04/06/13 05/30/13 05/16/13 05/15/13 05/01/13 04/14/13 04/06/13 03/22/13 05/05/13 04/13/13 03/24/13 02/01/13 04/15/13 03/14/13
77341 75118 70698 65287 67915 61190 74555 78021 77216 77089 75663 74277 73586 67644 77911 75559 66268 61119 77115 70564
1366.48 4975 4017.15 659.59 11018.22 1946.4 6763.1 8709.5 4067.99 10646.2 6653.15 975.63 299 1104.13 655.31 1843.83 22177.25 9737.91 220.04 9957.95 2678.59 862.35 3540.94 8046.4 1774.92 9821.32
Sales Order Entry Screen Date:
Customer number:
Sales order number:
Line #
Item #
Quantity
1 2 3 4 5
This could be a more complex screen if the instructor wishes. This covers the bare minimum of data that would be entered.
Sales Order Number 35610 35610 35610 35610 35610
Date 5/27/2013 5/27/2013 5/27/2013 5/27/2013 5/27/2013
Customer Number 42004 42004 42004 42004 42004
Line Number 1 2 3 4 5
Item Number 1046R 1047R 1049R 2025W 2027W
Quantity 12 12 24 24 12
Note: Some Sales Order data would not need to be entered for each sales order. Information such as bill to address and ship to address would be in a customer master record. Information such as item descriptions and unit prices would be in a price list record or inventory master record.
SALES JOURNAL
Date Customer May 27 Weston's World of Wines
Monthly Totals
Sales Order No. 35610
DEBIT A/R - G/L 10200 Subs. A/C# Amount 42004 617.16
617.16
Post
Sales Ret. G/L 30200
Sales G/L 30100 617.16
617.16
CREDIT Other G/L Acc# Amount
-
Post
Receiving Entry Screen Date:
Order number:
Vendor account:
Line #
Part #
Quantity Shipped
1 2 3 4 5 6 7 8 9 10
This could be a more complex screen if the instructor wishes. This covers the bare minimum of data that would be entered. Data such as order quantity, customer address, etc. would already be in the computer files and would not need to be entered.
Customer Order Number 75489 75489 75489
Date 9/30/2007 9/30/2007 9/30/2007
Customer Number 5404 5404 5404
Line Number 1 2 3
Item Number 918-0142 725-1396 725-0267
Ship Quantity 50 80 40
Note: Some receiving data would not need to be entered for each receipt of goods. Information such as bill to address and ship to address would be in a customer mast Information such as item descriptions and unit type would be in a price list record or inventory master record.
er record.
Payroll Data Entry Screen Pay period
05/02/07
Approval by; KTB
Employee SSN# 222556666
DAY Monday Tuesday Wednesday Thursday Friday Saturday Sunday
IN TIME 8:02 8:00 8:11 7:57 12:01 9:00
OUT TIME 11:40 11:45 11:30 11:44 16:15 12:04
IN TIME 12:34 12:44 12:15 12:52 17:10
OUT TIME 17:02 17:01 17:00 17:16 21:05
TOTAL REGULAR HOURS HOURS 8:06 8:02 8:04 8:11 8:09 3:04 0:00 43.60 40.00
Note: This solution has proper formating to show hours and minutes for each day, and formulas at the bo calculate total hours, regular hours, and overtime hours. Also, spreadsheet protection has been used to allow entry only in the boxes shaded yellow.
OVERTIME HOURS
3.60
ttom to
Date 05/02/07 05/02/07
Employee /SS# 222556666 222556666
Hours: Pay Rate: Regular/ Regular/ Overtime Overtime 40.00 $ 19.750 $ 3.60 $ 29.625 $
Medicare Gross FICA Pay Withheld Withheld 790.00 $ 48.98 $ 11.46 106.65 $ 6.61 $ 1.55
Federal Inc. Tax Withheld $ 158.00 $ $ 21.33 $
Net Pay 571.57 77.16