Accounting Information Systems Controls and Processes, 1st Edition By Turner, Weickgenannt
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 1: Introduction to AIS TEST BANK – CHAPTER 1 – TRUE/FALSE: 1. A business process has a well-defined beginning and end. 2. Each business process has a direct effect on the financial status of an organization. 3. Few accounting information systems rely on computer hardware and software to track business processes. 4. The rethinking and redesigning that occur during business process reengineering are aided by the use of information technology. 5. There are very few business processes that have the potential to be improved by IT enablement. 6. Business process reengineering should leverage the capabilities of information technology to improve the efficiency of business processes. 7. It is important for accountants to have some understanding of basic computer terminology. 8. When files are organized as sequential access, and the user needs to access record number 250, the previous 249 records will be read by the computer before reading record number 250. 9. When files are organized as sequential access, the sequence is normally based on one key record in each file. 10. Batch processing is best suited to applications that have large volumes of similar transactions that can be processed as regular intervals. 11. Online processing is the opposite of real-time processing. 12. Batch processing is best suited to sequential access files. 13. Online processing is best suited to sequential access files. 14. Online processing is best suited to situations were there is a large volume of records but only a few records are needed to process any individual transaction. 15. Each time a new transaction is completed, parts of the data warehouse must be updated.
16. Data in the data warehouse are called nonvolatile because they do not change rapidly in the same way that operational data change. 17. A system of local area networks connected over any distance via other net work connections is called a WAN, or wide area network. 18. E-business is a type of e-commerce. 19. The “intercompany” component of electronic data interchange means that two or more companies are conducting business electronically. 20. In order to have an automated matching system it is necessary to have access to paper copies of purchase orders and invoices. 21. When automated matching is used, the system will not approve an invoice for payment unless the items and quantities match with the packing slip and the prices match the purchase order prices. 22. The evaluated receipt settlement system is an IT enabled system that reduces the time and cost of processing customer payments. 23. ERP systems are based on a relational database system. 24. Traditional accounting software is much more comprehensive and encompassing that ERP software. 25. Before ERP software systems, modules such as human resources were in separate software but well integrated with the accounting software. 26. Although accountants are heavily involved in the creation, implementation, and monitoring of the control structure, management has the ultimate responsibility to establish a control environment. 27. Once a company has decided on the control processes needed, it is not necessary to have an ongoing assessment of risks. 28. A code of ethics should reduce opportunities for employees to conduct fraud if management emphasizes the cost and disciplines or discharges those who violate it. 29. IT systems are to be chosen and implemented to support the attainment of strategies and objectives. 30. It is likely that an accountant will select a career path, within accounting, that will not in some way, involve the use of an accounting information system. 31. An auditor cannot make informed decisions necessary to complete the audit without an understanding of the accounting information system.
32. The accounting information system is often the tool used to commit or cover up unethical behavior. ANSWERS TO TEST BANK – CHAPTER 1 – TRUE/FALSE: 1. True 8. True 15. False 2. False 9. False 16. True 3. False 10. True 17. True 4. True 11. False 18. False 5. False 12. True 19. True 6. True 13. False 20. False 7. True 14. True 21. True
22. 23. 24. 25. 26. 27. 28.
False True False False True False True
29. 30. 31. 32.
True False True True
TEST BANK – CHAPTER 1 – MULTIPLE CHOICE 33. A prescribed sequence of work steps preformed in order to produce a desired result for the organization is called a(n): A. Accounting Information System. B. Business Process. C. Financial Transaction. D. Capital Transaction Process. 34. The process that must identify the transactions to be recorded, capture all the important details of the transactions, properly process the transaction details, and provide reports is termed the: A. Revenue Process. B. Expenditure Process. C. Accounting Information System. D. Business Process. 35. An accounting information system serves many functions - which of the following is NOT one of those functions? A. Capture the details of a transaction B. Implement the start of a transaction C. Provide reports of transactions D. Process the transactions details into appropriate accounts 36. The proper order of activity in an accounting information system would be as follows: A. Capture, Record, Process, Report. B. Process, Record, Capture, Report. C. Capture, Process, Report, Record. D. Record, Capture, Process, Report.
37. Which of the following is not one of the general types of business processes identified by the textbook? A. Revenue Processes B. Expenditure Processes C. Conversion Processes D. Human Resource Processes 38. Which of the following statements, related to business processes, is false? A. Each business process has a direct effect on the financial status of the organization. B. A business process is initiated by a particular kind of event. C. A business process has a well-defined beginning and end. D. Each business process is usually completed in a relatively short period. 39. Which of the following is least likely to be part of an accounting information system function? A. Record the accounting data in the appropriate records B. Generation of data to be part of the information system. C. Process the detailed accounting data. D. Report the summarized accounting data. 40. Work steps that are internal controls within the business process would include: A. Using an electronic register to record all sales transactions. B. Combining both manual and computer based records. C. Reconciling a cash register at the end of each day. D. Preparation of internal reports to monitor the performance of a specific department. 41. Five different components of the accounting information system were presented in the textbook. Which of the following is not one of those components? A. Work steps within a business process intended to capture accounting data as the business process occurs. B. Work steps that are internal controls within the business process to safeguard assets and to ensure the accuracy and completeness of the data. C. Work steps that generate both internal and external reports. D. Work steps to assure that all business processes are recorded using computer-based procedures. 42. Output from an accounting information system would include: A. Checks to vendors. B. Invoices from vendors. C. Customer statements. D. Purchase orders.
43. The entities, processes, and information flows that involve the movement of materials, funds, and related information through the full logistics process, from the acquisition of raw materials to the delivery of the finished produces to the end use is a set of linked activities referred to as: A. Management Information System. B. Supply Chain. C. Accounting Information System. D. Logistics Management. 44. The management and control of all materials, funds, and related information in the logistics process, from the acquisition of raw materials to the delivery of finished products to the end user is referred to as: A. Supply Chain Management. B. Management Information System. C. Logistics Management. D. IT Enablement. 45. When discussing the supply chain: A. Any concern about vendors would relate only to those vendors with which a company has direct contact. B. Service providers would not be part of the supply chain. C. Concern would not extend beyond the point where the product is shipped to a customer. D. An entity may not be able to directly control all of the interrelated activities within the supply chain. 46. Using IT systems to enhance efficiency and effectiveness of internal or supply chain processes is called: A. Information Technology Enablement. B. Information Systems Control. C. Information Technology Process Engineering. D. Information Technology Business Processes. 47. The purposeful and organized changing of business processes to make them more efficient is referred to as: A. Information Technology Engineering. B. Information Systems Management. C. Business Process Reengineering. D. Business Process Supply Chain. 48. The use of BPR is a two-fold: (1) Aligns business processes with the IT systems used to recorded processes and, (2): A. Improves the efficiency and effectiveness of these processes. B. Reduces the cost of these processes. C. Enhances the usefulness of these processes. D. Increases the accuracy of the process.
49. The smallest unit of information in a computer system can have only one of two values, zero or one, and is referred to as a(n): A. Field. B. Record. C. Byte. D. Bit. 50. A unit of storage that represents one character is referred to as a: A. Byte. B. Bit. C. Bat. D. Field. 51. A set of related fields is referred to as a: A. File. B. Record. C. Byte. D. Binary Digit. 52. Each record is made up of related: A. Files. B. Bytes. C. Name. D. Fields. 53. A collection of data stored on a computer in a form that allows the data to be easily accessed, retrieved, manipulated, and stored is referred to as a(n): A. Accounting Information System. B. Information Technology. C. Database. D. Master File. 54. A collection of data stored in several small two-dimensional tables that can be joined together in many varying ways to represent many different kinds of relationships among the data is referred to as a(n): A. Database. B. Master File. C. Relational Database. D. Relation Based Accounting Software. 55. Accounting software traditionally uses two different types of files. The file type that is relatively permanent and used to maintain the detailed data for each major process is a(n): A. General Ledger. B. Master File. C. Transaction File. D. Subsidiary File.
56. Accounting software traditionally uses two different types of files. The file type that is the set of relatively temporary records that will be process to update the permanent file is referred to as a(n): A. Master File. B. General File. C. Transaction File. D. Subsidiary File. 57. The chart of accounts would be a good example of a: A. Transaction File. B. Master File. C. Field. D. Record. 58. The organization of files in a computer system normally uses one of two different access methods. The access method where the files store records in sequence, with one record stored immediately after another is referred to as: A. Chronological Access. B. Sequential Access. C. Random Access. D. Numerical Access. 59. The organization of files in a computer system normally uses one of two different access methods. The access method where the files are not stored in sequence, one record not stored immediately after another, is referred to as: A. Indexed Access. B. Batch Access. C. Sequential Access. D. Random Access. 60. There are two modes of processing transactions in accounting systems. The mode that requires all similar transactions be grouped together and be processed at the same time, is referred to as: A. Batch Processing. B. Online Processing. C. Real-time Processing. D. Sequential Processing. 61. There are two modes of processing transactions in accounting systems. The mode that will record transactions, one at a time, is referred to as: A. Batch Processing. B. Online Processing. C. Real-Time Processing. D. Sequential Processing.
62. A type of online processing where a transaction is processed immediately so that the output is available immediately is termed: A. Virtual Processing. B. Sequential Processing. C. Real-Time Processing. D. Batch Processing. 63. An integrated collection of enterprise-wide data that includes five to ten fiscal years of nonvolatile data, used to support management in decision making and planning is referred to as: A. Operational Database. B. Relational Database. C. Data Storage. D. Data Warehouse. 64. This type of database contains the data that are continually updated as transactions are processed and includes data for the current fiscal year and supports day-to-day operations is referred to as a(n): A. Data Warehouse. B. Data Storage. C. Relational Database. D. Operational Database. 65. The data in the data warehouse are said to be enterprise-wide because: A. The data relate to all areas of the business. B. The data are pulled from each of the operational databases and maintained in the data warehouse for many fiscal periods. C. All areas of the business are able to access the data warehouse. D. All transactions across the all areas of the business are recorded in the data warehouse. 66. The process of searching data within the data warehouse for identifiable patterns that can be used to predict future behavior is referred to as: A. Data mining. B. Data digging. C. Data housing. D. Data querying. 67. Two or more computers linked together to share information and / or resources is referred to as a(n): A. Computer Intranet. B. Computer Internet. C. Computer System. D. Computer Network.
68. This type of computer network is one that spans a relatively small area - often confined to a single building or group of buildings, and are intended to connect computers within an organization. A. Local Area Network B. Land Arena Network C. Extranet D. Internet 69. The global computer network, or “information super highway”, is the: A. WAN. B. Intranet. C. Internet. D. LAN. 70. A company’s private network, accessible only to the employees of that company is the: A. WAN. B. Intranet. C. Internet. D. LAN. 71. This computer network is similar to a company’s intranet except that it does allow access to selected outsiders, such as buyers, suppliers, distributors, and wholesalers. A. Ultranet B. Internet C. Extranet D. LAN 72. The use of electronic means to enhance business processes is termed: A. E-business. B. Electronic data interchange. C. Point of sale system. D. E-commerce. 73. The intercompany, computer-to-computer transfer of business documents in a standard business format is called: A. E-business. B. E-commerce. C. Local area network. D. Electronic data interchange. 74. Which of the following is NOT one of the three components of electronic data interchange? A. Commerce - encompasses all forms of electronic trading. B. Intercompany - two or more companies conducting business electronically. C. Standard business format - necessary so that the various companies can interact and trade electronically. D. Computer to computer - indicates that each company’s computers are connected via a network.
75. This term refers to a system of hardware and software that captures retail sales transactions by standard bar coding. A. E-business B. Electronic data interchange C. Point of sale system D. E-commerce 76. When a point of sale system is used and a customer checks out through a cash register, which of the following processes occurs? A. Net income is computed B. Inventory values are updated C. Accounts payable balances are updated D. Replacement inventory is purchased 77. A system of computer hardware and software in which the software matches an invoice to its related purchase order and receiving report is called: A. Point of sale system. B. Electronic data interchange. C. Automated matching. D. Evaluated receipt settlement. 78. An invoice-less system in which computer hardware and software complete an invoice-less match that is a comparison of the purchase order with the goods received is termed: A. Evaluated receipt settlement. B. Automated matching. C. Electronic invoice presentation and payment. D. Enterprise resource planning. 79. This system enables a vendor to present an invoice to its trading partner via the Internet, eliminating the paper, printing, and postage costs of traditional paper invoicing. A. Evaluated receipt settlement B. Electronic invoice presentation and payment C. Automated matching D. Electronic data interchange 80. A multi-module software system designed to manage all aspects of an enterprise usually broken down into modules such as financials, sales, human resources, and manufacturing, is referred to as a(n): A. Electronic data system. B. Electronic data interchange. C. Enterprise resource planning. D. Electronic resource program.
81. The ability to lessen risks or risk impacts is true of nearly all risks that organizations face. Management can undertake steps to lessen the risk or reduce the impact of the risk, these processes are called: A. Programs. B. Risk assessment. C. Information evaluation. D. Controls. 82. Which of the following groups of professionals within an organization have a history of designing and implementing the controls to lessen risks? A. Management B. Accountants C. Human Resources D. Lawyers 83. Which of the following is not one of broad categories of controls? A. The risk that assets will be stolen or misused. B. The risk of errors in accounting data or information. C. The risk of loss due to a natural disaster. D. The risk of fraudulent activity by employees. 84. Which of the following is not a risk inherent in an IT system? A. Computer security breaches. B. Computers being stolen. C. Erroneous input of data. D. Hardware or software failure. 85. A comprehensive report on enterprise risk management was issued by this organization is 2004. A. American Accounting Association B. New York Stock Exchange C. Institute of Internal Auditors D. Committee on Sponsoring Organizations 86. A process, affected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives is referred to as: A. Enterprise resource planning. B. Enterprise risk management. C. IT system control structure. D. Corporate governance structure. 87. In order to achieve the objective of managing risk, management should establish control structures that include, at a minimum: A. Accounting internal controls. B. Accounting internal controls, IT controls, corporate governance, enterprise risk management, and IT governance. C. IT controls IT governance, corporate governance, and accounting internal controls. D. IT controls and accounting internal controls.
88. The company’s development and adherence to this should reduce the opportunities for managements or employees to conduct fraud. A. Code of ethics B. Internal control structure C. Application controls D. Corporate governance 89. The COSO report, Internal Controls – Integrated Framework, issued in 1992, identified interrelated components of internal control. Which of the following is not one of those components? A. Monitoring B. Risk assessment C. Control activities D. Enterprise risk management 90. IT controls can be divided into two categories. Which of the following is a correct statement of one of those categories? A. Application controls apply overall to the IT accounting system. B. Application controls apply to the prevention of erroneous or incomplete input or processing of data. C. Application controls are used specifically in accounting applications to control inputs, processing, and output. D. Application controls are used to prohibit fraudulent financial reporting. 91. An elaborate system of checks and balances, whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting processes, is referred to as: A. Enterprise risk management. B. Corporate governance. C. Application controls. D. Internal control structure. 92. The purpose of this 2002 act was to improve financial reporting and reinforce the importance of corporate ethics. A. Foreign Corrupt Practices Act B. Sarbanes-Oxley Act C. Securities and Exchange Act D. Treadway Act 93. Which of the following is not one of the corporate functions interrelated within the corporate governance system? A. Management Oversight B. Ethical Conduct C. Risk Assessment D. Financial Stewardship
94. The proper management, control, and use of IT systems are known as: A. IT Governance. B. IT Controls. C. IT Risk Management. D. IT Code of Ethics. 95. Accountants have several possible roles related to accounting information systems. Which of the following is not normally one of those roles? A. Auditor of an AIS B. User of the AIS C. Programmer of the AIS D. Design of the AIS 96. There are many reasons for accountants to become aware of potential unethical behaviors. Which of the following is not one of the reasons identified by the authors? A. Accountants are responsible for identifying unethical and illegal activities. B. Accounts assist in developing and implementing internal control structures that should decrease the chance of unethical actions. C. Accountants are often pressured to assist in, or cover up, unethical actions. D. Accountants deal with assets or records that could easily tempt accountants to engage in unethical behavior. ANSWERS TO TEST BANK – CHAPTER 1 – MULTIPLE CHOICE: 33. B 46. A 59. D 72. 34. C 47. C 60. A 73. 35. B 48. A 61. B 74. 36. A 49. D 62. C 75. 37. D 50. A 63. D 76. 38. A 51. B 64. D 77. 39. B 52. D 65. B 78. 40. C 53. C 66. A 79. 41. D 54. C 67. D 80. 42. B 55. B 68. A 81. 43. B 56. C 69. C 82. 44. A 57. B 70. B 83. 45. D 58. B 71. C 84.
A D A C B C A B C D B C B
85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96.
D B C A D C B B C A C A
TEST BANK – CHAPTER 12 – END OF CHAPTER QUESTIONS 97. When a customer returns goods that were purchased, the business process to accept the return would most likely be a(n): A. Administrative process. B. Conversion process. C. Expenditure process. D. Revenue process.
98. Which of the following is least likely to be an output of the accounting information system? A. A check B. A report C. An invoice D. A bar code 99. Which of the following is not true of the supply chain? A. The supply chain includes vendors. B. The supply chain excludes customers. C. The supply chain includes information flows. D. The supply chain include secondary suppliers. 100. Which of the following is not an objective of IT enablement? A. Increased accuracy of data B. Reduced cost C. Reduced security problems D. Increased efficiency 101. The correct order of the computer data hierarchy is: A. Byte, bit, record, field, file, database. B. Bit, byte, record, field, file, database. C. Bit, byte, field, record, file, database. D. Bit, byte, field, record, database, file. 102. The process of searching for identifiable patterns in data is called: A. Sequential processing. B. Data warehousing. C. Data mining. D. Real-time processing. 103. An IT enabled system for purchasing that is an “invoice-less” system is called a(n): A. Automated matching system. B. Evaluated receipt settlement. C. E-payables. D. Point of sale system. 104. The COSO report written for the purpose of assisting managers in the challenge of managing risk in their organization is entitled: A. Internal Control – Integrated Framework. B. Enterprise Risk Management – Integrated Framework. C. Corporate Governance. D. IT Governance. 105. Accountants have some form of use of the AIS in all but which role? A. User B. Programmer C. Auditor D. Designer
106. Which of the following is not true of unethical behavior? A. The only category of unethical behavior for accountants is inflating revenue. B. Accountants are often pressured to help commit or cover-up unethical behavior. C. Hacking is an unethical behavior that accountants should be concerned about. D. An accounting information system can be used to cover up unethical behavior. TEST BANK – CHAPTER 12 – ANSWERS TO END OF CHAPTER QUESTIONS 97. D 102. C 98. D 103. B 99. B 104. A 100. C 105. B 101. C 106. A TEST BANK – CHAPTER 12 –SHORT ANSWER QUESTIONS 107. How might the sales and cash collection processes at a Wal-Mart store differ from the sales and cash collection processes at McDonald’s? Answer: Wal-Mart sells items that are pre-priced and bar coded with that price. Therefore the cash registers at Wal-Mart use bar code scanners. However, McDonalds sells fast foods that are not bar coded. The cash registers at McDonalds use touch screen systems that require a cashier to indicate the items purchased. The cash collection processes are not different. In both cases, the employee collects the cash or credit card, and returns any change. 108. Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order? Answer: Student responses may vary, however, following are a few examples: Often, at either the drive-through or the inside cash register, the customer can see a screen that displays the items ordered. In addition, a fast food restaurant uses pre-designed slots to hold certain types of menu items. When a customer orders a particular sandwich, the person filling the order knows exactly which slot to pull the sandwich from. Each customer receives a printed receipt with the items listed and the customer can verify the accuracy. 109. How might the sales and cash collection processes at Boeing Co. (maker of commercial passenger jets) differ from the sales and cash collection processes at McDonald’s? Answer: Boeing does not sell to end-user consumers, but to companies such as airlines. Therefore Boeing does not have stores, nor inventory in stores, nor cash registers to process sales. Boeing is more likely to maintain a sales force that visits potential customers to solicit sales. Those sales may be entered by the salesperson into a laptop computer connected to Boeing’s network. McDonald’s, on the other hand, sells to consumers, uses order input touch screens at each location, and maintains supplies of perishable food products. 110. Are there business processes that do not in some way affect accounting records or financial statements? Answer: There may be processes that do not directly affect accounting records (such as recruiting and hiring a new employee), but all processes have a direct or indirect affect on accounting records. All processes use resources such as material or employee time. Therefore, all processes have expenses related to those processes that will affect the accounting records.
111. Briefly describe the five components of an accounting information system. Answer: 1. Work steps within a business process that capture accounting data as the business process occurs. 2. Manual or computer-based records that record the accounting data from the business processes. 3. Internal controls within the business process that safeguard assets and ensure accuracy and completeness of the data. 4. Work steps that process, classify, summarize, and consolidate the raw accounting data. 5. Work steps that generate both internal and external reports. 112. Describe how sales data is captured and recorded at a restaurant such as Applebee’s. Answer: A server at Applebee’s writes the order on a pad and carries that pad to a cash register. The server enters the order on a touch screen terminal. The order information is then displayed on a terminal in the kitchen. When the customer has finished the meal, the server prints a check and delivers the check to the table. The customer pays the server by using cash or a credit card. The server processes the payment on the touch screen register and returns the change or credit card slip to the customer. 113. What occurs in an accounting information system that classifies accounting transactions? Answer: For each business process that affects accounting records, the accounting information system must capture any resulting accounting data, record the data, process it through classification, summarization, and consolidation, and generate appropriate reports. 114. What are the differences between internal reports and external reports generated by the accounting information system? Answer: Internal reports are used by management to oversee and direct processes within the organization. External reports are the financial statements used by investors and creditors. 115. What types of businesses are in the supply chain of an automobile manufacturer? Answer: The types of businesses in an automaker’s supply chain are often manufacturers of parts used in cars. This would include manufacturers of tires, batteries, steel, plastic, vinyl and leather, as well as many other manufacturers making the thousands of parts in a car. 116. When a company evaluates a supplier of materials, what kinds of characteristics might be evaluated? Answer: The supplier’s characteristics that are likely to be evaluated include price and payment terms, quality, reliability of the materials, as well as whether the supplier can deliver materials when needed. 117. How do you think a company may be able to influence a supplier to meet its business processing requirements? Answer: A company may be able to influence a supplier by choosing only suppliers that meet expectations regarding the terms of price, quality, and delivery timing. Those suppliers that do not meet these expectations may not be used in the future. This exerts some influence over suppliers to meet requirements.
118. Describe any IT enablement that you have noticed at a large retail store such as Wal-Mart or Target. Answer: The most noticeable IT enablement is the use of bar coded systems on the products and how they are read by the cash registers. 119. How do you think the World Wide Web (WWW) has led to business process reengineering at companies such as Lands End or J. Crew? Answer: Prior to the World Wide Web, customers placed orders either on the phone or by mail. Both phone and mail orders require people to take the order and enter it into the computer system. Using online sales, the customer enters his own order and no company personnel are needed to key orders into the computer system. Therefore, there was a major change in the number of people employed to key orders. 120. What two kinds of efficiency improvement result from business process reengineering in conjunction with IT systems? Answer: The use of IT systems usually leads to two kinds of efficiency improvements. First, the underlying processes are reengineered (through rethinking and redesign) so as to be conducted more efficiently. Second, the IT systems improve the processing efficiency of the underlying processes. 121. Explain the differences between a field, record, and file. Answer: A field is one set of characters that make up a single data item. For example, last name would be a field in a customer database. A record is a collection of related fields for a single entity. For example, last name, first name, address, phone number, and credit card number fields might make up a single customer record. A file is a collection of similar records. For example, all customer records together would be a customer file. 122. Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee. Answer: When the desired action is to access a single record, random access is preferable. If sequential access storage is used, all records must be read in sequence until the desired record is reached. On the other hand, random access allows a single record to be accessed without the necessity of reading other records. This makes it more efficient to access a particular employee record to change the pay rate. 123. Why do real-time systems require direct access files? Answer: If transactions are to be processed online and in real-time, it is necessary that the computer access a single record immediately. Thus, direct access files are required so the records can be accessed in real-time. 124. Why is data contained in the data warehouse called non-volatile? Answer: Each time a new transaction is completed, parts of the operational data must be updated. Therefore, the operational database is volatile; with constantly changing information. However, the data warehouse does not change with each transaction. The data warehouse is only changed when periodic updates occur. The data is non-volatile because it does not change constantly.
125. How is an extranet different from the Internet? Answer: The extranet allows access only to selected outsiders, while the Internet is open to an unlimited number of outsiders (essentially anyone having access to the Internet). On the other hand, extranets are typically used by companies to interact with specific suppliers and customers who have been granted access to a company’s network. 126. Prepare a list of the types of businesses that you have been in that were using Point of Sale systems. Answer: Student responses may vary, but are likely to include grocery stores, department stores, restaurants, specialty stores, gas stations, and car washes. 127. What do you think would be the advantages of an e-payables system over a traditional system that uses paper purchase orders and invoices? Answer: An e-payables system should be faster and more efficient than a paper-based system. In addition, an e-payables system is likely to have fewer errors in processing than a paper-based system. 128. Describe why enterprise risk management is important. Answer: All organizations face risks and Enterprise Risk Management assists management in reducing and controlling risk. It also involves personnel across the entire business organization, as they implement strategies to achieve the organization’s objectives. 129. What is the difference between general controls and application controls? Answer: General controls are those controls that apply overall to the IT accounting system. They are controls that are not restricted to any particular accounting application. An example of a general control is the use of passwords to allow only authorized users to log into an IT based accounting system. Application controls are those controls that are used specifically in accounting applications to control inputs, processing, and output. Application controls are intended to insure that inputs are accurate and complete, processing is accurate and complete, and that outputs are properly distributed, controlled, and disposed. 130. In what way is a code of ethics beneficial to an organization? Answer: If top management institutes a code of ethics and emphasizes this code by modeling its principles and disciplining or discharging those who violate the code of ethics, it can help reduce unethical behavior in the organization. 131. What roles do accountants have in relation to the accounting information system? Answer: Accountants are users of the AIS, they assist in the design of the AIS, and they are auditors of the AIS.
TEST BANK – CHAPTER 12 –SHORT ESSAY 132. For each category of business processes (revenue, expenditure, conversion, administrative), give an example of a business process. Answer: Student responses are likely to vary greatly, as they may refer to any of the subprocesses within each category. For example, the revenue processes include sales, sales returns, and cash collections; the expenditure processes include purchasing, purchase returns, cash disbursements, payroll and fixed asset processes; the conversion processes include planning, resource management, and logistics, and; administrative processes include capital processes, investments, and general ledger processes. Accordingly, any type of business process can be cited to answer this question, but the student must match the example with the appropriate process. 133. Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems? Answer: Student responses are likely to vary greatly, as nearly every department within a business organization uses reports generated by the accounting information systems. For example, sales departments need customer account information to help in their efforts to sell products to customers. Purchasing departments need product information to help in their efforts to purchase products needed in the business. Each of these types of information is maintained in accounting information systems. There are numerous additional examples that could apply. 134. Explain a supply chain linkage and give an example. Answer: A supply chain linkage is the connection of activities in the supply chain, which includes the entities, processes, and information flows, that involve the movement of materials, funds, and related information through the full logistics process, from the acquisition of raw materials to the delivery of finished products to the end user. It therefore includes the linked activities of vendors, service providers, customers, and intermediaries. In addition to the example of McDonald’s buns given in the text, another example would be a shirt sold by the Gap. The Gap’s supply chain linkage would likely include a supplier from whom the shirt was purchased, a manufacturer who assembled and sewed the shirt, a secondary supplier that likely provided the fabric from which the shirt was constructed, and a farmer who raised cotton used to make the fabric. 135. Explain how business process reengineering occurs. Also, explain how it differs from the typical changes in company policies. Answer: With business process reengineering, the underlying business processes are reengineered so as to be conducted more efficiently. In other words, a comprehensive rethinking and redesign takes place in order to enhance performance of the process. A key component of BPR is the leveraging of the capabilities of IT to improve the efficiency of the process. BPR differs from typically organizational change in that it involves “thinking outside the box” in order to offer completely new and improved methods for business processes.
136. For an accounts receivable system, what kind of data would be found in the master files and transaction files respectively? Answer: An accounts receivable master file would include relatively permanent data necessary to process customer transactions. This would include a record for each customer. The data in the master file would probably include customer name, address, phone numbers, credit limit, and current balance. A transaction file for accounts receivable would contain the relatively temporary data that must be processed to update the master file, such as details from individual sales and cash collections from customers. 137. Describe the differences in the three types of processing. Answer: a. Batch processing involves the grouping of similar transactions to be processed together; b. Online processing involves processing individual transactions, one-at-a-time; and c. Real-time processing is an online processing method that involves the immediate processing of individual transactions. 138. The networks discussed in this chapter were LANs, Internet, intranet, and extranet. Explain each. Answer: A LAN is a computer network that spans a relatively small area such as a building or group of buildings within a business organization. The Internet is the global computer network made up of millions upon millions of computers and sub-networks throughout the world. An intranet is an organization’s private computer network, accessible only by employees of that organization to share data and manage projects. An extranet is an expansion of an intranet that allows limited access to designated outsiders such as customers and suppliers of the organization. 139. Give a brief summary of enterprise risk management, corporate governance, and IT governance. Answer: d. Enterprise risk management is an ongoing strategy-setting and risk assessment process that is effected by top management but involves personnel across the entire entity. e. Corporate governance is an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process. f. IT governance is the corporate governance process that applies specifically to the proper management, control, and use of IT systems. 140. Describe why accountants should be concerned about ethics. Answer: Accountants should be concerned about ethics because accounting information systems are often the tools used to commit or cover up unethical behavior. Accountants need to be aware of the possibility of fraud within the AIS so that they can assist in developing and implementing effective internal controls to reduce the risk of such unethical acts. In addition, accountants need to be prepared to resist the temptation to commit unethical acts and to avoid being coerced into assisting with a fraudulent cover-up.
141. Adrienne Camm is currently pursuing her accounting degree at Ridge University. She has excelled in each of her major courses to date; however, she has always struggled with her computer classes and with assignments requiring use of computer technology. Nevertheless, Adrienne confidently claims that she will become an excellent accountant. Comment on the practical and ethical implications of her position. Answer: Adrienne is mistaken in her position for the following reasons: • Practically speaking, accountants need to be well-informed about the operation of accounting information systems, which nearly always involve computer technology. The AIS is the foundation of most accounting functions, so to resist computer technology would be unreasonable, if not impossible. Also, in order to assist in developing internal controls, accountants must understand the processes within the AIS, including the use of technology, so that effective controls can be developed and implemented to reduce risks. • Ethically speaking, accountants need to be well-informed about the operation of the AIS so that they are poised to recognize fraud and errors that may occur. Without an understanding of the underlying technology, accountants would be unable to effectively capture and monitor business processes. Rather than fulfilling her responsibility as an accountant to develop and implement internal controls, Adrienne’s ignorance of the AIS could actually allow for fraud to be perpetrated without being prevented or detected. For these reasons, Adrienne’s viewpoint is quite dangerous. TEST BANK – CHAPTER 12 –PROBLEMS 142. If an accounting information system was entirely a manual system (no computers used), explain how data would be captured, recorded, classified, summarized, and reported. Discuss how the sophistication of the company’s computer system impacts the accounting output and, alternatively, how the requirements for accounting outputs impact the design of the accounting information system. Answer: In a manual accounting information system, data would be captured on source documents and recorded by hand in subsidiary ledgers or special journals. Account classifications would be determined by the accountants responsible for recording the transaction. The accountants would perform mathematical computations to summarize the records and post them to a general ledger. The general ledger would be manually summarized at the end of the period so that financial statements could be prepared. The financial reports would be manually compiled based on the ending general ledger balances. Since a great deal of paper and human processing are required for a manual system, a manual system is prone to error. More sophisticated, computer-based systems tend to produce more output that is more accurate because they are programmed to process data consistently. They also use programming to perform mathematical computations, which promotes accuracy and time savings. Therefore, IT usage to support business processes results in increased accuracy, increased efficiency, and reduced costs. The requirements for accounting outputs impact the design of the AIS. Work steps within a business process can be designed to capture data in a manner that is consistent with the desired content and format of the related output. This promotes efficiency and effectiveness of the overall process. When business process reengineering is used to design business processes, IT systems can be introduced to take advantage of the speed and efficiency of computers to enhance the AIS.
143. Classify each of the following processes as either a revenue process, expenditure process, conversion process, or administrative process: a. Selling common stock to raise capital b. Purchasing electronic components to manufacture DVD players c. Moving electronic components from the stockroom to the production floor to begin making DVD players d. Paying employees at the end of a payroll period e. Preparing financial statements f. Receiving cash payments from customers g. Buying fixed assets h. Moving manufactured DVD players from the production floor to the warehouse Answer: a. ADMINISTRATIVE b. EXPENDITURE c. CONVERSION d. EXPENDITURE e. ADMINISTRATIVE f. REVENUE g. EXPENDITURE h. CONVERSION
144. Business processes are composed of three common stages: an initial event, a beginning, and an end. For each of the processes a through h in Problem 47, identify the applicable initial event, beginning, and end of the process. Student responses may vary as their experiences are likely to be different. Answer: Different businesses may have different events that trigger these processes; however, the following are common examples: a. Selling common stock to raise capital: Initial Event – Contacting and communicating with investors; Beginning – Receiving consideration from investor; End – Recording transactions in the accounting records. b. Purchasing electronic components to manufacture DVD players: Initial Event – Receiving a purchase request from operations personnel; Beginning – Placing an order with a supplier; End – Recording the payment for the component parts. c. Moving electronic components from the stockroom to the production floor to begin making DVD players: Initial Event – Receiving a request from the Production department for the movement of materials; Beginning – Removing inventory from the stockroom; End – Recording the receipt of goods in the production area. d. Paying employees at the end of a payroll period: Initial Event – Receiving a time sheet or other indication of time worked; Beginning – Recording hours in the payroll records; End – Distributing paychecks or depositing paychecks in employee accounts. e. Preparing financial statements: Initial Event – Preparing end-of-period adjusting entries; Beginning – Summarizing adjusted account balances; End – Compiling data in financial statement format and writing related disclosure notes. f. Receiving cash payments from customers: Initial Event – Communicating with customer about a sale; Beginning – Notifying customer of amounts owed related to the sale; End – Recording the receipt of cash and deposit in a bank account. g. Buying fixed assets: Initial Event – Planning for an expenditure as part of a capital budgeting process; Beginning – Placing an order for the fixed asset; End – Receiving the asset and recording it in a subsidiary ledger. h. Moving manufactured DVD players from the production floor to the warehouse: Initial Event – Receiving notification from the Production department regarding completion of products; Beginning – Removing finished goods from the production floor; End – Recording the receipt of finished goods in the warehouse.
145. Each of the points listed next represents an internal control that may be implemented within a company’s accounting information system to reduce various risks. For each point, identify the appropriate business process (revenue, expenditure, conversion, administrative). In addition, refer to the description of business processes under Study Objective 1 in the chapter, and identify the appropriate sub-process. (Some sub-processes may be used more than once, and others may not be used at all.) Answer: a. Customer credit must be authorized before a business transaction takes place. Revenue processes, sales sub-processes b. An authorized price list of goods for sale is provided. Revenue processes, sales sub-processes c. A shipping report is prepared for all shipments of goods so that customers may be billed in a timely manner. Revenue processes, sales sub-processes d. Access to personnel files and paycheck records is available only in accordance with management specifications. Expenditure processes, payroll sub-processes e. New vendors are required to be authorized before a business transaction takes place. Expenditure processes, purchasing sub-processes f. Access to cash is restricted to those employees authorized by management. Revenue or Expenditure processes, Cash collection or cash disbursement sub-processes, respectively g. Costs of goods manufactured is properly summarized, classified, recorded, and reported. h. Conversion processes, resource management sub-processes i. Amounts due to vendors are reconciled by comparing company records with statements received from the vendors. Expenditure processes, cash disbursements sub-processes j. Employee wage rates and paycheck deductions must be authorized by management. Expenditure processes, payroll sub-processes k. Specific procedures such as the performance of a background check are carried out for all new employee hires. Expenditure processes, payroll sub-processes l. The purchasing manager is notified when stock levels are low so that items may be restocked to prevent backorders. Conversion processes, resource management sub-processes m. Two signatures are required on checks for payments in excess of $5000. Expenditure processes, cash disbursement sub-processes n. When excess cash is on hand, the funds are invested in short-term securities. Administrative processes, investment sub-processes o. Goods received are inspected and damaged, or unmatched, items are promptly communicated to the vendor. Revenue processes, sales sub-processes p. The monthly bank statement is reconciled to the company’s cash records by an outside accountant. Revenue or Expenditure processes, Cash collection or cash disbursement subprocesses, respectively
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 2: Foundational Concepts of the AIS TEST BANK – CHAPTER 2 – TRUE/FALSE: 1.
Technology has done little to help the hospitality industry improve the quality of services to customers.
2.
Using IT will change the business processes and the way accounting data is collected.
3.
When a business process occurs, there must be a way of capturing the data generated to input it into the AIS.
4.
There aren’t may organizations that need to use paper documents anymore.
5.
Once the data is entered into the AIS, the source document then isn’t considered a part of the audit trail.
6.
In a manual system the general ledger is the book of original entry.
7.
In large companies, many legacy systems run on host-based mainframe computers.
8.
One of the advantages of a legacy system is that it supports business processes that are not contained in generic accounting software.
9.
In today’s AIS environment, because of a company’s unique needs, new software is most often developed within the organization rather than purchasing it.
10. Purchased software is usually has a low cost, shorter implementation time, and fewer bugs. 11. The software market segment for small companies is usually for companies who have less than $10,000,000 in revenue. 12.
Oracle is considered as a software program for the beginning ERP market.
13.
ERP systems usually don’t allow the user the flexibility to set it up to customize it for their specific business needs.
14.
Bar codes, POS systems, EDI, and e-business systems are technology systems that enable the input of data.
15.
A bar code reader can record the start and end of an employee’s work.
16.
EDI is the intracompany, computer-to-computer transfer of business documents in a standard business format.
17.
Dedicated lines are used to transmit data in e-business systems.
18.
Batch processing is generally easier to control than other types of computerized systems, since batch totals can be used to ensure the batch was processed correctly.
19.
Online processing is best suited to applications in which there is a small volume of records, and only a few records are needed to process any individual transaction.
20.
One of the advantages of a real time system is that the system checks for input errors, and errors can be corrected immediately.
21.
The exclusive output of an AIS is that it produces trading partner documents such as checks, invoices, and statements.
22.
The output of an AIS is for external users only, such as trading partner documents and external reports including financial statements.
23.
Internal reports produced by an AIS are designed specifically for the function that is the subject of the report.
24.
Documentation allows the accountant to analyze and understand the procedures and processes of a business process and the systems that capture and record accounting data.
25.
A system flow chart describes in a graphic way the entire system and goes into great detail about each of the processes.
26.
A special kind of system flow chart is a document flow chart.
27.
In an ER diagram entities are the nouns, and attributes are characteristics of the entities.
28.
The relationships between entities in ER diagrams are depicted by a concept called co-ordinality which refers to how many instances an entity relates to each instance of another entity.
29.
One of the computers in client-server computing is usually a PC-type computer.
30.
In client-server computing a PC-type computer is more efficient in managing large databases and extracting data from databases.
31.
One of the key aspects of computerizing the AIS is that the greater the system is computerized the lesser the chance for someone to cover up their unethical behavior.
32.
REA restrictions may not be compatible with all of the accounting conventions.
ANSWERS TO TEST BANK – CHAPTER 2 – TRUE/FALSE: 1. False 8. True 15. True 2. True 9. False 16. False 3. True 10. True 17. False 4. False 11. False 18. True 5. False 12. False 19. False 6. False 13. False 20. True 7. True 14. True 21. False
22. 23. 24. 25. 26. 27. 28.
False True False False True True False
29. 30. 31. 32.
True False False True
TEST BANK – CHAPTER 2 – MULTIPLE CHOICE: 33. IT systems have dramatically affected many aspects of business. Which of the following is not one of the changes? A. Data input into accounting information systems. B. The way that data is processed in the system. C. The accounting information that is reported by the system. D. The outputs of the system. 34. Which of the following statements is false? A. Technology has allowed many industries to provide better, faster, and higher quality information. B. Business process must adapt to the new technologies. C. Business processes, IT systems, and the accounting information system are inextricably linked. D. IT systems have not had a major impact on the input of data into the accounting information system. 35. The system that captures, records, processes, and reports accounting information is referred to as a(n): A. Accounting information system B. Management information system. C. System of business processes. D. Client-server system. 36. Information captured by a system is generated by financial transactions: A. Within the organization only. B. Between an organization and its customers only. C. Between an organization and its vendors only. D. Within the organization and between an organization and its customers and vendors. 37. A prescribed sequence of work steps completed in order to produce a desired result for an organization is the definition of: A. Accounting information system B. Business process C. Business transaction D. Financial statement
38. Which of the following statements, related to a business process, is not a true statement? A. It has a well-defined beginning and end. B. Usually takes a long-period of time to complete. C. Occur so that the organization may serve its customers. D. Is initiated by a particular kind of event. 39. When a transaction occurs there are systematic and defined steps that take place within the organization to complete all of the underlying tasks. These “defined steps” are referred to as: A. Business Processes B. Financial Transactions C. Accounting Information Systems D. Customer Service Arenas 40. The substance of an accounting information system includes: A. Initiate an event B. Steps taken to create a business process C. Capturing, recording, processing and reporting accounting information D. Selection of client-server computing 41. Which of the following is not one of the general categories of business processes? A. Revenue Processes B. Inventory Processes C. Expenditure Processes D. Conversion Processes 42. Which of the following correctly states the order of steps in a manual accounting system? A. Source Documents, Journals, Ledgers, Reports B. Journals, Source Documents, Ledgers, Reports C. Source Documents, Ledgers, Journals, Reports D. Ledgers, Reports, Journals, Source Documents 43. Which of the following statements is true? A. Most accounting systems in use today are computerized systems. B. All accounting systems, whether computerized or not, must capture data, process the data, and provide outputs C. It is not necessary for an accounting system to maintain summary information if it maintains detail information. D. The general ledger will be summarized and then posted to the subsidiary ledger. 44. The choice of accounting information system will depend on all of the following except: A. The size of the organization B. The philosophy of management C. The ability of the company to capture information D. The nature of its processes
45. The record that captures the key data of a transaction is called: A. Turnaround document B. Ledger C. Journal D. Source document 46. In order to organize the study of accounting information systems, the authors divided the systems in place into three categories. Which of the following is not one of those categories? A. Manual Systems B. Client-Server Systems C. Legacy Systems D. Integrated IT Systems 47. Which of the following statements is true as it relates to manual systems? A. Few small organizations use computerized accounting systems. B. Computerized systems rely on some manual record keeping. C. Most medium sized organizations rely on manual accounting systems. D. When using a computerized system, it is not necessary to understand the manual system. 48. Which of the following is an example of a source document? A. Purchase order B. Employee time card C. Cash receipts D. All of the above are examples of source documents. 49. A source document serves important functions in the accounting system. Which of the following is not one of those functions? A. Provides the output data for financial reports B. Serves as part of the permanent audit trail C. Triggers beginning of business processes D. Provides the input data to record the transaction 50. An output of the accounting system that can be used as an input in a different part of the accounting system is referred to as: A. Round table document B. Source document C. Turnaround document D. Financial report 51. Which of the following provides details for the entire set of accounts used in the organization’s accounting systems? A. General Ledger B. Special Journal C. Subsidiary Ledger D. General Journal
52.The book of original entry for any transaction not recorded in a special journal is the: A. Special Ledger B. General Ledger C. General Journal D. Subsidiary Journal 53. Special journals are created, or established, to record specific types of transactions. Which of the following is not one of the special journals? A. Fixed Asset Journal B. Cash Receipts Journal C. Purchases Journal D. Payroll Journal 54. The purpose of this item is to maintain the detailed information regarding routine transactions, with an account established for each entity. A. Purchases Journal B. Subsidiary Ledger C. General Journal D. General Ledger 55. Which of the following items is not one of the manual records in a manual accounting system? A. Journals B. Ledgers C. Source Documents D. Trial Balance 56. Many of the accounting software systems consist of modules. Which of the following statements is false related to these modules? A. Are separate programs for different business processes B. Include accounts receivable, payroll, and accounts payable C. Have essentially the same purpose as special journals and special ledgers D. Are referred to as special purpose systems 57. An existing system within the organization that uses older technology is called a(n): A. Manual system B. Legacy system C. Client-server system D. Modern integrated system 58. Which of the following statements does not refer to a legacy system? A. Includes source documents, journals, and ledgers. B. Have been in place for may years. C. Much time has been spent developing, maintaining, and customizing the system. D. Often based on old or inadequate technology.
59. Organizations are often reluctant to abandon their legacy systems because: A. The system was customized to meet specific needs. B. The process to replace the systems is inexpensive. C. The time involved for replacement is minimal. D. Information contained on the system is outdated. 60. Which of the following is not one of the advantages of maintaining the legacy systems? A. The system often supports unique business processes not inherent in generic accounting software. B. The system contains invaluable historical data that may be difficult to integrate into a new system. C. The system is well supported and understood by existing personnel who are already trained to use the system. D. The system has been customized to meet specific needs of the organization. 61. Which of the following is one of the disadvantages of maintaining the legacy systems? A. Often support unique business processes not inherent in generic accounting software. B. May not easily run on new hardware. C. Contain invaluable historical data. D. Existing personnel are already trained to use the system. 62. Which of the following is not one of the disadvantages of maintaining the legacy systems? A. They become difficult to integrate when companies merge or acquire other companies. B. They are often difficult to modify to make them web based. C. They are well supported and understood by existing personnel. D. They lack adequate, up-to-date supporting documentation. 63. Frontware, which adds modern, user friendly screen interfaces to legacy systems are referred to as: A. Turnaround software B. Graphical user face C. COBOL D. Screen scrapers 64. Instead of completely replacing their systems, organizations often try to use new technology to enhance existing systems. Which of the following is not one of the approaches taken by the se organizations? A. Enterprise application integration B. Screen scrapers C. Enterprise resource planning D. Using interface bridges 65. A set of processes, software and hardware tools, methodologies, and technologies to integrate software systems is referred to as: A. Enterprise application integration B. Client-server interface C. Screen scrapers D. Complete integration
66. An use of enterprise application integration would include: A. Bridge the legacy systems to the new hardware and software. B. Intended to consolidate, connect, and organize all of the computer applications, data, and business processes. C. Allow real-time exchange and management of all the critical information. D. All of the listed items would be included. 67. Which of the following statements is false? A. When a modern, integrated system is purchased, they are often modified by the IT staff to meet the needs of the organization. B. New programs sold by software development companies are not as user friendly as the legacy systems. C. Purchased software has a lower cost, shorter implementation time, and fewer bugs. D. The modern, integrated systems typically use the latest technology. 68. There were four market segments identified by the authors in chapter 2. Which of the following is not one of those segments? A. Small Company Systems B. Midmarket Company Systems C. Legacy Company Systems D. Beginning ERP Systems 69. A company with revenue of $50 million would be most likely to purchase software from which one of the four market segments? A. Midmarket Segment B. Beginning ERP Segment C. Tier 1: ERP Segment D. Integrated Segment 70. Quickbooks and Peachtree would be part of which market segment of accounting software? A. Small Segment B. Midmarket Segment C. Beginning ERP Segment D. Legacy Segment 71. SAP and PeopleSoft are part of which market segment of accounting software? A. Small Segment B. Midmarket Segment C. Beginning ERP Segment D. Tier 1 ERP Segment 72. Five different input methods were identified by the authors. Which of the following is one of those input methods? A. EDI B. ERP C. EAI D. EPS
73. Source documents are usually preprinted and sequentially prenumbered. Which of the following is not one of the reasons for this prenumbering and preprinting? A. To have an established format to capture data B. To assure that there is no duplicate source documents C. To be sure that all of the documents have been recorded D. To be sure that all of the documents are accounted for 74. This method of input for AIS is considered to be time consuming and error prone due to the human effort required to write on some documents and to manually key in the data: A. Bar Coding B. Key Punching C. Source Documents and Keying D. Point of Sale Systems 75. The use of employee prepared time cards and the entering of the time worked by the payroll department is a good example of which type of input method for AIS? A. EDI B. Bar Coding C. Point of Use System D. Source Documents and Keying 76. A printed code consisting of a series of vertical, machine readable, rectangular bars and spaces that vary in width and are arranged in a specific ways to represent letters and numbers are referred to as: A. COBOL Coding B. Bar Coding C. Key Coding D. EOS Coding 77. Bar codes can be used in a number of different instances for input: A. Products that are sold B. Identification of individuals C. Track work in process D. Prepare financial statements 78. A method of using hardware and software that captures retail sales transactions by standard bar coding is referred to as: A. Point of Sale System B. COBOL System C. Inventory Tracking System D. UPC System 79. The letter UPC, when relating to bar codes, stands for: A. United Price Code B. Universal Product Code C. Unity Product Cost D. Ulterior Price Company
80.The inter-company, computer-to-computer transfer of business documents in a standard business format is referred to as: A. Electronic Data Interchange B. E-Business Document Identification C. Earned Daily Interest D. Electronic Document Idea 81. The major difference between EDI and e-business is: A. EDI uses the internet and e-business uses dedicated networks B. EDI does not require the use of computers C. EDI uses dedicated networks and e-business uses the internet D. There is no difference between EDI and e-business 82. After the accounting information has been input into the accounting system, it must be processed. Process accounting data involves: A. Source documents and keying B. Bar codes and point of sale C. Electronic data interchange and e-business D. Calculations, classification, and summarization. 83. In a manual accounting system, the processing of accounting information includes: A. Recording in the ledger B. Posting to the journal C. Closing the necessary ledger accounts D. Adjusting the journal 84. When all similar transactions are grouped together for a specified time and then processed together as a group, the process is referred to as: A. Grouped processing B. Batch processing C. Bound processing D. Unit processing 85. An organization that has applications having large volumes of similar transactions that can be processed at regular intervals is best suited to use which method of processing? A. Real-time processing B. Point of sale processing C. Batch processing D. Sequential processing 86. Which of the following is not one of the advantages of batch processing? A. It is generally easier to control than other types of computerized systems. B. It uses less costly hardware and software. C. It is very efficient for large volumes of like transactions when most items in the master file are used. D. Information can be provided to users on a timely basis.
87. Which of the following is one of the disadvantages to batch processing? A. The hardware and software are more expensive. B. Integration across business processes is difficult in legacy systems that are batch oriented. C. Batch systems can be difficult to audit because of the complexity of the system. D. Errors can be corrected immediately because the system checks for input errors as the data is entered. 88. The processing system where transactions are processed immediately and where output is available immediately is referred to as: A. Real-time processing B. Online processing C. Batch processing D. Sequential processing 89. The advantages to real-time processing include: A. As the data are entered, the system checks for input errors - therefore, errors can be corrected immediately. B. Information is provided to users on a timely basis. C. All files are constantly up-to-date. D. All of the above are advantages. 90. The disadvantages to real-time processing include: A. Processing can take longer than normal if the master files are large. B. Adding or deleting records takes a considerable amount of time. C. The single database that is shared is more susceptible to unauthorized access. D. Data duplication is likely because each process uses its own master file. 91. Many different types of output are generated by an accounting information system. The authors identified general categories of output. The category that would include credit memorandums, receiving memorandums, and production schedules is: A. Internal documents B. Internal reports C. External reports D. Trading partner documents 92. Many different types of output are generated by an accounting information system. The authors identified general categories of output. The category that would include any document that management determines would be useful to the business is: A. Internal documents B. Internal reports C. External reports D. Trading partner documents
93. Documentation of the accounting system allows: A. The accountant to analyze and understand the procedures and business process and the systems that capture and record the accounting data. B. The non-accountant to create a picture or chart of what should happen within the accounting system. C. The investor to see inside the accounting system so that he / she can better understand the financial statements. D. The accountant to determine which financial statements will be necessary to properly report the results of operations. 94. Which of the following is not one of the popular documentation methods for processes and systems presented in the textbook? A. Process maps B. Document flowcharts C. Entity relationship diagram D. Document creation map 95. A pictorial representation of business processes in which the actual flow and sequence of events in the process are presented in the diagram form - the start of the process, the steps within the process, and the finish of the process is referred to as: A. System flowchart B. ER Diagram C. Process Map D. Data Flow Diagram 96. Which of the process map symbols is used to show the start and / or finish of a process? A. Rectangle B. Oval C. Diamond D. Circle 97. Which of the process map symbols is used to show a task or activity in the process? A. Rectangle B. Oval C. Diamond D. Circle 98. Which of the process map symbols is used to show a point in the process when a decision must be made? A. Rectangle B. Oval C. Diamond D. Circle
99. A process map shows a circle with a letter or number in the middle. This symbol is used to show: A. That there is a break in the process. B. That there is a decision to be made. C. That a process is starting. D. That there is an activity that will take place. 100. This method of system documentation is intended to show the entire system, including inputs manual and computerized processes, and outputs. A. Procedure mapping B. System flowcharting C. Data flow diagramming D. Entity relationship diagrams 101. Systems professionals in the design and maintenance of IT systems use this documentation method. A. Document flowcharts B. Process maps C. Data flow diagrams D. System flowcharting 102. Accountants and auditors are less likely to use which of the following system documentation methods? A. Process maps B. System flowcharting C. Document flowcharting D. Data flow diagrams 103. When creating or reading a system flowchart, the triangle symbol represents a: A. File B. Direct access storage C. Manual input D. Document 104. When creating or reading a system flowchart, the diamond represents a(n): A. On-page connector B. Decision C. Data D. Process 105. When creating or reading a system flowchart, the rectangle represents a(n): A. Decision B. Off-page connector C. Document D. Process
106. The documenting system that shows the flow of documents and information among departments or units within an organization is called a: A. System Flowchart B. ER Diagram C. Document Flowchart D. Data Flow Diagram 107. This document system is used by systems professionals to show the logical design of a system. The advantage of the method is that it uses only four symbols. A. Data Flow Diagram B. ER Diagram C. System Flowchart D. Document Flowchart 108. This document system is used by systems professionals to show the logical design of a system. The advantage of the method is that it uses only four symbols. The symbol used to represent both sources and destinations of data is a(n): A. Rectangle with rounded corners B. Open-ended rectangle C. Arrow D. Rectangle with squared corners 109. This document system is used by systems professionals to show the logical design of a system. The advantage of the method is that it uses only four symbols. The symbol used to represent any task or function performed is a(n): A. Rectangle with rounded corners B. Open-ended rectangle C. Arrow D. Rectangle with squared corners 110. This document system is used by systems professionals to show the logical design of a system. The advantage of the method is that it uses only four symbols. The symbol used to represent a data store or the storage of data is a(n): A. Rectangle with rounded corners B. Open-ended rectangle C. Arrow D. Rectangle with squared corners 111. This document system is used by systems professionals to show the logical design of a system. The advantage of the method is that it uses only four symbols. The symbol used to represent the flow of data is a(n): A. Rectangle with rounded corners B. Open-ended rectangle C. Arrow D. Rectangle with squared corners
112. The document system is a pictorial representation of the logical structure of databases. It identifies the entities, the attributes of the entities, and the relationship between the entities. A. ER Diagram B. System Flowchart C. Entity Flowchart D. Process Map 113. When discussing entity relationship diagrams, this is considered to be a noun that represents items in the accounting system: A. Attribute B. Relationship C. Entity D. Flow 114. When discussing entity relationship diagrams, this is considered to be a characteristic of an entity. A. Attribute B. Flow C. Relationship D. Field 115. The rectangle used in an entity relationship diagram is used to represent a(n): A. Attribute B. Relationship C. Entity D. Process 116. The diamond used in an entity relationship diagram is used to represent a(n): A. Attribute B. Relationship C. Entity D. Decision 117. The oval used in an entity relationship diagram is used to represent a(n): A. Attribute B. Relationship C. Entity D. On-page Connector 118. The term that refers to how many instances of an entity relates to each instance of another entity is: A. Supervisor B. Symbol C. Relationship D. Cardinality
119. When an organization has this type of network, there are two types of computers networked together to accomplish the application processing: A. Point of sale B. Batch processing C. Client-server computing D. General-subsidiary computing 120. This type of client terminal can accomplish some of the processing tasks in a client-server computing network: A. Application terminal B. Smart terminal C. Subset terminal D. Presentation terminal 121. Characteristics of a client-server system include all of the following except: A. The client and the server are networked together. B. The client computer participates in either the processing or the data manipulation. C. Individual parts of processing are shared between the server and the client. D. The client normally stores the large database. 122. In this type of client-server computing, the client PC manipulates data for presentation but does not do any other significant processing. A. Application presentation B. Distributed presentation C. Distributed application D. ERP application 123. In this type of client-server computing, the client PC participates in application processing including the updates and changes to data that reside on the server. A. Subset application B. Distributed presentation C. Distributed application D. Real-time application 124. Which of the following statements, regarding ethical considerations in an accounting information system is false? A. The accounting information system is often the tool used to either commit or cover up unethical behavior. B. If there is only one person within the organization with responsibility for maintaining the computer systems, it is not difficult to detect instances of computer fraud. C. Fraud could be perpetrated and go undetected for a long time if the accounting information system is not carefully monitored. D. If accountants are well informed about the risks of unethical behavior, they will be better prepared to control those risks.
ANSWERS TO TEST BANK - CHAPTER 2: 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55.
C D A D B B A C B A B C D B B D A C A C A B D
56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78.
D B A A A B C D C A D B C B A D A C C D B D A
79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101.
B A C D C B C D B A D C A B A D C B A C A B D
102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124.
B A B D C A D A B C A C A C B A D C B D B C B
TEST BANK – CHAPTER 2 – END OF CHAPTER QUESTIONS: 125. Which of the following statements is not true? A. Accounting information systems must maintain both detail and summary information. B. Business processes may vary from company to company. C. Regardless of the extent of computerization, all accounting information systems must capture data from the transactions within business processes. D. Business processes categorized as expenditure processes are not intended to be processes that serve customers. 126. In a manual system, an adjusting entry would most likely be initially recorded in a: A. Special journal B. Subsidiary ledger C. General journal D. General ledger 127. Which of the following is not a disadvantage of maintaining legacy systems? A. There are fewer programmers available to support and maintain legacy systems. B. They contain invaluable historical data that may be difficult to integrate into newer systems. C. Hardware or hardware parts may be unavailable for legacy systems. D. It can be difficult to integrate various legacy systems into an integrated whole. 128. Which of the following is not an advantage of purchased accounting software, compared with software developed in-house? A. It is custom designed for that company. B. It is less costly. C. The implementation time is shorter. D. There are fewer bugs. 129. Which of the following is not a method of updating legacy systems? A. Enterprise application integration B. Backoffice ware C. Screen scraper D. Complete replacement 130. When categorizing the accounting software market, a company with revenue of $8 million would most likely purchase software from which segment? A. Small company B. Midmarket C. Beginning ERP D. Tier 1 ERP
131. An IT system that uses touch-screen cash registers as an input method is called: A. Electronic data interchange B. E-business C. Point-of-sale system D. Source documents and keying 132. When similar transactions are grouped together for a specified time for processing, it is called: A. Online processing B. Real-time processing C. Batch processing D. Group processing 133. Which of the following is not correct regarding the differences in the ways that real-time systems differ from batch systems? A. B. C. D.
Real-Time Systems
Must use direct access files. Processing occurs on demand. Processing choices are menu-driven. Supporting documents are prepared as items are processed.
Batch Systems
Can use simple sequential files. Processing must be scheduled. Processing is interactive. Supporting documents are prepared during scheduled runs.
134. In documenting systems, which pictorial method is described as a method that diagrams the actual flow and sequence of events? A. Systems flowchart B. Process map C. Data flow diagram D. Entity relationship diagram 135. (CMA Adapted) A company in Florida provides certified flight training programs for aspiring new pilots of small aircraft. Although awarding a pilot’s license requires one-on-one flight time, there is also much preparatory training conducted in classroom settings. The company needs to create a conceptual data model for its classroom training program, using an entity-relationship diagram. The company provided the following information: Floridian Flight, Inc. has 10 instructors who can teach up to 30 pilot trainees per class. The company offers 10 different courses, and each course may generate up to eight classes. Identify the entities that should be included in the entity-relationship diagram: A. Instructor, Floridian Flight Inc., Pilot Trainee B. Instructor, Floridian Flight Inc., Course, Enrollment, Class C. Floridian Flight Inc., Enrollment, Course, Class, Pilot Trainee D. Instructor, Course, Enrollment, Class, Pilot Trainee
136. In a client-server system, when the client PC manipulates data for presentation, but does not do any other significant processing, it is called: A. Distributed Presentation B. Distributed Application C. Distributed Database D. Distributed Processing ANSWERS TO END OF CHAPTER QUESTIONS 125-136 125. D 128. A 131. C 134. B 126. C 129. B 132. C 135. D 127. B 130. B 133. C 136. A TEST BANK – CHAPTER 2 – SHORT ANSWER QUESTIONS: 137. What is the relationship between business processes and the accounting information system? Answer: As the systematic steps are undertaken within a business processes, the corresponding data generated must be captured and recorded by the accounting information system. 138. Why is it sometimes necessary to change business processes when IT systems are applied to business processes? Answer: When IT systems are applied to business processes, some of the detailed transaction data may no longer be taken from paper-based source documents, and manual processing may no longer be needed to summarize and post that data. Accordingly, some of the related manual steps within the business process can be eliminated or changed. 139. Are manual systems and processes completely outdated? Answer: No, manual systems and business processes are not completely outdated. Manual records may still be involved in the business processes of even the largest and most sophisticated accounting information systems. 139. What is the purpose of source documents? Answer: Source documents capture the key data of a transaction, including date, purpose, entity, quantities, and dollar amounts. 140. What are some examples of turnaround documents that you have seen? Answer: An example of a turnaround document is a credit card statement, where the statement itself (as received in the mail by the credit card holder) represents the output of the accounting information system of the credit card company. When the credit card holder returns the top portion of the statement with his or her payment, it then becomes an input to the company’s cash collection process.
141. Why would the training of employees be an impediment to updating legacy systems? Answer: One of the advantages of legacy systems is that they are well supported and understood by existing personnel who are already trained to use the system. Since those legacy systems are not generally based on user-friendly interfaces and they tend to be use software written in older computer languages, there is likely to be a significant investment of time and human resources required to maintain the system. In addition, legacy systems are often difficult to modify. Employees may be reluctant to forego their investment or to commit additional time in support of an updated system that becomes more challenging to maintain. 1. 142. Why is it true that the accounting software in and of itself is not the entire accounting information system? Answer: The accounting software is not the entire accounting information system; rather, it is a tool that supports the organization’s unique business processes. The software must often be customized to meet the needs of the organization and to integrate well with the manner in which transactions are processed. The human resources and/or manual records and documents that are part of the business processes are also an integral part of the accounting information system. 143. How is integration across business processes different between legacy systems and modern, integrated systems? Answer: Integration across business processes within a legacy system is extremely challenging and costly, as those systems are usually not based on user-friendly interfaces that are difficult to modify. It is also difficult to find programmers to perform such tasks. The result is that organizations which integrate business processes between legacy systems typically must resort to enhancements to their existing software or bridging their existing software to new systems or interfaces. On the other hand, modern, integrated systems are based on a single software system that integrates many or all of the business processes within the organization, thus eliminating the coordination and updating efforts required by the older systems. 144. Why do you think there are different market segments for accounting software? Answer: There are different market segments for accounting software to support the different needs of organizations depending on their size and the complexities of their business processes. 145. How would accounting software requirements for large corporations differ from requirements for small companies? Answer: Larger companies tend to need more power and functionality from their software systems because of their size and the complexities of their business processes. This may especially be true of large, multinational corporations which need to integrate business processes located all around the globe. Small companies are not likely to need such extensive power and functionality from their systems.
146. What are some of the differences between ERP systems and accounting software for small companies? Answer: ERP systems are multimodule software systems designed to manage all aspects of an enterprise. The modules (financials, sales, purchasing, inventory management, manufacturing, and human resource) are based on a relational database system that provides extensive set-up options to facilitate customization to specific business needs. Thus, the modules work together to provide a consistent user interface. These systems are also extremely powerful and flexible. Many of the software systems in the small and mid market categories are not true ERP systems with fully integrated modules; however, these systems assimilate many of the features of ERP systems. 147. Why would accounting software development companies be interested in expanding their software products into other market segments? Answer: Software development companies and software vendors often attempt to increase the appeal of their software products to more than one market segment when the features of their products may fit the needs of different sized organizations. In addition, there is a trend toward increasing the functionality of existing systems to offer increased flexibility and functionality to meet such diverse needs. Since business organizations make considerable investments in the software products that comprise their accounting information systems, it is not surprising that there is much competition among the companies that provide these systems. 148. Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data? Answer: Manual input of data is still important to understand in today’s accounting environment. Many business organizations still use some manual processes for reading source documents and keying the relevant information into the accounting information system. Even high-tech point of sale systems require manual processes to input the accounting data contained on bar codes. 149. What are the advantages to using some form of IT systems for input, rather than manual input? Answer: Using IT systems for input has the advantages of reducing the time, cost, and errors that tend to occur with manual data input. 150. Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system? Answer: With manual input, human efforts are required to write on the source documents and to manually key in the data. Errors tend to occur with such a system. On the other hand, the manual steps of writing and keying are eliminated when using a bar code system, thus reducing the likelihood of error. 151. In general, what types of transactions are well suited to batch processing? Answer: Batch processing is best suited to applications having large volumes of similar transactions that can be processed at regular intervals, such as payroll.
152. Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing? Answer: By necessity, batch systems involve a time lag while all transactions in the batch are collected. This means that available information in files will not always be current, as it would be in real-time systems. Therefore, when constantly up-to-date information is needed by users on a timely basis, batch processing is likely to be unsuitable for transaction processing. 153. How would real-time processing provide a benefit to managers overseeing business processes? Answer: Real-time processing is beneficial for business managers because it provides for system checks for input errors. Therefore, errors can be corrected immediately, thus increasing the quality of the information for which the manager is held accountable. In addition, real-time systems enhance the efficiency of information availability. 154. How do internal reports differ from external reports? Answer: Although internal and external reports are both forms of output from an accounting information system, they have different purposes. Internal reports provide feedback to managers to assist them in running the business processes under their control. On the other hand, external reports (such as the financial statements) are used by external parties to provide information about the business organization. 155. What are some examples of outputs generated for trading partners? Answer: Invoices and account statements are examples of outputs generated for customers; whereas checks and remittance advices are examples of outputs sent to vendors. 156. Why might it be important to have internal documents produced as an output of the accounting information system? Answer: It is important to produce internal documents as an output of an accounting information system because internal documents provide feedback needed by managers assist them in running the business processes under their control. These internal documents can be customized to allow a manger to “drill down” into the details of the process being managed. 157. How does documenting a system through a pictorial representation offer benefits? Answer: A pictorial representation of an accounting information system is beneficial because it provides a concise and complete way for accountants to analyze and understand the procedures, processes, and the underlying systems that capture and record the accounting data. 158. How does client-server computing divide the processing load between the client and server? Answer: In client-server computing, the processing load is assigned to either the server or the client on the basis of which one can handle each task most efficiently. The server is more efficient in managing large databases, extracting data from databases, and running high-volume transaction processing software applications. The client is more efficient at manipulating subsets of data and presenting data to users in a user-friendly, graphical-interface environment. 159. Why do you think the client computer may be a better computer platform for presentation of data? Answer: The client computer is better for presentation of data because it manipulates subsets of data without being bogged down by the processing load of the entire data set. In addition, the client computer maintains presentation software in a user-friendly format for reporting purposes.
TEST BANK – CHAPTER 2 – SHORT ESSAY: 160. Think about your most recent appointment at the dentist’s office. Describe the business process that affected you as the patient/customer. In addition, describe the administrative and accounting processes that are likely to support this business. Answer: As a patient, you would experience the revenue processes as you receive services from the hygienist and dentist. You would also be affected by the billing and collections processes when you receive an invoice for services rendered and submit payment for those services. The dental office would need to have specific steps in place for recording the services provided to each patient so that they can be properly billed and reported. These steps may be very detailed, especially in instances where patient fees must be allocated between dental insurance companies and the patients themselves. There would also need to processes in place for purchasing, as a dentist’s office is expected to make regular purchases of supplies as well as to handle the other operating costs of the business. Payroll processes would also be needed to account for the time and pay of each employee in the dentist’s office, and fixed asset processes would be needed to support the investments in and depreciation of office furniture and equipment, fixtures, and dental equipment. Finally, it is possible that the business may have administrative processes in place to handle investment, borrowing, and capital transactions. Once these transactions are recorded, the business must have processes in place to post the related data to the general ledger and summarize it in a manner that facilitates the preparation of financial statements and other accounting reports. 161. Describe the purpose of each of the following parts of a manual system: a. source document b. turnaround document c. general ledger d. general journal e. special journal f. subsidiary ledger Answer: a. source document – captures the key data of a transaction, including the date, purpose, entity, quantities, and dollar amounts. b. turnaround document – provides a connection between different parts of the accounting system by serving as the output of one system and the input to another system in a subsequent transaction. c. general ledger – provides details for the entire set of accounts used in the organization’s accounting systems. d. general journal – captures the original transactions for non routine transactions, adjusting entries, and closing entries. e. special journal – captures original transactions for routine transactions such as sales, purchased, payroll, cash receipts, and cash disbursements. f. subsidiary ledger – maintains detailed information regarding routine transactions, with an account established for each entity.
162. Consider the accounting information system in place at an organization where you have worked. Do you think that it was a manual system, legacy system, or an integrated IT system? Describe one or two characteristics of that accounting information system that lead you to your conclusion. Answer: Student responses are likely to vary greatly, as they may refer to any work experience. Characteristics of manual systems may include paper-based documents and records, and manual processes performed by humans. Characteristics of legacy systems may include older technology including a mainframe computer and the use of software languages such as COBOL, RPG, Basic, and PL1. Characteristics of an integrated IT system include powerful, technologically advanced computer systems with Internet interfaces. They are typically marked by efficiencies in terms of limited paperwork and user-friendly interfaces. 163. Suppose that a company wants to upgrade its legacy system, but cannot afford to completely replace it. Describe two approaches that can be used. Answer: One approach to updating a legacy system is to use screen scrapers, or frontware, which add modern, user-friendly screen interfaces to an existing system. Another approach is to bridge the legacy system to new hardware and software using enterprise application integration, or EAI. 164. Consider the real world example of Hobie Cat Company presented in this chapter. a. Use Exhibits 2-2 and 2-3 to help you determine the approximate range of Hobie Cat’s annual revenues. b. What are the advantages Hobie Cat likely realized as a result of having real-time data available? Answer: a. Since Hobie Cat’s ERP system falls in the Mid market segment, the company’s revenues must be between $250,000 and $10 million. b. The advantages to real-time data processing include: • reduced errors, since the system checks for input errors and corrects any errors immediately • more timely information • constantly up-to-date data files • integrated business processes into a single database so that a single system can be achieved.
165. Using IT systems to input accounting data can reduce costs, time, and errors. Give an example showing how you think IT systems can lead to these reductions (cost, time, and errors). Answer: Student responses may vary. The responses below apply to the savings a company would be expected to realize upon implementation of a bar code system as a method of inputting data. Using IT systems to input data can help reduce costs, such as when bar code systems at a selfcheckout line eliminate the human resource costs of using a checkout clerk. Using IT systems to input data can help save time, such as when bar code systems at a checkout line can reduce the checkout time to a fraction of the time required to manually record the transaction. This is because it eliminates the manual processes involved in writing data on a source document and later keying the data into the software system. Using IT systems to input data can help reduce errors, such as when bar code systems eliminate the duplicate manual processes involved in writing data on a source document and later keying the data into the software system. 166. Identify whether the following reports would be categorized as trading partner documents, internal documents, internal reports, or external reports: a. daily cash receipts listing b. accounts receivable aging c. wire transfer of funds to a vendor d. customer price list e. general ledger f. statement of cash flows g. sales invoice h. production schedule i. customer address list j. payroll journal Answer: a. daily cash receipts listing – internal document b. accounts receivable aging – internal report c. wire transfer of funds to a vendor – trading partner document d. customer price list – trading partner document e. general ledger – internal report f. statement of cash flows – external report g. sales invoice – trading partner document h. production schedule – internal document i. customer address list – internal document j. payroll journal – internal report
167. Which type of accounting information system reports would likely be prepared most frequently by financial accountants? By managerial accountants? Answer: Financial accounts are most likely to prepare external reports (such as financial statements and other reports provided to external users of the company’s accounting information); whereas managerial accountants are most likely to prepare internal reports (such as journals and other reports that provide feedback to managers about their areas of responsibility). 168. Identify which of the cardinal relationships apply, from the following: a. component part — product b. customer – product c. employee ID badge – employee d. employee – supervisor e. vendor -- check Answer: a. component part – product One to many b. customer – product Many to many c. employee ID badge – employee One to one d. employee – supervisor One to many e. vendor – check One to many 169. Differentiate distributed presentation computing and distributed applications computing. Which of these forms of client server computing is most likely to be used by the sales clerks at a regional sales office for a large retail organization? Answer: Distributed presentation computing involves a client PC’s manipulation of a subset of data for purposes of presentation. It uses spreadsheet, graphing software, mapping software, or other presentation software for this purpose. Distributed applications computing involves the client PC’s participation in application processing, including the updating or changing of data that resides on the server. Distributed applications computing is most likely to be used by sales clerks in a regional sales office to process the sales data from the various retail locations. TEST BANK – CHAPTER 2 – PROBLEMS: 170. Suppose that a large company is considering replacing a legacy system that is nearing obsolescence. Describe any aspects of this decision that the company should consider. Answer: When considering whether or not to replace a legacy system, a company should conduct a costbenefit analysis. A business organization may decide to maintain a legacy system if it determines that the replacement costs would be too high. In such cases, the organization would likely place strong emphasis on the advantages of its legacy system, including its degree of customization and the extent of historical data that it contains which would be difficult to integrate into a new system. On the other hand, if the organization decided to replace its legacy system, it is likely that its reasons included such things as difficulty in supporting the older hardware, software, and programming language of its legacy system, difficulty in integrating the legacy system with newer business applications, and lack of user-friendly interfaces and supporting documentation from the legacy system.
171. Visit the campus bookstore at your university. From what you see happening at the bookstore, try to draw a process map of how the processes at that store serve students, the customers. Answer: Refer to the separate Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls 172. Look at Exhibit 2-3 and pick one accounting software product from the midmarket segment and one software product from the tier 1 ERP segment. Using those brand names of software, search the Internet for information about those products. Based on your investigation, what are the differences between the two software products you chose? (Hint: To begin your search, you might try examining the following web sites. www.accounting-software 411.com , www.findaccountingsoftware.com, and www.2020software.com) Answer: Student responses are likely to vary greatly, depending upon the software brands selected. However, the modules within the midmarket products may not be fully integrated or may be less complex than the tier 1 ERP systems. 173. Using an Internet search engine, search for the term “RFID.” From the results you find, describe how RFID will be used as an input method. Answer: RFID stands for radio-frequency identification. RFID technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. RFID is used as an input method whereby the tags can be instantly read and recorded by using antennae or battery-operated transmitters and radio waves. 174. Using an Internet search engine, search for the terms “client-server” and “scalable.” From the results you find, explain why client-server systems are scalable. Answer: Scalable systems have the ability to handle growth or increased capabilities. Thus, client-server systems are deemed to be scalable because of the manner in which tasks are divided. Since client PCs normally accomplish local processing tasks, additional client PCs could be added to the network to handle new or growing subsets of data from the server.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 3: Fraud, Ethics, and Internal Control TEST BANK – CHAPTER 3 – TRUE / FALSE 1. When management does not act ethically, fraud is more likely to occur. 2. In the Phar-Mor fraud case, management did not write or adopt a code of ethics. 3. Maintaining high ethics can help prevent fraud but will not help to detect fraud. 4. Due to management’s responsibility to monitor operations by examining reports that summarize the results of operations, it is necessary that the system provide timely and accurate information. 5. In order to fulfill the obligations of stewardship and reporting, management has to create a code of ethics. 6. In most cases, a fraud will include altering accounting records to conceal the fact that a theft has occurred. 7. According to the 2004 Report to the Nation by the Association of Certified Fraud Examiners, the estimate of losses due to fraud would total approximately $2,800 per employee. 8. The most common method for detecting occupational fraud is a tip – from an employee, a customer, vendor, or anonymous source. 9. Defalcation and internal theft are names that refer to the misstatement of financial records. 10. The three conditions that make up the fraud triangle are theft, concealment, and conversion. 11. A good set of internal controls may not be as effective in reducing the chance of management fraud as it would be in reducing the change of fraud committed by an employee. 12. The most effective measure to prevent management fraud is to establish a professional internal audit staff that periodically checks up on management and reports directly to the audit committee of the board of directors. 13. Collusion between employees is one of the easiest frauds to detect and prevent. 14. Collusion can make it much easier to commit and conceal a fraud or theft, even when proper internal controls are in place. 15. Customer fraud is a common problem for companies that sell merchandise online.
16. Collusion can occur only when two employees who work for the same firm conspire to circumvent the internal controls to commit fraud or theft. 17. A vendor audit occurs when a vendor examines the books and records of a customer. 18. Industrial espionage can occur with or without the use of a computer. 19. It is necessary to use a computer to accomplish software piracy. 20. A hacker is someone who has gained unauthorized access to the computer and must be someone outside the organization. 21. If an organization has the policy of allowing employees to work from home via telecommunications, they could be opening themselves up to an opportunity for a hacker to break-in to their network. 22. E-mail spoofing is more of an irritation to an organization that a fraud threat. 23. In order for a code of ethics to reduce opportunities for managers and employees to commit fraud, it is necessary that management emphasizes this code. Punishment related to violations of the code are not necessary. 24. It is not always possible to avoid all mistakes and frauds because there will always be human error, human nature, and it is not always cost-effective to close all the holes. 25. The risk assessment is the foundation for all other components of internal control and provides the discipline and structure of all other components. 26. Companies that reward management with incentives to achieve a growth in earnings is running the risk that management will also have more motivation and pressure to falsify the financial statements to show the higher amounts. 27. The tone at the top of the organization tends to flow through the entire organization and affects behavior at all levels. 28. A poor control environment can be overcome if the remaining components of internal control are strong. 29. The difference between a general authorization and a specific authorization is that with a general authorization, a transaction is allowed if it falls within specified parameters, whereas with a specific authorization, explicit authorization is needed for that singe transaction to be completed. 30. When safeguarding assets, there is no trade-off between access and efficiency. 31. Independent checks can serve as a preventive control in that they uncover problems in the data or the processing.
32. Feedback needed by management to assess, manage, and control the efficiency and effectiveness of the operations of an organization relates to both financial and operational information. 33. A sophisticated accounting system will provide the necessary accurate and effective feedback needed by management to assess, manage and control the operations of an organization. 34. Auditing, a monitoring activity, takes place only on a periodic basis. 35. It is not possible to have an internal control system that will provide absolute assurance. 36. Computer systems increase the efficiency and effectiveness of an organization but also increases their vulnerability. 37. The risks related to computerized systems are adequately covered by the COSO internal control report. 38. The acronym COBIT stands for Control Objectives for Information Technology, an extensive framework of information technology controls developed by Information Systems Audit and Control Association. 39. The AICPA and the Canadian Institute of Chartered Accountants worked together to develop IT guidelines, commonly referred to as COBIT. 40. The risk related to confidentiality category of Trust Principles is that confidential information about the company or its business partners may be subject to unauthorized access during its transmission or storage in the IT system. ANSWERS TO TEST BANK - CHAPTER 3 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8.
T F F T F T F T
9. 10. 11. 12. 13. 14. 15. 16.
F F T T F T T F
17. 18. 19. 20. 21. 22. 23. 24.
F T T F T T F T
25. 26. 27. 28. 29. 30. 31. 32.
F T T F T F F T
33. 34. 35. 36. 37. 38. 39. 40.
F F T T F T F T
TEST BANK – CHAPTER 3 – MULTIPLE CHOICE 41. The chance for fraud or ethical lapses will not be reduced if management: A. Emphasizes ethical behavior. B. Models ethical behavior. C. Hires ethical employees. D. Is unethical. 42. The Phar-Mor fraud began when management: A. Forgot to change the budgeted figures that had been incorrectly computed. B. Attempted to make the actual net income match the budgeted amounts. C. Overstated their expenses to cover amounts embezzled from the company. D. Understated the revenue in order to reduce the tax payable to the IRS. 43. Each of the following companies was involved in fraudulent financial reporting during 2001 and 2002, except: A. Adelphia Communications Corporation. B. Microsoft Corporation. C. Enron Corporation. D. Xerox Corporation. 44. In addition to ethical practices, management has an obligation to maintain a set of processes and procedures to assure accurate financial reporting and protection of company assets. This obligation arises because: A. Many groups have expectations of management. B. Management has a stewardship obligation to investors. C. Management has an obligation to provide accurate reports to non-investors. D. All of the above are reasons for the obligation. 45. The careful and responsible oversight and use of the assets entrusted to management is referred to as: A. Ethics. B. Internal Control. C. Stewardship. D. Confidentiality. 46. A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations is: A. COSO’s definition of internal control. B. AICPA’s definition of stewardship. C. ACFE’s definition of confidentiality. D. IMA’s definition of competency.
47. If an organization’s IT systems are not properly controlled, they may become exposed to the risks of: A. Unauthorized access. B. Erroneous processing. C. Service interruption. D. All of the above. 48. A set of documented guidelines for moral and ethical behavior within an organization is termed a(n): A. Accounting Information System. B. Code of Ethics. C. Internal Control. D. Sarbannes-Oxley. 49. Which individual or group has the responsibility to establish, enforce, and exemplify the principles of ethical conduct within an organization? A. Board of Directors B. Securities and Exchange Commission C. Management D. Audit Committee 50. The theft, concealment, and conversion of personal gain of another’s money, physical assets, or information is termed: A. Defalcation. B. Skimming. C. Larceny. D. Fraud. 51. An example of concealment would include: A. Changing the payee on a check improperly paid by the organization. B. Selling a piece of inventory that has been stolen. C. Stealing money from an organization before the related sale and cash receipt has been recorded. D. All of the above are examples of concealment. 52. Changing the accounting records to hide the existence of a fraud is termed: A. Theft. B. Conversion. C. Collusion. D. Concealment. 53. The definition of fraud includes the theft of: A. Assets. B. Money. C. Information. D. All of the above.
54. The theft of any item of value is referred to as: A. Fraudulent financial reporting. B. Misappropriation of assets. C. Misstatement of financial records. D. Earnings management. 55. Financial pressures, market pressures, job-related failures, and addictive behaviors are all examples of which condition of the Fraud Triangle? A. Opportunity B. Conversion C. Incentive D. Rationalization 56. Circumstances that provide access to the assets or records that are the objects of the fraudulent activity describes which condition of the Fraud Triangle? A. Rationalization B. Incentive C. Concealment D. Opportunity 57. Fraudsters typically try to justify their behavior by telling themselves that they intend to repay the amount stolen or that they believe the organization owes them the amount stolen. This justification is referred to as: A. Opportunity. B. Rationalization. C. Incentive. D. Concealment. 58. According to the authors of this textbook, which of the following is not one of general categories of people who commit fraud? A. Employees B. Government Agencies C. Customers D. Management 59. The falsification of accounting reports is referred to as: A. Defalcation. B. Internal Theft. C. Misappropriation of Assets. D. Earnings Management. 60. Management fraud may involve: A. Overstating expenses. B. Understating assets. C. Overstating revenues. D. Overstating liabilities.
61. Management misstatement of financial statements often occurs in order to receive indirect benefits such as: A. Decreased income taxes. B. Delayed cash flows. C. Increased stock prices. D. Increased dividends. 62. Management circumvention of systems or internal controls that are in place is termed: A. Management override. B. Management collusion. C. Management stewardship. D. Management manipulations. 63. The theft of assets by a non-management employee is termed: A. Inventory theft. B. Employee fraud. C. Expense account fraud. D. Skimming. 64. A situation where the organization’s cash is stolen before it is entered in the accounting records is termed: A. Kickback. B. Larceny. C. Collusion. D. Skimming. 65. A situation where the organization’s cash is stolen after it is entered in the accounting records is termed: A. Kickback. B. Larceny. C. Collusion. D. Skimming. 66. A cash payment made by a vendor to an organization’s employee in exchange for a sale to the organization by the vendor is termed: A. Bribery. B. Collusion. C. Kickback. D. Payment Fraud. 67. When two or more people work together to commit a fraud, it is called: A. Collusion. B. Larceny. C. Skimming. D. Override.
68. Jamie Stark, a sales employee, stole merchandise from her employer and Frank Adams, the accounting clerk, covered it up by altering the inventory records. This is an example of: A. Inventory theft. B. Financial journal fraud. C. Skimming. D. Collusion. 69. When a customer improperly obtains cash or property from a company, or avoids liability through deception, it is termed: A. Check fraud. B. Customer fraud. C. Credit card fraud. D. Refund fraud. 70. Which of the following would be considered a vendor fraud? A. The submission of duplicate or incorrect invoices. B. A customer tries to return stolen goods to collect a cash refund. C. The use of stolen or fraudulent credit cards. D. Inflating hours worked. 71. The theft of proprietary company information is called: A. Vendor fraud. B. Customer fraud. C. Espionage. D. Management fraud. 72. Which of the following is a characteristic of computer fraud? A. A computer is used in some cases to conduct a fraud more quickly and efficiently. B. Computer fraud can be conducted by employees within the organization. C. Computer fraud can be conducted by users outside an organization. D. All of the above are characteristics 73. A fraudster uses this to alter a program to slice a small amount from several accounts, crediting those small amounts to the perpetrator’s benefit. A. Trap door alteration B. Salami technique C. Trojan horse program D. Input manipulation 74. A small, unauthorized program within a larger legitimate program, used to manipulate the computer system to conduct a fraud is referred to as a(n): A. Trap door alteration. B. Salami technique. C. Trojan horse program. D. Input manipulation.
75. When a person alters a system’s checks or reports to commit fraud it is referred to as: A. Input manipulation. B. Output manipulation. C. Program manipulation. D. Collusion. 76. This type of external computer fraud is intended to overwhelm an intended target computer system with so much bogus network traffic so that the system is unable to respond to valid traffic. A. DoS Attack B. Hacking C. Spoofing D. Phishing 77. When a person, using a computer system, pretends to be someone else, it is termed: A. DoS Attack. B. Hacking. C. Spoofing. D. Phishing. 78. Which of the following is not one of the three critical actions that a company can undertake to assist with fraud prevention and fraud detection? A. Maintain and enforce a cost of ethics. B. Maintain an accounting information system. C. Maintain a system of accounting internal controls. D. Maintain a system of information technology controls. 79. The Sarbanes-Oxley act was passed in 2002 as a Congress’s response to the many situations of fraudulent financial reporting discovered during 2001. The intention of the Act was: A. Police the accounting firms responsible for auditing the corporations. B. Punish the companies that had been involved in the cases of fraudulent financial reporting. C. Establish accounting standards that all companies are to follow. D. Reform accounting, financial reporting, and auditing functions of companies that are publicly traded. 80. The types of concepts commonly found in a code of ethics would not include: A. Obeying applicable laws and regulations that govern business. B. Avoiding all conflicts of interest. C. Operating at a profit in all reporting periods. D. Creating and maintaining a safe work environment. 81. The objectives of an internal control system include all of the following except: A. Maintain ongoing education. B. Safeguard assets. C. Maintain accuracy and integrity of accounting data. D. Ensure compliance with management directives.
82. The authors presented their “picture” of internal control as a series of umbrellas which represent different types of controls. Which of the following is not one of those types of controls? A. Prevention B. Investigation C. Detection D. Correction 83. This type of control is designed to avoid errors, fraud, or events not authorized by management. A. Prevention B. Judicial C. Detection D. Correction 84. This type of control is included in the internal control system because it is not always possible to prevent all frauds. They help employees to discover or uncover errors, fraud, or unauthorized events. A. Investigation B. Judicial C. Detection D. Correction 85. The accounting profession has accepted this report as the standard definition and description of internal control. A. Sarbanes-Oxley Report B. FCPA Report C. ERI Report D. COSO Report 86. According to the COSO report, there are five different interrelated components of internal control. Which of the following is not one of those five components? A. Code of Ethics B. Control Environment C. Information and Communication D. Monitoring 87. The component of internal control, identified in the COSO report, that sets the tome of an organization and includes the consciousness of its employees is: A. Risk Assessment. B. Control Activities. C. Control Environment. D. Information and Communication.
88. The control environment component of internal control was identified to have a number of different factors. Which of the following is not one of those factors? A. Management’s philosophy and operating style B. The identification of sources of risk C. The integrity, ethical values, and competence of the entity’s people D. The attention and direction provided by the board of directors 89. One of the components of internal control identified by COSO required that management must be considering threats and the potential for risks, and stand ready to respond should these events occur. This component is referred to as: A. Control Environment. B. Control Activities. C. Risk Assessment. D. Communication. 90. The process of risk assessment would include all of the following actions, except: A. Identify sources of risk. B. Determine the impacts of identified risks. C. Estimate the chance of such risks occurring. D. Report the risks to the audit committee. 91. The COSO report identified a component of internal control as the policies and procedures that help ensure that management directives are carried out and that management directives are achieved The component is: A. Control activities. B. Risk assessment. C. Monitoring. D. Information and communication. 92. The range of activities that make up the component of internal control referred to as control activities includes each of the following, except: A. Segregation of duties. B. Risk assessment. C. Independent checks and reconciliations. D. Authorization of transactions. 93. The approval or endorsement from a responsible person or department of an organization that has been sanctioned by top management is the process of: A. Securing assets. B. Segregating duties. C. Authorizing transactions. D. Adequate recording.
94. The category of control activities referred to as segregation of duties requires that certain activities should be the responsibility of different person or department. The three duties that are to be separated are: A. Authorizing, recording, and paying. B. Recording, custody, and disposition. C. Authorizing, paying, and custody. D. Authorizing, recording, and custody. 95. If an accounting supervisor were allowed to hire employees, approve the hours worked, prepare the paychecks, and deliver the paychecks, which of the categories of control activities would be violated? A. Adequate records B. Segregation of duties C. Authorization of transactions D. Independent checks 96. A good system of internal control includes many types of documentation. Which of the following types of documentation is not part of the adequate records and documents category of internal control? A. Schedules and analyses of financial information B. Supporting document for all significant transactions C. Accounting cycle reports D. All of the following are types of documentation 97. The existence of verifiable information about the accuracy of accounting records is called a(n): A. Audit trail. B. Internal control. C. Risk assessment. D. Supporting documentation. 98. When discussing the security of assets and documents, there are many actions that can be taken. Which of the following would not be related to this category of internal control? A. Securing the assets and records so that they are not misused or stolen. B. Limiting access to certain assets to the extent that is practical. C. Identifying sources of risk and estimating the possibility of that risk. D. Enacting physical safeguards, such as security cameras, to protect some assets. 99. Independent checks on the performance of others is one of the categories of internal control. These independent checks would include all of the following, except: A. Reviewing batch totals. B. Reconciliation. C. Comparison of physical assets with records. D. Use of appropriate ID to enter restricted areas.
100. Which of the following objectives were not identified as necessary to be provided by an effective accounting system? A. Prepare the appropriate documents B. Identify all relevant financial events C. Capture the important data D. Proper recording and processing of the data 101. The ongoing review and evaluation of a system of internal control is referred to as: A. Risk assessment. B. Monitoring. C. Segregating. D. Communication. 102. This level of assurance means that controls achieve a sensible balance of reducing risk when compared with the cost of the control. A. Absolute assurance B. Probable assurance C. Reasonable assurance D. Convincing assurance 103. Factors that limit the effectiveness of internal controls include all of the following except: A. Flawed judgment applied in decision making. B. Human error. C. Controls can be circumvented or ignored. D. All of the above are factors that limit the effectiveness of internal controls. 104. In order to have the segregation of duties recommended by COSO, it would be necessary for a small organization to hire two additional individuals. At this time, there is not enough work for the one office employee to stay busy. The reason for not hiring the additional people would have to do with: A. Human error. B. Cost versus benefit. C. Collusion. D. Authorization. 105. In response to the need for internal controls above and beyond what was described by COSO, the Information Systems Audit and Control Association developed an extensive framework of IT controls entitled: A. Trust Principles. B. Control Objectives for Information Technology (COBIT). C. Control Instrument for Certified Accountants (CICA). D. American Internal Control Practice Association (AICPA).
106. The Trust Principles document divided the risks and controls in IT into five categories. Which of the following is not one of those categories? A. Certification B. Security C. Processing Integrity D. Confidentiality 107. The main risk related to this category of Trust Principles is unauthorized access. A. Online privacy B. Confidentiality C. Processing integrity D. Security 108. The risk related to this category of Trust Principles could be inaccurate, incomplete, or improperly authorized information. A. Online privacy B. Confidentiality C. Processing integrity D. Security 109. The risk related to this category of Trust Principles is that personal information about customers may be used inappropriately or accessed by those either inside or outside the company. A. Confidentiality B. Online privacy C. Security D. Availability 110. The risk related to this category of Trust Principles is system or subsystem failure due to hardware or software problems. A. Availability B. Security C. Integrity D. Confidentiality
ANSWERS TO TEST BANK - CHAPTER 3 - MULTIPLE CHOICE: 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54.
D B B D C A D B C D A D D B
55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68.
C D B B D C C A B D B C A D
69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82.
B A C D B C B A C B D C A B
83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96.
A C D A C B C D A B C D B D
97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110.
A C D A B C D B B A D C B A
TEXTBOOK – CHAPTER 3 – END OF CHAPTER QUESTIONS 111. The careful and responsible oversight and use of the assets entrusted to management is called: A. Control environment. B. Stewardship. C. Preventive control. D. Security. 112. Which of the following is not a condition in the fraud triangle? A. Rationalization B. Incentive C. Conversion D. Opportunity 113. There are many possible indirect benefits to management when management fraud occurs. Which of the following in not an indirect benefit of management fraud? A. Delayed exercise of stock options. B. Delayed cash flow problems. C. Enhanced promotion opportunities. D. Increased incentive-based compensation. 114. Which of the following is not an example of employee fraud? A. Skimming B. Larceny C. Kickbacks D. Earnings management
115. Which of the following is not a common form of employee fraud? A. Inventory theft B. Expense account fraud C. Payroll fraud D. Refund fraud 116. Segregation of duties is a fundamental concept in an effective system of internal controls. Nevertheless, the effectiveness of this control can be compromised through which situation? A. A lack of employee training B. Collusion among employees C. Irregular employee reviews D. The absence of an internal audit function 117. The most difficult type of misstatement to discover is fraud that is concealed by: A. Over-recording the transactions. B. Nonrecorded transactions. C. Recording the transactions in subsidiary records. D. Related parties. 118. The review of amounts charged to the company from a seller that is purchased from is called a: A. Vendor audit. B. Seller review. C. Collusion. D. Customer review. 119. Which of the following is generally an external computer fraud, rather than an internal computer fraud? A. Spoofing B. Input manipulation C. Program manipulation D. Output manipulation 120. Which control activity is intended to serve as a method to confirm the accuracy or completeness of data in the accounting system? A. Authorization B. Segregation of duties C. Security of assets D. Independent checks and reconciliations 121. COSO describes five components of internal control. Which of the following terms is best described as “policies and procedures that help ensure management directives are carried out and management objectives are achieved”? A. Risk assessment B. Information and communication C. Control activities D. Control environment
122. Proper segregation of functional responsibilities calls for separation of the functions of: A. Authorization, execution, and payment. B. Authorization, recording, and custody. C. Custody, execution, and reporting. D. Authorization, payment, and recording. 123. AICPA Trust Principles identify five categories of risks and controls. Which category is best described by the statement, “Information process could be inaccurate, incomplete, or not properly authorized”? A. Security B. Availability C. Processing integrity D. Confidentiality 124. A company’s cash custody function should be separated from the related cash recordkeeping function in order to: A. Physically safeguard the cash. B. Establish accountability for the cash. C. Prevent the payment of cash disbursements from cash receipts. D. Minimize opportunities for misappropriations of cash. ANSWERS TO TEXTBOOK – CHAPTER 13 – END OF CHAPTER QUESTIONS 111. B 112. C 113. A
114. D 115. D 116. B
117. B 118. A 119. A
120. D 121. C 122. B
123. C 124. D
TEXTBOOK – CHAPTER 3 – SHORT ANSWER QUESTIONS 125. Management is held accountable to various parties, both internal and external to the business organization. To whom does management have a stewardship obligation and to whom does it have reporting responsibilities? Answer: Management has a stewardship obligation to the shareholders, investors, and creditors of the company, i.e., any parties who have provided funds or invested in the company. Management has a reporting responsibility to business organizations and governmental units with whom the company interacts. 126. If an employee made a mistake that resulted in a loss of company funds and misstated financial reports, would the employee be guilty of fraud? Discuss. Answer: No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is no theft or concealment, so fraud does not exist.
127. Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss. Answer: Student responses may vary. Those agreeing that it is possible may refer to the fraud triangle and note that the incentive may be job-related (such as opportunities to produce enhanced financial statements, which may increase the company’s stock price, increase compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization may involve plans to make restitution. On the other hand, some students may reject the notion that management fraud could be in a company’s best interest, as it puts the company at great risk. Hen frauds are discovered, they are often devastating as a result of the financial restatements and loss of trust. 128. Distinguish between internal and external sources of computer fraud. Answer: Employees are the source of internal computer fraud. When employees misuse the computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is known as internal computer fraud. On the other hand, external sources of computer fraud are people outside the company or employees of the company who conduct computer network breakins. When an unauthorized party gains access to the computer system to conduct hacking or spoofing, this is known as external computer fraud. 129. Identify and explain the three types of internal source computer fraud. Answer: The three types of internal source computer fraud are input manipulation, program manipulation, and output manipulation. Input manipulation involves altering data that is input into the computer. Program manipulation involves altering a computer program through the use of a salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves altering reports or other documents generated from the computer system. 130. Describe three popular program manipulation techniques. Answer: The salami technique accomplishes a fraud by altering small “slices” of computer information. These slices of fraud are difficult to detect because they are so small, but they may accumulate to a considerable amount if they are carried out consistently across many accounts. This is often accomplished by rounding or applying minor adjustments. The perpetrator typically steals the amounts represented by these slices or uses them to his or her benefit. A Trojan horse program is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud. For example, a customer account may be automatically written off upon the processing of a new batch of transactions. A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud. Trap doors are unique hidden entrances to computer programs that are written into the software applications to provide a manner of testing the systems. Although they should be removed prior to implementation, they may remain to provide a tool for misusing the system to perpetrating fraud.
131. Distinguish between Internet spoofing and e-mail spoofing. Answer: Internet spoofing involves a person working through the Internet to access a computer network while pretending to be a trusted source. The packet of data containing the Internet protocol (IP) address contains malicious data such as viruses or programs that capture passwords and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to scam the recipients. 132. What are the objectives of a system of internal control? Answer: The objectives of an internal control system are as follows: • To safeguard assets from fraud or errors • To maintain accuracy and integrity of accounting data • To promote operational efficiency • To ensure compliance with management directives 133. Name and distinguish among the three types of internal controls. Answer: The three types of internal controls are preventative controls, detective controls, and corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any undesired acts before they occur. Detective controls help employees uncover or discover problems that may exist. Corrective controls involve steps undertaken to correct existing problems. 134. Identify the COSO report’s five interrelated components of internal controls. Answer: According to the COSO report, there are five interrelated components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring. 135. Name the COSO report’s five internal controls activities. Answer: According to the COSO report, there are five internal control activities: authorization of transactions, segregation of duties, adequate records and documents, security of records and documents, and independent checks and reconciliations. 136. Distinguish between general and specific authorization. Answer: General authorization is a set of guidelines that allows transactions to be completed as long as they fall within established parameters. Specific authorization means that explicit authorization is needed for that single transaction to be completed. 137. Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks? Answer: Close supervision may serve as a compensating control to lessen the risk of negative effects when other controls, especially segregation of duties, are lacking. 138. Why is a policies and procedures manual considered an element of internal control? Answer: Formally written and thorough documentation on policies and procedures should provide clarity and promote compliance within a business organization, thus providing an important element of internal control. The policies and procedures should include both manual and automated processes and control measures, and should be communicated to all responsible parties within the company.
139. Why does a company need to be concerned with controlling access to its records? Answer: Securing and protecting company records is important to ensure that they are not misused or stolen. Unauthorized access or use of records and documents allows the easy manipulation of those records and documents, which can result in fraud or a concealment of fraud. 140. Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls. Answer: Mandatory vacations and periodic job rotation policies provide for independent monitoring of the internal control systems. Internal control responsibilities can be rotated so that someone is monitoring the procedures performed by someone else, which enhances their effectiveness. 141. Name the objectives of an effective accounting system. Answer: An effective accounting system must accomplish the following four objectives: • Identify all relevant financial transactions of the organization. • Capture the important data of these transactions. • Record and process the data through appropriate classification, summarization, and aggregation. • Report the summarized and aggregated information to managers. 142. What does it mean when information flows “down, across, and up the organization”? Answer: A business organization must implement procedures to assure that its information and reports are communicated to the appropriate management level. This communication is described by COSO as “flowing down, across, and up that organization”. Such a communication flow assists management in properly assessing operations and making changes to operations as necessary. 143. Provide examples of continuous monitoring and periodic monitoring. Answer: Any ongoing review activity may be an example of continuous monitoring, such as a supervisor’s examination of financial reports and a computer system’s review modules. An example of periodic monitoring is am annual audit performed by a CPA firm or a cyclical review performed by internal auditors. 144. What are the factors that limit the effectiveness of internal controls? Answer: It is not possible for an internal control system to provide absolute assurance because of the following factors that limit the effectiveness of internal controls: • Flawed judgments • Human error • Circumventing or ignoring established controls In addition, excessive costs may prevent the implementation of some controls.
145. Identify and describe the five categories of the AICPA Trust Services Principles. Answer: The AICPA Trust Services Principles are divided into the following five categories of risks and controls: • Security. Security is concerned with the risk of unauthorized physical and logical access, such as breaking into the company’s facilities or computer network. • Availability. Availability is concerned with the risk of system interruptions or failures due to hardware of software problems such as a virus. • Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete, or improperly authorized information due to error or fraud. • Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a customer’s personal information. • Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of company information. 146. Distinguish between the Trust Services Principles of privacy and confidentiality. Answer: Both privacy and confidentiality are concerned with the risk of in appropriate access or use of information. However, privacy is focused on protecting the privacy of a customer’s personal information; whereas confidentiality is focused private information about the company itself and its business partners. 147. Identify the four domains of high-level internal control. Answer: As set forth in Appendix B, COBIT establishes four domains of high level control objectives. These include planning and organization, acquisition and implementation, delivery and support, and monitoring. TEXTBOOK – CHAPTER 3 – SHORT ESSAY 148. What possible motivation might a business manager have for perpetrating fraud? Answer: Management might be motivated to perpetrate fraud in order to improve the financial statements, which may have the result of increasing the company’s stock price and increasing incentive-based compensation. Altered financial information might also have the effect of delaying cash flow problems and/or bankruptcy, as well as improving the potential for business transactions such as mergers, borrowing, stock offerings, etc. 149. Discuss whether any of the following can be examples of customer fraud: • An employee billed a customer twice for the same transaction. Answer: This is not an example of customer fraud; rather, the customer is being defrauded in this scenario. On the other hand, this is an example of employee fraud (assuming that the doublebilling was intentional and the resulting cash receipts are stolen by employees. • A customer remitted payment in the wrong amount. Answer: This may be an example of customer fraud, assuming that the payment was made as a deceptive tactic to avoid the full amount of the customer’s liability. • A customer received merchandise in error, but failed to return it or notify the sender. Answer: Although this scenario involves a customer’s improperly receipt of goods, it would not be considered customer fraud because it was the result of an error. Regardless of whether the error was committed by the company or the customer, deception is a required element of fraud.
150. Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business. Answer: Computer hacking is the term commonly used for computer network break-ins. Hacking may be undertaken for various purposes, including theft of proprietary information, credit card theft, destruction or alteration of data, or merely thrill-seeking. Industrial espionage is the term used for theft of proprietary company information. Although computer hacking provides one method of conducting industrial espionage, a computer is not always required to steal company information. Fraudsters trying to conduct industrial espionage may also resort to digging through the trash in order to gain information about a target company. 151. What are some ways in which a business could promote its code of ethics? Answer: The best way for a company to promote its code of ethics is for its top managers to live by it on a day-to-day basis. If the code is well documented and adhered to by management, others in the organization are likely to recognize its importance. Furthermore, if disciplines and/or discharges are applied to those who violate the code, this will also serve as a strong message regarding the importance of the ethics code. 152. Describe why the control environment is regarded as the foundation of a business’ system of internal control. Answer: The control environment is regarded as the foundation of a system of internal controls because it sets the tone of an organization and influences the control consciousness of its employees. Thus, the tone at the top flows through the whole business organization and affects behavior at every level. It also provides the discipline and structure of all other components of internal control. COSO identifies the tone set by management as the most important factor related to providing accurate and complete financial reports. 153. Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why. Answer: Student responses will vary. Characteristics of a risky control environment include absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management philosophy and operating style, overlapping duties and vague lines of authority, lack of employee training, and an inactive board of directors. On the other hand, a conservative control environment is characterized by a rigidly enforced code of ethics, a conservative management philosophy and operating style, clearly established job descriptions and lines of authority, a focus on employee training and organizational development, and an accountable and attentive board of directors.
154. Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? Answer: The steps involved in risk assessment include: • Identification of the sources of risk, both internal and external. • Determination of the impact of such risks in terms of finances and reputation. • Estimation of the likelihood of such risks occurring. • Development of an action plan to reduce the impact and probability of these risks. • Execution of the action plan on an ongoing basis. It would not likely be effective for an organization to hire consultants to develop its risk assessment plan because company-specific experience and expertise are needed in order to do this work effectively. For instance, members of management who are actively involved in day-today operations and reporting will likely have the best ability to identify risks, determine the impact of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may be useful in assisting with the development and implementation of the action plan, the first three steps of the risk assessment process would likely depend upon the working knowledge of members of the company’s management. 155. Discuss the accuracy of the following statements regarding internal control: • The more computerized applications within a company’s accounting system, the lower the risk will be that fraud or errors will occur. Answer: It is not necessarily true that extensive computerized application will lower a company’s risk of fraud. This is because computerized systems also increase vulnerabilities such as unauthorized access, business interruptions, and inaccuracies. The technological complexities that accompany sophisticated computer applications call attention to the need for extensive internal controls to reduce the risk of fraud and errors. • The more involved top management is in the day-to-day operations of the business, the lower the risk will be that fraud or errors will occur. Answer: It is certainly true that the tone at the top (the tone set by top management) is the most important factor of internal control. Accordingly, it can be implied that involved managers would promote strong internal controls. However, although this is often true, it will be true only when top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a conservative approach to operations and financial reporting, and cultivating clear communications and responsibilities. TEXTBOOK – CHAPTER 3 – PROBLEMS 156. Identify whether each of the following accounting positions or duties involves authorization, recording, or custody: • cashier Answer: Custody • payroll processor Answer: Recording • credit clerk Answer: Authorization • mailroom clerk Answer: Custody • data entry clerk Answer: Recording • deliver paychecks
Answer: Custody • deliver the bank deposit Answer: Custody • prepare the bank reconciliation Answer: Recording • check signer Answer: Authorization • inventory warehouse supervisor Answer: Custody • staff accountant Answer: Recording 157. Identify whether each of the following activities represents preventative controls, detective controls, or corrective controls: • Job rotation – Answer: Detective • Preparation of a bank reconciliation – Answer: Corrective • Segregation of duties – Answer: Preventative • Recalculating totals on computer reports – Answer: Detective • Use of passwords – Answer: Preventative • Preparing batch totals for check processing – Answer: Detective • Establishing a code of ethics – Answer: Preventative • Use of a security guard – Answer: Preventative • Verifying source documents before recording transactions – Answer: Preventative • Matching supporting documents before paying an invoice Answer: Preventative • Independent review of accounting reports – Answer: Detective • Performing comparisons of financial statement items – Answer: Detective 158. Shown is a list of selected sources of internal control guidelines, given in order of issuance, followed by a list of primary purposes. Match each guideline with its primary purpose. • Foreign Corrupt Practices Act – Answer: B. Prevented bribery and established internal control guidelines. • COSO – Answer: A. Established internal control concepts based on comprehensive study. • SAS 99 – Answer: A. Required auditors to focus on risks and controls and to conduct audits with skepticism. • Sarbanes-Oxley Act – Answer: C. Curbed fraud by requiring additional internal control reporting within annual reports.
• Trust Services Principles – Answer: E. Established essential criteria for evaluating reliability of business systems.
A. Required auditors to focus on risks and controls and to conduct audits with skepticism. B. Prevented bribery and established internal control guidelines. C. Curbed fraud by requiring additional internal control reporting within annual reports. D. Established internal control concepts based on comprehensive study. E. Established essential criteria for evaluating reliability of business systems.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 4: Internal Controls and Risks in IT Systems TEST BANK - CHAPTER 4 - TRUE / FALSE 1. If a company’s IT system fails, it would have little or no effect on the company’s operations. 2. It is necessary for students and accountants to understand the types of threats that may affect an accounting system, so that the threats can be avoided. 3. It is important for accountants to consider possible threats to the IT system and to know how to implement controls to try to prevent those threats from becoming reality. 4. General controls apply to the IT accounting system and are not restricted to any particular accounting application. 5. The use of passwords to allow only authorized users to log into an IT system is an example of an application control. 6. Application controls apply to the IT accounting system and are not restricted to any particular accounting application. 7. The use of passwords to allow only authorized users to log into an IT system is an example of a general control. 8. General controls are used specifically in accounting applications to control inputs, processing, and outputs. 9. Application controls are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. 10. A validity checks is an example of an input application control. 11. To increase the effectiveness of login restrictions, user Ids must be unique for each user. 12. To increase the effectiveness of login restrictions, passwords must be unique for each user. 13. Biometric devises use unique physical characteristics to identify users. The most common method used is retina scans. 14. There are a number of methods described that are intended to limit log-ins exclusively to authorized users. The only method that is foolproof is the biometric devices. 15. The user ID and password for a particular user should not allow access to the configuration tables unless that user is authorized to change the configuration settings.
16. It is necessary for an IT system to be networked to an external internet to be open to opportunities for unauthorized access. 17. Unauthorized access is a concern when an IT system is networked to either internal networks or the Internet. 18. A firewall can prevent the unauthorized flow of data in both directions. 19. Deciphering renders data useless to those who do not have the correct encryption key. 20. Discussing the strength of encryption refers to how difficult it would be to break the code. 21. The longer the encryption key is bits; the more difficult it will be to break the code. 22. The longest encryption keys are 128 bits. 23. Encryption is more important for dial-up networks than for wireless networks. 24. Using a unique service set identifier (SSID) makes it more difficult for an outsider to access the wireless network. 25. The VPN, virtual private network, uses the internet and is therefore not truly private – but is virtually private. 26. Once an organization has set up an effective system to prevent unauthorized access to the IT system, it is not necessary to continually monitor the vulnerability of that system. 27. It is important to understand that the IT governance committee delegates many of its duties by the policies that it develops. 28. The most important factor in controlling IT systems is the maintenance of the vulnerability assessment activities. 29. In a properly segregated IT system, no single person or department should develop computer programs and also have access to data that is commensurate with operations personnel. 30. It is proper that the database administrator develop and write programs. 31. To the extent possible, IT systems should be installed in locations away from any location likely to be affected by natural disasters. 32. It is not necessary to control the humidity and temperature in the location where the computer system is housed. 33. Disaster recovery planning is a proactive plan to protect IT systems and the related data. 34. Each organization has to decide which combination of IT controls is most suitable for its IT system, making sure that the benefits of each control outweigh its costs.
35. Controls will help to reduce risks, but it is impossible to completely eliminate risks. 36. It is possible to completely eliminate risks with the proper controls. 37. The most popular type of type of unauthorized access is probably by a person known to the organization. 38. Employees who hack into computer networks are often more dangerous because of their knowledge of company operations. 39. It is necessary to identify the “entry points” in the IT system that make an organization susceptible to IT risks. 40. Access to the operating system will not allow hackers access to the application software or the database. 41. Controlling access to the operating system is critical because that access opens access to any data or program within the system. 42. A database is often less open to unauthorized access than the physical, paper records, because the database has fewer access points. 43. The workstations and the network cabling and connections represent spots were an intruder could tap into the network for unauthorized access. 44. In a wireless network, signals are transmitted through the air rather than over cables. Anyone who wants to gain access to the network would need to know the password to access these “air-borne” signals. FALSE 45. The use of dual firewalls - one between the internet and the web server and one between the web server and the organization’s network - can help prevent unauthorized from accessing the organization’s internal network of computers. 46. Telecommuting workers cause two sources of risk exposures for their organizations - the network equipment and cabling in addition to the teleworker’s computer - with only “entrypoint” being teleworker’s computer. 47. Many IT systems do not use source documents; the input is automatic. 48. If no source documents are used by the IT system, then the general controls, such as computer logging of transactions, become less important. 49. The group of controls referred to as Source Document Controls does not include form design. 50. The closer the source document matches the input screen, the easier it will be for the data entry employee to complete the input screen without errors.
51. The form authorization and control includes the requirement that source documents should be prenumbered and are to be used in sequence. 52. Once the data from the source documents have been keyed into the computer, the source document can be destroyed. 53. With the proper training of employees and the adequate controls, it would be possible to eliminate all errors. 54. To verify the accuracy of application software, an organization should be sure the software is tested before it is implemented and must regularly test it after implementation. 55. An organization must maintain procedures to protect the output from unauthorized access in the form of written guidelines and procedures for output distribution. 56. Management must discourage illegal behavior by employees, such as the misuse of computers and theft through the computer systems. ANSWERS TO TEST BANK – CHAPTER 4 – TRUE / FALSE: 1. F 11. T 21. T 31. T 2. F 12. F 22. F 32. F 3. T 13. F 23. F 33. F 4. T 14. F 24. T 34. T 5. F 15. T 25. T 35. T 6. F 16. F 26. F 36. F 7. T 17. T 27. T 37. F 8. F 18. T 28. F 38. T 9. T 19. F 29. T 39. T 10. T 20. T 30. F 40. F
41. 42. 43. 44. 45. 46. 47. 48. 49. 50.
T F T F T F T F F T
51. 52. 53. 54. 55. 56.
T F F T T F
TEST BANK - CHAPTER 4 - MULTIPLE CHOICE 57. Unchecked risks and threats to the IT could result in: A. An interruption of the computer operations B. Damage to an organization C. Incorrect or incomplete accounting information D. All of the above 58. In order to master risks and controls and how they fit together, which of the following is NOT one of the areas to fully understand? A. The accounting information system. B. The description of the general and application controls that should exist in IT system. C. The type and nature of risks in IT systems. D. The recognition of how controls can be used to reduce risk.
59. General controls in IT systems are divided into five broad categories. Which of the following is NOT one of those categories? A. Authentication of uses and limiting unauthorized access B. Output controls C. Organization structure D. Physical environment and physical security of the system. 60. A process or procedure in an IT system to ensure that the person accessing the IT system is value and authorized is called: A. Hacking and other network break-ins B. Physical environment and physical security C. Authentication of users and limiting unauthorized access D. Organizational structure 61. This term relates to making the computer recognize a user in order to create a connection at the beginning of the computer session. A. User ID B. Password C. Smart card D. Login 62. Which of the following is NOT one of the rules for the effective use of passwords? A. Passwords should not be case sensitive B. Passwords should be at least 6 characters in length C. Passwords should contain at least one nonalphanumeric character. D. Password should be changed every 90 days. 63. Which of the following is not a good example of an effective password? A. Abc*$123 B. a1b2c3 C. A*1b?2C$3 D. MSU#Rules$ 64. This item, that strengthens the use of passwords, is plugged into the computer’s card reader and helps authenticate that the use is valid; it has an integrated circuit that displays a constantly changing ID code. These statements describe: A. Security token B. USB control key C. Smart card D. Biometrics 65. A new technology that is used to authenticate users is one that plugs into the USB port and eliminates the need for a card reader. This item is called a: A. Biometric reader B. Smart card C. USB smart key D. Security token
66. The use of the smart card or security tokens is referred to as a two factor authorization because: A. It is based on something the user has, the token or card, and something the user knows, the password. B. It requires that the user is granted the card / token in a secure environment and that the user actually uses the card / token. C. It requires that the user has two different authorizations: (1) to receive the card / token, and (2) to use the card / token. D. It requires the use the card / token to (1) login to the system and (2) access the applications. 67. This type of authentication uses some unique physical characteristic of the user to identify the user and allow the appropriate access to the system. A. Nonrepudiation card B. Biometric device C. Configuration table D. Computer log 68. Which of the following is not an example of physical characteristics being used in biometric devices? A. Retina scans B. Fingerprint matching C. Social security number D. Voice verification 69. There are a number of reasons that all access to the IT system be logged - which includes a computer log of all dates, times, and uses for each user. Which of the following is not one of the reasons for the log to be maintained? A. Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures. B. A user cannot deny any particular act that he or she did on the system. C. To establish nonrepudiation of sales transactions by a customer. D. To establish a user profile. 70. This should be established for every authorized user and determines each user’s access level to hardware, software, and data according to the individual’s job responsibilities. A. User profile B. User password C. User ID D. User log 71. This table contains a list of valid, authorized users and the access level granted to each one. A. User table B. Authority table C. Authentication table D. Configuration table
72. The IT system includes this type of table for software, hardware, and application programs that contain the appropriate set-up and security settings. A. Configuration table B. Authentication table C. User table D. Authority table 73. Nonrepudiation means that: A. A user is not authorized to change configuration settings. B. A user is not allowed access to the authority tables. C. A user can prevent the unauthorized flow of data in both directions. D. A user cannot deny any particular act that he or she did on the IT system. 74. Hardware, software, or a combination of both that is designed to block unauthorized access to an IT system is called: A. Computer log B. Biometric device C. Firewall D. Security token 75. The process of converting data into secret codes referred to cipher text is called: A. Deciphering B. Encryption C. Nonrepudiation D. Enciphering 76. This form of encryption uses a single encryption key that must be used to encrypt data and also to decode the encrypted data. A. Multiple encryptions B. Public key encryption C. Wired encryption D. Symmetric encryption 77. This form of encryption uses a public key, which is known by everyone, to encrypt data, and a private key, to decode the data. A. Multiple encryptions B. Public key encryption C. Wired encryption D. Symmetric encryption 78. This encryption method, used with wireless network equipment, is symmetric in that both the sending and receiving network nodes must use the same encryption key. It has been proven to be susceptible to hacking. A. Wired Equivalency Privacy (WEP) B. Wired Encryption Policy (WEP) C. Wireless Protection Access (WPA) D. Wired Privacy Authentication (WPA)
79. This encryption method requests connection to the network via an access point and that point then requests the use identity and transmits that identity to an authentication server, substantially authenticating the computer and the user. A. Wired Equivalency Privacy (WEP) B. Wired Encryption Provider (WEP) C. Wireless Provider Authentication (WPA) D. Wireless Protection Access (WPA) 80. This security feature, used on wireless networks, is a password that is passed between the sending and receiving nodes of a wireless network. A. Secure sockets layer B. Service set identifier C. Wired provided access D. Virtual private network 81. Authorized employees may need to access the company IT system from locations outside the organization. These employees should connect to the IT system using this type of network. A. Secure socket network B. Service set identifier C. Virtual private network D. Wireless encryption portal 82. The type of network uses tunnels, authentication, and encryption within the Internet network to isolate Internet communications so that unauthorized users cannot access or use certain data. A. Residential user network B. Service internet parameter network C. Virtual private network D. Virtual public network 83. This communication protocol is built into web server and browser software that encrypts data transferred on that website. You can determine if a website uses this technology by looking at the URL. A. Secure sockets layer B. Service security line C. Secure encryption network D. Secure service layer 84. Which of the following URL’s would indicate that the site is using browser software that encrypts data transferred to the website? A. shttp://misu B. https://misu C. http://smisus D. https://smisus
85. A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as a(n): A. Worm B. Encryption C. Virus D. Infection 86. A small piece of program code that attaches to the computer’s unused memory space and replicates itself until the system becomes overloaded and shuts down is called: A. Infections B. Virus C. Serum D. Worm 87. This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system. It continually scans the system for viruses and worms and either deletes or quarantines them. A. Penicillin Software B. Antivirus Software C. Infection Software D. Internet Software 88. The process of proactively examining the IT system for weaknesses that can be exploited by hackers, viruses, or malicious employees is called: A. Intrusion detection B. Virus management C. Vulnerability assessment D. Penetration testing 89. This method of monitoring exposure can involve either manual testing or automated software tools. The method can identify weaknesses before they become network break-ins and attempt to fix these weaknesses before they are exploited. A. Vulnerability assessment B. Intrusion detection C. Encryption examination D. Penetration testing 90. Specific software tools that monitor data flow within a network and alert the IT staff to hacking attempts or other unauthorized access attempts is called: A. Security detection B. Vulnerability assessment C. Penetration testing D. Intrusion detection
91.
The process of legitimately attempting to hack into an IT system to find whether weaknesses can be exploited by unauthorized hackers is referred to as: A. Vulnerability assessment B. Intrusion detection C. Penetration testing D. Worm detection
92. The function of this committee is to govern the overall development and operation of IT systems. A. IT Budget Committee B. IT Audit Committee C. IT Governance Committee D. IT Oversight Committee 93. Which of the following would normally not be found on the IT Governance Committee? A. Computer input operators B. Chief Executive Officer C. Chief Information Officer D. Heads of business units 94. The IT Governance Committee has several important responsibilities. Which of the following is not normally one of those responsibilities? A. Align IT investments to business strategies. B. Oversee and prioritize changes to IT systems. C. Develop, monitor, and review security procedures. D. Investing excess IT funds in long-term investments. 95. The functional responsibilities within an IT system must include the proper segregation of duties. Which of the following positions is not one of the duties that are to be segregated from the others? A. Systems analysts B. Chief information officer C. Database administrator D. Operations personnel 96. The systematic steps undertaken to plan, prioritize, authorize, oversee, test, and implement large-scale changes to the IT system are called: A. IT Governance System B. Operations Governance C. System Development Life Cycle D. Systems Analysis 97. General controls for an IT system include: A. Controls over the physical environment only. B. Controls over the physical access only. C. Controls over the physical environment and over the physical access. D. None of the above.
98. A battery to maintain power in the event of a power outage meant to keep the computer running for several minutes after the power outage is called: A. Uninterruptible power supply B. System power supply C. Emergency power supply D. Battery power supply 99. An alternative power supply that provides electrical power in the event that a main source is lost is called: A. Uninterruptible power supply B. System power supply C. Emergency power supply D. Battery power supply 100. Large-scale IT systems should be protected by physical access controls. Which of the following is not listed as one of those controls? A. Limited access to computer rooms. B. Video surveillance equipment. C. Locked storage of backup data. D. Encryption of passwords. 101. A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as: A. Redundant business planning B. Business continuity planning C. Unnecessary in the current safe environments D. Emergency backup power 102. Two or more computer network or data servers that can run identical processes or maintain the same data are called: A. Emergency power supply B. Uninterruptible power source C. Redundant servers D. Business continuity planning 103. Many IT systems have redundant data storage such that two or more disks are exact mirror images. This is accomplished by the use of: A. Redundant arrays of independent disks B. Redundant mirror image disks C. Mirror image independent disks D. Redundant mirror image dependent disks 104. The AICPA Trust Principles categorizes IT controls and risks into categories. Which of the following is not one of those categories? A. Confidentiality B. Security C. Recovery D. Availability
105. The establishment of log-in procedures can help prevent or lessen security risks and are referred to as: A. Reactive controls B. Preventive controls C. Availability controls D. Confidentiality controls 106. Availability risks, related to the authentication of users would include: A. Shutting down the system and shutting down programs B. Altering data and repudiating transactions C. Stealing data and recording nonexistent transactions D. Sabotaging systems and destroying data 107. The accuracy, completeness, and timeliness of the process in IT systems are referred to as: A. Availability Risks B. Security Risks C. Confidentiality Risks D. Processing Integrity Risks 108. The software that controls the basic input and output activities of the computer are called: A. Operating System B. Application Software C. Data Base Management System D. Electronic Data Interchange 109. Unauthorized access to the operating system would allow the unauthorized user to: A. Browse disk files for sensitive data or passwords B. Alter data through the operating system C. Alter application programs D. All of the above 110. A software system that manages the interface between many users and the database is called: A. Database security system B. Database management system C. Database binary monetary system D. Database assessment 111. A computer network covering a small geographic area, which, in most cases, are within a single building or a local group of buildings is called a: A. Land area network B. Local access network C. Local area network D. Locality arena network 112. A group of LANs connected to each other to cover a wider geographic area is called a: A. Connected local network B. Wide area network C. Connected wide area D. Wide geographic network
113. A popular activity is to find a company whose network signal bleeds outside the building to the sidewalk around it. Abusers of this network then make identifiable chalk marks on the sidewalks so that others can find the network access. This process is referred to as: A. Chalkwalking B. Netwalking C. Network Warring D. Warchalking 114. The work arrangement where employees work from home using some type of network connection to the office is referred to as: A. Telecommuting B. Telemarketing C. Network Employment D. Electronic working 115. The company-to-company transfer of standard business documents in electronic form is called: A. Facsimile Transmission B. PDF Interchange C. Electronic Data Interchange D. Tele-transmission 116. The software that accomplishes end user tasks such as word processing, spreadsheets, and accounting functions is called: A. Operating Software B. Database Software C. Application Software D. Management Software 117. Internal controls over the input, processing, and output of accounting applications are called: A. Accounting Controls B. Application Controls C. Network Controls D. LAN Controls 118. This type of control is intended to ensure the accuracy and completeness of data input procedures and the resulting data: A. Input Controls B. Internal Controls C. Processing Controls D. Output Controls 119. This type of control is intended to ensure the accuracy and completeness of processing that occurs in accounting applications: A. Input Controls B. Internal Controls C. Processing Controls D. Output Controls
120. This type of control is intended to help ensure the accuracy, completeness, and security of outputs that result from application processing: A. Input Controls B. Internal Controls C. Processing Controls D. Output Controls 121. The process of converting data from human readable form to computer readable form is referred to as: A. Transcription B. Data Input C. Keyboarding D. Scanning 122. Which of the following is NOT one of the types of input controls? A. Source document controls B. Programmed edit checks C. Confidentiality check D. Control totals and reconciliation 123. The paper form used to capture and record the original data of an accounting transaction is called a(n): A. Input control B. Source document C. Sales invoice D. General ledger 124. Which of the following items is not one of the source document controls? A. Validity check B. Form design C. Form authorization and control D. Retention of source documents 125. The process where the details of individual transactions at each stage of the business process can be recreated in order to establish whether proper accounting procedures for the transaction were performed is called: A. Source document reconciliation B. Range check C. Validity verification D. Audit trail 126. The procedures to collect and prepare source documents are termed: A. Input validation procedures B. Form authorization procedures C. Data preparation procedures D. Document retention procedures
127. The data preparation procedures are to be well-defined so that employees will be sure of: A. Which forms to use B. When to use them C. Where to route them D. All of the above 128. Field check, limit check, range check and sequence check are all examples of: A. Input Validation Checks B. Source Document Controls C. Control Reconciliation D. Application Controls 129. This type of input validation check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values. A. Field Check B. Completeness Check C. Validity Check D. Range Check 130. This type of input validation check assesses the critical fields in an input screen to make sure that a value is in those fields. A. Field Check B. Completeness Check C. Range Check D. Limit Check 131. This type of input check ensures that the batch of transactions is sorted in order, but does not help to find the missing transactions. A. Completeness Check B. Range Check C. Self-checking Digit Check D. Sequence Check 132. An extra digit added to a coded identification number, determined by a mathematical algorithm is called a: A. Coded Digit Check B. Self-Checking Digit Check C. Sequence Check D. Run to Run Check 133. Which of the following is NOT one of the types of control totals? A. Digit Count B. Record Count C. Batch Totals D. Hash Totals
134. The totals of fields that have no apparent logical reason to be added are called: A. Record Totals B. Digit Totals C. Batch Totals D. Hash Totals 135. These controls are intended to prevent, detect, or correct errors that occur during the processing of an application. A. Application Controls B. Source Document Controls C. Processing Controls D. Input Controls 136. A primary objective of output controls would be: A. Manage the safekeeping of source documents B. Assure the accuracy and completeness of the output C. Ensure that the input data is accurate D. Prevention and detection of processing errors 137. The responsibility of management to safeguard assets and funds entrusted to them by the owners of an organization is referred to as: A. Stewardship Responsibility B. IT System Controls C. Application Controls D. Internal Controls ANSWERS TO TEST BANK – CHAPTER 4 – MULTIPLE CHOICE: 57. D 71. B 85. C 99. C 58. A 72. A 86. D 100. D 59. B 73. D 87. B 101. B 60. C 74. C 88. C 102. C 61. D 75. B 89. A 103. A 62. A 76. D 90. D 104. C 63. B 77. B 91. C 105. B 64. C 78. A 92. C 106. A 65. D 79. D 93. A 107. D 66. A 80. B 94. D 108. A 67. B 81. C 95. B 109. D 68. C 82. C 96. C 110. B 69. D 83. A 97. C 111. C 70. A 84. B 98. A 112. B
113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126.
D A C C B A C D B C B A D C
127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137.
D A C B D B A D C B A
TEST BANK - CHAPTER 4 – END OF CHAPTER QUESTIONS: 138. Internal controls that apply overall to the IT system are called: A. Overall Controls B. Technology Controls C. Application Controls D. General Controls 139. In entering client contact information in the computerized database of a telemarketing business, a clerk erroneously entered nonexistent area codes for a block of new clients. This error rendered the block of contact useless to the company. Which of the following would most likely have led to discovery of this error into the company’s computerized system? A. Limit check B. Validity check C. Sequence check D. Record count 140. Which of the following is not a control intended to authenticate users? A. Use log–in B. Security token C. Encryption D. Biometric devices 141. Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted. The company should make use of: A. Data encryption B. Redundant servers C. Input controls D. Password codes 142. An IT governance committee has several responsibilities. Which of the following is least likely to be a responsibility of the IT governance committee? A. Develop and maintain the database and ensure adequate controls over the database. B. Develop, monitor, and review security policies. C. Oversee and prioritize changes to IT systems. D. Align IT investments to business strategy. 143. AICPA Trust Principles describe five categories of IT risks and controls. Which of these five categories would be described by the statement, “The system is protected against unauthorized access”? A. Security B. Confidentiality C. Processing integrity D. Availability
144. The risk that an unauthorized user would shut down systems within the IT system is a(n): A. Security risk B. Availability risk C. Processing integrity risk D. Confidentiality risk 145. The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas? A. Telecommuting workers B. Internet C. Wireless networks D. All of the above 146. Which programmed input validation check compares the value in a field with related fields which determine whether the value is appropriate? A. Completeness check B. Validity check C. Reasonableness check D. Completeness check 147. Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered? A. Completeness check B. Validity check C. Reasonableness check D. Field check 148. Which programmed input validation makes sure t hat a value was entered in all of the critical fields? A. Completeness check B. Validity check C. Reasonableness check D. Field check 149. Which control total is the total of field values that are added for control purposes, but not added for any other purpose? A. Record count B. Hash total C. Batch total D. Field total
150. A company has the following invoices in a batch:
Invoice No. 401 402 403 404
Product ID H42 K56 H42 L27
Quantity 150 200 250 300
Unit Price $30.00 $25.00 $10.00 $ 5.00
Which of the following numbers represents a valid record count? A. 1 B. 4 C. 70 D. 900 ANSWERS TO TEST BANK - CHAPTER 4 – END OF CHAPTER QUESTIONS: 138. D 143. A 148. A 139. B 144. B 149. B 140. C 145. D 150. B 141. A 146. D 142. A 147. D TEST BANK - CHAPTER 4 – SHORT ANSWER QUESTIONS 151. What is the difference between general controls and application controls? Answer: General controls are internal controls that apply overall to the IT accounting systems; they are not restricted to any particular accounting application. Application controls apply within accounting applications to control inputs, processing, and outputs. They are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. 152. Is it necessary to have both general controls and application controls to have a strong system of internal controls? Answer: Yes, it is necessary to have both types of controls in a strong system of internal controls. Since they cover different aspects of the IT accounting systems and serve different purposes, both are important and necessary. An IT system would not have good internal control if it lacked either general or application controls. 153. What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems? Answer: If an organization does not authenticate users of its IT systems, a security breach may occur in which an unauthorized user may be able to gain access to the computer system. If hackers or other unauthorized users gain access to information to which they are not entitled, the organization may suffer losses due to exposure of confidential information. Unauthorized users may gain access to the system for the purpose of browsing, altering, or stealing company data. They could also record unauthorized transactions, shut down systems, alter programs, sabotage systems, or repudiate existing transactions.
154. Explain the general controls that can be used to authenticate users. Answer: In order to authenticate users, organizations must limit system log-ins exclusively to authorized users. This can be accomplished by requiring login procedures, including user IDs and passwords. Stronger systems use biometric identification or security tokens to authenticate users. In addition, once a user is logged in, the system should have established access levels and authority tables for each user. These determine which parts of the IT system each user can access. The IT system should also maintain a computer log to monitor log-ins and follow up on unusual patterns. 155. What is two-factor authentication with regard to smart cards or security tokens? Answer: Two-factor authentication limits system log-ins to authorized users by requiring them to have possession of a security device such as a smart card or token, and also have knowledge of a user ID and/or password. Both are needed to gain access to the system. 156. Why should an organization be concerned about repudiation of sales transactions by the customer? Answer: Repudiation is the attempt to claim that the customer was not part of a sales transaction that has taken place. Organizations may suffer losses if customers repudiate sales transactions. If companies do not have adequate controls to prevent repudiation, they may not be able to collect amounts due from customers. However, organizations may reduce the risk of such losses if they require log-in of customers and if they maintain computer logs to establish undeniably which users take particular actions. This can provide proof of online transactions. 157. A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow? Answer: Yes, it is possible for a firewall to restrict legitimate data flow as well as unauthorized data flow. This may occur if the firewall establishes limits on data flow that are too restrictive. In order to prevent blocking legitimate network traffic, the firewall must examine data flow and attempt to determine which data is authorized or unauthorized. The packets of information that pass through the firewall must have a proper ID to allow it to pass through the firewall. 158. How does encryption assist in limiting unauthorized access to data? Answer: Encryption is the process of converting data into secret codes referred to as cipher text. Encrypted data can only be decoded by those who possess the encryption key or password. It therefore renders the data useless to any unauthorized user who does not possess the encryption key. Encryption alone does not prevent access to data, but it does prevent an unauthorized user from reading or using the data. 159. What kinds of risk exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID? Answer: WEP, WPA, and SSIDs can limit the risk of unauthorized access to wireless networks, which transmit network data as high frequency radio signals through the air. Since anyone within range of these radio signals can receive the data, protecting data is extremely important within a wireless network. This can be accomplished through encryption via wired equivalency privacy (WEP), through encryption and user authentication via wireless protected access (WPA), and through password protection of the network sending and receiving nodes via service set identifiers (SSIDs).
160. Describe some recent news stories you have seen or heard regarding computer viruses. Answer: Student responses will vary greatly depending upon the date this is discussed, but should describe situations of computer malfunctions caused by network break-ins where damaging actions were upon an organization’s programs and data. As of April 2008, a report by Symantec (www.symantec.com) included the following statistics: The U.S. accounted for 31% of all malicious activity and was the origin of attack in 24% of cases. Symantec observed an average of 61,940 infected computers per day. The US accounted for 56% of all denial of service attacks. In the second half of 2007, Symantec reported that 499,811 new malicious code threats were reported. 161. What is the difference between business continuity planning and disaster recovery planning? Answer: How are these two concepts related? Business continuity planning is a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks so that continuation of the IT system is always possible. On the other hand, disaster recovery planning is a reactive program for restoring business operations, including IT operations, to normal after a catastrophe occurs. These two concepts are related in that they are both focused on maintaining IT operations at all times in order to minimize business disruptions. 162. How can a redundant array of independent disks (RAID) help protect the data of an organization? Answer: RAID accomplishes redundant data storage by setting up two or more disks as exact mirror images. This provides an automatic backup of all data. If one disk drive fails, the other (maintained on another disk drive) can serve in its place. 163. What kinds of duties should be segregated in IT systems? Answer: In an IT system, the duties to be segregated are those of systems analysts who analyze and design the systems, programmers who write the software, operators who process data, and database administrators who maintain and control the database. No single person should develop computer programs and also have access to data. 164. Why do you think the uppermost managers should serve on the IT governance committee? Answer: An IT governance committee should be comprised of top management in order to ensure that appropriate priority is assigned to the function of governing the overall development and operation of the organization’s IT systems. Since the committee’s functions include aligning the IT systems to business strategy and to budget funds and personnel for the effective use of IT systems, it is important that high-ranking company officials be aware of these priorities and involved in their development. Only top management has the power to undertake these responsibilities. 165. Why should accountants be concerned about risks inherent in a complex software system such as the operating system? Answer: Accountants need to be concerned about the risks inherent in the organization’s software systems because all other software runs on top of the operating system. These systems may have exposure areas that contain entry points for potential unauthorized access to software and/or data. These entry points must be controlled by the proper combination of general controls and application controls.
166. Why is it true that increasing the number of LANs or wireless networks within an organization increases risks? Answer: Increasing the number of LANs or wireless networks within an organization increases exposure areas, or entry points through which a user can gain access to the network. Each LAN or wireless access point is another potential entry point for an unauthorized user. The more entry points, the more security risk the organization faces. 167. What kinds of risks are inherent when an organization stores its data in a database and database management system? Answer: Since a database management system involves multiple use groups accessing and sharing a database, there are multiple risks of unauthorized access. Anyone who gains access to the database may be able to retrieve data that they should not have. This multiples the number of people who potentially have access to the data. In addition, availability, processing integrity, and business continuity risks are also important due to the fact that so many different users rely on the system. Proper internal controls can help to reduce these inherent risks. 168. How do telecommuting workers pose IT system risk? Answer: The network equipment and cabling that enables telecommuting can be an entry point for hackers or other break-ins, and the teleworker’s computer is another potential access point that is not under the company’s direct control. Therefore, it is difficult for the company to monitor whether telecommuters’ computers is properly protected from viruses and other threats. These entry points pose security, confidentiality, availability, and processing integrity risks. 169. What kinds of risks are inherent when an organization begins conducting business over the Internet? Answer: The Internet connection required to conduct web-based business can expose the company network to unauthorized use. The sheer volume of users of the World Wide Web dramatically increases the potential number of unauthorized users who may attempt to access an organization’s network of computers. An unauthorized user can compromise security and confidentiality, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, the existence of e-commerce in an organization poses online privacy risks. 170. Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files? Answer: EDI involves transferring electronic business documents between companies. Because EDI involves the use of a network or the Internet, risks of unauthorized access are prevalent. In order to authenticate trading partner users to accomplish the transfer of business documents, other company data files may be at risk of unauthorized use. 171. Why is it critical that source documents be easy to use and complete? Answer: Source documents should be easy to use and complete in order minimize the potential for errors, incomplete data, or unauthorized transactions are entered from those source documents into the company’s IT systems. Since source documents represent the method of collecting data in a transaction, they need to be easy to use in order to reduce the risk of incorrect or missing data in the accounting system.
172. Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited. Answer: Student responses are likely to vary, but may include field checks, validity checks, limit checks, range checks, reasonableness checks, completeness checks, or sign checks. Although sequence checks and self-checking digits are additional input validation checks, they are not likely to be cited because they are applicable to transactions processed in batches, which is not likely to apply to students’ web transactions. 173. How can control totals serve as input, processing, and output controls? Answer: Control totals can be used as input controls when they are applied as record counts, batch totals, or hash totals to verify the accuracy and completeness of data that is being entered into the IT system. These same control totals can be used as processing controls when they are reconciled during stages of processing to verify the accuracy and completeness of processing. Finally, to ensure accuracy and completeness, the output from an IT system can be reconciled to control totals, thus serving as an output control. Therefore, totals at any stage can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 174. What dangers exist related to computer output such as reports? Answer: Output reports contain data that should not fall into the wrong hands, as the information contained in reports is often confidential or proprietary and could help someone commit fraud. Therefore, the risk of unauthorized access must be controlled through strict policies and procedures regarding report distribution, retention, and disposal. TEST BANK - CHAPTER 4 – SHORT ESSAY 175. Categorize each of the following as either a general control or an application control: a. validity check b. encryption c. security token d. batch total e. output distribution f. vulnerability assessment g. firewall h. antivirus software Answer: a. validity check – application control (input) b. encryption – general control c. security token – general control d. batch total – application control (input, processing, and output) e. output distribution – application control (output) f. vulnerability assessment – general control g. firewall – general control h. antivirus software – general control
176. Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error. a. The zip code field was left blank on an input screen requesting a mailing address. b. A state abbreviation of “NX” was entered in the state field. c. A number was accidentally entered in the last name field. d. For a weekly payroll, the hours entry in the “hours worked field was 400. e. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. Answer: a. The zip code field was left blank on an input screen requesting a mailing address. – Completeness check b. A state abbreviation of “NX” was entered in the state field. – Validity check c. A number was accidentally entered in the last name field. – Field check d. For a weekly payroll, the hours entry in the “hours worked field was 400. – Limit check or range check e. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. – Reasonableness check 177. For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. In a similar manner, list a risk and control in each of the following categories: Security, Availability, Processing Integrity, and Confidentiality. Answer: a. Security. Risk: an unauthorized user could record an invalid transaction. Control: security token to limit unauthorized users. b. Availability. Risk: An unauthorized user may shut down a program. Control: intrusion detection to find instances of unauthorized users. c. Processing Integrity. Risk: environmental problems such as temperature can cause glitches in the system. Control: temperature and humidity controls. d. Confidentiality. Risk: an unauthorized user could browse data. Control: encryption. 178. For each of the following parts of an IT system of a company, write a one-sentence description of how unauthorized users could use this as an “entry point”: a. A local area network (LAN). b. A wireless network. c. A telecommuting worker. d. A company website to sell products. Answer: a. A local area network (LAN). Each workstation or the network wiring on the LAN are access points where someone could tap into the system. b. A wireless network. The wireless signals broadcast into the air could be intercepted to gain access to the system. c. A telecommuting worker. The telecommuter’s computer may be infected with a virus that allows a perpetrator to see the login ID and password. d. A company website to sell products. A hacker may try to break through the web server firewall to gain access to company data.
179. Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls: Form design, Form authorization and control, and Retention of source documents. ` Answer: a. Form design. A well-designed form will reduce the chance of erroneous or incomplete data. It could also increase the speed at which the form is completed. b. Form authorization and control. Forms should have a signature line to indicate that the underlying transaction was approved by the correct person. Blank documents should be properly controlled to limit access to them. c. Retention of source documents. Source documents should be maintained as part of the audit trail. They also serve as a way to look up data when queries are raised. 180. Explain how control totals such as record counts, batch totals, and hash totals serve as input controls, processing controls, and output controls. Answer: Control totals serve as expected results after input, processing, or output has occurred. At each stage, the current totals can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 181. Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical. Answer: Student responses will vary significantly. Some possibilities include copyrighted music or video downloading from an unauthorized source, viewing pornography on computers at work, shopping or other browsing while at work, using a work computer to store personal files or process personal work, using company e-mail systems for personal e-mail (some companies may not consider this as problematic as other potential unethical acts).
TEST BANK - CHAPTER 4 – PROBLEMS 182. Explain why an organization should establish and enforce policies for its IT systems in the following areas regarding the use of passwords for log-in: a. Length of password. b. The use of numbers or symbols in passwords. c. Using common words or names as passwords. d. Rotation of passwords. e. Writing passwords on paper or sticky notes. Answer: a. Length of password. Passwords should be at least eight characters in length. This would make it difficult for a hacker to guess the password in order to gain unauthorized access to the system. b. The use of numbers or symbols in passwords. Passwords should contain a mix of alphanumeric digits as well as other symbols. There may also be a mix of case sensitive letters. This would make it difficult for a hacker to guess the password. c. Using common words or names as passwords. Names, initials, and other common names should be avoided as passwords, as they tend to be easy to guess. d. Rotation of passwords. Passwords should be changed periodically, approximately every 90 days. This will limit the access of a hacker who has gained unauthorized access. e. Writing passwords on paper or sticky notes. Passwords should be committed to the user’s memory and should not be written down. If they are documented, this increases the likelihood that an unauthorized user may find the password and use it to gain access to the system. 183. The use of smart cards or tokens is called two-factor authentication. Answer the following questions, assuming that the company you work for uses smart cards or tokens for two-factor authentication. a. What do you think the advantages and disadvantages would be for you as a user? b. What do you think the advantages and disadvantages would be for the company? Answer: a. What do you think the advantages and disadvantages would be for you as a user? As a user, the advantages of two-factor authentication would be the security of the information in the system that I am using. I would know that it would be difficult for an unauthorized user to alter a system that uses two-factor authentication, so I have more confidence in the data within such a system. In addition, it is relatively easy to remember a password and to transport a smart card or security token. On the other hand, I might consider the use of two-factor authentication to be a disadvantage because it places more responsibility on me, the user. For instance, in order to access the system, I have to remember my password and maintain control of a security device. It might be considered an inconvenience to a user to maintain a smart card or security token and remember to keep it accessible at all times that I may need to access the system. It might also be susceptible to loss, similar to a set of keys. b. What do you think the advantages and disadvantages would be for the company? From the company’s perspective, the advantage of two-factor authentication is the strength of the extra level of security. The company has additional protection against unauthorized access, which makes it difficult for a hacker to access the system. The disadvantage is the cost of the additional authentication tools that comprise the dual layer of security.
184. Many IT professionals feel that wireless networks pose the highest risks in a company’s network system. 1. Why do you think this is true? 2. Which general controls can help reduce these risks? Answer: 1. Why do you think this is true? Wireless networks pose the highest risks in a company’s network computer system because the network signals are transported through the air (rather than over cables). Therefore, anyone who can receive radio signals could potential intercept the company’s information and gain access to its network. This exposure is considered greater than in traditional WANs and LANs. 2. Which general controls can help reduce these risks? A company can avoid its exposure to unauthorized wireless network traffic by implementing proper controls, such as wired equivalency privacy (WEP) ore wireless protected access (WPA), station set identifiers (SSIDs), and encrypted data. 185. Control totals include batch totals, hash totals, and record counts. Which of these totals would be useful in preventing or detecting IT system input and processing errors or fraud described as follows? a. A payroll clerk accidentally entered the same time card twice. b. The accounts payable department overlooked an invoice and did not enter it into the system because it was stuck to another invoice. c. A systems analyst was conducting payroll fraud by electronically adding to his “hours worked” field during the payroll computer run. d. To create a fictitious employee, a payroll clerk removed a time card for a recently terminated employee and inserted a new time card with the same hours worked. Answer: a. A payroll clerk accidentally entered the same time card twice. Any of the three control totals could be used: A batch total could detect that too many hours were entered; A hash total could detect that an employee number summation was overstated; A record count could detect that too many time cards were entered. b. The accounts payable department overlooked an invoice and did not enter it into the system because it was stuck to another invoice. Any of the three control totals could be used: A batch total could detect the missing amount; A hash total could detect that the vendor number summation was misstated; A record count could detect that too few invoices were entered. c. A systems analyst was conducting payroll fraud by electronically adding to his “hours worked” field during the payroll computer run. A batch total could detect this fraud by revealing that the hours worked on the inputs did not agree with the hours worked on the output reports. d. To create a fictitious employee, a payroll clerk removed a time card for a recently terminated employee and inserted a new time card with the same hours worked. A record count could detect this fraud only if there was a control in place to compare the number of records processed with the number of active employees and the number of active employees had been updated to reflect a reduction for the recently terminated employee.
186. Explain how each of the following input validation checks can prevent or detect errors: field, validity, limit, range, reasonableness, completeness, sign, and a self-checking digit. Answer: a. A field check examines a field to determine whether the appropriate type of data was entered. This will detect mistakes in input, such as erroneous input of numeric information in an alpha field. b. A validity check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values. This will detect mistakes in input, such as nonsense entries caused by the input personnel striking the wrong key. c. A limit check verifies field inputs by making sure that they do not exceed a preestablished limit. This prevents gross overstatements of the data beyond the acceptable limit. d. A range check verifies field inputs by making sure that they fall within a pre-established range limit. This prevents gross overstatements and understatements of the data beyond the acceptable limits. e. A reasonableness check compares the value in a field with similar, related fields to determine whether the value seems reasonable. This can detect possible errors by identifying “outliers”. f. A completeness check assesses the critical fields in an input screen to make sure that an entry has been input in those fields. This detects possible omissions of critical information. g. A sign check examines a field to determine that it has the appropriate positive or negative sign. This can prevent misstatements caused by misinterpretation of information. h. A sequence check ensures that a batch of transactions is sorted and processed in sequential order. This ensures that a batch will be in the same order as the master file. This may prevent errors in the master file by ensuring that the sequence is appropriate to facilitate an accurate update of the master file. i. A self-checking digit is an extra digit added to a coded identification number, determined by a mathematical algorithm. This detects potential errors in input data. 187. The IT governance committee should comprise top level managers. Describe why you think that is important. What problems are likely to arise with regard to IT systems if the top level managers are not involved in IT governance committees? Answer: It is important for an IT governance committee to be comprised of members of top management so it can appropriately align IT investments with the company’s overall business strategies. If top level managers were not involved in this committee, it is likely that IT changes could be approved which do not enhance the company’s overall goals and strategies. In addition, it is possible that IT changes could be discussed and developed without receiving proper approval or funding.
188. Using a search engine, look up the term “penetration testing.” Describe the software tools you find that are intended to achieve penetration testing. Describe the types of systems that penetration testing is conducted upon. Answer: Software tools that perform penetration tests must be able to replicate a successful unauthorized access attempt or recreate an attack on a company’s security, but it must be able to do so without altering of damaging the systems upon which these tests are conducted. This will reveal weaknesses in the system so that the company can implement controls to strengthen the security of its system. Penetration testing is typically conducted upon network systems. 189. Visit the AICPA website at www.aicpa.org. Search for the terms “WebTrust” and “SysTrust.” Describe these services and the role of Trust Services Principles in these services. Answer: WebTrust services are professional services that build trust and confidence among customers and businesses which operate on the Internet. SysTrust services build trust and confidence between business partners who use and rely upon each other’s computer systems. These services are built upon the Trust Services Principles of Security, Privacy, Availability, Confidentiality, and Processing Integrity to help companies create trustworthy systems. Both of these services are represented by seal on the company’s Web site. 190. Using a search site, look up the terms “disaster recovery,” along with “9/11.” The easiest way to search for both items together is to type into the search box the following: “disaster recovery” “9/11.” Find at least two examples of companies that have changed their disaster recovery planning since the terrorist attacks on the World Trade Center on September 11, 2001. Describe how these companies changed their disaster recovery plans after the terrorist attacks. Answer: Students’ answers may vary greatly, as there are numerous examples of companies who operated in or near the World Trade Center or were otherwise affected by the events of September 11, 2001 and who have revised their business disaster recovery plans as a result. A few examples are the financial services companies of Lehman Brothers, Merrill Lynch, and American Express. An article at www.cio.com includes interviews with the IT executives at these companies as they look back to the events of 9/11. In particular, Lehman Brothers has worked hard to increase its redundant storage and real-time back-ups. It also updated its phone systems so that all direct lines to customers would not terminate at the same place, as they did at the World Financial Center. In addition, it has developed a new business continuity plan, with variations that are now tied to the Homeland Security Advisory System’s color-coded warning levels. At Merrill Lynch, disaster recovery efforts focused on diversification of vendors to relieve the concentration from Lower Manhattan. In addition, it outfitted its buildings used for recovery with wireless LANs; this allows for increased flexibility through the broadcast of signals to multiple access points. For American Express, disaster recovery planning and business continuity planning have changed to a geography-based approach, recognizing that disasters are likely to affect large geographic areas. The events of 9/11 proved that Amex’s previous building-based program was not effective.
191. Go to any website that sells goods. Examples would be BestBuy, Staples, and J.Crew. Pretend that you wish to place an order on the site you choose and complete the order screens for your pretend order. Do not finalize the order; otherwise, you will have to pay for the goods. As you complete the order screens, attempt to enter incorrect data for fields or blanks that you complete. Describe the programmed input validation checks that you find that prevent or detect the incorrect data input. Student’s responses are likely to vary significantly, as different Web sites have different input validation checks. However, most Web sites have a warning message that will appear if invalid information is entered. (For instance, the message “The billing city, state, zip code, and country entered do not match up. Please revise your selections below” was encountered on jcrew.com when bogus city and zip code information was entered.) The warning message will typically prevent the user from proceeding to the next step in the transaction until the error is corrected.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 5: Corporate Governance and the Sarbanes-Oxley Act TEST BANK - CHAPTER 5 - TRUE / FALSE 1. Research indicates that companies who stress corporate governance tend to be rewarded with higher rates of return and a lower cost of capital. 2. The high cost related to corporate governance far outweighs any of the related benefits. 3. The purpose of corporate governance is to encourage the efficient use of resources and to require accountability of those resources. 4. The various groups whose interests are related to corporate governance will generally have no conflicts with each other. 5. In order to be considered a stakeholder in corporate governance, the participant must be external. 6. The management group tends to have an indirect impact on corporate governance, while the business community tends to have a direct affect. 7. Even though shareholders are identified as internal stakeholders, they are often regarded as external stakeholders because of the lack of involvement. 8. Top management is made up of managers who coordinate a number of different departments or groups within a company and lead the supervisors in their area of responsibility. 9. The management team of a corporation is often divided into three layers – top management, middle management, and supervisors. 10. The external auditors should approach every audit with an optimistic attitude which will help them to gain more cooperation from the employees within the organization. 11. Even though the people and organizations within a community are not directly related to a corporation, they would still be considered one of the stakeholders. 12. Internal auditors should not allow any financial connections to influence the decisions they make about the company’s financial statements or disclosures. 13. Good management oversight involves leaders who are good communicators - responsive to both those above and below in the chain of command. 14. The goal of corporate governance, with respect to internal controls and compliance, is to ensure that financial information is accurate and transparent.
15. Maintaining effective internal controls and ensuring compliance is a six-step process which does not require continual monitoring. 16. Earnings management tends to have a snowball effect, which means that once it is started, it is necessary to continue the process in order to avoid a negative result. 17. Earnings management is not unethical because it will result in a higher return for the shareholders. 18. Because of its widespread relevance, ethical conduct is often valued as the most important part of corporate governance. 19. Prior to the passage of the Sarbanes-Oxley Act, an auditing firm was prohibited from providing non-audit services to their clients. 20. Before the passage of the Sarbanes-Oxley Act it was common for auditors to perform many non-audit services for their customers. 21. Non-audit services are now prohibited because of the potential to impair the auditor’s objectivity. 22. Even though non-audit services are prohibited by Sarbanes-Oxley, the auditor may perform income tax services for their audit clients if they are pre-approved by the CEO. 23. The auditors report directly to the Board of Directors. 24. The Audit Committee is responsible for hiring, firing, and overseeing the audit firm and serving as the liaison between the audit firm and management. 25. In order to remain independent, members of the audit committee must receive compensation from the company for their service to the company. 26. If an officer of a public company fails to certify financial reports or certifies those that are known to be misleading, the officer may be subject to stiff penalties of up to $1,000,000 and prison term up to 5 years. 27. The Sarbanes-Oxley Act contains a section referred to as the “whistle-blower protection” section that is intended to protect a whistleblower from retaliation by the company or its employees. 28. The audit committee is the point of contact on financial matters and serves as the supervisor of the board of directors. 29. Corporate management serves as supervisors to the board of directors. 30. Sarbanes-Oxley has resulted in increased levels of responsibility for business leaders at all levels.
31. Even if top managers are intent to do wrong, it is likely that an organization could develop a set of checks and balances that could completely prevent them from doing so. 32. Data mining software has become more important to corporate governance because of its ability to help signal frauds. 33. When managers are faced with decision making in troubled times, it is necessary for them to protect as many jobs as possible, regardless of the impact on individual shareholders. 34. It is not necessary for the audit committee to maintain independence, as long as they are performing their duties in the proper manner. 35. In today’s business environment, there is not a substitute for the integrity and ethics of a company’s leaders. ANSWERS TO TEST BANK – CHAPTER 5 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7.
T F T F F F T
8. 9. 10. 11. 12. 13. 14.
F T F T F T T
15. 16. 17. 18. 19. 20. 21.
F T F T F T T
22. 23. 24. 25. 26. 27. 28.
F F T F F T T
29. 30. 31. 32. 33. 34. 35.
F T F T F F T
TEST BANK - CHAPTER 5 - MULTIPLE CHOICE 36. Which of the following groups would use factors such as those that affect the supply and demand of corporate leaders and tend to emphasize the importance of motivating leaders through the use of incentive programs as part of their definition of corporate governance? A. Financiers B. Economists C. Accountants D. Lawyers 37. This group of business would tend to emphasize the role of corporate leaders to provide a good rate of return. A. Financiers B. Economists C. Accountants D. Lawyers
38. This group of business would tend to emphasize the role of corporate leaders as providing effective internal controls and accurate records. A. Financiers B. Economists C. Accountants D. Lawyers 39. A system of checks and balances where a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process is called: A. Internal Control B. Tone at the Top C. Code of Conduct D. Corporate Governance 40. Key ingredients in the concept of corporate governance include: A. Motivation of leaders B. Providing high rates of return and low costs of capital C. Building value and creating confidence D. Efficient use of resources 41. The set of values and behaviors in place for the corporate leaders is referred to as: A. Corporate Governance B. Tone at the Top C. Internal Control D. Stakeholders 42. There are a number of different participants in the corporate governance process. These participants are referred to as: A. Leaders B. Managers C. Shareholders D. Stakeholders 43. All of the different people who have some form of involvement or interest in the business are referred to as: A. Employees B. Stakeholders C. Executives D. Shareholders 44. The group of people who participate in or with the business in a manner that puts them in a position of financial interest or risk, or is otherwise significant to the overall strategies and operations of a business are called: A. Managers B. Board of Directors C. Stakeholders D. Audit Committee
45. The internal stakeholders would not include: A. Creditors B. Shareholders C. Internal Auditors D. Audit Committee 46. The internal stakeholders who own a portion of the corporation are called: A. Directors B. Shareholders C. Audit Board D. Executives 47. This group of stakeholders should have the highest level of authority related to the company’s objectives and strategies. Elected by the shareholders, it’s role is to align the interests of the shareholders and management. A. Audit Committee B. Internal Auditors C. Board of Directors D. Executive Branch 48. This group of stakeholders is responsible for financial matters, including reporting, controls, and the audit function. A. Audit Committee B. External Auditors C. Board of Directors D. Internal Auditors 49. Which of the following properly identifies the top management level of the management team? A. Guide the work of a number of employees doing similar tasks within a department or group. B. Coordinate a number of different departments within the company by overseeing supervisors. C. Made up of the company’s president and chief executive officer. D. Carry out the day-to-day operations and administrative functions of the company. 50. This group of stakeholders help management establish and monitor the internal controls for the company. They rotate throughout the company, reviewing policies, procedures, and reports in each area to determine whether or not they are working as planned. A. External Auditors B. Internal Auditors C. Audit Committee D. Top Management
51. People and organizations outside the corporation who have a financial interest in the corporation are referred to as: A. External Auditors B. External Stakeholders C. Securities and Exchange Commission D. Treadway Commission 52. Which of the following groups is NOT considered to be an external stakeholder? A. Audit Committee B. External Auditors C. Governing Bodies D. Customers 53. The purpose of this group of stakeholders is to add credibility to the financial statements. They are responsible for evaluating whether or not the financial statements have been prepared according to the established accounting rules. A. Internal Auditors B. Governing Bodies C. Audit Committee D. External Auditors 54. The governing group is responsible for establishing applicable financial accounting standards in the United States: A. COSO B. SEC C. FASB D. IASB 55. This governing group is responsible for establishing applicable financial accounting standards globally: A. COSO B. SEC C. FASB D. IASB 56. This governing group is the federal regulatory agency responsible for protecting the interests of investors by making sure that public companies provide complete and transparent financial information: A. COSO B. SEC C. FASB D. IASB 57. This governing group created the framework for internal controls evaluations: A. COSO B. SEC C. FASB D. IASB
58. It is necessary that certain stakeholders remain independent related to the corporation’s financial reporting. Which of the following correctly states the stakeholders that should remain independent? A. Internal Auditors, Audit Committee and External Auditors B. Audit Committee and Internal Auditors C. External Auditors and Audit Committee D. Both Internal and External Auditors 59. The system of checks and balances in corporate governance includes several interrelated functions. Which of the following is not one of those functions? A. Management Oversight B. Financial Stewardship C. Ethical Conduct D. Governing Bodies 60. The concept that encompasses the policies and procedures in place to lead the directorship of the company is called: A. Financial Stewardship B. Management Oversight C. Ethical Conduct D. Internal Controls and Compliance 61. Which of the following is not typical relationship in an organization chart? A. Supervisors report to managers B. Managers report to officers C. Managers report to supervisors D. Officers report to the board of directors 62. According to the authors, the downfall of Enron involved poor management oversight, and included the following criticism(s) of the board of directors: A. Board meetings were few and brief B. They did not challenge the company’s aggressive accounting policies C. Board allowed senior executives to be exempted from the company’s policies regarding conflicts of interest D. All of the above 63. The correctness of the financial information presented is called: A. Accuracy B. Transparency C. Stewardship D. Fiduciary 64. This characteristic of financial information, relates to how clearly the information can be understood. It requires a straightforward, consistent, and timely approach. A. Accuracy B. Financial Stewardship C. Fiduciary Duty D. Transparency
65. Companies that emphasize accuracy and transparency: A. Will have internal controls in place to make sure that their financial reports do not contradict each other. B. Will have fewer opportunities for errors or fraud. C. Will be more likely to prevent opportunities for wrongdoers to cross the line into fraud. D. All of the above. 66. A special obligation of trust, especially with respect to the finances of another, is called: A. Financial Stewardship B. Fiscal Transparency C. Fiduciary Duty D. Internal Controls 67. Within the corporate environment, this term means that management has been entrusted with the power to manage the assets of the corporation, which are owned by the shareholders. A. Fiscal Transparency B. Fiduciary C. Stewardship D. Accuracy 68. The manner in which an agent handles the affairs and/or finances of another is referred to as: A. Financial Stewardship B. Fiscal Transparency C. Accuracy D. Fiduciary 69. The most important factors for success in a leader in fulfilling the duty of financial stewardship are: A. Financial Stewardship and Fiscal Transparency B. Financial Accuracy and Internal Control C. Fiduciary Duty and Ethical Conduct D. Good Communication and Open Dialogue 70. In order for an environment to thrive where corporate leaders can be good financial stewards: A. Well-defined rules and procedures must be in place for decision making. B. It is necessary to consider objectives at the starting point. C. Any decision made must be in the best interest of the shareholders. D. All of the above. 71. The act of manipulating financial information in such a way as to shed more favorable light on the company or its management than is actually warranted is referred to as: A. Financial accountability B. Earnings management C. Income performance D. Financial stewardship
72. Which of the following is not one of the typical earnings management techniques? A. Early revenue recognition B. Falsification of customers C. Creation of non-existent vendors D. Early shipment of products 73. According to the authors, the origin of the corporate governance concept in the United States coincides with: A. The passage of Sarbanes-Oxley Act B. The creation of the Public Company Accounting Oversight Board C. The establishment of the SEC and enactment of the securities laws D. The Treadway Commission and the ultimate creation of COSO 74. The Securities Act of 1933 requires: A. The implementation of a proper climate of internal controls B. The full disclosure of financial information through the filing of registration statements before the securities can be sold C. Ongoing disclosures for registered companies, in addition to the regulation stock exchanges, brokers, and dealers. D. The legislation enacted to combat deceptive accounting practices by banks and financial institutions 75. The Securities Exchange Act of 1934 requires: A. The implementation of a proper climate of internal controls B. The full disclosure of financial information through the filing of registration statements before the securities can be sold C. Ongoing disclosures for registered companies, in addition to the regulation stock exchanges, brokers, and dealers. D. The legislation enacted to combat deceptive accounting practices by banks and financial institutions 76. The establishment of the SEC and the enactment of securities laws were responses to: A. The stock market crash of 1929 and the Great Depression of the 1930s B. Market pressures during the 1980s C. Increased inflation and cost of capital during the 1970s D. High-profile accounting scandals in the early 2000s 77. This legislation was enacted in an effort to curb the corruption and accounting blunders that had been discovered in connection with the bankruptcies of corporate giants, such as WorldCom. A. Securities Exchange Act B. US Patriot Act C. Sarbanes-Oxley Act D. Securities Act
78. The PCAOB was established to carry the provisions of the: A. Sarbanes-Oxley Act B. Securities Act C. US Patriot Act D. Securities Exchange Act 79. The Sarbanes-Oxley Act relates to: A. Private companies and auditors of public companies B. Public companies C. Auditors of public companies and public companies D. Auditors of private companies 80. Auditors of public companies are now prohibited from providing non-audit services to their audit clients as a result of which section of the Sarbanes-Oxley Act: A. Section 201 B. Section 301 C. Section 302 D. Section 401 81. Title II of the Sarbanes-Oxley Act relates to auditor independence and includes items such as: A. Requiring the lead partner on a public company audit to rotate off the engagement each year. B. If an auditor is hired away from the audit firm to take a job with the client, there must be a cooling off period of three years if the new job is in a key accounting role. C. If the auditor’s involvement with the design of the client’s accounting information system and expands into areas of IT system development, then the auditor is considered to have impaired independence. D. Auditors of public companies are now allowed to provide non-audit services to their audit clients. 82. Which of the following is not considered to be a non-audit service? A. Preparation of accounting records and financial statements B. Investment advisory, investment banking, or brokerage services C. External auditing services D. Internal audit outsourcing services 83. This section of the Sarbanes-Oxley Act requires that public companies have an audit committee that is a subcommittee of the board of directors. A. Section 201 B. Section 301 C. Section 401 D. Section 404
84. This section of the Sarbanes-Oxley Act requires that the CEO, CFO, and other responsible offices of the company submit a certified statement accompanying each annual and quarterly report acknowledging their responsibility for the contents of the reports and the underlying system of internal controls. A. Section 301 B. Section 401 C. Section 302 D. Section 404 85. This section of the Sarbanes-Oxley Act requires that there be disclosures in periodic reports disclosing any off-balance-sheet transactions, including obligations or arrangements that may impact the financial position of the company. A. Section 201 B. Section 401 C. Section 906 D. Section 404 86. This section of the Sarbanes-Oxley Act requires management assessment and reporting of the company’s internal controls. A. Section 404 B. Section 409 C. Section 301 D. Section 201 87. This section of the Sarbanes-Oxley Act requires that auditors include, as part of their audit procedures, an attestation to the internal control report prepared by management. A. Section 404 B. Section 409 C. Section 301 D. Section 201 88. This section of the Sarbanes-Oxley Act requires that all public companies have in place a code of ethics covering its CFO and other key accounting officers. The code must include principles that advocate honesty and moral conduct, fairness in financial reporting, and compliance with applicable governmental rules and regulations. A. Section 401 B. Section 404 C. Section 406 D. Section 409 89. The section of the Sarbanes-Oxley Act makes it a felony to knowingly alter, destroy, falsify, or conceal any records or documents with the intent to influence an investigation. This provision relates to both the company and its auditors. A. Section 602 B. Section 802 C. Section 806 D. Section 409
90. Someone who reports instances of wrongdoing or assists in a fraud investigation is referred to as a(n): A. Ringer B. External Auditor C. Internal Auditor D. Whistleblower 91. This section of the Sarbanes-Oxley Act is referred to as the “whistleblower protection” provision. A. Section 201 B. Section 306 C. Section 806 D. Section 1102 92. Which of the following describes a difference management oversight as a result of SarbanesOxley? A. Management focus has gone from one of strategic decision making and risk management to overall accountability. B. The board of directors and the audit committee have a lower level of accountability. C. Members of upper management have the opportunity to focus on overall financial information and can leave the details to subordinates. D. The jobs of management have been lightened as a result of the certification requirements. 93. Which of the following describes a change in internal controls and compliance as a result of the Sarbanes-Oxley Act? A. The corporate associates who are responsible for the development and maintenance of the accounting information system have become less important. B. Although there are new management reporting requirements, the financial reporting has actually decreased. C. The creation of new reporting requirements has created a large amount of extra work for accountants, IT departments, and executives. D. A side effect of compliance with the internal control sections of the Act has resulted in a decrease in the amount of accounting information. ANSWERS TO TEST BANK – CHAPTER 5 – MULTIPLE CHOICE: 36. B 48. A 60. B 72. C 37. A 49. C 61. C 73. C 38. C 50. B 62. D 74. B 39. D 51. B 63. A 75. C 40. C 52. A 64. D 76. A 41. B 53. D 65. D 77. C 42. D 54. C 66. C 78. A 43. B 55. D 67. B 79. C 44. C 56. B 68. A 80. A 45. A 57. A 69. D 81. C 46. B 58. C 70. D 82. C 47. C 59. D 71. B 83. B
84. 85. 86. 87. 88. 89. 90. 91. 92. 93.
C B A A C B D C A C
TEST BANK - CHAPTER 5 – END OF CHAPTER QUESTIONS 94. Which of the following is not considered a component of corporate governance? A. Board of Directors Oversight B. IRS Audits C. Internal Audits D. External Audits 95. Good corporate governance is achieved when the interests of which of the following groups are balanced? A. Internal auditors and external auditors B. Shareholders and regulators C. Shareholders, the corporation, and the community D. Regulators and the community 96. Over time, corporate leaders establish trust by being active leaders, stressing integrity, clarity, and consistency. This is referred to as: A. Internal control B. Corporate governance C. Fiduciary duty D. Tone at the top 97. Corporate governance is primarily concerned with: A. Enhancing the trend toward more women serving on boards of directors. B. Promoting an increase in hostile takeovers. C. Promoting the legitimacy of corporate charters. D. Emphasizing the relative roles, rights, and accountability of a company’s stakeholders. 98. The governing body responsible for establishing the COSO framework for internal controls evaluations is the: A. Treadway Commission. B. SEC. C. PCAOB. D. FASB. 99. When financial information is presented properly and its correctness is verifiable, it is: A. Transparent. B. Compliant. C. Accurate. D. Accountable. 100. Which of the following nonaudit services may be performed by auditors for a public-company audit client? A. IT consulting regarding the general ledger system for a newly acquired division. B. Programming assistance on the new division’s general ledger system. C. Human resource consulting regarding personnel for the new division. D. Income tax return preparation for the new division.
101. Which of the following is not true regarding the requirements for reporting on internal controls under Section 404 of the Sarbanes-Oxley Act of 2002? A. Management must accept responsibility for the establishment and maintenance of internal controls and provide its assessment of their effectiveness. B. The independent auditor must issue a report on management’s assessment of internal controls. C. Management must identify the framework used for evaluating its internal controls. D. Management must achieve a control environment that has no significant deficiencies. 102. In the corporate governance chain of command, the audit committee is accountable to: A. The company’s vendors and other creditors. B. Management and employees. C. Governing bodies such as the SEC and PCAOB. D. The external auditors. 103. Section 806 of the Sarbanes-Oxley Act is often referred to as the whistle-blower protection provision of the Act because: A. It offers stock ownership to those who report instances of wrongdoing. B. It specifies that whistleblowers must be terminated so as to avoid retaliation. C. It protects whistleblowers’ jobs and prohibits retaliation. D. It provides criminal penalties for the alteration of destruction of documents. 104. Which of the following is true regarding the post-Sarbanes-Oxley role of the corporate leader? A. More emphasis is placed on strategic planning and less emphasis on financial information. B. The corporate leader must be more in tune with IT to provide corporate governance solutions. C. The corporate leader must be more focused on merger and acquisition targets. D. The corporate leader tends to be less involved with the board of directors. 105. Many corporate frauds involve: A. Managers soliciting assistance from their subordinates. B. A small deceptive act that intensifies into criminal behavior. C. An earnings management motive. D. All of the above. ANSWERS END OF CHAPTER QUESTIONS -TEST BANK - CHAPTER 5 94. 95. 96. 97.
B C D D
98. 99. 100. 101.
A C D D
102. 103. 104. 105.
C C B D
TEST BANK - CHAPTER 5 – SHORT ANSWER QUESTIONS 106. Why is tone at the top so important to corporate governance? Answer: Tone at the top is so important because it is the set of values and behaviors in place for corporate leaders. As the term suggests, it sets the tone, or pattern, for the entire organization. Thus a “bad” tone at the top is likely to filter down and affect all levels of the enterprise. 107. Why do you think companies that practice good corporate governance tend to be successful in business? Answer: Good corporate governance means that the company leadership is held accountable for building shareholder value and creating confidence in financial reporting processes. This accountability means that corporate leaders are more likely to do the right thing: that is, they operate efficiently, effectively, and ethically. Such companies tend to be more successful. 108. Which stakeholder group (internal or external) is more likely to be affected by corporate governance, and which has a direct affect on corporate governance? Answer: External stakeholders are most affected by corporate governance. Bad corporate governance is likely to lead to negative consequences for external stakeholders such as creditors or stockholders. Internal stakeholders have a more direct effect on the state of corporate governance. Those external to the company do not have as much influence or control. 109. Explain how it is possible that a shareholder could be considered both an internal and external stakeholder. Answer: Shareholders are owners of the company and could therefore be considered internal; stakeholders. However, in many large corporations, most shareholders own such a small percentage of outstanding shares that they have little to no influence on the corporation. Thus, they could be considered external stakeholders. 110. Why is the Board of Directors considered an internal stakeholder group, when it is required to have members who are independent of the company? Answer: Because the board of directors has the highest level of authority with respect to company objectives and strategies, it is considered an internal stakeholder group. Therefore, it has a direct and strong influence on the governance of the enterprise. 111. How can internal auditors maintain independence, since they are employees of the company? Answer: Internal auditors should not have any reporting relationship or conflicting roles that impact their objectivity on the job. For example, internal auditors often report to the audit committee so that they are not reporting to a manager who would lead to a conflict of interest. If internal auditors report to the CEO or CFO, those parties are more likely to have an interest in hiding any fraudulent or unacceptable behavior. 112. Identify the four functions of the corporate governance process. Answer: The four functions of the corporate governance process are: management oversight, internal controls and compliance, financial stewardship, and ethical conduct.
113. Describe the key connection between tone at the top and management oversight. Answer: Management oversight is the set of policies and practices in place to lead the directorship of the company. This set of policies and practices, if consistently demonstrated by management, should set a good tone at the top. 114. Explain the connection between fiduciary duty and financial stewardship. Answer: Fiduciary duty means that management has been entrusted the power to manage assets of the corporation, which are in turn owned by the shareholders. Financial stewardship is the obligation of the fiduciary to treat these assets with discipline, respect, and accountability. 115. Why is it that many accountants claim that corporate governance was born in the 1930s? Answer: The stock market crash of 1928 is believed to have been caused by misleading accounting and reporting practices. The federal government responded by passing both the Securities Act of 1933 and the Securities Exchange Act of 1934. These were the first regulations to attempt to require management accountability to investors, so they are thought of as the birth of corporate governance. 116. What is the primary difference between the Securities Act of 1933 and the Securities Exchange Act of 1934? Answer: The Securities Act of 1933 requires full financial disclosure before securities can be sold, while the Securities Exchange Act of 1934 requires ongoing disclosure for registered companies. 117. Why did the SEC establish the PCAOB? Answer: The PCAOB was established to govern the work of auditors of public companies. The PCAOB provides standards for audits, and has investigative and disciplinary authority over public accounting firms. 118. Why can auditors no longer be involved in helping their audit clients establish accounting information systems? Answer: Around the period of discussion on the upcoming Sarbanes-Oxley act, there was a general perception in public that this type of consulting engagement impaired the independence of auditors. There was concern that a firm that helped design an accounting system could not be independent in assessing the effectiveness and reliability of that accounting system. To enhance independence, the Sarbanes-Oxley Act prohibited such consulting engagements. 119. Under what conditions are auditors permitted to perform non-audit services for their audit clients? Answer: Non-audit services are permitted only if the auditor has obtained prior approval from the client’s audit committee. 120. How has the Sarbanes-Oxley Act increased the importance of audit committees in the corporate governance process? Answer: The SOX Act places much more responsibility on the audit committee. On financial matters, the audit committee is to supervise the board of directors, which in turn supervises corporate management. The audit committee must be independent and it is responsible for hiring, firing, and overseeing the external auditors. The external auditors report to the audit committee on all audit related matters. Some companies may have followed these practices prior to 2002, but SOX now requires the use of these practices.
121. Identify the six financial matters that must be certified by a company’s top officers under the requirements of Section 302 of the Sarbanes-Oxley Act. Answer: The following matters must be certified by a company’s top officers: (1) the signing officers have reviewed the report in detail; (2) based on the signing officer’s knowledge, the report does not misstate any facts; (3) based on the signing officer’s knowledge, the financial statements and related disclosures are fairly presented; (4) the signing officers are responsible for the establishment, maintenance, and effectiveness of internal controls; (5) the signing officers have disclosed to the auditors and audit committee any instances of fraud or internal control deficiencies; (6) the signing officers indicate whether or not any significant changes in internal controls have occurred since the date of their most recent evaluation. 122. Explain the relationship between Section 401 of the Sarbanes-Oxley Act and the concept of transparency. Answer: Transparency in financial reporting implies that nothing is hidden from the view of readers of financial statements. Section 401 requires new disclosure information on the financial statements for off-balance-sheet transactions. This ensures that off-balance-sheet transactions are not hidden from readers. 123. Explain the difference between management’s responsibility and the company’s external auditors’ responsibility regarding the company’s internal controls under Section 404 of the Sarbanes-Oxley Act. Answer: Under section 404 of the SOX Act, the CEO and CFO have the responsibility to maintain a proper system of internal control. Management must assess the effectiveness of the internal control system based on an established framework such as COSO. The external auditor must review the internal controls and attest to the effectiveness of the internal controls. 124. Explain why Section 409 of the Sarbanes-Oxley Act has placed more pressure on members of IT departments within public companies. Answer: Section 409 of the SOX Act requires real-time disclosures of important corporate events such as bankruptcy, new contracts, acquisitions and disposals, and changes in control. This real-time reporting requires that the company’s accounting systems track such events in real-time. Therefore, IT departments must help establish and maintain IT systems capable of achieving these reporting requirements. 125. How is the Sarbanes-Oxley Act forcing corporations to become more ethical? Answer: The SOX Act requires all public companies to have a code of ethics in place. This does not guarantee that ethical conduct will occur, but it at least informs managers and employees that they are expected to act ethically. 126. Why do corporate leaders see their jobs as more risky since the Sarbanes-Oxley Act became effective? Answer: There are several “sign-offs” that corporate leaders must do. If a corporate officer signsoff without due care or fraudulently, he or she can be subject to penalties. 127. Which governing body holds the top position of management oversight? Answer: The corporate board of directors holds the top management oversight position.
128. Identify two ways that companies are making efforts to improve the financial stewardship of their managers. Answer: In order to improve the financial stewardship of their managers, some companies are offering training programs to assist managers in understanding their stewardship responsibilities and some have made adjustments to management incentive compensation packages to reduce the temptation to manage earnings. 129. How can IT departments assist corporate managers in fulfilling their corporate governance roles? Answer: A company’s IT infrastructure is a very important system for allowing management access to the information they need to ensure compliance with corporate governance guidelines. The IT system can also help ensure managers and employees are trained on ethics and corporate governance. The chapter mentions the example of BASF that supplies ethics training via the Internet. 130. How is it that management’s role as financial stewards may be considered a conflict of interest with their position as employees of the company? Answer: Managers often have compensation plans in which incentives are tied to company earnings. This may lead to a conflict between what is in the best interest of shareholders and the best interest of the manager or employees. Often what is in the best interest of employees or management is not in the best interest of the shareholders. TEST BANK - CHAPTER 5 – SHORT ESSAY 131. Why are shareholders sometimes considered internal stakeholders and sometimes considered external stakeholders? Answer: Shareholders are owners of the company and could therefore be considered internal stakeholders. However, in many large corporations, most shareholders own such a small percentage of outstanding shares that they have little to no influence on the corporation. Thus, they could be considered external stakeholders. 132. Is it possible for financial information to be accurate but not transparent? Similarly, is it possible for financial information to be transparent but not accurate? Explain. Answer: Yes, it is possible for information to be accurate but not transparent. For example, if a company accurately reports information on the face of the financial statements but neglects to disclose appropriate explanatory information in the footnotes, then transparency is compromised. On the other hand, a company can be thorough in providing supplementary information that is needed to understand and analyze the financial statement amounts, even though there are errors in the reporting of those amounts.
133. Earnings management involves lying about the company’s financial results in order to provide a more favorable impression to investors. Earnings management is discussed in the section on financial stewardship. Explain how the other three functions of corporate governance can work together to help prevent earnings management within a corporation. Answer: Besides financial stewardship the other three functions of corporate governance are management oversight, internal controls and compliance, and ethical conduct. Even if there are weaknesses in financial stewardship that allow for the possibility of earnings management, these other three functions should prevent this. If effective management oversight is practiced whereby supervision and communication are key to the ongoing processes, manipulations of financial information should be caught by the diligent managers who oversee the financial reporting function. In addition, the system of internal controls should provide for the assignment of rights and responsibilities and compliance with accounting conventions in a manner that encourages accuracy and transparency of financial information. Furthermore, creating and maintaining a culture of honesty and accountability is inconsistent with the practice of earnings management. Accordingly, these strengths of the other components of corporate governance are expected to overcome any weakness in financial stewardship that might create an opportunity for earnings management. 134. Describe how the characteristics of the financial markets in the 1980s eventually led to the creation of the Sarbanes-Oxley Act of 2002. Answer: In the 1980s, there was intense pressure for companies to met or beat their earnings targets. As a result, creative accounting practices became more common. Even in the following decade, these irregularities became so severe that a series of high-profile corporate accounting scandals erupted. The losses suffered as a result of these corporate scandals were so significant that many investors demanded that new legislation be introduced in order to prevent repeat instances of these problems. The SOX Act was the result. 135. Although the Sarbanes-Oxley Act of 2002 applies to public companies, many private business organizations have been impacted by this legislation, especially if they are suppliers to a public company. Explain how this external stakeholder relationship can lead to the widespread application of Section 404 of the Act. Answer: For many of the public companies which are doing business with private companies, the requirements of the SOX Act are being superimposed upon the private companies. In order for the public company to comply with the SOX Act, it must be assured that its trading partners also maintain effective controls. As a result, many private companies are complying with the SOX Act in order to protect their business relationships. 136. Describe at least three ways that the Sarbanes-Oxley Act and the increased emphasis on corporate governance have put more attention on the role of those responsible for the company’s accounting information systems. Answer: IT departments are expected to help management achieve compliance with new legislation by leveraging technology so that financial processes can be relied upon to provide accurate information. Secondly, many corporate managers are demanding more electronic recordkeeping to provide timely information, but that requires an IT infrastructure that supports the company’s strategies and goals. Finally, since most corporate managers do not have time to collect data, they need to have information that is readily accessible.
137. Why do you think it is particularly challenging for companies to maintain ethical behavior during difficult financial times? Answer: During difficult financial times, it is particularly challenging for companies to maintain ethical behavior because of the conflict of interest for managers in their role as financial stewards of the business. Management may be inclined to act in a way that protects their job or their employees at the expense of the shareholders. Earnings management techniques are an easy solution to this conflict. TEST BANK - CHAPTER 5 – Problems 138. List the six steps for establishing internal controls and describe how this process leads to stronger overall corporate governance. Answer: The six-step process for internal controls includes the following: 1. Define the key activities and resources involved in each business activity. 2. Define the objectives of each activity. 3. Obtain input from experienced users and advisors on the effective design of controls. 4. Formally and thoroughly document the details of the controls. 5. Test the effectiveness of controls to make sure they are operating as designed. 6. Engage in continuous improvement to fix problems and upgrade controls. These steps help to establish a thorough understanding of processes as the foundation for an effective system. It also provides for documenting, monitoring, and improving the system as needed. This provides for accurate and transparent financial reporting. 139. List the items that must be certified by corporate management in accordance with the provisions of the Sarbanes-Oxley Act. Discuss how these responsibilities have likely changed the period-to-period activities of the certifying managers. Answer: Top managers must submit a certified statement to accompany each annual and quarterly report to acknowledge their responsibility for the contents of the financial reports and the underlying system of internal controls. The specific points include acknowledgments that: 1. They have reviewed the report in detail. 2. The report does not misstate any facts. 3. The financial statements and related disclosures are fairly presented. 4. They are responsible for the establishment, maintenance, and effectiveness of internal controls. 5. They have disclosed any instances of fraud or internal control deficiencies. 6. They have indicated whether or not any significant changes in internal controls have occurred since the date of their most recent evaluation. The responsibilities inherent in these certified statements have likely resulted in significant changes in the activities of the signing officers. Specifically, the certifying officers can no longer delegate responsibility for the detailed accounting functions to their subordinates. These officers must become knowledgeable about the details in order to facilitate these certifications. Moreover, since the certifications must be filed quarterly, this new attention to detailed accounting information must be a continuous responsibility.
140. Identify the costs and benefits of complying with the Sarbanes-Oxley Act of 2002. Do you think the costs are justified? Answer: The costs of complying with SOX are high, and have ranged from some companies’ complete overhaul of operations to other companies’ mere revisions in reporting and documentation. In addition, most companies have also seen increases in their audit costs, as auditors also have increased responsibilities as a result of SOX. On the other hand, some companies have realized benefits from the requirements of SOX, including enhanced performance as a result of improved internal controls. Students’ responses to the question of SOX’s justification are likely to be mixed. Some may criticize SOX for its extreme requirements and minimal benefits, as well as the resulting shift in managerial focus from large scale, strategic issues to detailed reporting requirements. They may agree that SOX was enacted hastily in response to a few bad cases of corruption that are not necessarily representative of America’s corporate control environment as a whole. However, others may appreciate the opportunity that SOX has presented for improving corporate controls. Some SOX proponents believe that the benefits are likely to be realized gradually as companies increase their awareness of internal controls and streamline their business processes accordingly. 141. Using an Internet search engine (such as Google, Dogpile, Lycos), determine who was the whistleblower at Enron. Summarize the circumstances. What was the relationship of this person with the company? Was this an internal or external stakeholder? Answer: The whistleblower at Enron was Sherron Watkins, an internal stakeholder who held the position of Vice President for Corporate Development. In 2001, she wrote a letter to Enron founder Ken Lay to warn him of the company’s impending financial problems if he did not come clean about potentially disastrous accounting tricks. She also shared her concerns with a friend at Arthur Anderson, her former employer and Enron’s audit firm. 142. Using an Internet search engine (such as Google, Dogpile, Lycos), search for the terms “guilty as charged” + “California Micro Devices” in order to find an article about the company, California Micro Devices. Identify the related corporate governance issues. Answer: Two top-ranking executives at California Micro Devices were convicted of accounting fraud, including securities fraud and insider trading. As top executives, they were in a position of trust. The federal prosecutors in their case indicated that it was important to send a message about the seriousness of their crimes, the importance of their roles within the company, and the need for severe punishment for the abusive accounting schemes that were carried out.
143. There are five types of management earnings techniques presented in this chapter. Provide two or three specific examples of how corporate leaders could pull off these types of fraud, as well as the internal control activities that could be used to prevent them. Answer: Student responses are likely to vary but may include the following fraud schemes, each of which may be particularly effective if conducted near year-end: • Early recognition of revenues, such as when management loads the sales pipeline with customer transactions that will actually be carried out in the next accounting period rather than the current period; i.e., channel stuffing. • Early shipment of products, such as when management authorizes premature shipment of goods to customers. This is often done for customers who place routine or recurring orders, so management assumes that it will be able to pull off this accounting stunt by sending a shipment for a transaction that has not yet been taken place. Even if the customer refuses the shipment and returns the goods, such is likely to occur in the next accounting period, so the fraudulent sale would still be recorded in the current period. • Falsification of customers, such as when bogus customers are created in the accounting records and bogus sales transactions are developed to inflate the company’s revenues. Fictitious supporting documents may be created to give the impression of a legitimate transaction with a valid customer. • Falsification of invoices or other records may occur in an attempt to force more sales transactions into the current period’s accounting records. For instance, sales invoices and related shipping documents may be backdated so that they are included in the prior period. • Allowing customers to take products without taking title to the products, such as forcing a trial period upon them. Management may attempt this, hoping that the customers may decide to carry out the transaction. Even if the customer returns the goods, such is likely to occur in the next accounting period, so the fraudulent shipment and sales would still be recorded in the current period.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 6: IT Governance TEST BANK - CHAPTER 6 - TRUE / FALSE 1. IT governance is an issue for executives and top management. Lower level managers and the board of directors are outsiders in the process. 2. In order to meets it obligation of corporate governance, the board of directors must oversee IT. 3. In order to match company strategy to IT systems, the company needs to have an IT governance committee and a formal process to select, design, and implement IT systems. 4. Either the IT governance or the system development life cycle are necessary in the strategic management of IT systems. 5. Once the system development life cycle has determined the priority it places on IT systems, the IT governance committee will manage the development, implementation, and use of the systems. 6. The IT governance committee should constantly assess the long-term strategy of the company and determine the type of IT systems to purchase, develop and use. 7. The systems development life cycle is responsible for the oversight and management of the IT governance committee. 8. Accounting software was often not available in the early days of computers which required that the organization would develop, program, and implement their in-house accounting software. 9. Once the systems development life cycle (SDLC) is complete, it is not necessary to restart the cycle unless something is brought to the attention of the IT governance committee to indicate that another cycle is required. 10. It is likely that the IT governance committee will go back through the phases of the SDLC to design new and improved IT systems. 11. In the modern IT environment, it is necessary for an organization to follow each of the steps in the SDLC in the order presented. 12. The exact steps in the SDLC and/or their sequence are not as important as is the need to formalize and conduct those steps completely and consistently. 13. The IT governance committee will be constantly monitoring the IT system to look for fraud and system abuse.
14. If the operational feasibility determines that the operation will require new training of employees, then the proposed upgrade or modification should be rejected. 15. The economic feasibility study would answer the question about whether the benefits of the proposed IT system outweigh the costs. 16. When the IT governance committee uses both the strategic match and the feasibility study, they will be better able to prioritize proposed changes to the IT systems. 17. When the IT governance committee has made the decision as to which IT upgrades and/or modifications are to made, their job is complete. 18. Data collection in the system survey step of systems analysis involves documentation review only. 19. The purpose of observation in the system survey is to enable the project team to gain an understanding of the processing steps within the system. 20. During a documentation review, the team would examine only relevant documentation of the proposed upgrade or modification. 21. In order to gain a complete understanding of the system under study, the project team should seek the opinions and thoughts of those who use the system in addition to observation and documentation review. 22. The face-to-face nature of an interview is advantageous due to the fact that the interviewer can clear up any misunderstandings as they occur and can follow up with more questions, depending on the response of the interviewee. 23. One advantage of the interview process is efficiency. 24. One advantage to the use of questionnaires is that they can be answered anonymously, which allows the respondent to be more truthful without fear of negative consequences. 25. The determination of user requirements is often discovered through the use of observation and documentation review. 26. The analysis phase is the critical-thinking stage of systems analysis. 27. IT and business process reengineering have mutually enhancing relationships. The business processes should be supported by the IT capabilities. 28. Business process reengineering takes place at the systems design stage of the SDLC. 29. The last step of the systems analysis phase is to prepare a systems analysis report that will be delivered to the IT governance committee.
30. The steps within the design phase of the SDLC is the same, whether the organization intends to purchase software or to design the software in-house. 31. In general, purchased software is more costly but more reliable than software designed inhouse. 32. While it is not necessary to hire a consulting firm, many organizations find that the special expertise of consulting firms is most beneficial in the design and implementation of accounting system software. 33. When in the systems design phase and creating an in-house accounting software, the feasibility aspect is the same as in the systems planning stage. 34. In general, designs that require more complex technology have a higher feasibility than designs with less complex technology. 35. When a company is revising systems, there are intangible benefits that are difficult to estimate in dollars. These intangible benefits should be included in the project team’s report. 36. Because the users of reports need the reports on an ongoing basis as part of their jobs, it is critical to have user feedback in the design of the details of the output reports. 37. In general, the manual input method is less error prone that the electronic methods. 38. In the detailed design phase, all of the individual steps within a process must be identified and designed. 39. The internal controls within a system must be designed in the implementation stage. 40. It would not be necessary for the programming staff to have interaction with the accounting staff during the systems implementation process, as all systems design was previously completed. 41. Software should never be implemented before it is tested. 42. It is essential that accountants oversee the data conversion from the old system to the new system to make sure that all accounting data is completely and correctly converted. 43. The file or database storage for the new accounting system may not be different from the old system. 44. The longest and most costly part of the SDLC is the operation and maintenance. 45. During the operation phase of the IT system, it is necessary that management receive regular reports that will enable management to determine whether IT is aligned with business strategy and meeting the objectives of the IT system.
46. Once the SDLC has identified which types of IT systems are appropriate for the company, the IT governance committee becomes the mechanism to properly manage the development, acquisition, and implementation of the IT system. 47. Each organization may approach IT governance in a different manner, but each organization should establish procedures for IT governance. 48. The AICPA Trust Principles failed to include any reference to the internal control structure of the IT systems. 49. Diligent adherence to the SDLC process, by management, is part of fulfilling its ethical obligations of stewardship and fraud prevention. 50. As the result of the passage of the Sarbanes-Oxley Act, CPA firms have unlimited ability to provide non-audit services to their audit clients. ANSWERS TO TEST BANK – CHAPTER 6 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
F T T F F T F T F T
11. 12. 13. 14. 15. 16. 17. 18. 19. 20.
F T F F T T F F T F
21. 22. 23. 24. 25. 26. 27. 28. 29. 30.
T T F T F T T F T F
31. 32. 33. 34. 35. 36. 37. 38. 39. 40.
F T F F T T F T F F
41. 42. 43. 44. 45. 46. 47. 48. 49. 50.
T T F T T F T F T F
TEST BANK - CHAPTER 6 - MULTIPLE CHOICE 51. The process of determining the strategic vision for the organization, developing the long-term objectives, creating the strategies that will achieve the vision and objections, and implementing those strategies is referred to as A. IT Governance B. Strategic Governance C. Strategic Management D. IT Management 52. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes is called: A. IT Governance B. Strategic Governance C. Strategic Management D. IT Management
53. To fulfill the management obligations that are an integral part of IT governance, management need not focus on: A. Aligning IT strategy with the business strategy B. Hiring an acceptable IT manager C. Measuring IT’s performance D. Insisting that an IT control framework be adopted and implemented 54. Which of the following is not one of the approaches used to achieve the management of an IT control framework? A. Information Systems Audit and Control Association control objectives for IT B. The International Organization for Standardization 17799, Code of Practice for Information Security Management C. The Information Technology Infrastructure Library D. Sarbanes-Oxley Act section on IT Controls 55. A group of senior managers selected to oversee the strategic management of IT is called: A. IT Strategic Committee B. IT Governance C. Chief Information Officer (CIO) D. IT Management 56. The formal process that many organizations use to select, design, and implement IT systems is the: A. Systems Development Life Cycle B. Control Objectives for IT C. Practice for Security Management D. Information Technology Development 57. The IT governance committee is made up of many different individuals within the organization. Which of the following would not be one of those individuals? A. Chief Information Officer B. Chief External Auditor C. Chief Executive Officer D. Top Managers from User Departments 58. The evaluation of long-term, strategic objectives and prioritization of the IT systems in order to assist the organizations in achieving its objectives is called: A. Systems Planning B. Systems Analysis C. Systems Design D. Systems Implementation 59. The phases of the SDLC include all of the following except: A. Systems Planning B. Systems Implementation C. Systems Analysis D. Systems Purchasing
60. This phase of SDLC involves the planning and continuing oversight of the design, implementation, and use of the IT systems. A. Systems Analysis B. Systems Implementation C. Systems Planning D. Systems Design 61. The study of the current system to determine the strengths and weaknesses and the user needs of that system is called: A. Systems Analysis B. Systems Design C. Systems Planning D. Systems Implementation 62. This phase of SDLC requires the collection of data about the system and the careful scrutiny of those data to determine areas of the system that can be improved. A. Systems Planning B. Systems Implementation C. Systems Analysis D. Systems Purchasing 63. The creation of the system that meets user needs and incorporates the improvements identified by the systems analysis phase is called: A. Systems Planning B. Systems Design C. Systems Analysis D. Operation and Maintenance 64. The set of steps undertaken to program, test, and activate the IT system as designed in the system design phase is called: A. Systems Planning B. Systems Implementation C. Systems Design D. Systems Analysis 65. The regular, ongoing, functioning of the IT system and the processes to fix smaller problems, or bugs, in the IT system is called: A. Systems Analysis B. Systems Planning C. Operation and Maintenance D. Systems Implementation 66. During this phase of the SDLC, management should request and receive ongoing reports about the performance of the IT system. A. Operation and Maintenance B. System Analysis C. Systems Design D. Systems Planning
67. The expanded SDLC presented in the textbook expands the processes within the system design phase. This is necessary because: A. It necessary for most companies to create their own software. B. The design phase needs to include the programming activities of self-created software. C. There is usually more than one software or system type that will meet the needs of the organization. D. Many organizations require a change in the type of operating system along with any changes in software. 68. The Evaluation and Selection cycle of the expanded SDLC would not include which of the following steps? A. Design or buy the system selected. B. Identify the alternative system approaches. C. Evaluate the fit of each of the alternatives to company needs. D. Implement the alternative selected. 69. The process of matching alternatives system models to the needs identified in the system analysis phase is called: A. Conceptual Design B. Systems Analysis C. Systems Planning D. Evaluation and Selection 70. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best meets the organization’s needs is termed: A. Conceptual Design B. Evaluation and Selection C. Systems Analysis D. Systems Implementation 71. The process of designing the outputs, inputs, user interfaces, databases, manual procedures, security and controls, and documentation of the new system is referred to as: A. Conceptual Design B. Software Selection C. Systems Design D. Detailed Design 72. When attempting to prioritize IT projects, the IT governance committee needs to consider: A. The assessment of IT systems and their match to strategic organizational objectives. B. The feasibility of each of the requested modifications or upgrades. C. Both of the above. D. None of the above.
73. A company has stated that the main strategic objective is to improve the accounts payable function within the organization. There are limited resources for IT upgrades and modifications. The IT governance committee has received IT update requests from the public relations department, human services, and vendor satisfaction department. Given this information, which would be the likely be the first upgrade implemented? A. Public relations would be first because it would include all areas of the business - vendors, employees, and customers. B. Vendor satisfaction would be first because it would be most in line with the strategic objective of the company. C. Human services would be the first because the employees are the ones who are most affected by changes in the IT departments. D. It is not possible to make a decision without further information. 74. The need to match IT systems to organizational objectives emphasizes the need for the IT governance committee to include top management as its members because: A. These managers establish strategic objectives and are in the best position to assess the fit of the IT systems to those objectives. B. These managers are in a position to allocate resources and or time to the projects. C. Both of the above D. None of the above 75. The realistic possibility of affording, implementing, and using the IT systems being considered is referred to as: A. Feasibility B. Rationality C. Sequentiality D. Ranking 76. The assessment of the realism of the possibility that technology exists to meet the need identified in the proposed change to the IT system is called: A. Operational Feasibility B. Economic Feasibility C. Schedule Feasibility D. Technical Feasibility 77. The assessment of the realism of the possibility that the current employees will be able to operate the proposed IT system is referred to as: A. Operational Feasibility B. Economic Feasibility C. Schedule Feasibility D. Technical Feasibility 78. The assessment of the costs and benefits associated with the proposed IT system is referred to as: A. Operational Feasibility B. Economic Feasibility C. Schedule Feasibility D. Technical Feasibility
79. The assessment of the realistic possibility that the proposed IT system can be implemented within a reasonable amount of time is called: A. Operational Feasibility B. Economic Feasibility C. Schedule Feasibility D. Technical Feasibility 80. Typical steps within the systems analysis phase of the SDLC would not include which of the following? A. Preliminary Investigation B. Survey of the Current System C. Economic Feasibility D. Determination of User Information Needs 81. The purpose of this step in the systems analysis phase is to determine whether the problem or deficiency in the current system really exists and to make a “go” or a “no-go” decision. A. Survey of the Current System B. Determination of User Information Needs C. Business Process Reengineering D. Preliminary Investigation 82. A detailed study of the current system to identify weaknesses to improve upon and strengths that should be maintained is referred to as: A. Preliminary Investigation B. System Survey C. Process Reengineering D. Determination of User Information Needs 83. Watching the steps that employees take as they process transactions in the system is referred to as: A. Investigation B. Interrogation C. Observation D. Interview 84. The detailed examination of documentation that exists about the system to gain an understanding of the system under study is called a(n): A. Documentation Review B. Systems Audit C. System Survey D. Records Observation 85. Face-to-face, verbal questioning of users of an IT system to determine facts or beliefs about the system are called: A. Interrogation B. User Review C. Interviews D. System Survey
86. This type of question is designed such that the format and range of the answer is known ahead of time. A. Structured Question B. Oral Question C. Unstructured Question D. Range Question 87. This type of question is completely open ended, and the respondent is free to answer in any way that he / she feels addresses the question. A. Structured Question B. Oral Question C. Unstructured Question D. Range Question 88. A written, rather than an oral, form or questioning of users to determine facts or beliefs about a system is referred to as a(n): A. Interview B. Questionnaire C. Interrogation D. System Survey 89. The purpose of this phase is to question the current approaches in the system and to think about better ways to carry out the steps and processes of the system. A. Systems Analysis B. Systems Survey C. Analysis of Systems Survey D. Preliminary Investigation 90. The fundamental rethinking and radical redesign of business processes to bring about dramatic improvements in performance is called: A. Business Process Reengineering B. Process Redesign C. Business Analysis and Design D. Business Process Design and Analysis 91. The many sets of activities within the organization performed to accomplish the functions necessary to continue the daily operations are referred to as: A. Business Systems B. Business Processes C. Business Activities D. Business Functions 92. The systems analysis report, which is sent to the IT governance committee, will inform the committee of all of the following, except: A. The results of the systems survey B. User needs determination C. Detailed design D. Recommendations regarding the continuation of the project
93. This document is sent to each software vendor offering a software package that meets the user and system needs and is sent to solicit proposals. A. Requested Software Package B. Request for Proposal C. System Software Request D. Software Vendor Needs 94. When a vendor returns a request for proposal, it will include all of the following, except: A. Match of the system and user needs B. Description of the software C. The technical support it intends to provide D. Prices for the software 95. After all of the RFPs have been received, either the IT governance committee or the project team will evaluate the proposals in order to select the best software package. Things that must be considered would include: A. The match of the system and the user needs to the features of the software B. Testimonials from other customers who use the software C. Reputation and reliability of the vendor D. All of the above 96. This phase of the systems design for in-house development of software involves the identifying the alternative approaches to systems that will meet the needs identified in the system analysis phase. A. Request for proposal B. Conceptual design C. Systems concept D. Systems analysis 97. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best fits the organization’s needs is called: A. Conceptual Design B. Systems Design C. Evaluation and Selection D. Systems Implementation 98. During this process, the project team must consider the number of employees, their capabilities and expertise, and any supporting systems necessary to operate each alternative design. A. Operational feasibility B. Technical feasibility C. Economic feasibility D. Schedule feasibility 99. The purpose of this analysis is to determine which of the alternative designs is the most cost effective. A. Operational feasibility B. Technical feasibility C. Economic feasibility D. Schedule feasibility
100. In this feasibility, the project team must estimate the total amount of time necessary to implement the each alternative design. A. Operational feasibility B. Technical feasibility C. Economic feasibility D. Schedule feasibility 101. The purpose of this phase of systems design is to create the entire set of specifications necessary to build and implement the system. A. Detailed design B. Evaluation and selection C. Operational design D. Detailed analysis 102. In the detailed design stage of systems design it is necessary that the various parts of the system be designed. The parts of the system to be designed at this point would include all of the following, except: A. Outputs B. Inputs C. Program Code D. Data Storage 103. Reports and documents, such as income statements, aged accounts receivable reports, checks, and invoices are referred to as: A. Outputs of the system B. Data storage C. Internal controls D. Inputs of the system 104. The forms, documents, screens, or electronic means used to put data into the accounting system are called: A. Outputs of the system B. Data storage C. Internal controls D. Inputs of the system 105. Which of the following is not a method of data input? A. Keying in data with a keyboard from data on a paper form B. Electronic data interchange C. Bar code scanning D. Viewed on the screen 106. There are many different types of documentation necessary to operate and maintain an accounting system. These types of documentation include all of the following, except: A. Flowcharts B. Operator Manuals C. Output Examples D. Entity Relationship Diagrams
107. A system conversion method in which the old and the new systems are operated simultaneously for a short time. A. Direct cutover conversion B. Phase-in conversion C. Pilot conversion D. Parallel conversion 108. A system conversion method in which on a chosen date the old system operation is terminated and all processing begins on the new system. A. Direct cutover conversion B. Phase-in conversion C. Pilot conversion D. Parallel conversion 109. A system conversion method in which the system is broken into modules, or parts, which are phased in incrementally and over a longer period. A. Direct cutover conversion B. Phase-in conversion C. Pilot conversion D. Parallel conversion 110. A system conversion method in which the system is operated in only one or a few sub-units of the organization. A. Direct cutover conversion B. Phase-in conversion C. Pilot conversion D. Parallel conversion 111. When the manager of the primary users of the system is satisfied with the system, an acceptance agreement will be signed, the enforcement of which makes it much more likely that project teams will seek user input and that the project team will work hard to meet user needs. A. System Conversion B. Post-Implementation Acceptance C. User Review D. User Acceptance 112. A review of the feasibility assessments and other estimates made during the projects, the purpose of which is to help the organization learn from any mistakes that were made and help the company avoid those same errors in the future. A. System Design Life Cycle B. Post-Implementation Review C. User Acceptance D. System Conversion Review
113. During the operation of an IT system, it is necessary that regular reports are received by management to monitor the performance of the system. These reports would include all of the following, except: A. IT Security and Number of Security Problems B. IT Customer Satisfaction C. Downtime of IT System D. User Acceptance of the IT System 114. Which of the following is not a major purpose served by the continual and proper use of the IT governance committee and the SDLC? A. The fulfillment of ethical obligations B. The strategic management process of the organization C. The conversion of the system D. The internal control structure of the organization 115. The careful and responsible oversight and use by management of the assets entrusted to management is called: A. IT Governance B. Stewardship C. Fiduciary Control D. System Access 116. Employee Ethical considerations, related to IT governance, would include which of the following? A. Maintain a set of processes and procedures that assure accurate and complete records. B. Confidentiality for those who serve on the project teams. C. Not to disclose proprietary information from the company to clients. D. Carefully consider the impact of system changes and to be ethical in the manner in which the changes are processed. 117. When an organization hires consultants to assist with any phase or any phases of the SDLC, there are at least four ethical obligations. Which of the following is not one of those obligations? A. Bid the engagement fairly, and completely disclose the terms of potential cost increases. B. Bill time accurately to the client and do not inflate time billed. C. Do not oversell unnecessary services or systems to the client. D. Make an honest effort to participate, learn the new system processes, and properly use the new system. 118. Which of the following relationships would be allowed for a CPA firm? A. Offering IT consulting services and completing the external audit. B. Completing the external audit and maintaining the bookkeeping work. C. Internal audit outsourcing and financial information systems design and implementation. D. Providing fairness opinions and completing the external audit.
ANSWERS TO TEST BANK – CHAPTER 6 – MULTIPLE CHOICE: 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64.
C A B D B A B A D C A C B B
65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78.
C A C D A B D C B C A D A B
79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92.
C C D B C A C A C B C A B C
93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106.
B A D B C A C D A C A D D C
107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118.
D A B C D B D C B B D C
TEST BANK - CHAPTER 6 – END OF CHAPTER QUESTIONS: 119. IT governance includes all but which of the following responsibilities? A. Aligning IT strategy with the business strategy B. Writing programming code for IT systems C. Insisting that an IT control framework be adopted and implemented D. Measuring IT’s performance 120. Which phase of the system development life cycle includes determining user needs of the IT system? A. Systems planning B. Systems analysis C. Systems design D. Systems implementation 121. Which of the following is not part of the system design phase of the SDLC? A. Conceptual design B. Evaluation and selection C. Parallel operation D. Detailed design 122. Which of the following feasibility aspects is an evaluation of whether the technology exists to meet the need identified in the proposed change to the IT system? A. Technical feasibility B. Operational feasibility C. Economic feasibility D. Schedule feasibility
123. The purpose of the feasibility study is to assist in A. Selecting software B. Designing internal controls C. Designing reports for the IT system D. Prioritizing IT requested changes 124. Within the systems analysis phase of the SDLC, which of the following data collection methods does not involve any feedback from users of the IT system? A. Documentation review B. Interviews using structured questions C. Interviews using unstructured questions D. Questionnaires 125. A request for proposal (RFP) is used during the A. Phase-in period. B. Purchase of software C. Feasibility study D. In-house design 126. Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end? A. Employee training B. Data conversion C. Software programming D. Post-implementation review 127. Each of the following are methods for implementing a new application system except: A. Direct cutover B. Parallel C. Pilot D. Test 128. A retail store chain is developing a new integrated computer system for sales and inventories in its store locations. Which of the following implementation methods would involve the most risk? A. Direct cutover B. Phased-in implementation C. Parallel running D. Pilot testing 129. The use of the SDLC for IT system changes is important for several reasons. Which of the following is not part of the purposes of the SDLC processes? A. As a part of strategic management of the organization B. As part of the internal control structure of the organization C. As part of the audit of an IT system D. As partial fulfillment of management’s ethical obligations
130. Confidentiality of information is an ethical consideration for which of the following party or parties? A. Management B. Employees C. Consultants D. All of the above. ANSWERS TO TEST BANK - CHAPTER 6 – END OF CHAPTER QUESTIONS 119. 120. 121. 122.
B B C A
123. 124. 125. 126.
D A B D
127. 128. 129. 130.
D A C D
TEST BANK - CHAPTER 6 – SHORT ANSWER QUESTIONS 131. At the beginning of the chapter, the real world example of Allstate’s IT expenditure is mentioned. Prior to the implementation of their IT Governance Committee, "whoever spoke the loudest or whoever had the biggest checkbook," got to select IT Projects. What do you think the problems were with this kind of approach? Answer: There would be no long-term strategy in how they spent money on IT projects. Therefore, it would be less likely that the company is buying and using the type of IT systems that support what the company wished to accomplish in the long-term. 132. Why is it important that IT systems be aligned with the business strategy? Answer: IT systems are critical systems that support and enhance business processes and business strategy. If the IT systems do not support the business strategy, the company will find it much more difficult to achieve the long-term goals. 133. Why would IT Governance include measuring the performance of IT Systems? Answer: IT Governance is the proper management of IT. Without monitoring the performance of IT, there is no feedback to determine whether it is meeting the needs of the company, and meeting the objectives it was intended to achieve. 134. What is the difference between technical feasibility and operational feasibility? Answer: Technical feasibility examines whether technology exists to accomplish the objectives in a proposed IT system. Operational feasibility is an examination of whether the organization could operate the proposed IT systems, given the limitations of the personnel and resources within the company. 135. How does the analysis of feasibilities in the Systems Planning help to prioritize system changes? Answer: A feasibility analysis may eliminate some proposed IT systems as not feasible. Of those remaining under consideration, the feasibility analysis helps determine which proposed IT systems are most feasible. Thus, those that are more feasible would have a higher priority and those that are less feasible have a lower priority.
136. What is the advantage of studying the current system within the Systems Analysis phase? Answer: It is easier to determine how to improve the efficiency and effectiveness of a system if that system is well understood. A study of the current system helps determine which areas need improvement. 137. During the systems analysis phase, which two data collection methods help determine user requirements? Answers: Interviews and questionnaires both solicit information or opinions from users. These methods allow users to have input in determining system requirements. 138. What are the advantages of purchased software when compared to software developed inhouse? Answer: Purchased software is usually less costly, more reliable, and has a shorter implementation time. 139. Why might it be important follow some or all of the SDLC phases for purchased software? Answer: Even when software is purchased, it often must be modified or customized. The SDLC phases help organize and manage those steps to modify or customize the software. 140. How is conceptual design different from detailed design? Answer: The detailed design is much later in the process and creates the entire set of specifications necessary to build and implement the system. The conceptual design is earlier and is much more general in nature. It establishes alternative conceptual designs. 141. Within the System Design phase, what is the purpose of the Evaluation and Selection? Answer: The purpose is to assess the feasibility of each alternative conceptual design and to select the alternative design that best fits the organization’s needs. 142. Which part of the System Design phase would include designing rows and columns of output reports? Why is it important to design reports? Answer: The detailed design part of system design includes creating the details of output reports. Output reports include the information that users need to accomplish their jobs and without properly designed outputs, they cannot efficiently do these jobs. 143. What is the purpose of software testing? Answer: The purpose is to uncover problems in the system that would lead to erroneous accounting data. 144. How are accountants involved in data conversion? Answer: Accountants should do two things in data conversion. The first is to oversee the data conversion to make sure all data are completely and accurately converted. Accountants should also reconcile the converted data with the old data to insure it was accurately converted. They would compare control totals of the old and converted data to accomplish the reconciliation. 145. Why is a direct cutover conversion risky? Answer: It is risky because the old system is no longer in operation, and therefore, the old system cannot be used as a backup system in the event of errors or problems with the new system.
146. Why is parallel conversion costly? Answer: It consumes more time and money because it requires running two systems at the same time. 147. Why is user acceptance important? Answer: The project team is more likely to solicit and use feedback from users if they know that users must sign off on the new system. In other words, the project team cannot say their job is finished until the user sign off occurs. 148. Why is post-implementation review undertaken? Answer: It is undertaken to help those involved in the SDLC to learn from any mistakes they made during the process. 149. How does the SDLC serve as an internal control? Answers: It is an internal control in the sense that it helps ensure that IT systems meet organizational needs and that the development and implementation of new IT systems is properly controlled. 150. What ethical obligations do employees have as IT systems are revised? Answer: Employees should make an honest effort to participate as requested in the SDLC, learn new system processes that result, and properly use the new systems and processes. TEST BANK - CHAPTER 6 – SHORT ESSAY 151. Describe the role that the Board of Directors should play in IT governance. Answer: The board must oversee all aspects of IT in the organization. They must articulate and communicate the direction for IT, stay aware of development, investments, and costs in IT. They should receive and review reports on major IT projects and regular performance reports, and ensure that there are suitable resources and infrastructure available. 152. Two feasibility studies occur during the SDLC; one during Systems Planning, and one during Systems Design. Describe the differences between these two feasibility studies. Answer: In the systems design phase, the feasibility study more detailed and the scope is different. At this part of the system design phase, the alternative system conceptual designs have been narrowed to one alternative. Thus, the feasibility study focuses on the details of that one design. The estimates of the technology needed, the operational requirements, the costs, and the implementation schedule can be more precise. In the systems planning phase, the purpose is to assess the feasibility of several alternative conceptual designs and to narrow the alternative conceptual designs. 153. There are four methods of data collection used in the study of the current system; observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods. Answer: In observation and documentation review, the project team views strengths and weaknesses of the system from their own perspective and they are not asking for user feedback. Interviews and questionnaires are methods to ask for user input. Interviews are face-to-face and verbal in the collection of user feedback. Questionnaires can be anonymous and written. Both interviews and questionnaires can be structured or unstructured.
154. Describe the purpose of Business Process Reengineering during the System Design phase. Answer: During the system design phase, the changes inherent in a new IT system may require changes in the underlying business processes. BPR is as radical rethinking and redesign of a business process to take advantage of the speed and efficiency of computers. BPR allows the company to make sure they are leveraging the capabilities of IT to improve the efficiency of the business processes. 155. There are four methods of system conversion; parallel, direct cutover, pilot, and phase-in. Describe these four methods and how they differ. Answer: A parallel conversion is the operation of both the old system and the new system for a limited period of time. A direct cutover occurs when the new system begins as of a certain date and the old system is discontinued on that same date. In a pilot conversion, the new system is implemented in a subunit or subunits within the organization. The old system would continue in other parts of the organization. In a phase-in conversion, the new system is introduced in modules, rather than the entire system at once. In comparing the four methods, the direct cutover is the most risky and the parallel is least risky. The pilot and phase-in approaches may take a longer total time to achieve a conversion to the entire new system across the organization. 156. Operation and maintenance is the longest and costliest part of the SDLC. Describe why this would be true. Answer: When a company has completed the SDLC and implemented a new system, the intent is to operate it for a few years to capture the benefits of the new system. Therefore maintaining and operating the system may last for several years and therefore, be the most costly part also. 157. Describe how IT performance reports are important in IT Governance. Answer: Regular monitoring of the IT system is necessary to ensure that the system is meeting its objectives and performing as expected. If management never received performance reports it would be difficult to know whether they needed to improve or revise the system. 158. What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes Oxley Act? Answer: These restrictions are intended to increase the independence of CPA firms that provide audit services for companies. The concern was that if a company receives fees from a client for consulting work, they may be less independent of the client’s wishes and more likely to allow clients to provide misleading accounting information to the investing public.
TEST BANK - CHAPTER 6 - PROBLEMS 159. Mega Corporation just became a public corporation when shares of stock were sold to the public three months ago. A new board of directors has been appointed to govern the corporation. Assume that you will be giving a presentation to the board on their responsibilities for IT systems. Write a report that could be delivered to the board. Answer: The board of directors of a company has a set of very important responsibilities related to IT systems. As top management of the company, the board must take responsibility to ensure that the organization has processes that align IT systems to the strategies and objectives of the company. To carry out this responsibility, the board must do certain functions, or ensure there are processes to carry out the following functions: Align IT strategy with the business strategy Cascade strategy and goals down to lower levels of the organization Provide structures that facilitate implementation of strategy and goals Insist that an IT control framework be adopted and implemented Measure and review IT performance The more detailed activities needed to carry out these board responsibilities are as follows: * Articulate and communicate long-term strategy * Stay aware of latest developments in IT * Insist that IT be a regular agenda item at board meetings * Stay aware of the company’s investments, and competitors investments in IT * Ensure the senior IT official’s reporting level is appropriate to the role of IT. * Ensure the board has a clear view of the risks and returns of current or proposed IT systems * Receive and review regular reports on the progress of IT projects, and on IT performance. * Ensure adequate resources, skills, and infrastructures to meet strategic goals for IT systems If the board of directors focuses on these activities, it will help the board to ensure that IT systems do support long-term strategic objectives of the company.
160. Blutarch MultiMedia Stop is a regional retailer of consumer electronics with warehouses and stores located in several large cities in California. The board and top management of Blutarch are considering updating their accounting, inventory, and retail sales software and hardware. Their current systems are approximately 15 years old. Assume that you have been hired as a consultant to guide them through the process of upgrading their systems. Write a document that could be presented to the Board of Directors that summarizes the SDLC. Answer: Memorandum To: Board of Directors From: Jennifer Starnes, IT Consultant Re: Systems Development Life Cycle This memo is intended to provide an executive summary on the System Development Life Cycle and the importance of it for your company. IT systems are crucial to the success and profitability of Blutarch. To enhance long-term performance, the company must choose and use the IT systems that best support the company’s goals and objectives. To ensure you are selecting and using the most effective IT systems, you should follow a systematic and formal process to select, design, and implement IT systems. A failure to follow a systematic and formal process in selecting and implementing IT systems is likely to lead to a mismatch between Blutarch strategic objectives and the capabilities of the IT systems. One popular way of using a systematic and formal process is to follow a System Development Life Cycle (SDLC) method. The SDLC is a set of systematic phases and steps to follow in selecting, designing, and implementing IT systems. Given limited funds and time, following an SDLC process is a planned and controlled method of ensuring a proper match between Blutarch IT needs and the IT system implemented. The phases of the SDLC are: systems planning; systems analysis; systems design; systems implementation; and operation and maintenance. These phases occur in the sequence given as a planned and controlled approach to implementing new IT systems. The following are brief descriptions of each of these phases. Systems planning involves examining the long-term objectives of your company and based on these objectives, planning and prioritizing the type of IT systems that can help you achieve those objectives. For example, if your company’s objective is to minimize inventory levels in your warehouses, you are likely to need IT systems that give you real-time and accurate information about inventory levels, and you are likely to need IT systems that help you predict or forecast sales of the various inventory items. Systems analysis is the study of the current IT system to determine its strengths and weakness, and to get user feedback about the needs in a new IT system. Systems design is the creation of the system that meets user needs as and improves the weaknesses of the old IT system. In other words, the data collected and analyzed in the systems analysis phase will guide the design of the new IT system.
Answer to 160 (continued) Systems implementation is the set of steps undertaken to program, test, and activate the IT system that was designed during the systems design phase. Operation and maintenance is the regular, ongoing functioning of the IT system and the process to fix smaller errors or problems in the IT system. Following these phases, in this order, will help you to have IT systems that best match your company’s needs. 161. Assume that you are the project team manager that is engaged in a Systems Analysis. The company is a large, national retailer with several stores and warehouses located throughout the United States. The corporate headquarters are in Atlanta, Georgia, and substantially all major accounting takes place at the corporate headquarters. Describe how you would use the various data collection techniques of observation, documentation review, interviews, and questionnaires. Answer: Observation and documentation review are both methods that allow a project team to better understand the IT system without soliciting input from users. That is, these methods do not interrupt the work of users, but they only uncover strengths and weaknesses in the IT system that are evident to the project team. These two methods would be used at the corporate headquarters by the project team. It may be necessary for the project team to also visit and observe at a couple of stores and a couple of warehouses. However, it would not be necessary, or would it be cost effective, to visit all stores and all warehouses. Interviews and questionnaires both solicit feedback from users. Due to the number of stores and warehouses, it would be more effective to send surveys to these locations for certain users to complete. At the corporate headquarters, it would be possible to use both interviews and questionnaires. Because of the time consuming nature of interviews, they would be used on the smaller set of managers who use the IT system. The questionnaires would be used to survey the larger group of users who are not managers.
162. Ceemco is a small, privately owned manufacturing company in Cincinnati, Ohio. Ceemco manufactures custom products as well as store display products to sell to other companies such as retailers. Using an Internet search engine, do a search using the search terms of Ceemco and Cincinnati. Examine the kind of manufacturing the company does. Once you have completed that, examine an accounting software site such as www.2020software.com or www.accountingsoftware411.com. Complete the following: a. Describe the process Ceemco should undertake to determine which accounting software might be the best fit for the company. Answer: For a small company of this size, they are not likely to have an IT staff that could assist with an SDLC process to develop specifications for any software systems needed. The more likely approach would be to hire a consulting firm to help select and install an accounting software system. b. Although you do not know much about the company, develop a list of requirements you believe accounting software should have for Ceemco to consider the software as a viable alternative. Answer: Since they produce many different categories of products (store displays, metal fabrication, plastic parts fabrication, medical case carts, HVAC products such as radiators, retail products such as window ornaments) they are very likely to have an extensive array of raw material inventories and the need to track many different types of work-in-process. Therefore, the most critical need may be for manufacturing and inventory tracking modules. The software would also need basic accounting modules such as accounts receivable, accounts payable, and general ledger. It is not possible to determine whether they do their own payroll or outsource payroll. If they do payroll in-house, they would need a payroll module. They sell the windowornament products online, so there would be a need for an e-commerce module. There is no mention of locations other than two in Cincinnati. Therefore, they may have no need of a system that handles international currencies. c. Choose an accounting software from your Web search above and describe why you believe it is a good match for Ceemco. Answer: There is no correct answers to this question, but there are some answers that would be incorrect. For example, Quickbooks would not have the power necessary for this business. Also, enterprise level systems such as SAP or Oracle would be too expensive for a company such as Ceemco. Products such as MAS 200, MAS 500, Dynamics GP, or ACCPAC would be more appropriate.
163. There are several approaches to applying an SDLC methodology to IT system change. Using an Internet search engine, search for these terms: SDLC, waterfall, JAD (Joint Application Development), RAD (Rapid Application Development), Build and Fix, and Spiral Model. For example, you might try entering these search terms: SDLC waterfall. Write a brief definition of these various approaches to the System Development Life Cycle. Answer: The student answer to this will vary depending on which web sites they use and when they access web sites. A sample answer is provided. The SDLC waterfall approach is the oldest approach to system development. In a waterfall approach, there is a sequence of steps and the output of one sequence becomes the input for the next step. The method described in this chapter is a waterfall approach. Joint Application Development (JAD) is intended to reduce development time and to increase customer (end user) satisfaction with the system. It is a method that involves a series of meetings with the end users or clients that will use the system. These meetings with end users are called JAD sessions. Rapid Application Development (RAD) usually involves object-oriented programming, a method that encourages the reuse of programmed modules. RAD includes: 1) workshops or focus groups to gather requirements, 2) Protoyping, and testing off those prototypes, 3) Strict time limits on each development phase that delays immediate fixes and defers these improvements to the next prototype, and 4) Less formality in team communications. The Build and Fix method is very open-ended and can be very risky. The method does not have formal steps such as in the waterfall method. In this method, a system is simply built (code is written) and then it is fixed until the customer is happy with it. In the Spiral approach, an initial model of the system is developed and then successively refined with input from end users. The development of each successive version of the system is undertaken using the carefully controlled steps in the SDLC waterfall approach. In addition, after each development of each successive version, a risk assessment is undertaken to determine whether it is worthwhile to move to the next development version, or to stop. The web sites used for this solution are: http://www.computerworld.com/developmenttopics/development/story/0,10801,71151,00.html http://www.startvbdotnet.com/sdlc/sdlc.aspx http://eproj.net/cgi-bin/pblog/index.php?entry=entry071106-131621 http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci214246,00.html http://www.ctg.albany.edu/publications/reports/survey_of_sysdev/survey_of_sysdev.pdf http://www.garywwright.com/sdlc.php
164. Trace Johnson is an accounting software consultant at Fipps and Associates Consulting. Fipps is a value-added reseller of accounting software for mid-size companies. Mid-size companies normally have revenue between 50 million to 500 million dollars. One of Johnson’s responsibilities is to solicit new client companies, and to meet with management at these new clients so as to recommend the best accounting software system for the client. Mid-market accounting software normally has several modules that the client may choose from. For example, not all clients would need an e-business module for their accounting software, while other clients may need an e-business module. Since part of Johnson’s compensation is a percentage of software sales and consulting revenue that he generates, what are the ethical conflicts he faces when soliciting new clients and recommending software and software modules? Answer: The nature of a consultant’s business can cause ethical issues to be raised. This is true because there can be a conflict between what is best for the client and what is best for the consultant. There are at least three important ethical traps that a consultant could easily fall into. One is excessive billing of hours. A second is recommending only software products that have a high profit margin for the consultant. The third is recommending unnecessary modules. All three of these ethical issues have a common thread. In each of these situations, the consultant is trying to maximize his own wealth and is not putting the highest priority on the client’s needs. A consultant could bill for extra hours not really worked for that client, or could inflate hours worked. In both cases, the consultant is dishonest and unethical. These fictitious billing acts are also fraudulent and illegal. The other two ethical issues mentioned above are not as easily proven to be illegal, but they are unethical. If a consultant feels two different software systems may meet the customers needs, but chooses the one with the higher profit margin solely fort the higher profit, he is acting unethically. Also if a consultant recommends additional software modules not really needed by the client, he is acting unethically.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 7: Auditing Information Technology-Bases Processes TEST BANK - CHAPTER 7 - TRUE / FALSE 1. All users of financial data - business managers, investors, creditors, and government agencies - have an enormous amount of data to use to make decisions. Due to the use of IT systems, it is easy to verify the accuracy and completeness of the information. 2. In order to properly carry out an audit, accountants collect and evaluate proof of procedures, transactions, and / or account balances, and compare the information with established criteria. 3. The only person who can perform a financial statement audit of a publicly traded company is a government auditor who has extensive knowledge of generally accepted accounting principles. 4. Any professionally trained accountant is able to perform an operational audit. 5. An important requirement for CPA firms is that they must be personally involved with the management of the firm that is being audited. 6. The most common type of audit service is the operating audit performed by internal auditors. 7. All types of auditors should have knowledge about technology-based systems so that they can properly audit IT systems. 8. A financial statement audit is part of the IT audit. 9. Auditors do not need to be experts on the intricacies of computer systems but they do need to understand the impact of IT on their clients’ accounting systems and internal controls. 10. A financial statement audit is conducted in order for an opinion to be expressed on the fair presentation of financial statements in accordance with GAAP. This goal is affected by the presence or absence of IT accounting systems. 11. The remoteness of information, one of the causes of information risk, can relate to geographic distance or organizational layers. 12. The most common method for decision makers to reduce information risk is to rely on information that has been audited by an independent party. 13. Auditors have the primary responsibility to make sure that they comply with international standards in all cases. 14. There is not much room for professional judgment when performing audits, as a result of the detailed guidance provided by organizations, such as the PCAOB.
15. The responsibility for the preparation of the financial statements lies with the auditors. 16. The role of the auditor is to analyze the financial statements to decide whether they are fairly presented in accordance with GAAP. 17. Management assertions relate to the actual existence and proper valuation of transactions and account balances. 18. The same audit tests would test for completeness of a liability or an asset. 19. Auditing testing for any single general auditing objective would involve the same testing techniques even though there are different types of information collected to support different accounts and transactions. 20. Auditors must think about how the features of their client’s IT systems influence its management assertions and the general audit objectives even though these matters have little or no impact on the choice of audit methodologies used. 21. Risk can be inherent in the client’s business, due to things such as the nature of operations, or may be caused by weak internal controls. 22. Auditors do not need to concern themselves with risks unless there is an indication that there is an internal control weakness. 23. The auditor’s understanding of internal controls provides the basis for designing appropriate audit tests to be used in the remaining phases of the audit. 24. The process of evaluating internal controls and designing meaningful audit tests is more complex for manual systems than for automated systems. 25. Computer-assisted audit techniques are useful audit tools because they make it possible for auditors to use computers to audit large amounts of evidence in less time. 26. Substantive tests are also referred to as compliance tests. 27. General controls relate to specific software and application controls relate to all aspects of the IT environment. 28. General controls must be tested before application controls. 29. Systems operators and users should not have access to the IT documentation containing details about the internal logic of computer systems. 30. Control tests verify whether financial information is accurate, where substantive tests determine whether the financial information is managed under a system that promotes accuracy.
31. Regardless of the results of the control testing, some level of substantive testing must take place. 32. The use of generalized audit software is especially useful when there are large volumes of data and when there is a need for accurate information. 33. All of the risks and audit procedures that apply to a PC environment may also exist in networks, but the risk of less of much lower. 34. Network operations typically involve a large number of computers, many users, and a high volume of data transfers, so any lack of network controls could cause widespread damage. Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network. 35. When audit clients use a database system, the relating data is organized in a consistent manner which tends to make it easier for auditors to select items for testing. 36. When a client company is using IT outsourcing, and that service center has its own independent auditors who report on internal control, the third-party report (from the independent auditors) cannot be used as audit evidence without the auditor performing an adequate amount of compliance testing. 37. When a client changes the type of hardware or software used or in other ways modifies its IT environment, the auditors need to test only the new system in order to determine the effectiveness of the controls. 38. When a client plans to implement new computerized systems, auditors will find it advantageous to review the new system before it is placed in use. 39. A sample is random when each item in the population has an equal chance of being chosen. 40. Of all the principles and related rules within the AICPA Code of Professional Conduct, the one that generally receives the most attention is integrity. 41. The Sarbanes-Oxley Act has placed greater restrictions on CPAs by prohibiting certain types of services historically performed by CPAs for their audit clients. 42. The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair presentation of the financial statements. 43. The responsibility of the auditor to search for fraud is less than the responsibility to search for errors. 44. Even with a good system of internal controls, employee fraud, the theft of assets, may occur due to collusion of two or more employees to carry out the fraud. 45. Management fraud is the intentional misstatement of financial information and may be difficult for auditors to find because the perpetrator will attempt to hide the fraud.
46. The AICPA Code of Professional Conduct is made up of two sections. One section, the rules, is the foundation for the honorable behavior expected of CPAs while performing professional duties. ANSWERS TO TEST BANK – CHAPTER 7 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
F T F T F F T F T F
11. 12. 13. 14. 15. 16. 17. 18. 19. 20.
T T F F F T T F F F
21. 22. 23. 24. 25. 26. 27. 28. 29. 30.
T F T F T F F T T F
31. 32. 33. 34. 35. 36. 37. 38. 39. 40.
T T F F T F F T T F
41. 42. 43. 44. 45. 46.
T F F T T F
TEST BANK - CHAPTER 7 - MULTIPLE CHOICE 47. Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called: A. Compliance Services B. Assurance Services C. Substantive Services D. Operational Services 48. A type of assurance services that involves accumulating and analyzing support for the information provided by management is called an: A. Audit B. Investigation C. Financial Statement Examination D. Control Test 49. The main purpose of an audit is to assure users of the financial information about the: A. Effectiveness of the internal controls of the company. B. Selection of the proper GAAP when preparing financial statements. C. Proper application of GAAS during the examination. D. Accuracy and completeness of the information. 50. Which of the following is not one of the three primary types of audits? A. Compliance Audits B. Financial Statement Audits C. IT Audits D. Operational Audits
51.This type of audit is completed in order to determine whether a client has adhered to the regulations and policies established by contractual agreements, governmental agencies, or some other high authority. A. Compliance Audit B. Operational Audit C. Information Audit D. Financial Statement Audit 52. This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness. A. Efficiency Audit B. Effectiveness Audit C. Compliance Audit D. Operational Audit 53. This type of audit is completed to determine whether or not the client has prepared and presented its financial statements fairly, in accordance with generally accepted accounting principles. A. GAAP Audit B. Financial Statement Audit C. Compliance Audit D. Fair Application Audit 54. This type of auditor is an employee of the company he / she audits. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor 55. This type of auditor specializes in the information systems assurance, control, and security. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor 56. This type of auditor conducts audits of government agencies or income tax returns. A. IT Auditor B. Government Auditor C. Certified Public Accountant D. Internal Auditor 57. This type of audit is performed by independent auditors who are objective and neutral with respect to the company and the information being audited. A. Compliance Audit B. Operational Audit C. Internal Audit D. External Audit
58.The independence of a CPA could be impaired by: A. Having no knowledge of the company or the company management B. By owning stock of a similar company C. Having the ability to influence the client’s decisions D. Being married to a stockbroker 59. The IT environment plays a key role in how auditors conduct their work in all but which of the following areas: A. Consideration of Risk B. Consideration of Information Fairness C. Design and Performance of Audit Tests D. Audit Procedures Used 60. The chance that information used by decision makers may be inaccurate is referred to as: A. Sample Risk B. Data Risk C. Audit Trail Risk D. Information Risk 61. Which of the following is not one of the identified causes of information risk? A. Audited information B. Remote information C. Complexity of data D. Preparer motive 62. The main reasons that it is necessary to study information-based processing and the related audit function include: A. Information users often do not have the time or ability to verify information themselves. B. It may be difficult for decision makers to verify information contained in a computerized accounting system. C. Both of the above. D. Neither of the above. 63. The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view. This situation is referred to as: A. Physical Evidence Risk B. Loss of Audit Trail Visibility C. Transaction Summary Chart D. Lack of Evidence View 64. The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except: A. System Failure B. Database Destruction C. Programmer Incompetence D. Environmental Damage
65. The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include: A. Computer controls can compensate for the lack of manual controls B. Loss of audit trail view C. Increased internal controls risks D. Fewer opportunities to authorize and review transactions 66. The ten standards that provide broad guidelines for an auditor’s professional responsibilities are referred to as: A. Generally accepted accounting standards B. General accounting and auditing practices C. Generally accepted auditing practices D. Generally accepted auditing standards 67. The generally accepted auditing standards are divided into three groups. Which of the following is not one of those groups? A. General Standards B. Basic Standards C. Standards of Fieldwork D. Standards of Reporting 68. GAAS, generally accepted auditing standards, provide a general framework for conducting quality audits, but the specific standards - or detailed guidance - are provided by all of the following groups, except: A. Public Company Accounting Oversight Board B. Auditing Standards Board C. Certified Fraud Examiners D. International Audit Practices Committee 69. This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the purpose of establishing auditing standards for public companies. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association 70. This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association 71. This organization was established by the IFA to set International Standards on Auditing that contribute to the uniform application of auditing practices on a worldwide basis. A. International Systems Audit and Control Association B. Auditing Standards Board C. Public Company Accounting Oversight Board D. International Audit Practices Committee
72. This organization issues guidelines for conducting the IT audit. The standards issued address practices related to control and security of the IT system. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association 73. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. This is one of the generally accepted auditing standards that is part of the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards 74. Independence in mental attitude is to be maintained in all matters related to the audit engagement. This is one of the generally accepted auditing standards that is part of the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards 75. The general guidelines, known as the generally accepted auditing standards, which include the concepts of adequate planning and supervision, internal control, and evidence relate to the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards 76. The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with GAAP, the consistent application of GAAP, adequate disclosure, and the expression of an opinion, relate to the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards 77. Although there a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn. These sources of information include: A. Industry Guidelines B. PCAOB C. ASB D. ASACA
78. Claims regarding the financial condition of the business organization and results of its operations are referred to as: A. Financial Statements B. Management Assertions C. External Audit D. Presentation and Disclosure 79. Audit tests developed for an audit client are documented in a(n): A. Audit Program B. Audit Objective C. Management Assertion D. General Objectives 80. The management assertion related to valuation of transactions and account balances would include all of the following, except: A. Accurate in terms of dollar amounts and quantities B. Classified properly C. Real D. Correctly summarized 81. There are four primary phases of the IT audit. Which of the following is not one of those phases? A. Planning B. Evidence Audit C. Tests of Controls D. Substantive Tests 82. The proof of the fairness of the financial information is: A. Tests of Controls B. Substantive Tests C. Audit Completion D. Evidence 83. Techniques used for gathering evidence include all of the following, except: A. Physical examination of assets or supporting documentation B. Observing activities C. Adequate planning and supervision D. Analyzing financial relations relationship 84. During this phase of the audit, the auditor must gain a thorough understanding of the client’s business and financial reporting systems. When completing this phase, the auditors review and assess the risks and controls related to the business. A. Tests of Controls B. Substantive Tests C. Audit Completion / Reporting D. Audit Planning
85. During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making. This amount is referred to as: A. Risk B. Materiality C. Substantive D. Sampling 86. The likelihood that errors or fraud may occur is referred to as: A. Risk B. Materiality C. Control Tests D. Sampling 87. A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company’s internal controls. This can be completed in any of the following ways, except: A. Interviewing key members of the accounting and IT staff. B. Observing policies and procedures C. Review IT user manuals and systems D. Preparing memos to summarize their findings 88. The Accounting Standards Board issued the following SAS in recognition of the fact that accounting records and files often exist in electronic form. The statement was issued in 2001 to expand the historical concept of audit evidence to include electronic evidence. A. SAS 82 B. SAS 86 C. SAS 94 D. SAS 101 89. The Accounting Standard Board issued an SAS, called “The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit”, to describe the importance of understanding both the automated and manual procedures that make up an organization’s internal controls and considers how misstatements may occur, including all of the following, except: A. How transactions are entered into the computer B. How financial statement are printed from the computer C. How nonstandard journal entries and adjusting entries are initiated, recorded, and processed. D. How standard journal entries are initiated, recorded, and processed. 90. As the result of the guidance provided in SAS 94, the auditors may decide that IT auditors may need to be called in to: A. Consider the effects of computer processing on the audit. B. To assist in testing the automated processes. C. Both of the above. D. None of the above.
91. Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form. Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive knowledge of the computer system and does not require the evaluation of computer controls. This process is referred to as: A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer 92. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable. A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer 93. The IT auditing approach referred to as “Auditing through the system” is necessary under which of the following conditions? A. Supporting documents are available in both electronic and paper form. B. The auditor does not require evaluation of computer controls. C. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required. D. The use of the IT system has a low impact on the conduct of the audit. 94. Audit procedures designed to evaluate both general controls and application controls are referred to as: A. Substantive Tests B. Audit Planning C. IT Auditing D. Test of Controls 95. The automated controls that affect all computer applications are referred to as: A. General Controls B. Specific Controls C. Input Controls D. Application Controls 96. The two broad categories of general controls that relate to IT systems include which of the following: A. IT systems documentation B. IT administration and the related operating systems development and maintenance processes C. Authenticity table D. Computer security and virus protection
97. Related audit tests to review the existence and communication of company policies regarding important aspects of IT administrative control include all of the following, except: A. Personal accountability and segregation of incompatible responsibilities B. Job description and clear lines of authority C. Prevention of unauthorized access D. IT systems documentation 98. Controls meant to prevent the destruction of information as the result of unauthorized access to the IT system are referred to as: A. IT administration B. System controls C. Information administration D. Security controls 99. Auditors should perform this type of test to determine the valid use of the client’s computer system, according to the authority tables. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation 100. These tests of the security controls involve various methods of entering the client’s system to determine whether controls are working as intended. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation 101. These tests of security controls analyze a company’s control environment for possible weaknesses. Special software programs are available to help auditors identify weak points in their client’s security measures. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation 102. One of the most effective ways a client can protect its computer system is to place physical controls in the computer center. Physical controls include all of the following, except: A. Proper temperature control B. Locks C. Security guards D. Cameras 103. One of the most effect ways a client can protect its computer system is to place environmental controls in the computer center. Environmental controls include: A. Card keys B. Emergency power supply C. Alarms D. Security guards
104. This type of application control is performed to verify the accuracy and completeness of information entered into software programs. Auditors are concerned about whether errors are being prevented and detected during this stage of data processing. A. Security controls B. Processing controls C. Input controls D. Output controls 105. IT audit procedures typically include a combination of data accuracy tests where the data processed by computer applications are reviewed for correct dollar amounts or other numerical values. These procedures are referred to as: A. Security controls B. Processing controls C. Input controls D. Output controls 106. This type of processing control test involves a comparison of different items that are expected to have the same values, such as comparing two batches or comparing actual data against a predetermined control total. A. Validation Checks B. Batch Totals C. Run-to-Run Totals D. Balancing Tests 107. This is one of the computer-assisted audit techniques, related to processing controls, that involves processing client data through a controlled program designed to resemble the client’s application. This test is run to find out whether the same results are achieved under different systems. A. Integrated Test Facility B. Embedded Audit Module C. Parallel Simulation D. Test Data Method 108. Regardless of whether the results are printed or retained electronically, auditors may perform all of the following procedures to test application outputs, except: A. Integrated Tests B. Reasonableness Tests C. Audit Trail Tests D. Rounding Errors Tests 109. The auditor’s test of the accuracy of monetary amounts of transactions and account balances is known as: A. Testing of controls B. Substantive tests C. Compliance tests D. Application tests
110. Real-time financial reporting has created the need for this type of auditing, where auditors constantly analyze audit evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter. A. Real-time auditing B. Virtual auditing C. E-auditing D. Continuous auditing 111. This phase of auditing occurs when the auditors evaluate all the evidence that has been accumulated and makes a conclusion based on that evidence. A. Tests of Controls B. Audit Planning C. Audit Completion / Reporting D. Substantive Testing 112. This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management’s responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit. A. Letter of Representation B. Audit Report C. Encounter Statement D. Auditors Contract 113. Which of the following is a proper description of an auditor report? A. Unqualified opinion - identifies certain exceptions to the clean opinion. B. Adverse opinion - notes that there are material misstatements presented. C. Qualified opinion - states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP. D. Unqualified opinion - states that the auditors were not able to reach a conclusion. 114. When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following: A. Authorized access B. Segregation of duties C. Lack of backup control D. All of the above 115. When client companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as: A. External Processing B. WAN Processing C. Database Management System D. IT Outsourcing
116. Because it is not possible to test all transactions and balances, auditors rely on this to choose and test a limited number of items and transactions and then make conclusions about the balance as a whole. A. Sampling B. Materiality C. Compliance D. Substance 117. The AICPA Code of Professional Conduct, commonly called the Code of Ethics, is made up of two sections. Which of the following correctly states the two sections? A. Integrity and responsibility B. Principles and rules C. Objectivity and independence D. Scope and nature 118. The rule in the AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as: A. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism. B. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity. C. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities. D. CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided. 119. This concept means that the auditors should not automatically assume that their clients are honest, but that they (the auditors) must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements. A. Independence B. Integrity C. Due Care D. Professional Skepticism
ANSWERS TO TEST BANK – CHAPTER 7 – MULTIPLE CHOICE: 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61.
B A D C A D B D A B D C B D A
62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76.
C B C A D B C B A D D A A C D
77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91.
A B A C B D C D B A D C B C B
92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106.
A C D A B C D A B C A B C B D
107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119.
C A B D C A B C D A B C D
TEST BANK - CHAPTER 7 – END OF CHAPTER QUESTIONS: 120. Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings? A. Financial Statement Audits B. Operational Audits C. Regulatory Audits D. Compliance Audits 121. Financial statement audits are required to be performed by: A. Governmental Auditors B. CPAs C. Internal Auditors D. IT Auditors 122. Which of the following is not considered a cause for information risk? A. Management’s geographic location is far from the source of the information needed to make effective decisions. B. The information is collected and prepared by persons who use the information for very different purposes. C. The information relates to business activities that are not well understood by those who collect and summarize the information for decision makers. D. The information has been tested by internal auditors and a CPA firm.
123. Which of the following is not a part of general accepted auditing standards? A. General Standards B. Standards of Fieldwork C. Standards of Information Systems D. Standards of Reporting 124. Which of the following best describes what is meant by the term “generally accepted auditing standards”? A. Procedures used to gather evidence to support the accuracy of a client’s financial statements. B. Measures of the quality of an auditor’s conduct. C. Professional pronouncements issued by the Auditing Standards Board. D. Rules acknowledged by the accounting profession because of their widespread application. 125. In an audit of financial statement in accordance with generally accepted auditing standards, an auditor is required to: A. Document the auditor’s understanding of the client company’s internal controls. B. Search for weaknesses in the operation of the client company’s internal controls. C. Perform tests of controls to evaluate the effectiveness of the client company’s internal controls. D. Determine whether controls are appropriately designed to prevent or detect material misstatements. 126. Auditors should design a written audit program so that: A. All material transactions will be included in substantive testing. B. Substantive testing performed prior to year end will be minimized. C. The procedures will achieve specific audit objectives related to specific management assertions. D. Each account balance will be tested under either a substantive test or a test of controls. 127. Which of the following audit objectives relates to the management assertion of existence? A. A transaction is recorded in the proper period. B. A transaction actually occurred (i.e., it is real) C. A transaction is properly presented in the financial statements. D. A transaction is supported by detailed evidence. 128. Which of the following statements regarding an audit program is true? A. A standard audit program should be developed for use on any client engagement. B. The audit program should be completed by the client company before the audit planning stage begins. C. An audit program should be developed by the internal auditor before audit testing begins. D. An audit program establishes responsibility for each audit test by requiring the signature or initials of the auditor who performed the test.
129. Risk assessment is a process designed to: A. Identify possible events that may affect the business. B. Establish policies and procedures to carry out internal controls. C. Identify and capture information in a timely manner. D. Review the quality of internal controls throughout the year. 130. Which of the following audit procedures is most likely to be performed during the planning phase of the audit? A. Obtain an understanding of the client’s risk assessment process. B. Identify specific internal control activities that are designed to prevent fraud. C. Evaluate the reasonableness of the client’s accounting estimates. D. Test the timely cutoff of cash payments and collections. 131. Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer? A. The time involved in testing processing controls is significant. B. The cost involved in testing processing controls is significant. C. A portion of the audit trail is not tested. D. The technical expertise required to test processing controls is extensive. 132. The primary objective of compliance testing in a financial statement audit is to determine whether: A. Procedures have been updated regularly. B. Financial statement amounts are accurately stated. C. Internal controls are functioning as designed. D. Collusion is taking place. 133. Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor’s control to periodically test controls in the client’s computer system? A. Test data method B. Embedded audit module C. Integrated test facility D. Parallel simulation 134. Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client personnel being aware of the testing process? A. Test data method B. Embedded audit module C. Integrated test facility D. Parallel simulation
135. Which of the following is a general control to test for external access to a client’s computerized systems? A. Penetration tests B. Hash totals C. Field checks D. Program tracing 136. Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client’s computerized systems. These weaknesses make the client company susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be emphasized in the remaining phases of this audit? A. Tests of controls B. Penetration tests C. Substantive tests D. Rounding errors tests 137. Generalized audit software can be used to: A. Examine the consistency of data maintained on computer files. B. Perform audit tests of multiple computer files concurrently. C. Verify the processing logic of operating system software. D. Process test data against master files that contain both real and fictitious data. 138. Independent auditors are generally actively involved in each of the following tasks except: A. Preparation of a client’s financial statements and accompanying notes. B. Advising client management as to the applicability of a new accounting standard. C. Proposing adjustments to a client’s financial statements. D. Advising client management about the presentation of the financial statements. 139. Which of the following is most likely to be an attribute unique to the audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions? A. Due professional care B. Competence C. Independence D. A complex underlying body of professional knowledge 140. Which of the following terms in not associated with the auditor’s requirement to maintain independence? A. Objectivity B. Neutrality C. Professional Skepticism D. Competence
ANSWERS TO TEST BANK - CHAPTER 7 – END OF CHAPTER QUESTIONS 120. 121. 122. 123. 124. 125.
B B D C B A
126. 127. 128. 129. 130. 131.
C B D A A C
132. 133. 134. 135. 136. 137.
C D C A C A
138. A 139. C 140. D
TEST BANK - CHAPTER 7 – SHORT ANSWER QUESTIONS 141. What are assurance services? What value do assurance services provide? Answer: Assurance services are accounting services that improve the quality of information. Many services performed by accountants are valued because they lend credibility to financial information. 142. Differentiate between a compliance audit and an operational audit. Answer: A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness. 143. Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Answer: Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits. 144. Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems. Answer: The IT environment plays a key role in how auditors conduct their work in the following areas: • consideration of risk • determination of audit procedures to be used to obtain knowledge of the accounting and internal control systems • design and performance of audit tests. 145. Describe the three causes of information risk. Answer: Information risk is caused by: • Remote information; for instance, when the source of information is removed from the decision maker, it stands a greater chance of being misstated. • Large volumes of information or complex information. • Variations in viewpoints or incentives of the preparer.
146. Explain how an audit trail might get “lost” within a computerized system. Answer: Loss of an audit trail occurs when there is a lack of physical evidence to view in support of a transaction. This may occur when the details of accounting transactions are entered directly into the computer system, with no supporting paper documents. If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered. 147. Explain how the presence of IT processes can improve the quality of information that management uses for decision making. Answer: IT processes tend to provide information in a timely and efficient manner. This enhances management’s ability to make effective decisions, which is the essence of quality of information. 148. Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting. Answer: The standards of fieldwork provide general guidelines for performing the audit. They address the importance of planning and supervision, understanding internal controls, and evidence accumulation. The standards of reporting address the auditor’s requirements for communicating the audit results in writing, including the reference to GAAP, consistency, adequate disclosures, and the expression of an overall opinion on the fairness of the financial statements. 149. Which professional standard-setting organization provides guidance on the conduct of an IT audit? Answer: The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit. 150. If management is responsible for its own financial statements, why are auditors important? Answer: Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP. Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements. To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid. 151. List the techniques used for gathering evidence. Answer: The techniques used for gathering evidence include the following: • physically examining or inspecting assets or supporting documentation • obtaining written confirmation from an independent source • rechecking or recalculating information • observing activities • making inquiries of company personnel • analyzing financial relationships and making comparisons to determine reasonableness 152. During which phase of an audit would an auditor consider risk assessment and materiality? Answer: Risk assessment and materiality are considered during the planning phase of an audit.
153. What is the significance of Statement on Auditing Standards No. 94? Answer: SAS 94, “The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit”, is significant because it describes the importance of understanding both the automated and manual procedures that make up a company’s internal controls. It also provides guidance to assist an auditor in determining whether an IT audit specialist may be needed for the audit. 154. Distinguish between auditing through the computer and auditing with the computer. Answer: When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic. Auditing through the computer is necessary when the auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form. Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit 155. Explain why it is customary to complete the testing of general controls before testing application controls. Answer: Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested. The effectiveness of general controls is considered the foundation for the IT control environment. If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls. 156. Identify four important aspects of administrative control in an IT environment. Answer: Four important aspects of administrative control include: • personal accountability and segregation of incompatible responsibilities • job descriptions and clear lines of authority • computer security and virus protection • IT systems documentation 157. Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience. Answer: Student’s responses are likely to vary greatly. Examples of physical controls may include card keys and configuration tables, as well as other physical security features such as locked doors, etc. Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply. 158. Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls. Answer: Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data. However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accounting system (i.e., the hash totals are used only for their control purpose and have no other numerical significance).
159. The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques. Answer: The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors. The results of the test must be compared with predicted results. An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations. An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system. The testing occurs simultaneously with the company’s actual transaction processing. 160. Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems. Answer: Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits. Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances. Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly. 161. What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these tools. Answer: CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems. These tools help auditors perform routine testing in an efficient manner. The types of tests that can be performed using GAS or DAS include: • mathematical and statistical calculations • data queries • identification of missing items in a sequence • stratification and comparison of data items • selection of items of interest from the data files • summarization of testing results into a useful format for decision making 162. Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? Answer: An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects. On the other hand, an adverse opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements. 163. Why is it so important to obtain a letter of representations from an audit client? Answer: The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements. In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit. This serves as a significant piece of audit evidence.
164. How can auditors evaluate internal controls when their clients use IT outsourcing? Answer: When a company uses IT outsourcing, auditors must still evaluate internal controls. This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center. 165. An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Answer: Professional skepticism is most closely associated with the principle of Objectivity and Independence. Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements. This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest. TEST BANK - CHAPTER 7 – SHORT ESSAY 166. Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity. Provide an example of how a personal relationship might impair an auditor’s objectivity. Answer: An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates. For example, if an auditor owned stock in a client company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc. Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements. 167. From an internal control perspective, discuss the advantages and disadvantages of using ITbased accounting systems. Answer: The advantages of using IT-based accounting systems are the improvements in internal control due to the reduction of human error and increase in speed. The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and review of transactions. 168. Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement. Answer: GAAS provides a general framework that is not specific enough to provide specific guidance in the actual performance of an audit. For detailed guidance, auditors rely upon standards issued by the PCAOB, the ASB, the IAPC, and ISACA.
169. Tyrone and Tyson are assigned to perform the audit of Tylen Company. During the audit, it was discovered that the amount of sales reported on Tylen’s income statement was understated because one week’s sales transactions were not recorded due to a computer glitch. Tyrone claims that this problem represents a violation of the management assertion regarding existence, because the reported account balance was not real. Tyson argues that the completeness assertion was violated, because relevant data was omitted from the records. Which auditor is correct? Explain your answer. Answer: The completeness assertion is concerned with possible omissions from the accounting records and the related understatements of financial information; in other words, it asserts that all valid transactions have been recorded. Accordingly, Tyson’s argument is correct. Tyrone’s argument is not correct because the existence assertion is concerned with the possibility of fictitious transactions and the related overstatements of financial information. 170. One of the most important tasks of the planning phase is for the auditor to gain an understanding of internal controls. How does this differ from the tasks performed during the tests of controls phase? Answer: During the planning phase of an audit, auditors must gain an understanding of internal controls in order to determine whether the controls can be relied upon as a basis for reducing the extent of substantive testing to be performed. Understanding of internal controls is the basis for the fundamental decision regarding the strategy of the audit. It also impacts the auditor’s risk assessment and establishment of materiality. During the tests of controls phase, the auditor goes beyond the understanding of the internal controls and actually evaluates the effectiveness of those controls. 171. How is it possible that a review of computer logs can be used to test for both internal access controls and external access controls? Answer: Other than reviewing the computer logs, identify and describe two types of audit procedures performed to test internal access controls, and two types of audit procedures performed to test external access controls. Internal access controls can be evaluated by reviewing computer logs for the existence of login failures or unusual activity, and to gauge access times for reasonableness in light of the types of tasks performed. Internal access controls can also be tested by reviewing the company’s policies regarding segregation of IT duties and other IT controls, and can test those controls to determine whether access is being limited in accordance with the company’s policies. In addition, auditors may perform authenticity testing to evaluate the authority tables and determine whether only authorized employees are provided access to IT systems. Computer logs can also be reviewed to evaluate external access controls, as the logs may identify unauthorized users and failed access attempts. External access controls may also be tested through authenticity tests, penetrations tests, and vulnerability assessments. Authenticity tests, as described above, determine whether access has been limited to those included in the company’s authority tables. Penetration tests involve the auditor trying to gain unauthorized access to the client’s system, by attempting to penetrate its firewall. Vulnerability assessments are tests aimed at identifying weak points in the company’s IT systems where unauthorized access may occur, such as through a firewall or due to problems in the encryption techniques.
172. Explain why continuous auditing is growing in popularity. Identify and describe a computerassisted audit technique useful for continuous auditing. Answer: Continuous auditing has increased in popularity due to the increase in e-commerce. Realtime financial reporting has created the need for continuous auditing, whereby auditors continuously analyze evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter. The embedded audit module is a computer-assisted audit technique that accomplishes continuous auditing. The embedded audit module approach involves placing special audit testing programs within a company’s operating system These test modules search the data and analyze transactions or account balances that meet specified conditions of interest to the auditor. 173. Each of the principles of the AICPA Code of Professional Conduct relates to the trustworthiness of the CPA. Distinguish between the third principle (integrity) and the fourth principle (objectivity and independence). Answer: Integrity related closely to honesty and performing duties with a high sense of due care. Objectivity and independence are more concerned with the attitude of skepticism in approaching duties. This involves being unbiased and free of any conflicts of interest. TEST BANK - CHAPTER 7 – PROBLEMS 174. Match the standard-setting bodies with their purpose. Answer: I. c. II. a. III. d. IV. b. 175. Identify whether the following audit tests are used to evaluate internal access controls (I), external access controls (E), or both (B): authenticity, penetration, vulnerability assessments, review of access logs, and review of policies concerning the issuance of passwords and security tokens. Answer: • Authenticity tests (B) • Penetration tests (E) • Vulnerability assessments (E) • Review of access logs (B) • Review of policies concerning the issuance of passwords and security tokens (I) 176. Refer to the notes payable audit program excerpt presented in Exhibit 7-3. If an auditor had a copy of his client’s data file for its notes receivable, how could a general audit software or data analysis software package be used to assist with these audit tests? Answer: GAS and DAS could assist auditors in testing notes payable by performing mathematical calculations of interest amounts, stratification of amounts into current and long-term categories according to maturity dates, and performing ratio calculations as may be needed to assess compliance with restrictions.
177. In order to preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of nonaudit services that auditors can perform for their public-company audit clients. Answer: The list includes nine types of services that are prohibited because they are deemed to impair an auditor’s independence. Included in the list are the following: • financial information systems design and implementation • internal audit outsourcing Describe how an auditor’s independence could be impaired if she performed IT design and implementation functions for her audit client. Likewise, how could an auditor’s involvement with internal audit outsourcing impair her independence with respect to auditing the same company? Both of these scenarios would place the auditor in a position of auditing his/her own work. Auditors could not maintain independence if they are involved in both the IT design and implementation as well as the financial statement audit. To the extent that the IT system impacts financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she had designed and implemented. Likewise, auditors are not likely to be unbiased with respect to performing a financial statement audit for the same company as he/she performed internal audit work. Any evaluations performed during the internal audit engagement are likely to have a bearing on the auditor’s professional attitude while performing the financial statement audit. 178. Visit the AICPA website at www.aicpa.org and click on Becoming a CPA/Academic Resources. Use the Careers in Accounting tab to locate information on audit careers. Answer: The AICPA website presents information on various career paths, including public accounting (audit, taxation, financial planning, etc.), business and industry, governmental accounting, not-for-profit accounting, education, and entrepreneurship. Some specialty areas include forensic accounting, environmental accounting, and showbiz accounting.
179. Visit the ISACA website at www.isaca.org and click the Students and Educators tab and then the IT Audit Basics tab to find articles covering topics concerning the audit process. Locate an article on each of the following topics and answer the related question: a) Identify and briefly describe the four categories of CAATs, b) List the factors that contribute to the formation of due care in an auditor. Answer: a. Identify and briefly describe the four categories of CAATs. The four categories include1: • data analysis software, including GAS and DAS • Network security evaluation software/utilities • OS and DBMS security evaluation software/utilities • Software and code testing tools b. List the factors that contribute to the formation of due care in an auditor include2: • peer review • auditor conduct • communication • technical competence • judgment • business knowledge • training • certification • standards • independence • continuous reassessment • high ethical standards 180. Refer to the example presented in this chapter describing frauds perpetrated by top managers in large companies like Enron, Xerox, and WorldCom. Perform an Internet search to determine the nature of Xerox’s management fraud scheme and to find out what happened to the company after the problems were discovered. Answer: Xerox’s fraud involved earnings management or manipulation of the financial statements in order to boost earnings. This occurred at Xerox to the tune of hundreds of millions of dollars and involved various accounting tricks to hide the company’s true financial performance so that it would meet or beat Wall Street expectations. The most significant trick was the premature recording of revenues. Upon discovery of the fraud, the SEC filed a $10 million civil suit against Xerox, the largest fine in SEC history. In addition, Xerox had to restate its earnings from 1997 through 2001.
1 “Using CAATs to Support IS Audit” by S. Anantha Sayana for Information Systems Control Journal, Vol. 1, 2003. 2 “Due Professional Care” by Frederick Gallegos for Information Systems Control Journal, Vol, 2, 2002.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 8: Revenue and Cash Collection Processes TEST BANK - CHAPTER 8 - TRUE / FALSE 1. Because different companies conduct business in different manners, there tends to be few similarities in the way the related business processes are carried out. 2. Sales processes need supporting practices such as credit checks and stock authorization. 3. Even though most companies collect order data from customers, the manner of receiving order data seldom varies. 4. What a customer refers to as a purchase order is referred to as a sales order by the vendor. 5. When a sales order has been entered into the system, the customer’s credit status must be checked. For existing customers, the sale on account should be approved only if the customer has exceeded their credit limit. 6. If a sales order comes from a new customer, it is necessary to evaluate the creditworthiness of that customer before the sale is approved. 7. Whenever a sales order is received, it is necessary to check the inventory to make sure that the items ordered are in stock. If the items are in stock, a packing slip will be prepared. 8. Billing to the customer should take place prior to shipment so that the customer receives the bill before the merchandise arrives. 9. If a vendor waits too long to send the bill to the customer due to the fact that it could cause a delay of the collection of the cash. 10. When the customer is billed, the accounts receivable records should be updated to reflect the decreased balance. 11. The existence of good internal controls do not ensure high sales and profits. 12. Effective and efficient internal control often takes up valuable management time that could otherwise be spent on attention to revenue growth and cost controls. 13. Proper sales authorization control requires obtaining approval before processing an order and again before the order is shipped. 14. The internal control activity, related to the authorization of transactions, requires that only specific individuals within the company should have the authoritative responsibility for establishing sales prices and credit terms.
15. The individuals who are given the authority to establish sales prices, credit limits, and guidelines for accepting customers should be sure to keep most of the information confidential. 16. In order to meet the objectives of internal controls, individuals with authoritative responsibilities need to have access to the record keeping functions. 17. Record files related to sales can be organized by customer name or by the numerical sequence of the documents. 18. A benefit of a company accounting for their documents in a numerical sequence is that it is much easier to see if a document or documents are missing. 19. Independent checks and reconciliations should be performed on a regular basis as part of the segregation of duties area of internal controls. 20. A reconciliation should be prepared by the same person who is responsible for the recording function. 21. A company is more likely to implement internal controls if they view the cost of the controls to be less than the benefits provided. 22. When a credit memorandum has a reference to the original sales invoice and approved price list it will assure that the correct customer receives credit for the return. 23. Internal controls over sales returns are similar to those for the revenue process where it is important to match receiving reports for returns with the related credit memos to ensure that the company issues credit for all returns for the correct amounts. 24. Specific internal control procedures to be performed, specifically independent checks and reconciliations, should be performed by someone who as the responsibility for the recording of the transactions and the custody of the assets received. 25. It is necessary for a company to consider the risks of its system to determine whether the costs of implementing a control procedure are worthwhile in terms of the benefits realized from the control. 26. As a rule, the higher the risk, the more controls are generally required and the less costly its accounting system may become. 27. Company to company sales normally occur on account and involve a time span given for the customer to pay the vendor. The actual number of days will depend on the credit terms and the diligence of the customer concerning on-time payments. 28. The remittance advice send by the customer with the related payment is used by the vendor to properly apply the payment to the customer’s account. 29. The segregation of duties states that the authorization of duties is to be separated from the recording function but not from the custody function.
30. At a minimum, those who handle cash should be the ones to reconcile the bank statement. 31. Those who handle cash should not have access to the related accounting records. 32. At a minimum, cash receipts should be deposited on a weekly basis. 33. Detailed customer accounts should be maintained and reconciled with customer statements regularly. 34. Access to cash collections needs to limited to those who are expressly authorized to record the cash transactions. 35. Controls over cash collections are likely the most important control procedure because cash is the asset most susceptible to theft and misappropriation. 36. Integrated IT systems that are used to conduct internet sales in a business to customer manner are referred to as e-commerce. 37. Business to business sales on the internet are referred to as e-commerce. 38. The use of control totals and related acknowledgments can reduce the risk of denial of service attacks by hackers. 39. Because the point-of-sale systems are not normally connected to outside trading partners, they pose fewer risks related to security and confidentiality than e-commerce or EDI systems. 40. Because the point-of-sale systems are not normally connected to outside trading partners, they pose fewer risks related to availability. 41. Few deceptions and fraudulent acts in the business and accounting environment relate to revenue measurement and recognition. 42. Regardless of how effective and good the accounting system is, if top management is intent on falsifying financial statements by inflating revenue, they can usually find ways to misstate revenue. 43. In many cases where revenue has been overstated by management, accountants have participated in the deception. Thankfully, once the overstatement has occurred, it will be offset by lower revenues in the subsequent year and normally will not recur. 44. When top management behaves ethically and encourages ethical behavior, there are usually fewer cases of frauds, errors, or other ethical problems. 45. Establishing proper processes, internal controls, and ethical guidelines does not lead to better corporate governance, even though it does improve the financial stewardship.
ANSWERS TO TEST BANK – CHAPTER 8 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9.
F T F T F T F F T
10. 11. 12. 13. 14. 15. 16. 17. 18.
F T F T T F F T T
19. 20. 21. 22. 23. 24. 25. 26. 27.
F F T F T F T F T
28. 29. 30. 31. 32. 33. 34. 35. 36.
T F F T F T F T T
37. 38. 39. 40. 41. 42. 43. 44. 45.
F F T F F T F T F
TEST BANK - CHAPTER 8 - MULTIPLE CHOICE 46. In a large company, there are hundreds, possibly thousands, of sales transactions each day. The company needs to have in place, systems and processes to: A. Capture the results of the sales transactions B. Record the proper and complete sales transactions C. Summarize and report the results of the transactions D. All of the above 47. The policies and procedures that employees follow when completing the sale, capturing customer data and sales quantities, and routing the resulting sales documents to the right departments within the company are referred to as: A. Transactions B. Processes C. Posting D. Systems 48. When a sale occurs, the information resulting from that sale must flow into the sales recording systems, the accounts receivable and cash collection systems, and the inventory tracking systems. In IT accounting systems, these recording and processing systems are referred to as: A. Transaction Processing Systems B. Revenue and Cash Processing Systems C. Point of Sale System D. E-business System 49. The business processes that are common in company-to-company sales business types include all of the following, except: A. Collect order data B. Record receivable and bill the customer C. Update affected records, such as accounts payable and cash D. Handle any product returns from the customer
50. The business processes that are common in company-to-company sales business are divided into three groups. Which of the following is not one of those groups? A. Sales processes, including ordering, delivery, and billing B. Purchase of inventory, including ordering, delivery, and billing C. Sales Returns processes D. Cash Collection processes 51. The risks that may affect the revenue and cash collection processes include all of the following, except: A. Transactions recorded by the wrong company. B. Valid transactions may have been omitted from the records. C. Transactions may not have been recorded in a timely manner. D. Recorded transactions may not be valid or complete. 52. The risks that may affect the revenue and cash collection processes include all of the following, except: A. Transactions may have been recorded in the wrong customer account. B. Transactions may be recorded in the wrong amount. C. Invalid transactions may have been omitted from the records. D. Transactions may not have been accumulated or transferred to the accounting records correctly. 53. Common means of presenting the revenue and cash collections processes pictorially include: A. Data Flow Diagram B. Document Flowchart C. Business Process Map D. All of the above 54. The sales and cash collections process begins when: A. Merchandise is shipped to a customer B. A customer places an order with the company C. Merchandise is purchased D. A vendor places an order with the company 55. The form, or source document, that conveys the details about a customer’s order, prepared by the customer, is referred to as: A. Sales Order B. Sales Invoice C. Purchase Order D. Purchase Invoice 56. Sales orders are calculated based on current selling prices of the items sold. The source of these prices, which would include the entire set of preestablished and approved prices for each product, is referred to as a(n): A. Price list B. Purchase order C. Packing slip D. Pick list
57. The maximum dollar amount that a customer is allowed to carry as an accounts receivable balance: A. Maximum Limit B. Credit Balance C. Maximum Balance D. Credit Limit 58. This item documents the quantities and descriptions of items ordered. Items from this document should be pulled from the warehouse shelves and packaged for the customer. A. Packing Slip B. Price List C. Pick List D. Purchase Order 59. The terms of agreement between the company and the common carrier are documented in a(n): A. Pick List B. Bill of Lading C. Invoice D. Packing Slip 60. A chronological listing of shipments that allows management to track the status of sales and to answer customer inquiries regarding order status is called a(n): A. Invoice B. Bill of Lading C. Pick List D. Shipping Log 61. This document is prepared and sent to the customer once the shipment has occurred. The document provides the details of the sale and requests payment. A. Sales Invoice B. Accounts Receivable Statement C. Bill of Lading D. Sales Order 62. A special journal that is used to record sales transactions and is periodically posted to the general ledger. A. General Journal B. Subsidiary Journal C. Sales Journal D. Accounts Receivable Journal 63. This document is prepared on a regular basis to accumulated and summarize all the transactions that have taken place between the customer and the company within the period. A. Accounts Receivable Journal B. Sales Invoice C. Subsidiary Journal D. Customer Account Statements
64. Which of the following relationships does not violate the rules of segregation of duties? A. Credit authorization and preparation of the sales order. B. Preparation of the sales order and sales invoice. C. Preparing goods for shipment and accounting for inventory. D. Entering sales in the sales journal and handling the inventory. 65. The internal control activity related to the adequate records and documents, related to sales, includes which of the following? A. Those responsible for recording sales should ensure that the supporting documentation is retained and organized. B. Information systems duties included in the revenue process includes the preparation of sales orders and shipping logs. C. All records are to be prepared by someone other than the person who has custody of the assets. D. The authorization process is to remain separate from the recording process. 66. Which of the following is not one of the stated physical controls for inventory in a warehouse? A. Surveillance Cameras B. Alarm Systems C. Backup Copies D. Security Guards 67. In order to protect data files, production programs, and accounting records from unauthorized access, each of the following may be used, except: A. Passwords B. Physical controls (locked cabinets) C. Backup copies D. Surveillance cameras 68. Common types of independent checks within the revenue process include all of the following, except: A. Verification of information in the sales journal and on sales invoices. B. Verification of the bank statement and the cash account in the general journal. C. Reconciliation of accounts receivable detail with invoices and with the general ledger. D. Reconciliation of inventory records with actual (counted) quantities on hand. 69. Examples of characteristics that indicate a company may be more risky with respect to the revenue process include all of the following, except: A. Changes in sales prices or customers are infrequent. B. The pricing structure is complex or is based on estimates. C. There is a large volume of transactions is carried out. D. The company depends on a single or on very few customers.
70. The comparison of the shipping records with the sales journal and invoices is completed to minimize the related risk of: A. Invalid transactions B. Fictitious customers C. Omitted transactions D. Duplicate transactions 71. The preparation of packing lists and shipping records on prenumbered forms will help to minimize the related risk of: A. Incorrect amounts B. Invalid sales C. Wrong customers D. Omitted transactions 72. The separation of the responsibility for the authorization of new customers from the custody of inventory will help to minimize the related risk of: A. Invalid sales B. Fictitious customers C. Incorrect amounts D. Timing issues 73. A document prepared that lists the chronological sequence of all returned items is referred to as a(n): A. Receiving log B. Receiving report C. Invoice D. Packing list 74. A source document prepared by the personnel in the receiving dock that documents the quantity and condition of the items received is called a(n): A. Invoice B. Receiving log C. Receiving report D. Credit memorandum 75. A document prepared to prepare a record of the sales return and to adjust the amount of the customer’s credit status is called a(n): A. Receiving log B. Credit memorandum C. Sales invoice D. Sales journal
76. The authorization of sales returns requires that certain individuals within the company be assigned the authority for all of the following, except: A. Authorize Sales Returns B. Approve Credit Memos C. Develop Sales Return Policies D. Record the Credit Memos 77. The segregation of duties related to sales returns would ideally separate the function of performing the credit memo activity and all of the following, except: A. Credit approval B. Approve the credit memos C. Billing D. Data entry 78. Circumstances within a company, related to sales returns, that indicate a high level of risk include all of the following, except: A. Returns are received a one location with credit memos issued at the same location. B. Quantities of products returned are often difficult to determine. C. There is a high volume of credit memo activity. D. Returns are received by consignees or under other arrangements not directly controlled by the company. 79. Differences between a sales return and a sales allowance include: A. The issuance of a credit memorandum B. The existence of defective merchandise C. The documentation in a receiving report D. All of the above 80. The separation of the custody of inventory from the accounts receivable record keeping will help to minimize the related risk of: A. Incorrect amounts B. Invalid returns C. Fictitious customers D. Timing issues 81. The documentation accompanying payment that identifies the customer account number and invoice to which the payment applies is referred to as a(n): A. Cash Receipts Journal B. Promissory Note C. Deposit List D. Remittance Advice 82. A special journal used to record all cash collections is called a(n): A. Cash Receipts Journal B. Remittance Advice C. Check Register Journal D. Customer Subsidiary Journal
83. In order to ensure that all records are updated only for authorized transactions, appropriate individuals should be assigned all of the following duties, except: A. Opening and closing all bank accounts. B. Preparing the bank reconciliation. C. Approving bank deposits. D. Approving electronic transfers of funds. 84. The recording responsibilities for cash receipts includes all of the following, except: A. Maintaining a cash receipts journal B. Updating accounts receivable records for individual customers C. Posting subsidiary ledger totals to the general ledger D. Preparing bank deposits 85. The custody responsibilities for cash receipts include all of the following, except: A. Updating accounts receivable records B. Opening mail C. Preparing a list of collections D. Handling receipts of currency and checks 86. The internal control of cash receipts related to adequate records and documents would include which of the following? A. Cash receipts listings prepared on a daily basis and reconciled to supporting documentation from the bank deposit. B. Bank deposit receipts should be retained and filed chronologically. C. Detailed customer accounts should also be maintained and reconciled with customer statements regularly. D. All of the above. 87. Independent checks and reconciliations, related to cash receipts, include all of the following, except: A. Cash counts should occur on a surprise basis and be conducted by someone not responsible for cash receipts functions. B. Cash collections should be deposited in the bank in a timely manner to prevent the risk of theft. C. Physical count of cash needs to be conducted from time to time in order to compare actual cash on hand with the amounts in the accounting records. D. Daily bank deposits should be compared with the detail on the related remittance advice and in the cash receipts journal. 88. Bank reconciliation tasks include: A. Procedures to ensure that deposits are examined for proper dates B. Procedures to ensure that all reconciling items are reviewed and explained C. Both of the above D. None of the above
89. The following circumstances may indicate risks related to cash collections, except: A. High volume of cash collections B. Centralized cash collections C. Lack of consistency in the volume or source of collections D. Presence of cash collections denominated in foreign currencies 90. Whenever a company grants credit to customers, there is a danger that customers will not pay. In fact, most companies have occasional problems with customers who fail to pay which leads to writing off the accounts receivable. Proper controls related to these uncollectible accounts include all of the following, except: A. Segregation of responsibilities so that no one has the opportunity to write off an account to cover up stolen cash. B. Thorough guidelines are to be established for determining the amount of an allowance for uncollectible accounts. C. An accounts receivable aging report should be generated to analyze all customer balances and the lengths of time that have elapsed since the payments were due. D. Mathematical verification of the cash receipts journal and the accounts receivable ledger. 91. The separation of the responsibility for custody of cash from the responsibility for reconciling the bank accounts will help to minimize the related risk of: A. Wrong customers B. Incorrect amounts C. Invalid bank account D. Invalid transactions 92. The separation of the custody of cash from the accounts receivable record keeping will help to minimize the related risk of: A. Invalid cash receipts B. Incorrect amounts C. Invalid transactions D. Duplicate transactions 93. The preparation of deposit slips on prenumbered forms will help to minimize the related risk of: A. Invalid transactions B. Incorrect amounts C. Duplicate transactions D. Omitted transactions 94. The security of having cash receipts deposited in the bank on a daily basis will help to minimize the related risk of: A. Invalid receipts B. Invalid bank account C. Lost or stolen cash D. Duplicate transactions
95. General controls of the IT system would include all of the following, except: A. Security B. Accuracy C. Availability D. Confidentiality 96. Application controls of the IT system would include: A. Availability B. Accuracy and Completeness C. Security D. Processing Integrity 97. This type of highly integrated IT system incorporates electronic processing of sales-related activities and, generally, the sales processes are transacted over the internet. A. E-commerce B. Virtual commerce C. Electronic data interchange D. Point of sale 98. This type of highly integrated IT system, inter-company, computer-to-computer, communicates sales documents electronically with a standard business format. A. E-commerce B. Virtual commerce C. Electronic data interchange D. Point of sale 99. This type of highly integrated IT system processes sales at a cash register in retail stores. A. E-commerce B. Virtual commerce C. Electronic data interchange D. Point of sale 100. The advantages of e-commerce, or e-business, include all of the following, except: A. Reduced cost through lower marketing, employee, and paperwork costs. B. Shorter sales cycles C. Repudiation of sales transactions D. Increased accuracy and reliability of sales data 101. The risks of e-commerce, or e-business, include all of the following, except: A. Confidentiality B. Accuracy C. Security D. Processing Integrity 102. Availability risks of e-commerce, or e-business, include all of the following, except: A. Hardware and software system failures B. Virus and worm attacks C. Denial-of-service attacks by hackers D. Incomplete audit trail
103. Important characteristics of electronic data interchange (EDI) include all of the following, except: A. Sales register is used to record all transactions. B. Inter-company refers to two or more companies conducting business electronically. C. Computer-to-computer aspect indicates that each company’s computers are connected via a network. D. A standard business format is necessary so that companies can interact and trade with a variety of buyers and sellers. 104. The standard format used with EDI allows all vendors and buyers to speak the same language. Which group has developed the standard format for the common documents used in the sales process? A. Electronic Data Systems B. American Common Forms Institute C. Association of Naturalized Documents D. American National Standards Institute 105. The standard format for common forms used in the United States for EDI data transmission is divided into three parts. Which of the following is one of those “parts”? A. Availability Segment B. Labeling Interchanges C. Security Trailer D. Processing Data 106. This section of the common forms used as the standard format in EDI data transmission contains data about the file or transmission and identify the end of a particular transaction. A. Header and Trailer Data B. Labeling Interchanges C. Data Segments D. Footer Data 107. Because it can be expensive to develop and maintain a system that links two companies directly, the companies often use a third-party network. This third-party network provides other valuable services such as translation and encryption of the EDI data and authentication of a valid and authorized training partner. These third-party networks are called: A. EDI Mailboxes B. American National Standards Provider C. Value Added Networks D. Secured EDI Networks 108. EDI systems have many advantages within the revenue and cash collection processes. Which of the following is not one of those benefits? A. Reduction or elimination of data keying. B. Trading partners gaining access to data. C. Elimination of postage costs. D. Competitive advantage through better customer service.
109. The process of user identification to ensure that only authorized users are accessing the IT system, which occurs through the use of user ID, password, and other unique identifiers, is called: A. Processing Integrity B. Virtualization C. Availability D. Authentication 110. A control that limits the risk of network break-ins is the coding of data that makes data unreadable to those without the appropriate key. This process does not stop the breaches, but will make the data useless. A. Encryption B. Encoding C. Repudiation D. Hacking 111. This occurs when the IT system automatically makes a list of users and the actions they take within the IT system. A. Control Totals B. Transaction Logging C. Encryption Keys D. Acknowledgment 112. The Point-of-sales (POS) systems capture all relevant sales data at the point of sale - the cash register. The data that is captured includes all of the following, except: A. Prices are determined by accessing inventory and price list data B. Sales revenue is recorded C. Ordering for low-inventory items D. Inventory values are updated 113. Advantages to management and accountants, as the result of the point-of-sale systems, include all of the following except: A. Bar code scanning eliminates the need to manually enter product codes, quantities, or prices. B. Real-time update of cash, sales, and inventory records allows for immediate analysis of sales trends, inventory needs, and cash on hand. C. List prices can be changed by the check-out clerks to take advantage of any price changes. D. Credit card authorization during the sale save time and help prevent credit card fraud. 114. This term refers to moving the current accounting period forward to include sales that correctly occur in a future period. This activity occurs so that the selling company can inflate their sales in the current period. A. Channel stuffing B. Leaving sales open C. Shipping reversal D. Sales deferral
ANSWERS TO TEST BANK – CHAPTER 8 – MULTIPLE CHOICE: 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59.
D B A C B A C D B C A D C B
60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73.
D A C D B A C D B A C D B A
74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87.
C B D B A C B D A B D A D B
88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101.
C B D B A D C B B A C D C B
102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114.
D A D B A C B D A B C C B
TEST BANK – CHAPTER 8 – END OF CHAPTER QUESTIONS: 115. Within the revenue processes, a signed approval of a sales order indicates all of the following except: A. The date of delivery. B. The sale is to an accepted customer. C. The customer’s credit has been approved. D. The sales price is correct. 116. An example of an independent verification in the sale process is: A. Preparation of packing lists on prenumbered forms. B. Initialing the sales order. C. Proof of recorded dates, quantities, and prices on an invoice. D. Physical controls in record storage areas. 117. The purpose of tracing shipping documents to prenumbered sales invoices would be to provide evidence that: A. Shipments to customers were properly invoiced. B. No duplicate shipments or billings occurred. C. Goods billed to customers were shipped. D. All prenumbered sales invoices were accounted for. 118. The purpose of tracing sales invoices to shipping documents would be to provide evidence that: A. Shipments to customers were properly invoiced. B. No duplicate shipments or billings occurred. C. Goods billed to customers were shipped. D. All prenumbered sales invoices were accounted for.
119. To ensure that all credit sales transactions of an entity are recorded, which of the following controls would be most effective? A. On a monthly basis, the accounting department supervisor reconciles the accounts receivable subsidiary ledger to the accounts receivable control account. B. The supervisor of the accounting department investigates any account balance differences reported by customers. C. The supervisor of the billing department sends copies of approved sales orders to the credit department for comparison of authorized credit limits and current customer balances. D. The supervisor of the billing department matches prenumbered shipping documents with entries recorded in the sale journal. 120. Under a system of sound internal controls, if a company sold defective goods, the return of those goods from the customer should be accepted by the: A. Receiving Clerk B. Sales Clerk C. Purchasing Clerk D. Inventory Control Clerk 121. The source document that initiates the recording of the return and the adjustment to the customer’s credit status is the: A. Pick list B. Sales journal C. Credit memorandum D. Sales invoice 122. Which of the following is not a document that is part of the cash collection process? A. Remittance advice B. Cash receipts journal C. Bank deposit slip D. Packing slip 123. Which of the following would represent proper segregation of duties? A. The employee who has custody of cash also does accounts receivable record keeping. B. The employee who has custody of cash completes the bank reconciliation. C. The employee who opens mail containing checks prepares a list of checks received. D. The employee who opens mail containing checks records transactions in the general ledger. 124. Immediately upon receiving checks from customers in the mail, a responsible employee working in an environment of adequate internal control should prepare a listing of receipts and forward it to the company’s cashier. A copy of this cash receipts listing should also be sent to the company’s: A. Treasurer for comparison with the monthly bank statement. B. Internal auditor for investigation of any unusual transactions. C. Accounts receivable clerk for updating of the accounts receivable subsidiary ledger. D. Bank for comparison with deposit slips.
125. If a company does not prepare an aging of accounts receivable, which of the following accounts is most likely to be misstated? A. Sales revenues B. Accounts receivable C. Sales returns and allowances D. Allowance for uncollectible accounts 126. When a company sells items over the Internet, it is usually called e-commerce. There are many IT risks related to Internet sales. The risk of invalid data entered by a customer would be a(n): A. Availability risk. B. Processing integrity risk. C. Security risk. D. Confidentiality risk. 127. When a company sells items over the Internet, there are many IT risks. The risk of hardware and software failures that prevent website sales would be a(n): A. Availability risk. B. Processing integrity risk. C. Security risk. D. Confidentiality risk. 128. The use of electronic data interchange (EDI) to conduct sales electronically has both risks and benefits. Which of the following is a benefit of EDI, rather than a risk? A. Incomplete audit trail B. Repudiation of sales transactions C. Unauthorized access D. Shorter inventory cycle time 129. An IT system that uses touch screens, bar coded products, and credit card authorization during the sale is called a(n): A. Electronic data interchange system. B. E-commerce system. C. Point of sales system. D. E-payables system. 130. Which of the following is not a method of unethically inflating sales revenue? A. Channel stuffing B. Holding sales open C. Premature recognition of contingent sales D. Promotional price discounts ANSWERS TO TEST BANK – CHAPTER 8 – END OF CHAPTER QUESTIONS 115. 116. 117. 118.
A C A C
119. 120. 121. 122.
D A C D
123. 124. 125. 126.
C A D B
127. 128. 129. 130.
A D C D
TEST BANK – CHAPTER 8 – SHORT ANSWER QUESTIONS 131. Why is it important to establish and monitor credit limits for customers? Answer: Allow customers to order an excess over what they are able to pay poses a large risk for companies. It is important to review a customer’s credit worthiness and based on that credit worthiness, establish a credit limit. Once the limit is established, the company should have processes or methods to insure the credit limit is not exceeded. Without a limit, or monitoring that limit, the company has the risk of not being paid for goods or services purchased by customers. 132. Distinguish between a pick list and a packing slip. Answer: Although the information on these two documents is essentially the same, they are used for two different purposes. Both documents contain the items and quantities for a particular customer order. However, the pick list is used in the warehouse to pull items from the warehouse shelves, while the packing slip is included in the box or boxes shipped to the customer. The packing slip tells the customer which items should be in the shipment. 133. How can an effective system of internal controls lead to increased sales revenue? Answer: When an effective systems of internal controls is in place, managers may be able to spend less time overseeing operations and can therefore, spend more time on revenue growth strategies and activities. For example, with a proper set of general authorization procedures for sales, a manager would not need to approve each sale individually. This gives the manager more time to focus on activities that could lead to increased revenue. 134. Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts? Answer: Custody of assets and responsibility for record keeping should always be segregated. In this case, the person shipping the goods has custody and could therefore, steal assets. Access to customer records would allow that person to also alter records to hide the theft. The alteration to the records could include deleting the sale or writing off the sale as a bad debt. 135. What is the purpose of a credit memorandum? Answer: The credit memorandum documents the fact hat a customer has returned goods. The credit memorandum is also used to reduce the customer’s receivable account balance based upon the return of goods. 136. How are sales invoices used (in a manual system) in the preparation of credit memos? Answer: The sales invoice is matched to the receiving report that results from returned goods. This match is necessary to verify the fact that the merchandise was in fact sold to the customer, and to verify the selling price that should be refunded. 137. How can a security guard in a warehouse be considered an important component of a company’s accounting system? Answer: Internal controls over asses should include physical controls to prevent theft or misuse. For example, cash should be locked in a safe to prevent the theft of cash. Likewise, a security guard can help prevent theft or misuse of assets. This internal control would not prevent all theft, but would help reduce any theft.
138. How could fraud be perpetrated through the sales returns process? Answer: In the absence of good internal controls, there are several types of fraud that could occur in sales returns. These include: 1) customers returning goods not originally purchased from the company, 2) customers requesting a refund higher than the original sales amount, 3) requesting refunds for goods that were never returned, but submitting false documentation of a return, and 4) theft of returned goods by an employee. 139. Identify and distinguish between the three types of IT systems used in the sales process. Answer: The three types of IT systems described are EDI, Internet EDI, and point of sale systems. EDI and Internet EDI are used in company to company sales of goods and services. In EDI systems, the buyer and seller computer systems are connected and order data is exchanged electronically. EDI typically uses a value added network (VAN), while Internet EDI uses the internet to exchange data. Internet EDI is usually much more cost effective than EDI because the exchange via the Internet can be cost free. A POS system is used in end consumer sales such as retail stores and restaurants. A POS system usually is a touch screen, or bar code system at the cash register that records the sale and updates the appropriate cash, sales, and inventory accounts. All three systems are IT enablement of the sales process and they each improve the efficiency and effectiveness of sales processes. 140. Distinguish between B2B sales and B2C sales. Answer: Other than those presented in this chapter, name a company from your personal experience that uses B2C sales. B2B sales are IT enabled sales between two businesses. B2C sales are IT enabled sales between a business and an end consumer. A student could mention any online retailer, online bank, online broker, airline, or travel agent as examples of B2C. 141. List the advantages of e-commerce systems. Answer: The advantages are reduced costs, shorter sales cycles, increased accuracy and reliability of sales data, and an increase in the potential market. 142. Identify two of the biggest risks to companies who use e-commerce, along with controls to prevent these risks. Answer: Two of the business risks of e-commerce would be availability and security. If a company relies on online sales extensively, any failure in the hardware or software may make the online sales system unavailable and this causes lost sales. These lost sales can at times be very large losses. Unauthorized access or hackers represent a big risk to e-commerce. Placing sales online opens the company to unauthorized access and hacking, and therefore potential loss or destruction of data. 143. What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems? Answer: Reconciliations and verifications are important in the integration of front end and back end systems. As data moves from a front end system, such as an online sales system, to a back end system, such as warehouse systems, a reconciliation or verification can insure the data was transmitted between systems accurately. 144. Why is a redundant server system needed in an e-commerce environment? Answer: Availability is extremely important in e-commerce systems. Any failure of the system represents lost sales because the system is not available for customer use. A large e-commerce company could lose thousands of dollars in sales from a two or three hour downtime.
145. Question not available. 146. What are the three components of an EDI system? Answer: The three component parts are: 1) intercompany transfer, indicating the sale/purchase is between two companies; 2) computer to computer, indicating the computer system of the two companies are connected; and 3) a standard format for business documents to facilitate the intercompany transference of electronic documents. 147. What are the three standard parts of an EDI data transmission? Answer: Header and trailer data, labeling interchanges, and data segments. Header data is data about the file or transmission being sent. The header identifies the beginning and end of a particular transaction data set. Trailer data is also data about the file or transmission and identifies the end of a particular transaction data set. Labeling interchanges identify the type of transactions in the set, such as a set of sales invoices. Data segments include the actual data within the invoices, such as quantities and prices. 148. How could it be possible for two companies to conduct EDI if they are not directly connected with each other? Answer: Two companies could use a value added network (VAN) as a third party to serve as the provider of electronic inboxes for EDI exchanges. 149. List the advantages of an EDI system. Answer: The advantages are elimination of keying, keying errors, and the time needed for keying, the elimination of mailing time and postage costs, reduction of inventory levels, and competitive advantage and/or preservation of existing business. 150. What is the purpose of maintaining transaction logs? Why are they especially important in IT systems? Answer: Transaction logs serve as the audit trail of transactions processed by the computer. Review of these logs can insure that transactions are lost or unaccounted for. The logs also help insure a company can avoid repudiation of sales. 151. List some advantages of a POS system. Answer: Advantages are: ease of use by employees, the elimination of manually entered data, real-time access to prices and inventory levels, real-time credit card authorization, real-time update of affected accounting records, immediate summaries and reports of sales and cash, and integration with the general ledger accounts. 152. Why are backup systems one of the most important controls for POS systems? Answer: A system failure in a POS system would interrupt or halt sales. Such lost sales can be a large dollar amount and there could be future lost sales if customers become irritated by the system failures. To avoid these failures and the resulting lost sales, a company should maintain some type of backup system. 153. Describe a popular fraud scheme where company employees misuse the sales revenues cutoff. Answer: This is called leaving sales open. It counts sales from the first few days of the next month in the current month, and thereby inflates sales.
TEST BANK – CHAPTER 8 – SHORT ESSAY 154. Describe what is likely to occur if company personnel erroneously recorded a sales transaction for the wrong customer? What if a cash receipt was applied to the wrong customer? Identify internal controls that would detect or prevent this from occurring. Answer: If the sale is attached to the wrong customer, the wrong customer would be billed and it may cause both the wrong customer and the correct customer to have a negative opinion about the company. In addition, if the company does not maintain adequate documentation, it may be difficult to determine which customer should be billed. Therefore, the company may not be able to collect the cash they should have collected. If a cash receipt is applied to the wrong customer, then two customer balances will be erroneous. The company would continue to bill the customer who paid, while not billing the correct amount to the wrong customer. Without adequate documentation, it would be difficult to correct this situation. The internal controls that would help prevent these errors are maintaining adequate documentation, including source documents such as sales orders and remittance lists; the matching of key documents before recording; reconciliations and verifications of invoices to receivables; and supervision. 155. Debate the logic used in the following statement: “The person responsible for handling cash receipts should also prepare the bank reconciliation because he is most familiar with the deposits that have been made to the bank account.” Answer: It is true that if a person could be absolutely trusted to do both duties, it may be more efficient. However, having both duties provides opportunity and temptation for that person to steal cash and cover up the theft. In addition, a single person doing both duties might make an error affecting both the receipts and reconciliation. Segregating these duties may slightly decrease the efficiency of bank reconciliations, but the positive benefits of fraud prevention or detection and error detection outweigh any efficiencies. 156. Revenue systems are crucial in the healthcare industry, where hundreds of billions of dollars are spent annually reconciling revenues and billing data from the perspectives of providers (doctors and clinics, etc.) and payers (insurance companies). Briefly describe how EDI would be beneficial in this industry. Describe the purpose of the header data and trailer data. In an EDI system, the computer systems of the biller and payer are connected and they would greatly speed up the billing and paying process, as well as decrease the errors in the process. Answer: Without EDI, the would be keying errors, delays related to keying data and mailing bills and payments. The header and trailer data identify the transaction data set so that the two computer systems can insure the correct transaction data is matched. The header and trailer also identify the beginning and end of a transaction data set.
157. Use the process maps in this chapter to answer the following questions: a. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? b. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order c. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000 d. When is it necessary for an accounts receivable clerk to notify a customer Answer: a. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? The sale should be disapproved (rejected). b. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order? The goods are shipped, an invoice is prepared and mailed; the following records are updated: sales, general ledger; and a month end statement is prepared and mailed to the customer. c. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000? The clerk should first check to make sure of the balance. Then, that customer’s balance would be decreased to $900. b) When is it necessary for an accounts receivable clerk to notify a customer? An accounts receivable clerk would not need to notify customers. 158. Describe how the matching of key information on supporting documents can help a company determine that its revenue transactions have not been duplicated. Answer: For any sale, return or cash transaction, only one set of matching documents should exist. Once the documents are matched and recorded for a particular transaction, they should be filed as a completed transaction. Thus, that same transaction would not be recorded again since the source documents are filed. 159. Describe how the use of pre-numbered forms for receiving reports and credit memos can help a company determine that sales return transactions have not been omitted from the accounting records. Answer: When pre-numbered forms are used, it is much easier to insure that the entire series of transactions have been accounted for. Conversely, a missing number in the sequence of prenumbered documents is a clear indication that a transaction has been omitted. This may be easier to understand if you think about what it would mean if your own personal check book record was missing a check numbered 154. 160. Describe how a POS system could be useful to a company’s marketing managers. How could it be useful to production managers? Answer: A POS system can provide immediate feedback about product sales and inventory levels. Therefore, a marketing manager can get immediate feedback about which products sell well, which do not, and how price changes may affect sales of individual products. A production manager could use the inventory level feedback to more appropriately plan when to produce certain products.
161. Briefly describe an example from your personal experience where you purchased something from a company that uses a POS system. How might your experience have been different if the POS system did not exist in the experience you described? Answer: There are many possible experiences students could describe. Each student would probably describe. Most often students see or use POS systems at fast food restaurants and retail stores. Many students will have been employees who have used POS systems and may have very good examples. In regards to the differences if the POS system did not exist, the check out experience would be slower, thereby leading to longer lines, and more errors in the process. Errors include incorrect prices and incorrect orders. TEST BANK – CHAPTER 8 – PROBLEMS 162. In 1956, Gussepi DeLucca opened a pizza restaurant that he named DeLucca’s in St. Louis, Missouri. Over the years, he opened both company and franchise locations and grew the business to include over 40 restaurants that serve the three states around the St. Louis area. In 1993, DeLucca introduced a centralized phone ordering system with one phone number for customers to use. This meant that the customer did not need to look up the phone number of a local restaurant and call that restaurant to order. Rather, customers call one number and the employees taking the order can determine the closest DeLucca’s location and process the order. This system also centralized the pricing, ordering, and inventory systems for DeLucca’s. In 2004, DeLucca’s began offering online pizza orders through its Web site. DeLucca’s advertises this Web ordering as more convenient for the customer. For example, its ads suggest that a customer can examine the entire menu on the Web site prior to ordering; something that is not possible with phone orders. While there are many customer advantages of Web ordering, there are also many advantages to the company. From an accounting and internal control perspective, describe the advantages of DeLucca’s system, and any risks that it reduces. Answer: Advantages: The Web ordering system provides the advantages of: cost savings through lower marketing, employee, and paperwork costs; shorter sales cycles due to reduced time to place an order, increased accuracy and reliability of the order data; and increased potential market for the company’s products. Accordingly, DeLucca’s Web ordering system reduces the risks of misplacing an order, filling an order incorrectly, losing a sale due to a long wait time, and recording erroneous data due to errors in manual paperwork processing. Although some of these advantages and risk reductions are also realized through the company’s centralized phone ordering system, that phone system still involves manual processes to input customer orders, so there remain some costs and risks associated with employees, accuracy, and wait times.
163. You are the recent heir of $20,000 cash, with which you are considering opening a sushi bar in the university community. You would accept cash and credit card payments, which would be handled primarily by your servers. You also plan to offer introductory specials to attract customers during the initial months of business. Identify some advantages and disadvantages of investing in a POS system as part of this new business venture. What internal controls should be implemented to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons? Answer: The advantages of investing in a POS system as part of a new business venture include the following: • Ease of use and ease of training servers. This is expected to lead to fewer errors and more accurate sales and inventory data. • Time savings related to the elimination of manual input processes. This includes increased efficiency and reduced fraud related to processing of credit card payments from customers. • Increased accuracy due to the real-time access to inventory and price data. For instance, if the sushi bar’s daily special is sold out, that information can be immediately changed online so that servers can quickly inform customers of the change. • Enhanced accounting features such as real-time update of cash, sales, and inventory records, immediate summaries and analyses, and the potential for integration with a general ledger system will save manual steps and provide timely information for management purposes. Despite these many advantages, a new business venture would need to be especially careful of the extensive hardware and software costs that are necessary to support a POS system. In addition, availability risks may be significant, as any hardware and software failures could make the system unavailable and interrupt efficient business processes. Therefore, it is important that a new business venture consider these risks, analyze the costs and benefits of the system, and implement backup systems should be in place to reduce the availability risk. In order to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons, the sushi bar should be sure that its POS system includes all relevant payment information, including options to enter the use of coupons and method of payment. In addition, summaries can be provided immediately, so servers should be required to reconcile their transactions at the end of their shifts. 164. Aaron Preswick is the owner of AP’s Instant Replay, a consignment shop for used sporting goods. Aaron accepts consigned goods and offers them for sale to the general public. Aaron rents business space, including a retail store where the consigned goods are displayed and sold, with adjoining office space where an Internet site is maintained and other administrative functions are performed. The Internet site includes photos and descriptions of items available for sale worldwide. If the goods sell, Aaron’s consignment fee is 40% of the sale price, and 60% is remitted to the consignor. Shipping costs on electronic orders are paid by the customers. Identify internal control considerations for the following: a. the e-commerce portion of the business b. the retail portion of the business, assuming that the accounting systems are mostly manual and handled by Aaron and his wife. Answer: a. the e-commerce portion of the business. Internal control considerations associated with e-commerce should address the risks of security and confidentiality, processing integrity, and availability. Regarding security and confidentiality, Aaron should ensure that customers accessing the website and conducting sales transactions are valid customers with valid payment authorization and that transactions are logged so that an audit trail is established to avoid repudiation. Regarding processing integrity, Aaron
should be concerned with data input checks that verify the completeness, accuracy, and validity of the data entered on the website. In addition, he should implement back-end controls, such as reconciliations and verifications, to ensure the accuracy of information taken from this system to the company’s accounting systems. Finally, Aaron should implement controls to minimize service disruptions that could reduce sales. Accordingly, he should implement controls for redundant systems, disaster recovery, testing of software changes, and capacity planning and testing. b. the retail portion of the business, assuming that the accounting systems are mostly manual and handled by Aaron and his wife. The five internal control activities should be considered with respect to the retail business and manual accounting systems involving sales and cash collections. Even though segregation of duties will be difficult considering that only Aaron and his wife are operating the business, they can perform business processes in a manner to promote good control. For instance, they can check each other’s work in instances where they are performing incompatible duties involving combinations of custody and record keeping. They can ensure that prices are properly authorized by consignors and credit card payments are authorized at the time of the sale. Thorough documentation (such as detailed sales receipts) should be maintained and accounted for purposes of performing reconciliations and supporting the general ledger. Also, physical controls should be in place at the retail store in order to protect the company’s assets and records. 165. Identify an internal control procedure that would reduce each of the risks that follow in a manual system. Also describe how (or if) an IT system could reduce these risks. Answer: Student responses may vary, as more that one control may apply to risk reduction in these circumstances. However, following are some likely answers: a. Revenues may be recorded before the related shipment occurs. Shipping documentation should be matched with sales order data and presented to the billing department as the basis for recording the sale and preparing the bill. The IT system can perform an automatic match whereby shipping data are required as a basis for recording the revenue. b. Employees responsible for shipping and accounts receivable may collude to steal goods and cover up the theft by recording fictitious sales. To prevent this type of problem, sales orders should be reviewed for proper customer and authorized by an independent member of management prior to shipment. The IT system can include validity checks or other controls that require a valid customer in order for the transaction to be recorded. In addition, reconciliation procedures can compare manual documentation with system records to determine that valid transactions are recorded. If the collusion involves recording the fictitious sale in the account of a valid, existing customer, the process of sending sales invoices and customer statements, and the subsequent reconciliation procedures, would be important for uncovering this type of fraud. c. Credit memos may be issued at full price, when the goods were originally sold at a discount. Original sales documentation, including key information such as original sales price, must be required as a basis for preparing credit memos. An IT system could automatically match credit memo authorizations with the original sales data so that the credit would be issued at amounts that are consistent with the original sale pricing. d. Sales invoices may contain mathematical errors. Independent checks of sales invoices should occur before the customer is billed. This includes verification of mathematical accuracy. If an automated system is in place, the IT system can perform mathematical computations at a great time savings.
e. Amounts collected on accounts receivable may be applied to the wrong customer. Customer account statements should be sent on a regular basis so that customer records can be reconciled to the company’s records. This is likely to detect a misapplication of a customer collection. An IT system could enhance the process by requiring cash receipts to be entered along with a customer account number as well as an invoice number to ensure that the receipt is applied properly. f. Duplicate credit memos may be issued for a single sales return. A comparison of the receiving log with the credit memo listing would indicate if duplicate credit memos have been issued for a single sales return. An IT system could also prevent this risk by requiring that credit memos be generated only upon entering key information from the original sale and blocking the issuance of another credit memo for an item for which credit had already been issued. g. Sales invoices may not be prepared for all shipments. Shipping records should be compared with the sales invoices records. This may be done through the verification of the sequence of shipping documents to ensure that an invoice was prepared for each item shipped. An IT system may enhance this process by matching shipping document numbers with invoices, and preparing a warning report for any instances of unmatched shipping documents. h. Shipments may contain the wrong goods. Companies should require the matching of key information on related documents prior to shipment. This includes inventory quantities and descriptions on approved sales orders and packing lists. An IT system may make this process more efficient by performing the match automatically; it can verify whether product numbers and quantities on the sales orders match those on the shipping documentation. i. All sales transactions may not be included in the general ledger. A regular reconciliation should be performed to compare the sales journal with the amounts recorded in the general ledger. An IT system may perform a periodic automatic post of the sales journal to the general ledger, thereby eliminating the potential for missing sales transactions. 166. The following list presents various internal control strengths (S) or risks (R) that may be found in a company’s revenues and cash collection processes. ____ Credit is authorized by the credit manager. ____ Checks paid in excess of $5,000 require the signatures of two authorized members of management. (Although this is viewed as an internal control strength, it is not applicable to the revenues processes.) ____ A cash receipts journal is prepared by the Treasurer’s department. (This type of accounting record should be prepared by those with recordkeeping responsibilities rather than those in a position to perform reconciliations of the cash records.) _____ Collections received by check are received by the company receptionist, who has no additional recordkeeping responsibilities. _____ Collections received by check are immediately forwarded unopened to the accounting department. (This would place the accounting department in an incompatible role combining recordkeeping and custody of cash.) ______ A bank reconciliation is prepared on a monthly basis by the Treasurer’s department.
_____ Security cameras are placed in the shipping dock. _____ Receiving reports are prepared on pre-printed, numbered forms. _____ The billing department verifies the amount of customer sales invoices by referring to the authorized price list. (This price authorization role should be performed before billing. An approved sales order, including verified prices, should be in place at the time the documents reach the billing department.) _____ Entries in the shipping log are reconciled with the sales journal on a monthly basis. _____ Payments to vendors are made promptly upon receipt of goods or services. (Vendor payments relate to the expenditures processes rather than the revenues processes.) _____ Cash collections are deposited in the bank account on a weekly basis. (If cash receipts occur daily, they should be deposited promptly – preferably on a daily basis.) _____ Customer returns must be approved by a designated manager before a credit memo is prepared. _____ Account statements are sent to customers on a monthly basis. _____ Purchase returns are presented to the sales department for preparation of a receiving report. (Receiving reports should be prepared promptly upon receipt of returned items. This should be done in the receiving area, where the personnel have a custody function, rather than in the sales department, where the personnel initiate sales transactions.) Answer: __S__ Credit is authorized by the credit manager. _N/A_ Checks paid in excess of $5,000 require the signatures of two authorized members of management. (Although this is viewed as an internal control strength, it is not applicable to the revenues processes.) __R__ A cash receipts journal is prepared by the Treasurer’s department. (This type of accounting record should be prepared by those with recordkeeping responsibilities rather than those in a position to perform reconciliations of the cash records.) __S__ Collections received by check are received by the company receptionist, who has no additional recordkeeping responsibilities. __R__ Collections received by check are immediately forwarded unopened to the accounting department. (This would place the accounting department in an incompatible role combining recordkeeping and custody of cash.) __S___ A bank reconciliation is prepared on a monthly basis by the Treasurer’s department. __S__ Security cameras are placed in the shipping dock.
__S__ Receiving reports are prepared on pre-printed, numbered forms. __R__ The billing department verifies the amount of customer sales invoices by referring to the authorized price list. (This price authorization role should be performed before billing. An approved sales order, including verified prices, should be in place at the time the documents reach the billing department.) __S__ Entries in the shipping log are reconciled with the sales journal on a monthly basis. _N/A_ Payments to vendors are made promptly upon receipt of goods or services. (Vendor payments relate to the expenditures processes rather than the revenues processes.) __R__ Cash collections are deposited in the bank account on a weekly basis. (If cash receipts occur daily, they should be deposited promptly – preferably on a daily basis.) __S__ Customer returns must be approved by a designated manager before a credit memo is prepared. __S__ Account statements are sent to customers on a monthly basis. __R__ Purchase returns are presented to the sales department for preparation of a receiving report. (Receiving reports should be prepared promptly upon receipt of returned items. This should be done in the receiving area, where the personnel have a custody function, rather than in the sales department, where the personnel initiate sales transactions.) 167. Question not available. 168. Question not available.
169. Following are ten internal control failures related to the revenues and cash collection processes. _____ A customer ordered 12 boxes of your product (total of 144 items) for express shipment. Your data entry clerk inadvertently entered 12 individual items. _____ You enter sales and accounts receivable data in batches at the end of each week. Several problems have resulted recently as a result of recording invoices to the wrong customer account. _____ In an effort to boost sales, you obtain some of the stock of unissued shipping reports and create a dozen fictitious shipments. You submit these documents to the billing department for invoicing. _____ Checks are received by the mailroom and then forwarded to the accounts receivable department for recording. The accounts receivable clerk holds the checks until the proper customer account has been identified and reconciled. _____ Several shipping reports have been misplaced en route to the billing department from the shipping department. _____ Several sales transactions were not invoiced within the same month as the related shipment. _____ A sales clerk entered a non-existent date in the computer system. The system rejected the data and the sales were not recorded. _____ Upon entering sales orders in your new computer system, a sales clerk mistakenly omitted customer numbers from the entries. ______ A computer programmer altered the electronic credit authorization function for a customer company owned by the programmer’s cousin. _____ Customer orders were lost in the mail en route from the sales office to the accounting department (located at the company’s headquarters). Required: Select one internal control from the following list that would be most effective in the prevention of the failure. Indicate the letter of the control next to each failure above. Letters should not be used more than once and some letters may not be used at all. a. Pre-formatted data entry screens b. Pre-numbered documents c. Programmed edit checks d. 100% check for matching of customer orders and sales orders e. 100% check for matching of sales orders, pick list, and packing slips f. 100% check for matching of sales orders and invoices g. 100% check for matching of deposit slip and customer check. h. Prompt data entry immediately upon receipt of customer order i. Customer verification
j. Independent authorization for shipments k. Independent authorization for billing l. Reasonableness check m. Hash totals n. Data back-up procedures o. Program change controls p. Sequence verification q. Periodic confirmation of customer account balances Answer: __d__ A customer ordered 12 boxes of your product (total of 144 items) for express shipment. Your data entry clerk inadvertently entered 12 individual items. __q__ You enter sales and accounts receivable data in batches at the end of each week. Several problems have resulted recently as a result of recording invoices to the wrong customer account. __f__ In an effort to boost sales, you obtain some of the stock of unissued shipping reports and create a dozen fictitious shipments. You submit these documents to the billing department for invoicing. __g__ Checks are received by the mailroom and then forwarded to the accounts receivable department for recording. The accounts receivable clerk holds the checks until the proper customer account has been identified and reconciled. __p__ Several shipping reports have been misplaced en route to the billing department from the shipping department. __h__ Several sales transactions were not invoiced within the same month as the related shipment. __c__ A sales clerk entered a non-existent date in the computer system. The system rejected the data and the sales were not recorded. __a__ Upon entering sales orders in your new computer system, a sales clerk mistakenly omitted customer numbers from the entries. __o___ A computer programmer altered the electronic credit authorization function for a customer company owned by the programmer’s cousin. __n__ Customer orders were lost in the mail en route from the sales office to the accounting department (located at the company’s headquarters). 170. Brathert Company is a small company with four people working in the revenue processes. One of the four employees supervises the other three. Some tasks that must be accomplished within the revenue processes are the following: a. Accounts receivable record keeping b. Approving credit of customers
c. Authorizing customer returns d. Authorizing new customers e. Billing customers f. Cash receipts journal posting g. Entering orders received h. Inventory record keeping i. Maintaining custody of cash j. Maintaining custody of inventory k. Reconciling records to the bank statement Required: For each of the four employees (supervisor, employee 1, employee 2, and employee 3), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the four people, the duties you assigned to each employee, and a description of why those assignments achieve proper separation of duties. Answer: Supervisor: b., c., and d. (all Authorization functions) Employee 1: a., f., and h. (receivables, collections, and inventory Recordkeeping) Employee 2: e., g., and k. (sales and billing Recordkeeping and cash reconciliation) Employee 3: i. and j. (all Custody functions) 171. Refer to the ethics case regarding a mail order scenario presented as number 54 in Chapter 3. What term introduced in this chapter applies to the type of mail order deceit described in that case? What could the mail order company do to avoid a loss resulting from an event, assuming that it uses an e-commerce system? Answer: This type of mail order deceit is known as repudiation. The mail order company should have controls in place to make sure that each sale is to a valid customer with valid payment authorization and that an audit trail is maintained to avoid repudiation. Customer authentication through user ID and password should be used, as well as transaction logs and data trails. In this case, it may be most effective if the company uses digital signatures or digital certificates to authenticate and validate a customer. The signature verification would also be important upon delivery.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 9: Expenditures Processes and Controls – Purchases TEST BANK - CHAPTER 9 - TRUE / FALSE 1. When the company is a vendor, goods flow into the company and cash is paid out. 2. Companies in the same line of business are not likely to have many differences in their purchasing habits. 3. The purchasing process starts when the purchase invoice is submitted by the vendor. 4. A purchase order is essentially an internal document, one that does not go outside the company, whereas a purchase requisition is an external document, which will be presented to an entity outside the company. 5. A purchase requisition is essentially an internal document, one that does not go outside the company, whereas a purchase order is an external document, which will be presented to an entity outside the company. 6. The use of a blind purchase order forces the receiving clerk to perform an independent check of the quantity and quality of the delivery. 7. A company is not obligated to pay for goods until 30 days after the goods are received. 8. Even though a company has an obligation to pay for goods as soon as the goods are received, it is common to not record the actual liability until the invoice is received. 9. It is necessary for the purchasing department to set up the proper procedures to avoid problems related to cutoff issues. 10. The accounts payable department keeps copies of purchase orders and receiving reports, that will be compared to the related invoice, to be sure that the invoices represent goods that were ordered and received. 11. The accounting department is responsible for implementing internal controls over each business process. 12. Independent reconciliation of the accounts payable subsidiary ledger to the general ledger control account will help to assure that all inventories has been properly recorded. 13. Independent reconciliation of the periodic inventory counts and the inventory ledger and the general ledger will help to assure that inventory is being properly accounted for. 14. For a number of different reasons, a company may find it necessary to reject goods received which will start the purchase returns process.
15. The cash disbursement process must be designed to ensure that the company appropriately records all accounts payable transactions. 16. Most companies conduct business transactions with checks so that a written record is established for cash disbursements. 17. Copies of invoices should be filed in the account in alphabetic order by name of the vendors. 18. When an invoice is paid, it should be canceled to indicate that it has been paid. 19. When preparing the cash disbursement journals, it is important that the records have the actual date of cash disbursement, as is shown on the check. 20. Cash should be periodically verified by comparing the balance in the check book with the balance in the cash account in the general ledger. 21. Cash should be periodically verified by comparing the cash balance with the bank statement. 22. Only the purchasing department should authorize the processing of a cash disbursement transaction. 23. The authorization of a cash disbursement occurs when the accounts payable department matches the purchase order, receiving report, and the invoice, and then forwards the matched documents to the cash disbursements department. 24. Designated members of management should be given the responsibility for authorizing the actual payments and sign their signatures on the face of the check. 25. If the purchasing, receiving, accounts payable, and cash disbursements processes are completed by the same individuals, the internal controls will be stronger because someone in the company will have an overall view of company activities. 26. In order to institute an automated matching system, all of the relevant files must exist in the same physical room. 27. When an automated matching system is used, all of the relevant files must be online (or in databases). The system can then access the online purchase order and receiving files and check the match of items, quantities, and prices. 28. A user who logs in to the computer-based accounting system to enter invoices should also have access to the portion of the system that would allow her / him to order goods. 29. Computer logs should be maintained in order to have a complete record of who used the system and the histories of that use. This computer log would allow monitoring and identification of unauthorized accesses or uses. 30. When a company implements an evaluated receipt settlement results in the increase in the strength of the internal controls.
31. Because the evaluated receipts settlement process relies heavily on an IT system that can quickly access online purchase-order files, a system slowdown could halt all receiving activity. 32. E-business and EDI have much different advantages and risks to the vendor than what exists for the customer. 33. Redundancy is needed for servers, data, and networks. 34. It is likely that expenditure fraud and ethics violations could be eliminated by a strong, ethical “tone at the top” along with encouragement of ethical behavior by all employees, and strong internal controls. 35. Corporate governance policies and procedures must be in place to assure that funds are expended only to the benefit the organization and its owners. 36. It is necessary that managers remember that they are stewards of funds expended by a business - that the funds are not owned by the managers. 37. Strong corporate governance will prevent fraud, theft, and mismanagement within the expenditure process. ANSWERS TO TEST BANK – CHAPTER 9 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8.
F F F F T T F T
9. 10. 11. 12. 13. 14. 15. 16.
T T F F T T F T
17. 18. 19. 20. 21. 22. 23. 24.
F T T F T F T T
25. F 26. F 27. T 28. F 29. T 30. F 31. T 32. F
33. 34. 35. 36. 37.
T F T T F
TEST BANK - CHAPTER 9 - MULTIPLE CHOICE 38. The policies and procedures that employees following in completing the purchase of goods or materials, capturing vendor data and purchase quantities, and routing the resulting purchasing documents to the proper departments within the company are called: A. Systems B. Processes C. Activities D. Requisitions 39. The information from a purchase must flow into the purchase recording systems, the accounts payable and cash disbursement systems, and the inventory tracking systems. In an IT accounting system, these recording and processing systems are called: A. General Ledger Systems B. Integrated Accounting Systems C. Journal Application Systems D. Transaction Processing Systems
40. The acquisition of materials and supplies and the related cash disbursements is referred to as: A. The Procurement Process B. Systems and Control Process C. Expenditure and Return Process D. Conversion Process 41. Which of the following would be referred to as a common carrier? A. Taxi-cab B. Trucking company C. City bus D. Fire department vehicle 42. Common expenditure processes would include all of the following, except: A. Preparation of a purchase requisition B. Reception of the goods or services C. Recording the liability D. Payment received on account 43. The textbook referred to the three primary categories of process in the typical purchasing system. Which of the following in not one of those categories? A. Purchase Processes B. Cash Disbursement Processes C. Receiving Processes D. Purchase Return Processes 44. Each category of processes in the typical purchasing system would include controls and risks. For each of the categories, the goal of the internal controls system is to reduce specific types of business risks. Which of the following is not one of those risks? A. Recording invalid transactions. B. Recording transactions at the wrong amounts. C. Omitting actual transactions from the accounting records. D. Transactions properly accumulated or transferred to the correct accounting records. 45. This form is prepared to document the need to make a purchase and requests that the specific items and quantities be purchased. A. Purchase order B. Purchase requisition C. Purchase invoice D. Purchase journal 46. This form is issued by the buyer, and presented to the seller, to indicate the details for products or services that the seller will provide to the buyer. Information included on this form would be: products, quantities, and agreed-upon prices. A. Purchase order B. Purchase requisition C. Purchase invoice D. Purchase journal
47. A record keeping tool used to record purchases in a manual accounting system. This “tool” would consist of recording all of the purchased orders issued to vendors in a chronological order. A. Purchase order B. Purchase requisition C. Purchase invoice D. Purchase journal 48. There are different ways to issue a purchase order to a vendor. Which of the following is not one of the ways? A. Hard copy via fax or mail B. Hard copy by hand C. Electronically via e-mail D. Directly through the computer network 49. When purchased goods are received, which of the following tasks should be completed in the receiving area? A. An inspection of the goods - quantity counted and condition assessed. B. Documenting the details of the receipt, before the carrier leaves. C. Match the purchase order, the receiving report, and the purchase invoice to be sure that they agree. D. Preparation of a receiving report detailing the contents and condition of the goods. 50. This document, prepared and maintained by the receiving department, is a sequential listing of all receipts. A. Receiving report B. Packing slip C. Bill of lading D. Receiving log 51. This document, prepared by the purchasing department, for use by the receiving department, is copy of the purchase order that eliminates all data about the price and quantity of the items ordered. A. Packing slip B. Blind purchase order C. Empty purchase order D. Receiving report 52. This document, prepared by the vendor, provides details of the items included in the delivery; and is normally signed by the receiving clerk as verification of receipt. A. Packing slip B. Receiving report C. Bill of lading D. Purchase order
53. This document, prepared by the vendor, is intended to show the quantities and descriptions of items included in the shipment. A. Packing slip B. Sales invoice C. Bill of lading D. Purchase order 54. When goods are received at the end of the accounting period, and the invoice is not received until after the start of the following period, a problem may arise as to when to record the liability. This is referred to as a(n): A. Obligation referral B. Cutoff issue C. Liability deferral D. Channel stuffing 55. The date that is the end of the accounting period is referred to as the: A. Fiscal date B. Change off C. Accounting cut D. Cutoff 56. The accounting record includes the details of amounts owed to each vendor is called the: A. Accounts payable subsidiary ledger B. Purchases journal C. Accounts receivable subsidiary ledger D. Receiving log 57. The internal control activities within the purchasing process, related to authorization of transactions, would include which of the following? A. The accounting duties related to requisitioning, ordering, and receiving goods should be performed by different individuals. B. The custody of inventory and the recording of inventory transactions are required to be maintained. C. Specific individuals are to be authoritative responsibility for preparing purchase requisitions and purchase orders which would include which items to purchase, how many items, and which vendor. D. Periodic physical inventory counts are to be reconciled with the inventory ledger and general ledger. 58. Internal control activities within the purchasing process, identified as segregation of duties, would include all of the following, except: A. Responsibility for authorization, custody, and record keeping are to be assigned to different individuals. B. Duties related to requisitioning, ordering, purchase approval, receiving, inventory control, accounts payable, and general accounting are to be delegated to separate departments or individuals. C. Complete separation of inventory custody from inventory accounting. D. Purchasing records and programs must be protected from unauthorized access.
59. Internal control activities within the purchasing process, identified as adequate records and documents, would include which of the following? A. Files are to be maintained for purchase requisitions, purchase orders, receiving reports, and invoices. B. Periodic physical inventory counts are to be reconciled with the inventory ledger. C. Companies are to implement controls where the corresponding benefit exceeds the related cost. D. Avoid having the same individuals who handle the inventory also have access to the related accounting records. 60. A company should study risks common to it system prior to deciding the mix of controls needed. High-risk characteristics that might justify the need for extensive internal controls include all of the following, except: A. Goods received are especially difficult to differentiate, count, or inspect. B. High volumes of goods are often received, or the goods are of high value. C. Receiving and / or record keeping are performed at one centralized location. D. Changes in price or vendors are frequent. 61. The internal control process of having the receiving reports prepared on pre-numbered forms so that the sequence of receipts can be reviewed for proper recording will help to minimize the related risk of: A. Invalid vendors B. Omitted purchases C. Fictitious purchases D. Timing issues 62. The internal control process of separating the custody of internal control from the accounts payable record keeping will help to minimize the risk of: A. Fictitious purchases B. Invalid vendors C. Duplicate purchases D. Incorrect amounts 63. The internal control process of requiring physical controls in the warehouse and receiving areas, in order to limit access to inventory items, will help to minimize the risk of: A. Incorrect posting B. Omitted purchases C. Invalid vendors D. Stolen goods 64. The internal control process that requires purchase records be matched and verified for item descriptions, quantities, dates, authorized prices, and mathematical accuracy, will help to minimize the risk of: A. Stolen goods B. Omitted transactions C. Invalid purchases D. Incorrect accumulation
65. A company may reject goods received due to a number of reasons. The process related to this is referred to as: A. Purchases B. Purchase Returns C. Accounts Payable D. Receiving 66. Goods received are unacceptable due to many different situations. Which of the following is not one of those situations? A. Damage or defects B. Changes in the company needs regarding future sales or production C. Errors in the type of goods delivered or ordered D. Timing issues 67. The document that identifies the items being returned, along with the relevant information regarding the vendor, quantity and price, is called: A. Credit memo B. Receiving report C. Purchase requisition D. Debit memo 68. Internal controls related to the purchase returns would include all of the following, except: A. The accounts payable employee who prepares the debit memo should also be responsible for handling the inventory and approving the return. B. Special authorization should be required to officially reject and return the items. C. Debit memos should be issued on pre-numbered forms in numerical sequence. D. Accounts payable records and data files should be restricted to those who are specifically authorized to approve or record the related purchase return. 69. The internal control process that requires the approval of the purchase return transaction take place before the preparation of the debit memo will help to minimize the risk of: A. Fictitious returns B. Omitted returns C. Invalid returns D. Wrong vendor 70. The internal control process that requires the segregation of the authorization of purchase returns and the accounts payable record keeping and the custody of inventory, will help to minimize the risk of: A. Incorrect amounts B. Fictitious returns C. Timing issues D. Duplicate returns
71. The internal control process that requires vendor statements to be reviewed monthly and reconciled with accounts payable records, will help to minimize the risk of: A. Invalid returns B. Stolen goods C. Wrong account numbers D. Omitted returns 72. The internal control process that requires purchase return records be matched with the original purchase documentation and verified for item descriptions, quantities, dates, and prices, will help to minimize the risk of: A. Incorrect amounts B. Omitted returns C. Fictitious returns D. Invalid vendors 73. The careful oversight of cash balances, forecasted cash payments, and forecasted cash receipts to insure that adequate cash balances exist to meet obligations is called: A. Cash disbursements B. Cash management C. Independent checks D. Accounts payable management 74. Which department is generally responsible for the notification of the need to make cash disbursements and the maintenance of vendor accounts? A. Accounting department B. Purchasing department C. Accounts payable department D. Shipping department 75. It is important that documentation support or agree with an invoice before payment is approved and a check is issued. Which documents should be matched to make sure that the invoice received relates to a valid order that was placed and that the goods were received? A. Purchase requisition, purchase order, and receiving report. B. Purchase order, receiving log, and invoice. C. Purchase requisition, receiving report, and statement. D. Purchase order, receiving report, and invoice. 76. It is necessary for a company to maintain good control over their accounts payable and paying by the due date, for all of the following reasons, except: A. Avoid late payment fees B. Maintain relationships with customers C. To take advantage of discounts for early payment D. To stay on good terms with its vendors
77. A tear-off part of a check that has a simple explanation of the reasons for the payment is called: A. Remittance advice B. Disbursement journal C. Transaction description D. Cash register 78. When a payment has been made, the cash disbursements clerk will clearly mark the invoice with information pertaining to the date and the check number used to satisfy the obligation. This process is called: A. Marking the invoice B. Retiring the invoice C. Cancelling the invoice D. Destroying the invoice 79. A chronological listing of all payments is referred to as a(n): A. Remittance Advice B. Cash Disbursements Journal C. Accounts Payable Ledger D. Purchases Journal 80. This control requires the approval and signature of two authorized persons, which reduces the risk of significant fraud or error. A. Double Remittance B. Duo-Authorization C. Bi-Sign D. Dual Signature 81. The security of assets and documents would include all of the following, except: A. Access to cash should be limited to the authorized check signers. B. Physical controls should be in place where the cash is retained and disbursed. C. Access to records should be limited to persons with the authority to sign checks. D. The company’s stock of unused checks should be protected and controlled. 82. The internal control process that requires the approval of cash disbursement transaction to take place prior to the preparation of the check will help to minimize the risk of: A. Fictitious payments B. Invalid payments C. Timing issues D. Stolen cash 83. The internal control process that requires that the bank reconciliation be performed monthly will help to minimize the risk of: A. Invalid payments B. Invalid vendors C. Incorrect posting D. Duplicate payments
84. A computer software technique in which the computer software matches an invoice to its related purchase order and receiving report is called a(n): A. Three way matching B. Document matching C. Disbursement approval D. Automated matching 85. Advantages of an automated system include all of the following, except: A. Reduce time, costs, errors, and duplicate payments. B. Increased cost of the system. C. Provides management more timely information to forecast future cash outflows for payment of invoices. D. Summarized detailed transactions into summary amounts that are posted to the general ledger accounts. 86. The security and confidentiality risks of computer based matching would include: A. Unauthorized access to the system’s ordering and matching functions would allow the insertion of fictitious vendors and / or invoices. B. Errors in system logic can cause systematic and repetitive errors in matching. C. The criteria used to identify duplicate payments may be too tightly defined and will overlook duplicate payments. D. System breakdowns or interruptions can stop or slow the processing of invoices and payments. 87. This type of system matching takes place without invoices. The receipt of goods is carefully evaluated and, if it matches the purchase order, settlement of the obligation occurs through the system. A. Business Process Engineering B. Controlled Access Invoicing C. Evaluated Receipt Settlement D. Double Matching System 88. In order to help safeguard the security and confidentiality in an electronic business environment, a company should implement controls such as user ID, password, log-in procedures, access levels, and authority tables in order to reduce the risk of: A. Unauthorized access B. Incomplete audit trail C. Virus and worm attacks D. Repudiation of purchase transactions 89. In order to help safeguard the processing integrity in an electronic business environment, a company should implement input controls such as field check, validity check, limit check, reasonableness check, and computer logs in order to reduce the risk of: A. Worm attacks B. Hackers C. Unauthorized access D. Invalid data entry
90. In order to help safeguard the availability in an electronic business environment, a company should implement controls such as business continuity planning, backup data and systems, in order to reduce the risk of: A. Unauthorized access B. System failures C. Repudiation of purchase transactions D. Invalid data entry 91. The examination of the system to determine the adequacy of security measures and to identify security deficiencies is called: A. Intrusion detection B. Penetration testing C. Vulnerability testing D. Integrity testing 92. Intentionally attempting to circumvent IT system access controls to determine whether there are weaknesses in any controls is called: A. Penetration testing B. Intrusion detection C. Integrity testing D. Vulnerability testing 93. This type of software alerts the organization to hacking or other unauthorized use of the system or net work. A. Penetration testing B. Intrusion detection C. Integrity testing D. Vulnerability testing 94. One of the newest technologies related to payables is one where invoices are exchanged and payments are made via the internet. The name given to this process is: A. Random Array of Invoice and Disbursements (RAID) B. Electronic Invoice Payment Procedures (EIPP) C. Electronic Invoice Presentment and Payment (EIPP) D. Routing Application Invoice Delivery (RAID) 95. Credit cards given to employees by the organization in order for the employees to make designated purchases are called: A. Employee Debit Cards B. Organization Purchase Cards C. Expenditure Cards D. Procurement Cards 96. Which of the following groups has an ethical obligation to establish the proper tone at the top, strong internal controls, and high ethical standards? A. Stockholders B. Board of Directors and Management C. Employees D. Audit Committee
97. There are four primary functions of corporate governance. Which of the following is NOT one of those functions? A. Availability B. Management Oversight C. Internal Controls and Compliance D. Financial Stewardship ANSWERS TO TEST BANK – CHAPTER 9 – MULTIPLE CHOICE: 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49.
B D A B D C D B A D B C
50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61.
D B C A B D A C D A D B
62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73.
A D C B B D A C B D A B
74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85.
C D B A C B D C B A D B
86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97.
A C A D B C A B C D B A
TEST BANK – CHAPTER 9 – END OF CHAPTER QUESTIONS: 98. Within the purchases processes, which of the following is the first document prepared and thereby the one that triggers the remaining purchasing processes? A. The invoice B. The receiving report C. The purchase order D. The purchase requisition 99. Personnel who work in the receiving area should completed all of the following processes, except: A. Counting the goods received B. Inspecting goods received for damage C. Preparing a receiving report D. Preparing an invoice 100. Which of the given departments will immediately adjust the vendor account for each purchase transaction so that the company will know the correct amount owed to the vendor? A. Purchasing B. Receiving C. Accounts Payable D. Shipping
101. One of the most critical controls to prevent theft of inventory purchased is to: A. Require authorization of the purchase requisition. B. Segregate inventory custody from inventory record keeping. C. Compare the purchase order, receiving report, and invoice. D. Segregate the authorization of purchases from the inventory record keeping. 102. Internal control is strengthened by the use of a blind purchase order, upon which the quantity of goods ordered is intentionally left blank. This blind copy is used in which department? A. The department that initiated the purchase request. B. The receiving department. C. The purchasing department. D. The accounts payable department. 103. Which of the following questions would most likely be included in an internal control questionnaire concerning the completeness of purchasing transactions? A. Is an authorized purchase order required before the receiving department can accept a shipment or the accounts payable department can record a voucher? B. Are prenumbered purchase requisitions used and are they subsequently matched with vendor invoices? C. Is there a regular reconciliation of the inventory records with the file of unpaid vouchers? D. Are prenumbered purchase orders, receiving reports, and vouchers used, and are the entire sequences accounted for? 104. Which of the following controls is not normally performed in the accounts payable department? A. The vendor’s invoice is matched with the related receiving report. B. Vendor invoices are approved for payment. C. Asset and expense accounts to be recorded are assigned. D. Unused purchase orders and receiving reports are accounted for. 105. In a system of proper internal controls, the same employee should not be allowed to: A. Sign checks and cancel the supporting voucher package. B. Receive goods and prepare the related receiving report. C. Prepare voucher packages and sign checks. D. Initiate purchase requisitions and inspect goods received. 106. The document prepared when purchased items are returned is a(n): A. Debit memo B. Invoice C. Receiving report D. Shipping notice 107. Within cash disbursements, all of the following should be true before a check is prepared, except that: A. The purchase order, receiving report, and invoice have been matched. B. The purchased goods have been used. C. Sufficient cash is available. D. The invoice discount date or due date is imminent.
108. A manager suspects that certain employees are ordering merchandise for themselves over the Internet without recording the purchase or receipt of the merchandise. When vendors’ invoices arrive, one of the employees approves the invoices for payment. After the invoices are paid, the employee destroys the invoices and related vouchers. To trace whether this is actually happening, it would be best to begin tracing from the: A. Cash disbursements. B. Approved vouchers. C. Receiving reports. D. Vendors’ invoices. 109. Within accounts payable, to ensure that each voucher is submitted and paid only once, each invoice approved to be paid should be: A. Supported by a receiving report. B. Stamped “paid” by the check signer. C. Prenumbered and accounted for. D. Approved for authorized purchases. 110. For proper segregation of duties in cash disbursements, the person who signs checks also: A. Reviews the monthly bank reconciliation. B. Returns the checks to accounts payable. C. Is denied access to the supporting documents. D. Is responsible for mailing the checks. 111. Which of the following internal controls would help prevent overpayment to a vendor or duplicate payment to a vendor? A. Review and cancellation of supporting documents after issuing payment. B. Requiring the check signer to mail the payment to the vendor C. Review of the accounts where the expenditure transaction has been recorded D. Approving the purchase before the goods are ordered from the vendor 112. Which of the following is not an independent verification related to cash disbursements? A. The cash disbursements journal is reconciled to the general ledger. B. The stock of unused checks should be adequately secured and controlled. C. The bank statement is reconciled on a monthly basis. D. The accounts payable subsidiary ledger is reconciled to the general ledger. 113. Which of the following IT systems is designed to avoid the document matching process and is an “invoiceless” system? A. Computer-based matching system B. Electronic data interchange C. Evaluated receipt settlement D. Microsoft Dynamics GP® 114. Input controls such as field check, validity check, limit check, and reasonableness check are useful in IT systems of purchase to lessen which of the following risks? A. Unauthorized access B. Invalid data entered by vendors C. Repudiation of purchase transactions D. Virus and worm attacks
115. Which of the following is most likely to be effective in deterring fraud by upper level managers? A. Internal controls B. An enforced code of ethics C. Matching documents prior to payment D. Segregating custody of inventory from inventory record keeping ANSWERS TO TEST BANK – CHAPTER 9 – END OF CHAPTER QUESTIONS 98. 99. 100. 101.
D D C B
102. 103. 104. 105.
B D D C
106. 107. 108. 109.
A B A B
110. 111. 112. 113.
B A B C
114. B 115. B
TEST BANK – CHAPTER 9 – SHORT ANSWER QUESTIONS 116. Name the first document that should be prepared when a production employee recognizes that the quantity of goods on hand is insufficient to meet customer demand. Answer: Purchase requisition. 117. How does the maintenance of a receiving log enhance internal controls? Answer: A receiving log is a sequential listing of all goods received. It serves as an audit trail and allows the physical goods received to be matched against other documentation to ensure that all goods are received. 118. Why should a receiving clerk be denied access to information on a purchase order? Answer: This practice is called a “blind PO” and the advantage is that it forces a physical count of goods received. A clerk cannot complete the “quantity received” field of a receiving report until the goods have been counted. If the PO contained quantities ordered, the clerk could assume that the quantity received is equal to quantity purchased and therefore, skip the physical count. However, conducting the physical count is a much better practice and the blind PO serves as a control to force such a count. 119. Under what circumstances would it be necessary to manually update accounts payable prior to the receipt of a vendor’s invoice? Answer: When the receipt of goods occurs at the end of a period, but the invoice is not received until the next period, the liability should be recorded in the first period even though the invoice has not yet been received. 120. Which department is responsible for making sure that payments are made in time to take advantage of vendor discounts? Answer: It is the responsibility of accounts payable. 121. Why would some checks need to include two signatures? Answer: Large checks over a specified amount may require two signatures. Large checks entail more risk for the company and the dual signature lessens risks.
122. During the process of reconciling the bank account, why is it necessary to review the dates, payees, and signatures on the canceled checks? Answer: Reviewing dates, payees, and signatures on cancelled checks may help uncover unusual events. These unusual events can then be checked to make sure that they are not part of a fraud scheme. 123. What specifically does a cash disbursements clerk do when he or she “cancels” an invoice? How does this compare to the procedures used when computer-based matching exists. Answer: To cancel an invoice means to mark or stamp it with the date paid and check number. The purpose is to help prevent duplicate payment of an invoice. In an automated matching system, the system would be programmed to ensure that there were no previous payments that would make a new payment a duplicate payment. 124. Why should accountants periodically review the sequence of checks issued? Answer: To ensure there are no missing or unaccounted checks. This helps prevent errors and fraud. 125. What accounting records are used by accounts payable personnel to keep track of amounts owed to each vendor? Answer: An accounts payable subsidiary ledger is used to record the detail of amounts owed to each vendor. 126. Identify some inefficiencies inherent in a manual expenditures processing system. Answer: There is a physical matching of documents by humans and this process is time consuming and error prone. Even if a software system such as Microsoft Dynamics GP is used, there are many human tasks that are time consuming and error prone. Those tasks are: keying of data for a purchase order; the manual process of comparing an order received to the PO; keying in the receiving report and finding the PO in the system to match it against; keying the invoice into the system and finding the PO in the system to match it against; and the human decision making process of which invoices to approve for payment. These inefficiencies cause a large expenditure in salaries and wages for the personnel who do the matching. 127. What are the advantages of BPR? Answer: Using BPR to design IT systems can reduce the amount of paperwork, manual processing and the costs inherent in paperwork and manual processing. The costs include wages and salaries for the time to do manual processing and to correct errors or mismatches that occur in the manual processes. 128. List three examples of BPR used in the expenditures processes. Answer: BPR can be used to change a manual matching and payment system into one of three IT systems. These three include computer based three-way matching, Evaluated Receipt Settlement (ERS), and EDI. 129. Explain how system logic errors could cause cash management problems. Answer: When there are logic errors in a system, it may cause the system to make the same error repetitively. If the logic error is in approving payments, the system may repetitively approve payments at the wrong times or in the wrong amounts. Since the error is repetitive, it could quickly cause cash flow problems by paying too much cash, too soon.
130. Explain how system availability problems could cause cash management problems. Answer: Significant amounts of downtime in the system could delay payments to vendors. In turn, vendors may delay shipments of materials to the company, which would then delay sales to customers and cash inflows. 131. How is an audit trail maintained in an IT system where no paper documents are generated? Answer: Backup files and computer logs of transactions can serve as part of an audit trail. 132. What can a company do to protect itself from business interruptions due to power outages? Answer: A company should have a disaster recovery plan and they should use uninterruptible power supplies as a backup to the normal power source. 133. What paper document is eliminated when ERS is used? Answer: ERS is an invoiceless match system. This means the invoice is eliminated and the vendor is paid if the purchase order matches the goods received. 134. Identify compensating controls needed for an effective ERS system. Answer: Some of the compensating controls needed are: Established procedures in receiving to ensure goods are only accepted when quantities and part numbers match exactly; there must be a much more detailed negotiation with suppliers to establish accepted practices and firm prices with suppliers; vendors must understand that substitutions and partial shipments cannot be accepted; there should be established procedures to handle exceptions that arise, but exceptions should be very rare. 135. What is typically the most time-consuming aspect within the expenditures process? Answer: It is the matching of documents in a three-way match system. The time involved is usually very high because of the manual steps and because of the time involved in reconciling mismatches of part numbers, quantities, and prices in many shipments. 136. Identify the category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls. Answer: The category of risk that these controls reduce is security and confidentiality risk, and more specifically, unauthorized access. 137. Explain why the availability of computer systems in the receiving department is such an important component of an automated expenditures process. Answer: In most automated vendor payment systems, there is a presumption that the receiving personnel must reject shipments that do not match the purchase order. This means that the receiving personnel must be able to look up the desired purchase order at the same time the delivery is at the receiving dock. The receiving personnel must be able to reject the shipment, of necessary, while the delivery person is still at the receiving dock. In this circumstance, the purchase order files must be online and readily accessible to receiving personnel. 138. Identify three ways that buyers and sellers may be linked electronically. Answer: EDI systems link buyers and sellers electronically. The electronic link may be in the form of private leased lines, third-party networks called value-added networks, or via the Internet.
139. What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems? Answer: Penetration testing, vulnerability assessment, and intrusion detection systems all help expose potential unauthorized access. 140. How are Web browsers used in e-payables systems? Answer: In many accounting systems, the accounting software has a custom designed screen to view and enter data. In e-payable system, a web browser is used as the interface to receive and review invoices, as well as to make vendor payments. The web browser is perceived to be a more user friendly approach to the interface. 141. Explain how procurement cards provide for increased efficiencies in the accounts payable department. Answer: P-cards are used for purchases of things such as supplies, maintenance, and travel and entertainment expenses. Without p-cards, many companies find they have a large volume of these small dollar transactions that would still require the regular matching process in accounts payable. The p-card eliminates this time consuming matching process for items purchased with the p-card. This eliminates soliciting bids, keying PO and invoice data, matching documents, reconciling mismatches, and writing small dollar amount checks. Instead, the company receives one monthly bill from the credit card issuer.
TEST BANK – CHAPTER 9 – SHORT ESSAY 142. Describe what is likely to occur if company personnel erroneously recorded a purchase transaction for the wrong vendor? What if a cash disbursement was posted to the wrong vendor? Identify internal controls that would detect or prevent this from occurring. Answer: If a company erroneously recorded a purchase transaction to the wrong vendor, it is likely to make a payment to the wrong party. When the correct vendor does not collect its payment, it will notify the company and demand payment. This will likely result in the company making a duplicate payment for the same transaction. If a cash disbursement was posted to the wrong vendor account, this would also likely result in the company making a duplicate payment for the same transaction. Since the first payment did not get recorded correctly, the company would not have proper record of the payment. When it reviewed its vendor accounts, it would note that it still needed to make a payment. It would be difficult to discover an erroneous posting of a purchase transaction or cash disbursement to the wrong vendor account. (An incorrect posting of a cash disbursement is more likely to be discovered in the document matching and subsequent posting process.) The following internal controls could detect these types of problems: • When invoices arrive from the vendor companies, there should be an attempt to match the invoice to the purchase order and receiving report before the transaction is posted to the vendor account within the accounts payable subsidiary ledger. During this posting, the employee who posts should verify that the transaction is recorded in the proper vendor account. • A reconciliation should be performed upon receipt of the vendor's statement. This should reveal any differences in terms of purchase or payment information. • A review of the vendor file should be performed periodically. The vendor to which the purchase should have been recorded or the vendor to which a payment was erroneously applied may show a negative balance (paid more than recorded purchases). The error may also be discovered when there is a reconciliation of the accounts payable subsidiary ledger to the general ledger, although this is not as likely. The reconciliation would still balance even if an amount is recorded in the wrong vendor account. It is also possible that this error would not be discovered particularly if there are always outstanding balances in vendor accounts. The best internal control to prevent these errors would be to use an automated, rather than manual system. An automated system would automatically post to the correct vendor as the purchase order is created. 143. Debate the logic used in the following statement: “The person responsible for approving cash disbursements should also prepare the bank reconciliation because he is most familiar with the checks that have been written on that bank account.” Answer: It may be true that this person is more familiar with the checks, but it would not represent a good internal control process. If a separate person reconciles the account, it prevents the first person from writing fraudulent checks and covering it up by altering the bank reconciliation.
144. Expenditure systems are crucial in the automobile manufacturing industry, where hundreds or thousands of parts must be purchased to manufacture cars. Briefly describe how EDI would be beneficial in this industry. Answer: Since there would be such a large volume of purchase orders, invoices, and receiving reports, that handling so many paper document would be inefficient. EDI would eliminate all of the manual steps in handling these paper documents, eliminate the keying of the data on these documents, and eliminate mail delays. An EDI system would be faster, more efficient and less error prone. Therefore, it would also reduce the cost per transaction. 145. Describe how the matching of key information on supporting documents can help a company determine that purchase transactions have been properly executed. Answer: If the company has established proper segregation of duties and matches documents, there is a likelihood they have properly insured that purchase transactions are properly executed. Purchasing would not complete a PO and place an order until they receive a purchase requisition. The PO would be forwarded to accounts payable. The receiving department would complete and forward a receiving report upon receiving the goods. The invoice comes from a separate party – the vendor. If these three separate documents match, it is a good assurance that it was a valid, authorized order, it was properly received, and the vendor billed correctly for goods ordered and received. 146. Describe how the use of pre-numbered forms for debit memos can help a company determine that purchase return transactions have not been omitted from the accounting records. Answer: It is much easier to account for all debit memos if they are pre-numbered. The sequence of numbers can be checked to ensure all have been posted. 147. Describe how an ERS system could improve the efficiency of expenditure processes? Answer: An ERS is an invoiceless system that pays vendors if the goods received match the purchase order. This system completely eliminates the document matching system that usually occurs in accounts payable. This eliminates the most time consuming aspect of paying vendors. However, it does require much more strictly defined purchasing agreements with vendors. Vendors must understand that the company cannot accept price differences from those negotiated, substitution of products, undershipments, overshipments, or partial shipments. 148. Describe how a procurement card improves the efficiency of purchasing supplies. Answer: A procurement card is usually used to purchase supplies or pay for travel and entertainment. Using a p-card for these purchases eliminates the typically process of PO, receiving report, and invoice matching. Individual users have much more control over the purchase of their supplies and central inventories of supplies need not be maintained.
TEST BANK – CHAPTER 9 – PROBLEMS 149. Identify an internal control procedure that would reduce the following risks in a manual system: a. The purchasing department may not be notified when goods need to be purchased. b. Accounts payable may not be updated for items received. c. Purchase orders may be prepared based on unauthorized requisitions. d. Receiving clerks may steal purchased goods. e. Payments may be made for items not received. f. Amounts paid may be applied to the wrong vendor account. g. Payments may be made for items previously returned. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. i. Duplicate payments may be issued for a single purchase transaction. Answer: a. The purchasing department may not be notified when goods need to be purchased. Require that an inventory control department monitor inventory records and request purchases (purchase requisition) when goods need to be reordered. b. Accounts payable may not be updated for items received. Require that the receiving department complete a receiving report for all goods received, and that a copy of the report is forwarded to accounts payable. c. Purchase orders may be prepared based on unauthorized requisitions. Require that the appropriate manager approve each purchase requisition by signing the requisition form. d. Receiving clerks may steal purchased goods. Require good physical security such as security cameras and good supervision of receiving employees. Using a “blind” PO at receiving may also help since constant shortages when goods are stolen is more likely to be noticed. e. Payments may be made for items not received. Require a three-way match of the purchase order, receiving report, and invoice before a payment can be approved. f. Amounts paid may be applied to the wrong vendor account. Assuming that the payment was to the correct vendor, but posted to the wrong account, it is very difficult to uncover this error. A reconciliation of subsidiary ledge to the accounts payable account may not uncover this because the total balance would be the same. It may be uncovered if someone notices that the records show payments to a vendor are in excess of that owed. There is no method to completely eliminate errors in posting. g. Payments may be made for items previously returned. Require a debit memorandum be completed for any goods returned, and that a copy of this be forwarded to accounts payable so that the balance owed can be changed. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. First, there must be a clear policy on overshipments that receiving personnel can apply. For example, a policy may be written that overshipments under 5% can be accepted, but all others should be rejected and returned. Second, there must be a policy that all received goods are compared against a purchase order. Also, the use a “blind” PO to force receiving personnel to count goods and they might therefore more easily detect overshipments. i. Duplicate payments may be issued for a single purchase transaction. Require that payment documentation be “cancelled’ when payment is made. This stamp on the documents should help prevent duplicate payments.
150. Chris Smith’s coffee and pastry cart uses a procurement card. Suggest some controls that should be in place. Identify some resources that need to be purchased for this business. Answer: The credit card used should have a dollar amount limit as well as a daily limit. The card can also be restricted to certain kinds of vendors. For example, hotels, air fare, electronics stores, and liquor stores could all be vendors that would be prohibited purchases on this credit card. The types of resources that would be purchased are paper products such as coffee filters, paper cups, napkins, and plates; plastic utensils; ground coffee beans; creamer, sugar, sweetener, and milk; pastries; and various cleaning supplies. Finally, Chris should review all charges on the credit card each month to detect any misuse of the card. 151. Discuss AZO Company using a business process reengineering project (BPR). Answer: BPR involves the radical redesign of processes, along with IT enablement of processes, to improve the efficiency and lower the cost of processes. BPR in a manual expenditure system would involve methods to convert manual processes into automated processes. Any of the IT enablement methods suggested in this chapter are possible solutions. Therefore, computer based document matching, evaluated receipt settlement, e-business or EDI, e-payables, and procurement cards are all possible. Some combination of these would also be possible. For example, ABC could use an EDI system for purchases of inventory, but use a procurement card for small supplies and travel expenditures. 152. The following list presents statements regarding the expenditure processes. Each statement is separate and should be considered to be from a separate company. For each statement, determine whether it is an internal control strength or weakness, then describe why it is a strength or weakness. If it is an internal control weakness, provide a method or methods to improve the internal control. a. A purchasing agent updates the inventory subsidiary ledger when an order is placed. b. An employee in accounts payable maintains the accounts payable subsidiary ledger. c. Purchasing agents purchase items only if they have received an approved purchase requisition. d. The receiving dock employee counts and inspects goods and prepares a receiving document that is forwarded to accounts payable. e. The receiving dock employee compares the packing list to the goods received and if they match, forwards the packing list to accounts payable. f. An employee in accounts payable matches an invoice to a receiving report before approving a payment of the invoice. g. A check is prepared in the accounts payable department when the invoice is received. Answer: a. A purchasing agent updates the inventory subsidiary ledger when an order is placed. This is an internal control weakness. The purchasing agent is part of the authorization of orders. Therefore, he/she should not have record keeping duties for those purchases. If one person has both duties, unauthorized purchases can be initiated and records can be altered to cover up these unauthorized purchases. These duties should be segregated and someone who does not authorize and does not have custody of purchases should be assigned to the record keeping. b. An employee in accounts payable maintains the accounts payable subsidiary ledger. This is internal control strength. The payable should be recorded when the invoice arrives and it matches a purchase order and receiving report.
c. Purchasing agents purchase items only if they have received an approved purchase requisition. This is internal control strength. The purchasing agents cannot initiate purchases without proper approval from a separate department or person. d. The receiving dock employee counts and inspects goods and prepares a receiving document that is forwarded to accounts payable. This is internal control strength. The counting and inspecting of goods ensures that goods are not damaged and that the proper amount was received. This count and inspection prevents companies from paying full price for damaged goods or missing goods. e. The receiving dock employee compares the packing list to the goods received and if they match, forwards the packing list to accounts payable. This is an internal control weakness. Goods should not be compared to the packing list; they should be compared to the purchase order. A comparison to the packing list will not reveal any undershipments, overshipments, or product substitutions. The improvement would be to compare the goods received to the purchase order and forward a receiving report, not the packing list, to accounts payable. f. An employee in accounts payable matches an invoice to a receiving report before approving a payment of the invoice. This is an internal control weakness because there is one more document that should be matched. The purchase order should also be matched to the invoice and receiving report. g. A check is prepared in the accounts payable department when the invoice is received. This represents two internal control weaknesses. First, there is no document matching mentioned (PO, invoice, and receiving report). Second, accounts payable should authorize payment by check, but should not write the check. The matched documentation should be forwarded to cash disbursements and the check is written by cash disbursements. 153. Hitchins, Inc. computerization. Required: Assume that Hitchins, Inc. is preparing to computerize the manual input processes such as completing a receiving report. Use Microsoft Excel to perform the following: Design an appropriate format for a data entry screen that could be used at the receiving dock to enter information from the packing slip in the company’s expenditure system. Answer: See the EXCEL file Problem 9-56.xls. 154. Since the accounts payable system of matching purchase orders, invoices, and receiving reports can often be complex, organizations must routinely check to ensure they are not making a duplicate payment. The text book Web site contains a spreadsheet titled “invoices.xls”. Using your knowledge of spreadsheets and the characteristics of duplicate payments, identify any payments within the spreadsheet that appear to be duplicate or problem payments. Answer: For the following PO’s, there are duplicate payments in which the invoice amounts are exactly the same, and the same PO is referenced. PO 1514; invoices 5644 and 6871. PO 2635; invoices 7176 and 7700. PO 3477; invoices 7957 and 8340. PO 2818 was invoiced twice, but in different amounts and it could be a duplicate payment, or it could be two partial payments. We would need the amount of the purchase order to determine whether or not it is correct.
155. Fracho and EDI Controls. Required: Describe the IT controls that Frimco should include when it implements an internet EDI system. For each control you suggest, describe the intended purpose of the control. Answer: Since Frimco will be sending data electronically using a computer system, there are many general and application controls that should be a part of this IT system. Frimco may not be able to afford all of the general controls mentioned below, but they should implement as many as are cost effective. General controls include: user IDs, passwords, log-in procedures, access levels, authority tables, firewalls, encryption of data, vulnerability assessment, penetration testing, intrusion detection, software testing, and computer logs, These general controls limit unauthorized access to the IT system. To help prevent availability risks, general controls such as business continuity planning, backup data and backup systems, firewalls, encryption of data, vulnerability assessment, intrusion detection, and penetration testing. The purchasing software and the EDI translation software should also incorporate application input controls such as field check, validity check, limit check, and reasonableness check 156. Wikkam Company and segregation of duties: a. Accounts payable record keeping. b. Authorization of new vendors c. Authorization of purchase returns d. Authorization of purchases e. Cash disbursements record keeping f. Check-signing authority g. Custody of inventory in the receiving area. h. Maintaining custody of cash. i. Preparation of a debit memo for a purchase return Required: For each of the three employees (supervisor, employee 1, and employee 2), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the three people, the duties you assigned to each employee and a description of why those assignments achieve proper separation of duties. There are likely to be a few possible answers that could be effective. The critical aspect is to try to segregate authorization, custody, and record keeping for related events as much as possible. There is no “perfect” segregation since there are only three employees. Answer: Supervisor: duties F, G, and H. The supervisor would be the most logical person to sign checks. As a supervisor, he/she can override internal controls so it is not as much a problem that there may be some incompatibility for a supervisor. Employee 1: duties A, E, I. This places all record keeping and document preparation with employee 1. He/she has no custody or authorization. Employee 2: duties B, C, and D. He/she can authorize vendors, purchases, and purchase returns, but has no custody or record keeping responsibility.
157. Using a search engine, search the internet for information about Evaluated Receipt Settlement, or ERS. You may have more success by searching for the terms ERS and invoices together in one search. Based on what you read about ERS on the web, what appears to be the difficulties encountered when a company chooses to implement ERS? Answer: The most frequent problem appears to be the reluctance of suppliers (vendors) to adopt the new processes. The switch to an ERS system is a complete change of the invoice and payment process and it requires that the company and its vendor have negotiated firm prices, and polices on shipments. Since this is such a radical change from the older way of doing business, vendors resist the change. 158. Using a search engine, search the internet for information about Electronic Invoice Presentment and Payment. You may have more success by searching for the terms EIPP and invoices together in one search. Based on what you read about EIPP on the web, what are the advantages and disadvantages of EIPP? One of the concepts about EIPP is that is should benefit both the buying company and the selling company. What do you think the benefits are to buyer, and what are the benefits to the seller? Answer: The website http://www.accountis.com/overview/supplierbenefits/ (accessed 4/29/08) indicates that the supplier benefits are: (1) Time and cost savings by reducing the labor, material and posting costs associated with traditional payment systems. This includes an 82% cost reduction per transaction and a 33% increase in invoice processing efficiency; (2) error reduction; (3) quicker settlement which leads to the supplier receiving payment more quickly; (4) Improved visibility from the 24/7 availability of archived e-documents. This improves the ability to forecast cash flow and makes audits more efficient. The website http://www.accountis.com/overview/buyerbenefits/ indicates that the buyers benefits are: (1) No manual data entry and rekeying of data is eliminated; (2) real-time invoice access for customers. Each customer has online access to each of their invoices; (3) faster dispute resolution. Rather than requesting assistance via telephone, the buyer can query the invoice set using any line item (4) One, consistent view of all invoices because an EIPP uses a standard format; (5) reduced costs by reducing the number of workers in accounts payable; a 50% - 75% processing cost savings; reduction of overbilling and invoice errors. 159. Visit the e-commerce website for Jupitermedia Corporation at www.ecommerce-guide.com and search for EIPP under the News and Trends tab. Identify the company that introduced an EIPP product in 2002 as part of its Financial Management Solutions Package. What does this company call its EIPP application? Answer: It is called eSettlements. See http://www.ecommerceguide.com/news/news/article.php/1145211.
160. You are an accounts payable clerk for a small home improvements contractor. Speculate on the type of fraud that could be in process here. What (if anything) could you do to ascertain the propriety of the transaction and still make the payment today? Answer: It is possible that the site supervisor has created a fictitious vendor name and a fictitious invoice and is seeking reimbursement for this false documentation. In an attempt to verify whether the company exists, you could examine telephone books or online listings of the address and phone number for the company. It would be important to confirm that any address is not a PO Box and it is not the same address as an existing employee. This approach is not a guarantee because it is easy to set up a “false storefront”. Ideally, the best controls are the approval of a vendor before any purchases occur with that vendor and payment through the existing accounts payable processes. 161. Two of the most common ways that employees commit fraud against their employers is the misstatement of reimbursable expense accounts and the misuse of office supplies for personal purposes. Although these schemes are usually not individually significant, their magnitude can be damaging if these practices are widespread. Develop suggestions for internal controls that could curb the occurrence of such fraudulent activities. Answer: Some useful controls would be: approval of these transactions before they occur; requiring the submission of original invoices or receipts before payment is made; and periodic audits of these expenditures.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 10: Expenditures Processes and Controls – Payroll and Fixed Assets TEST BANK - CHAPTER 10 - TRUE / FALSE 1. It is not necessary to get specific authorization for each individual routine transaction. 2. Routine transactions refer to common business transactions such as payroll and fixed asset transactions. 3. Accounting for a fixed asset over the life of the asset would have features of non-routine transactions only. 4. The payroll process starts when an employee is hired by the organization. 5. Members of management are not required to specifically approve an employee hired by the company when the new employee has been screened by an employment office. 6. The hiring of employees is considered to be a routine process. 7. A hiring decision normally occurs as the result of an interview or interviews and is documented on a signed letter and / or signed employment contract. 8. Amounts withheld from an employee paycheck will ultimately be paid to another vendor. 9. Most of the records found in an employee’s personnel file are accounting related. 10. A unique feature of the information contained in an individual personnel file is that it is accessed infrequently but is changed relatively frequently. 11. It is common that personnel related expenses are one of the largest expenses reported on the company’s income statement. 12. A challenging area of payroll computation is computing the amount of deductions related to each employee’s pay. 13. Accounting software is available to assist with payroll but it is not very efficient because of all the changes that occur to all payroll variables during the period. 14. Preparing payroll manually is extremely time consuming due to the process of extracting all these inputs from the records and performing the mathematical computations. 15. Overtime hours are paid at a rate different from the regular hours, usually one and one-half times the standard rate.
16. Before the paychecks are sent to management for authorization, the human resources department should compare the hours reported on the time sheets with the hours shown on the payroll register. 17. Although it is uncommon, some companies maintain separate checking accounts that are used for payroll transactions. 18. When an organization uses a separate checking account to handle payroll transactions, it is easier to account for the payroll transactions and to distinguish them from cash disbursements for other business purposes. 19. It is the responsibility of the payroll department to make certain that all time sheets represent actual time worked by currently active employees. 20. Payroll disbursements are to be authorized by the accounts payable department on the basis of the company’s need to satisfy its obligation to its employees. 21. The human resources department should be responsible for the record keeping function related to payroll. 22. The cash disbursements department should have the responsibility of signing, essentially approving all paychecks. 23. The paymaster should be independent from the departmental supervision responsibilities, so that it can be determined that the paychecks are being distributed to active employees. 24. Payroll information includes personal information about employees, such as their pay rate and performance, and must be kept confidential. 25. Strong internal controls are just as important for small organizations with few employees paid once per month as it is for large organizations with numerous employees being paid weekly. 26. Because of the infrequency of payroll processing and the sequential nature of the payroll process, many companies find that real-time processing is well-suited for payroll activities. 27. An alternative to batch processing is the use of electronic timekeeping devices, such as time clocks or badge readers. 28. The electronic timekeeping devices accumulated data throughout the period and automatically calculate batch totals. At this time, the data batches are not able to prepare the paychecks or the payroll register. 29. Payroll outsourcing has become popular (and prevalent) because it offers increased convenience and confidentiality. 30. The investment in fixed assets is often the largest asset reported on the income statement.
31. The acquisition of fixed assets is normally initiated by a user department when they identify a need for a new asset, either to replace an existing asset or to enhance its current pool. 32. When a new asset is requested, and the cost is below a pre-established amount, it is necessary for specific authorization of the purchase. 33. Many companies use a tracking system for their fixed assets that would include applying a fixed asset tag, number, or label to the asset. 34. Organizations should have written procedures in place to identify when the costs related to fixed assets are capitalized (recorded to repair and maintenance expense). 35. If a new cost is incurred related to an asset that is considered to enhance that, either by extending the useful life or increasing the efficiency, the fixed asset accountant must make sure the appropriate adjustments are made to the fixed asset subsidiary ledger. 36. Accounting for fixed assets requires the use of estimates - specifically the cost and the salvage value. 37. The use of estimates when accounting for fixed assets requires that the estimates may need to be changed as time passes and new information is discovered. 38. For any company, and any asset, the method of depreciation and the related estimates (salvage value and useful life) are the same for financial statements and income taxes. 39. In order to compute the book value of any asset, start with the cost of the asset and add the accumulated depreciation. 40. In the case of high-dollar assets, there should be a strict approval process that requires the authorization of top management or the initiation of the capital budgeting procedures. 41. For most companies, fixed asset acquisitions are considered to be routine processes. 42. One area where earnings management may be prevalent due to the judgmental nature of the underlying data is with fixed assets. 43. Earnings management related to fixed assets would occur when reducing expenses by decreasing the useful life of the fixed assets. 44. A method of earnings management is to misclassify capitalized costs as repair and maintenance expenses. 45. Although there is no direct benefit, in terms of cash received, when a fraudster engages in earnings management, it is still unethical because it results in the falsification of the company’s financial statements. 46. Historically, there have been a large number of cases of fraud, theft, manipulation, and misuse of funds in the areas of payroll and fixed assets.
47. Corporate governance policies and procedures must be in place to ensure that funds are expended to benefit managers and employees. 48. The controls discussed in the chapter, related to safeguarding assets within the expenditures process and ensuring the accuracy and completeness of expenditure processes, help to enhance corporate governance structure. ANSWERS TO TEST BANK – CHAPTER 10 – TRUE / FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
T F F T F F T F F F
11. 12. 13. 14. 15. 16. 17. 18. 19. 20.
T T F T T F F T F T
21. 22. 23. 24. 25. 26. 27. 28. 29. 30.
F F T T F F T F T F
31. 32. 33. 34. 35. 36. 37. 38. 39. 40.
T F T F T F T F F T
41. 42. 43. 44. 45. 46. 47. 48.
F T F F T T F T
TEST BANK - CHAPTER 10 - MULTIPLE CHOICE 49. Routine business transactions would include which of the following? A. Purchase of merchandise inventory. B. Payment of principal on a note. C. Purchase of fixed asset. D. Paying wages and salaries to employees. 50. This type of transaction is one that a business encounters on a regular, recurring basis. The volume of the transactions is so large that transactions and the related accounting activities become second nature to the employees responsible for handling them. Specific authorization for each of these transactions is not necessary. The type of transaction referred to is: A. Non-routine transaction B. Payroll transaction C. Fixed asset transaction D. Routine transaction 51. Which of the following is a characteristic of a non-routine transaction? A. A business encounters this type of transaction on a regular, recurring basis. B. Required to have specific authorization. C. Volume of transactions becomes second nature to the employees responsible. D. Specific authorization for the specific transaction is not necessary.
52. A company must have systems in place to take care of all activities related to both routine and non-routine processes. The activities would include all of the following, except: A. Record B. Summarize C. Review D. Report 53. The policies and procedures that employees following in acquiring and maintaining human resources, capturing and maintaining employee data, paying employees for time worked, and recorded the related cash payroll liabilities and expenses are collectively referred to as: A. Payroll processes B. Human resources C. Salary administration D. Administrative procedures 54. The policies and procedures involved in purchasing property; capturing and maintaining relevant data about the assets; paying for and recording the related assets; depreciation and other expenses; and gains or losses are collectively referred to as: A. Capital resources B. Fixed asset processes C. Property administration D. Capital procedures 55. There are many risks that may affect the payroll and fixed asset transactions. Which of the following is not one of those risks? A. Recorded transactions may not be valid. B. Expenditure transactions may be recorded in the wrong account. C. Valid expenditures recorded properly by the wrong employee. D. Transactions may not be recorded in a timely manner. 56. This department is responsible for maintaining records for each job and each employee within the organization, as well as tracking job vacancies and supporting the company’s recruitment efforts. A. Salary and Wage Administration Department B. Vice President for Employees Department C. Employee Services Department D. Human Resources Department 57. The document is prepared in order to map out the jobs and reporting relationships within an organization. This may include only top branches of an organization or may include all positions within the company. A. Employee List B. Organization Chart C. Hierarchy Tree D. Human Resources Listing
58. This item would include explanations concerning the qualifications and responsibilities of each position shown on organization chart. The item is also supported by policies and procedures manuals that outline specific activities performed by each position. A. Job profile B. Human resources listing C. Organization chart description D. Position description 59. Personnel records will typically include all of the following, except: A. Documentation related to the initial hiring B. Personal information, such as the employee address C. Medical history subsequent to hiring D. Social security number 60. Each of the following items would likely be found in an employee’s personnel records related to the initial hiring, except: A. Employment application B. Recommendation letters C. Background investigation results D. Overtime and commission rates 61. It is necessary for employees to maintain adequate records of the hours worked and the projects worked on. The record of hours worked by an employee for a specific payroll period is reported on a document called: A. Time ticket B. Time sheet C. Salary document D. Wage report 62. Which of the following would be a correct way to compute the gross pay for an employee? A. Hours Worked times Authorized Pay Rate B. Hours Worked times Authorized Pay Rate minus Withholding Taxes C. Net Pay minus Authorized Deductions D. Net Pay times Withholding Taxes 63. Which of the following would be a correct way to compute the net pay for an employee? A. Hours Worked times Authorized Pay Rate B. Gross Pay minus Withholding Taxes C. Gross Pay minus Authorized Deductions D. Hours Worked times Withholding Tax Rate 64. This record, prepared by the payroll department, is a complete listing of salary or wage detail for all employees for a given time. A. Payroll journal B. General ledger C. Employee record D. Payroll register
65. When accounting software is used to prepare the periodic payroll, which of the following items is necessary to input for each employee? A. Employee Name B. Hours Worked C. Pay Rate D. Social Security Number 66. This document authorizes the transfer of cash from the company’s main operating account into the payroll cash account. A. Payroll register B. Payroll disbursements journal C. Payroll voucher D. Paycheck 67. This record, prepared by the cash disbursements department, provides a listing of al paychecks written, in check-number sequence, with the total supporting the amount of payroll funds to transfer to the payroll bank account. A. Payroll Disbursements Journal B. Payroll Register C. Payroll Journal D. Cash Disbursements Journal 68. This individual is responsible for distributing the signed paychecks on the designated pay day. A. Human Resources Director B. Department Supervisor C. Payroll Department Manager D. Paymaster 69. Types of fraud that may occur in the payroll function include all of the following, except: A. Overstated hours B. Incorrectly computed tax withholdings C. False claims of sick leave D. Pay claims made by ghost employees 70. Which of the following correctly states a reconciliation process to be completed related to payroll? A. Time sheets reconciled to the payroll register. B. Payroll register to the general ledger. C. Time sheets to the production reports. D. Production reports to the general ledger. 71. The internal control activity requiring that the manager approves payroll prior to signing paycheck is intended to minimize the risk of: A. Omitted paychecks B. Incorrect amounts C. Fictitious employee D. Stolen paychecks
72. The internal control process of requiring an independent paymaster will help to minimize the risk of: A. Fictitious employees B. Incorrect amounts C. Omitted paychecks D. Timing issues 73. The internal control process of requiring the payroll register to be reconciled with the time sheets will help to minimize the risk of: A. Invalid payroll transactions B. Omitted paychecks C. Duplicate paychecks D. Fictitious employees 74. Internal control activities within the payroll process, identified as adequate records and documents, would include which of the following? A. Manager approval of payroll prior to signing checks B. Independent paymaster C. Physical controls in areas where cash and paychecks are held D. Paychecks are prepared on prenumbered checks 75. Internal control activities within the payroll process, identified as authorization, would include which of the following? A. Preparation of a bank reconciliation B. Independent paymaster C. Manager approval of payroll prior to signing checks D. Physical controls in areas where cash and paychecks are held 76. Internal control activities within the payroll process, identified as segregation of duties, would include which of the following? A. Payroll preparation, authorization of new hiring and pay rates, information systems, and general accounting should all be performed by different departments and / or different people. B. IT controls over computer records and physical controls in records storage areas. C. The payroll register is checked for mathematical accuracy and agreement with authorized pay rates and deductions. D. Supervisor approval of time sheets prior to preparation of payroll documents. 77. Internal control activities within the payroll process, identified as independent checks and reconciliations, would include which of the following? A. IT controls over computer records and physical controls in records storage area. B. Time sheets reconciled with the payroll register. C. The payroll register is checked for mathematical accuracy and agreement with authorized pay rates and deductions. D. Supervisor approves time sheets prior to preparation of payroll documents.
78. When payroll is processed using batch processing, which of the following would not be part of the payroll process? A. Human resources department would be responsible for keying employee information into the master file. B. The timekeeper will accumulate all time sheets and enter them into the computer system in batches. C. The timekeeper should prepare control totals and hash totals in order to check the system before the paychecks are generated. D. Human resources should prepare control totals and has totals in order to check the system before the paychecks are generated. 79. An electronic payroll time keeping device that collects time and attendance data when employees enter their time sheets is called: A. Timekeeper B. Paymaster C. Electronic time clock D. Badge readers 80. An electronic payroll time keeping device that collects data when employee identification badges are swiped through an electronic reader are called: A. Timekeeper B. Badge reader C. Paymaster D. Electronic time clock 81. In order to smooth out the payroll process and avoid the heavy workload that falls at the end of the payroll period, many companies will use this type of system – one that integrates their human resources and payroll functions. This system makes real-time personnel data available and the general ledger and production system can be automatically updated at the end of the payroll period. A. Online Software Systems B. Batch Processing C. Electronic Timekeeping D. Outsourcing of Payroll Services 82. Many companies use independent, internet-based service providers to handle their payroll processing. These payroll providers specialize in offering solutions and constant access to payroll information. A. Online Software Systems B. Batch Processing C. Electronic Timekeeping D. Outsourcing of Payroll Services
83. There are many uses of electronic funds transfer related to the payroll process. Which of the following is not one of those uses? A. Payments to the employees. B. Payments to the federal taxing agencies. C. Transfers to the payroll checking account. D. All of the above are uses of electronic funds transfer. 84. Assets to be included in the fixed asset pool would include all of the following, except: A. Vehicles B. Furniture C. Office Supplies D. Real Estate 85. The fixed assets owned by a company are considered to be long-term because: A. The high cost of the fixed assets demands that they not be considered short term. B. They are purchased with the intent of benefitting the company for a long period of time. C. The assets will last for a long period of time. D. All of the above are reasons the fixed assets are considered to be long-term. 86. The three phases of fixed assets processes, that span the entire useful life of the assets, include all of the following, except: A. Depreciation B. Acquisition C. Disposal D. Continuance 87. Notable differences between the acquisition of fixed assets and the acquisition of inventory include: A. The placement of the acquired assets - user department for fixed assets, warehouse for inventory. B. The inclusion of a fixed asset department instead of the inventory control department. C. Both of the above. D. None of the above. 88. This document is a financial plan detailing all of the company’s investments in fixed assets and other investments. A. Investment Analysis B. Feasibility Study C. Operating Budget D. Capital Budget 89. A detailed listing of the company’s fixed assets, divided into categories consistent with the general ledger accounts is called a: A. Fixed Asset Journal B. Fixed Asset Subsidiary Ledger C. Fixed Asset Schedule D. Fixed Asset Budget
90. This phase of the fixed asset processes relates to those required to maintain accurate and upto-date records regarding all fixed assets throughout their useful lives. A. Depreciation B. Acquisition C. Disposal D. Continuance 91. Activities involved with the fixed assets continuance phase of the fixed assets processes include all of the following, except: A. Updating depreciation prior to the disposal of fixed assets B. Updating cost data for improvements to assets C. Adjusting for periodic depreciation D. Keeping track of the physical location of the assets 92. The record detailing the amounts and timing of depreciation for all fixed asset categories, except land, is called: A. Fixed asset subsidiary ledger B. Capital budget C. Depreciation schedule D. Depreciation method 93. This phase of the fixed asset processes relates to discarding fixed assets when they become old, outdated, inefficient, or damaged. A. Depreciation B. Acquisition C. Disposal D. Continuance 94. Activities involved with the fixed assets disposal phase of the fixed assets processes include all of the following, except: A. Adjusting periodic depreciation B. Disposed assets are removed from the fixed asset subsidiary ledger C. Gains or losses resulting from disposal are computed D. The depreciation amounts related to the disposed assets are removed from the depreciation schedule and the fixed asset subsidiary ledger 95. Disposing of a fixed asset could include all of the following methods, except: A. Throwing it away B. Sending it to another department C. Exchanging it for another asset D. Donating it to another party 96. When high-dollar fixed assets are purchased, there should be a strict approval process which would include three formal steps. Which of the following is not one of those steps? A. Review of the proposal and specific approval by the appropriate level of management. B. Investment analysis. C. Comparison with the capital budget. D. Feasibility study.
97. The first part of the strict approval process for high-dollar fixed assets is the investment analysis. Which of the following is part of that analysis? A. Capital budget comparison B. Review of the proposal C. Financial justification D. Written requisition 98. Which of the following is a correct statement related to segregation of duties related to fixed assets? A. Custody of fixed assets is to be separate from the related record keeping B. Custody of fixed assets need not be separate from the purchasing of fixed assets C. The IT function of programming need not be separated from the accounting for fixed assets. D. All of the above are correct statements related to the segregation of duties. 99. The security of assets and documents would include all of the following, except: A. Supervisors need to make certain that the assets are being used for their intended purpose. B. Designated members of management should be assigned responsibility for the disposal of any assets C. Maintaining adequate insurance coverage D. Electronic controls are needed to control access to automated records 100. Which of the following independent checks would be part of the internal controls for fixed assets? A. Comparing actual fixed asset expenditures with the capital budget. B. Periodic counts of fixed assets should be made by someone not otherwise responsible for fixed asset related activities. C. Physical counts should be reconciled with the accounting records. D. Book value of the assets should be compared to the insurance records. 101. The internal control process of requiring management approval of fixed asset changes prior to recording the transaction will help to minimize the risk of: A. Incorrect amounts B. Lost or stolen assets C. Duplicate transactions D. Omitted transactions 102. The internal control process of requiring physical controls in place in areas where fixed assets are held will help to minimize the risk of: A. Incorrect amounts B. Lost or stolen assets C. Duplicate transactions D. Omitted transactions
103. The internal control process of requiring the check of the fixed asset subsidiary ledger and depreciation schedule for mathematical accuracy and agreement with authorized documentation will help to minimize the risk of: A. Incorrect amounts B. Lost or stolen assets C. Duplicate transactions D. Omitted transactions 104. Factors that indicate the need for internal controls over fixed assets processes include all of the following, except: A. General nature of fixed assets makes the susceptible to theft because they are distributed throughout the business and are in the hands of many B. Large quantities of fixed assets C. High likelihood of obsolescence due to technological changes D. The high cost of assets 105. Most companies can justify the use of specialized asset management software programs instead of the spreadsheets or traditional manual systems for all of the following reasons, except: A. The abundance of fixed asset data B. The time-consuming and tedious requirements for tracking changes C. The number of different methods of accounting for depreciation D. The intricacy of the tax laws 106. The shortcomings of a spreadsheet-based system include all of the following, except: A. The design of spreadsheets is very time consuming B. The abundance of fixed asset data C. It is difficult to apply varying depreciation policies within spreadsheets D. It is difficult to establish an audit trail with spreadsheets 107. The control environment related to the fixed asset processes can be enhanced through the implementation of various access controls, such as: A. Passwords B. Number of employees who have access to the system C. Limits on the number of computer workstations where information may be entered D. All of the above 108. An entity who receives a paycheck, but who does not actually work for the company is called: A. Ghost employee B. Shell employee C. Abundant employee D. Absent employee 109. There are a number of ways that frauds may be carried out to try to receive excess compensation. Which of the following is not one of those methods? A. Exaggeration of hours worked B. Falsification of overtime or holiday time worked, payable at a higher rate C. Understatement of job related expenses D. Falsification of sales in order to increase commission payouts
110. Clues that a ghost employee may exist in the company would include all of the following, except: A. Payroll register identifies paychecks without adequate tax withholdings B. The personnel file contains no duplicate addresses C. Payroll expenses are over budget D. Paychecks were not claimed when the paymaster distributed them ANSWERS TO TEST BANK – CHAPTER 10 – MULTIPLE CHOICE: 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61.
A D B C A B C D B A C D B
62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74.
A C D B C A D B D C A B D
75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87.
C A B D C B A D D C B A C
88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100.
D B D A C C A B D C A B D
101. 102. 103. 104. 105. 106. 107. 108. 109. 110.
C B A D C B D A C B
TEST BANK – CHAPTER 10 – END OF CHAPTER QUESTIONS: 111. Which of the following statements about payroll and fixed asset processes is true? A. Both have only routine processes B. Both have only non-routine processes C. Both have routine and non-routine processes D. Payroll has only routine processes, while fixed assets has only non-routine processes 112. For a given pay period, the complete listing of paychecks for the pay period is a: A. Payroll register B. Payroll ledger C. Payroll journal D. Paymaster 113. A payroll voucher A. Authorizes an employee paycheck to be written B. Authorizes the transfer of cash from a main operating account to a payroll account C. authorizes the transfer of cash from a payroll account to a main operating account D. Authorizes the paymaster to distribute paychecks
114. For proper segregation of duties, the department that should authorize new employees for payroll would be: A. Payroll. B. Human resources. C. Cash disbursements. D. General ledger. 115. Which of the following is not an independent check within payroll processes? A. Time sheets are reconciled with production records. B. Time sheets are reconciled with the payroll register. C. Paychecks are prepared on prenumbered checks. D. The payroll register is reconciled with the general ledger. 116. An integrated IT system of payroll and human resources may have extra risks above those of a manual system. Passwords and access logs are controls that should be used in these integrated systems to lessen the risk of: A. Hardware failures. B. Erroneous data input. C. Payroll data that does not reconcile to time cards. D. Unauthorized access to payroll data. 117. Internal control problems would be likely to result if a company’s payroll department supervisor was also responsible for: A. Reviewing authorization forms for new employees. B. Comparing the payroll register with the batch transmittal. C. Authorizing changes in employee pay rates. D. Hiring subordinates to work in the payroll department. 118. Which of the following procedures would be most useful in determining the effectiveness of a company’s internal controls regarding the existence or occurrence of payroll transactions? A. Observe the segregation of duties concerning personnel responsibilities and payroll disbursement. B. Inspect evidence of accounting for prenumbered payroll checks. C. Recompute the payroll deductions for employee fringe benefits. D. Verify the preparation of the monthly payroll account bank reconciliation. 119. In meeting the control objective of safeguarding of assets, which department should be responsible for distribution of paychecks ad custody of unclaimed paychecks, respectively?
A. B. C. D.
Distribution of Paychecks
Treasurer Payroll Treasurer Payroll
Custody of Unclaimed Paychecks Treasurer Treasurer Payroll Payroll
120. A company’s internal controls policies may mandate the distribution of paychecks by an independent paymaster in order to determine that: A. Payroll deductions are properly authorized and computed. B. Pay rates are properly authorized and separate from the operating functions. C. Each employee’s paycheck is supported by an approved time sheet. D. Employees included in the period’s payroll register actually exist and are currently employed. 121. The purpose of segregating the duties of hiring personnel and distributing payroll checks is to separate the: A. Authorization of transactions from the custody of related assets. B. Operational responsibility from the record keeping responsibility. C. Human resources function from the controllership function. D. Administrative controls from the internal accounting controls. 122. Which of the following departments or positions most likely would approve changes in pay rates and deductions from employee salaries? A. Personnel B. Treasurer C. Controller D. Payroll 123. The purchaser of fixed assets is likely to require different authorization processes than the purchase of inventory. Which of the following is not likely to be part of the authorization of fixed assets? A. Specific authorization. B. Inclusion in the capital budget. C. An investment analysis or feasibility analysis of the purchase. D. Approval of the depreciation schedule. 124. Which of the following is not a part of “adequate documents and records” for fixed assets? A. Fixed asset journal B. Fixed asset subsidiary ledger C. Purchase order D. Fixed asset tags 125. Which of the following questions would be least likely to appear on an internal control questionnaire regarding the initiation and execution of new property, plant, and equipment purchases? A. Are requests for repairs approved by someone higher than the department initiating the request? B. Are prenumbered purchase orders used and accounted for? C. Are purchase requisitions reviewed for consideration of soliciting competitive bids? D. Is access to the assets restricted and monitored?
126. Which of the following reviews would be most likely to indicate that a company’s property, plant, and equipment accounts are not understated? A. Review of the company’s repairs and maintenance expense accounts. B. Review of supporting documentation for recent equipment purchases. C. Review and recompilation of the company’s depreciation expense accounts. D. Review of the company’s miscellaneous revenue account. 127. Which of the following is not an advantage of fixed asset software systems when compared with spreadsheets? A. Better ability to handle non-financial data such as asset location. B. Easier to apply different depreciation policies to different assets. C. Manual processes to link to the general ledger. D. Expanded opportunities for customized reporting. 128. The term “ghost employee” means that: A. Hours worked has been exaggerated by an employee. B. False sales have been claimed to boost commission earned. C. Overtime hours have been inflated. D. Someone who does not work for the company receives a paycheck. ANSWERS TO TEST BANK – CHAPTER 10 – END OF CHAPTER QUESTIONS 111. 112. 113. 114.
C A B B
115. 116. 117. 118.
C D C A
119. 120. 121. 122.
A D A A
123. 124. 125. 126.
D A D A
127. C 128. D
TEST BANK – CHAPTER 10 – SHORT ANSWER QUESTIONS 129. Sales and inventory purchases are routine processes that occur nearly every day in a business. How are these routine processes different from payroll or fixed asset processes? Answer: The major difference is the frequency of occurrence. As stated in the question, sales and purchases are often undertaken daily. Payroll occurs on a fixed schedule such as every week, biweekly, or at month-end. Payroll transaction volume might be large, but only at these time intervals. Some payroll events occur only when employees are hired or fired. Fixed asset processes occur on an “as needed” basis. The volume of fixed asset transactions is relatively small compared to sales or purchase transaction volume. Depreciation of fixed assets occurs on a fixed interval, such as at year-end. 130. Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important? Answer: They are important because payroll and fixed asset transactions are related to two very critical resources. An organization must have employees and facilities (fixed assets) to operate.
131. Why do you think management should specifically approve all employees hired? Answer: It is a nonroutine process, and therefore, the volume of hiring is usually small enough to allow specific approval of each hire. Specific approval is important because hiring the right people is one of the most important keys to success in an organization. Also, hiring unethical people, or people with criminal backgrounds can be very detrimental to the company. 132. Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck? Answer: First, state or federal laws require that employees authorize (allow) deductions from their salary or wages. Secondly, without adequate records, it would be difficult to ensure the correct deductions have been taken from employee wages. 133. Explain why an employee’s individual record is accessed frequently, but changed relatively infrequently. Answer: Typically, an employee’s basic information does not change frequently. For example, name, birth date, SSN, either never change, or rarely change. Other employee information such as address, pay rate, or deductions change infrequently. However, some of this information, such as pay rate and deductions must be accessed every time payroll checks are prepared. 134. Explain two things that should occur to ensure that hours worked on a time card are accurate and complete. Answer: Each employee should update their time card daily and a supervisor should check the time card and sign or initial it before it is forwarded to payroll for processing. If an employee does not update it daily, they are more likely to put inaccurate information on it simply because it will be harder to remember the specific start and end times of work. The supervisory approval serves as an independent check of the accuracy of the time card. 135. Explain the reasons that an organization would have a separate bank account established for payroll. Answer: A separate bank account for payroll makes it easier to account for payroll transactions and to distinguish these transactions from other cash disbursements. 136. What is the purpose of supervisory review of employee time cards? Answer: The supervisory approval serves as an independent check of the accuracy of the time card. 137. Why is it important to use an independent paymaster to distribute paychecks? Answer: It is the best segregation of duties to have a separate paymaster to distribute any paper checks. A separate paymaster segregates the custody from authorization, preparation, and recording of paychecks. If these duties were combined, a person could commit payroll fraud such as creating a fictitious employee. A separate paymaster helps ensure only active employees receive paychecks. 138. Why do payroll processes result in sensitive information and what is the sensitive information? Answer: The amount of salary or wages is sensitive, as well as the types and amounts of deductions. Also, personal information such as SSN, dependents, addresses and phone numbers are sensitive.
139. Why is batch processing well-suited to payroll processes? Answer: Because it involves transactions that can be grouped and processed at a particular time. For example, all hourly workers might be required to turn in all time cards on Friday afternoon and be paid the next Tuesday. All of these time cards can be processed as a group on Monday. 140. What are the advantages of automated time keeping such as bar code readers or ID badges that are swiped through a reader? Answer: Using these automated methods eliminates human steps that are error prone. Thus, timekeeping becomes more efficient and more accurate. 141. What are the advantages of outsourcing payroll? Answer: Outsourcing payroll provides increased convenience, confidentiality, and protection from risk of liability for failure to submit tax withholdings and reports. 142. Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary? Answer: Not only must the cost and resale value be accounted for properly, but depreciation can only be calculated accurately with proper records, and any gain or loss on sale is computed based on accurate records. 143. Why is it important to conduct an investment analysis prior to the purchase of fixed assets? Answer: Since the dollar investment can be large, and there is usually a limited capital budget, there must be an orderly process to determine the best use of capital funds. 144. Explain why categorizing fixed asset expenditures as expenses or capital assets are important. Answer: Miscategorization can have a dramatic impact on financial statements and therefore, can mislead users of these statements. These amounts are usually large and therefore, have a larger impact than would other transactions such as sales or inventory purchases. If a fixed asset expenditure is classified as an expense, it will understate the balances sheet assets and understate net income. 145. What are some of the practical characteristics of fixed assets that complicate the calculation of depreciation? Answer: For many companies, there is a large number and type of fixed assets. These different asset types may have different service lives and different methods of depreciation. In addition, there are offer additions or retirements of fixed assets. Finally, the tax methods of depreciation for fixed assets may require two different sets of asset and depreciation records; one for financial statement purposes, and one for tax purposes. 146. What is different about the nature of fixed asset purchasing that makes authorization controls important? Answer: Fixed asset purchases can be very large amounts of money and in addition, choosing the right fixed assets is very important. Management should be purchasing the fixed assets that have a good return on investment. For these reasons, fixed asset authorization usually requires a higher level of management approval, and usually requires an investment analysis such as net present value.
147. Explain the necessity of supervision over fixed assets. Answer: Fixed assets must be located throughout the company where employees have direct access to them. Employees could not do their jobs without these fixed assets. Since fixed assets are readily accessible to many employees, supervision is necessary to ensure that the assets are used for their intended purpose, and that they are not stolen. 148. Why are some fixed assets susceptible to theft? Answer: In some cases, fixed assets are small or very portable. Examples would be laptop computers, hand tools, or vehicles. These would be easy to steal. Conversely, a large fixed asset such as a manufacturing robot would not be easy to steal. 149. Explain why a real-time update of fixed asset records might be preferable to batch processing of fixed asset changes. Answer: Often, fixed asset changes are non-routine transactions. Since the volume of these transactions could be small, and any one transaction might affect only a single asset record, realtime updates may be more appropriate. 150. Why is the beginning of a fiscal year the best time to implement a fixed asset software system? Answer: Because it eliminates any mid-year adjustments for depreciation that would be necessary. 151. What negative things might occur if fixed asset software systems lack appropriate access controls? Answer: It would be much easier for an employee to steal a fixed asset and alter the records to hide this theft. 152. Why might a supervisor collude with an employee to falsify time cards? Answer: In some cases, the supervisor might agree to the fraud so as to share in the extra money that results from the fraudulent pay. 153. How does the misclassification of fixed asset expenditures result in misstatement of financial statements? Answer: If something should have been recorded as a fixed asset gets recorded as expenditure, it will understate assets and understate income. The opposite is true if an expenditure is misclassified as a capital asset. Assets are overstated and income is overstated. TEST BANK – CHAPTER 10 – SHORT ESSAY 154. Describe the type of information that a human resources department should maintain for each employee. Answer: They should maintain personnel records that include employee application, contract, resume, recommendation letters, interview reports, wage authorization, and background investigation report. The records should also include employee address, SSN, employment history, information about authorized deductions, vacation and sick time accrued, attendance and performance evaluation records, work schedule, and promotion or termination records.
155. The calculation of gross and net pay can be a complicated process. Explain the items that complicate payroll calculations. Answer: Each employee’s deductions are likely to be different. In addition, the payroll formulas must be applied to every employee in the company, one at a time. The process is further complicated the fact that the inputs tend to change constantly. Each payroll period will include some changes in the number of hours worked, pay rates or withholdings. 156. Explain how duties are segregated in payroll. Specifically, who or which departments conduct the authorization, timekeeping, recording, and custody functions? Answer: Authorizing, timekeeping, record keeping, and custody of the paychecks should all be separated. Namely, the human resources department, which is responsible for authorizing new employee hiring and maintaining personnel files, should be separate from the payroll time reporting and record keeping functions, performed primarily by the payroll, cash disbursements, and general ledger departments. In addition, employees in each of these departments should not have check-signing authority and should not have access to the signed checks or cash account. The person, who distributes paychecks to employees, often referred to as a paymaster, should not have responsibility for any of the related payroll accounting functions and should not have custody of cash. The paymaster should also be independent of the departmental supervision responsibilities, so that it can be determined that paychecks are being distributed to active employees. Finally, information systems operations and programming related to the payroll processing should be separate from those responsible for custody of payroll cash and record keeping for these processes. 157. Explain the various reconciliation procedures that should occur in payroll. Answer: The number of hours reported on time sheets should be reconciled to the payroll register, and time sheets should be reconciled with production reports. Each of these reconciliations should be performed before paychecks are signed in order to ensure the accuracy of the underlying payroll information. In addition, the payroll register should be reconciled to the general ledger on a regular basis. Someone separate from the payroll processing functions should reconcile the bank statement for the payroll cash account on a monthly basis. 158. Explain the ways in which electronic transfer of funds can improve payroll processes. Answer: EFT can be used to directly deposit pay to employee bank accounts. This eliminates the printing and distribution of pay checks. The company can also use EFT to deposit taxes withheld and other employee withholdings. Finally, wage attachments that result from court proceedings can be transmitted via EFT. All of these EFT processes are faster and more efficient than the use of printed checks and mailing of checks. 159. Explain the kinds of information that must be maintained in fixed asset records during the asset continuance phase. Answer: For each fixed assets, there must be records of the asset cost, estimated life and salvage values, depreciation, maintenance records, and repair or improvement costs.
160. The authorization to purchase fixed assets should include investment analysis. Explain the two parts of investment analysis. Answer: The first part is financial justification using a model such as net present value, payback period, or internal rate of return. The use of these models requires that dollar estimates be determined for costs and benefits of the fixed asset. The second part would be a written narrative of the benefits; especially any benefits that are difficult to quantify in dollars. A written narrative of the need for investment can help justify the expenditure when financial benefits do not immediately exceed costs. 161. Explain the types of unethical behavior that may occur in the fixed assets area. Answer: The use of estimates for useful lives and salvage values are an area that unethical managers can use to manipulate income statement or balance sheet amounts. Showing lower depreciation amounts can increase income and asset values above what they should be. In addition, misclassification of expenses as fixed asset expenditures can be used to show higher income and asset values. TEST BANK – CHAPTER 10 – PROBLEMS 162. Question not available. 163. The text book Web site has a Microsoft Excel spreadsheet titled payroll_problem.xls. This spreadsheet is used by Neltner Company to calculate its bi-weekly payroll. Using the information in that spreadsheet, calculate all details for the February 22, 2008 payroll. Hours worked by each employee are contained in the first worksheet. The following four worksheets contain details for each of the three employees and a total of the three employees. The last worksheet contains federal tax withholding tables to calculate federal tax to withhold. You will calculate gross pay and deductions for all three employees. See the excel file payroll_problem_solution.xls. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a payroll software program would improve the efficiency and accuracy of the payroll process. 164. The text book Web site has a Microsoft Excel spreadsheet titled fixed_asset.xls. The spreadsheet represents a fixed asset subsidiary ledger for Brazos Corporation. On July 3, 2008, Brazos purchased for the office a multifunction printer/fax/copier from Brereton Office Supplies for $2,000. The machine has no salvage value and a four year life. Add a new ledger record for this machine and calculate and record the 2008 depreciation expense for all fixed assets. Brazos uses straight-line depreciation with a half-year convention. See the Excel file fixed_asset_solution.xls. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a fixed asset software program would improve the efficiency and accuracy of the fixed asset processes.
165. Explain the process of approval of purchases for fixed assets. How does this process differ from that of purchasing raw materials? Answer: When a request to purchase a fixed asset is initiated by a manager, a formal investment analysis should occur. This would include a cost- benefit analysis such as net present value, and a written justification of the benefits and costs, as well as any benefits and costs that are not easily quantifiable. There should also be an established capital budget and any fixed asset purchase request should be analyzed in comparison to other requests within that budget, and a determination made of the best use of the limited capital budget funds. Since fixed asset expenditures can involve large dollar amounts, there should also be specific authorization by a manager for the purchase. The company should have an established policy that identifies the level of managerial approval needed for various levels of expenditure. The processes mentioned above are most of the different processes for fixed asset purchases when compared to raw material purchases. One other difference is that requests to purchase raw materials generally originate in inventory control or production scheduling, the requests for fixed asset purchases would come from various managers of operating units within the enterprise. The other processes of the purchase, such as POs, document matching, and cash disbursements are similar to those processes for raw material purchases. 166. Using an Internet search engine, search for the phrase “biometric time recording” (be sure to include the quotation marks). Based on your search results, describe a biometric time recording system and its advantages. Answer: A biometric time recording system uses unique physical characteristics of human beings to identify and record time for employees. Such biometric characteristics are finger print, hand print, face, retina, or voice pattern. The most commonly used biometric characteristic is the finger print. In a biometric time recording system, a company installs a scanner that reads the fingerprint and records the arrival and departure times. The advantage to the employee is the ease of use. The employee does not need to record times on a time card and does not have to use or keep track of an employee ID badge. The employer sees many advantages. Time keeping is more accurate and complete, payroll accuracy is increased, employees are identified with certainty and building security is increased. In addition, it eliminates “buddy punching” where one employee “punches” the time clock for his buddy who is actually absent.
167. Using an Internet search engine, search for the phrase “fixed asset software” (be sure to include the quotation marks). Examine the results to find companies that sell fixed asset software. List and explain some of the features of fixed asset software that these companies use as selling points for their software. Answer: One software vendor (http://www.realassetmgt.com/rsd/asset_accounting/fixed_asset_management.htm) lists the following benefits: Easily access a complete audit trail with history/actions performed by all users. Calculate depreciation for one book or multiple books (state, federal and corporate). Compute and retain depreciation figures for past, current and future periods. Create ‘Parent/Child’ asset relationships to establish key dependencies and hierarchies. Produce a full range of standard and customized reports and forecasts. Set user-defined data and description fields (up to 30 levels of analysis). Conduct full and partial asset disposals, transfers, relifes, revaluations and splits. Generate Section 179 charges and bonus depreciation for applicable assets. Upload asset images for identification purposes. Adapt quickly to the familiar Windows® inspired interface. Comply with corporate governance regulations such as Sarbanes-Oxley (SOX), GAAP, US Tax and GASB 34. Utilize seamless links to Project4000, RAMI’s project cost control module. Take advantage of fixed asset tracking capabilities available with Track4000. Directly import raw data, in a range of formats, using the Data Import Wizard. Employ Asset4000i for remote access to your fixed asset register. Login with a valid username and password combination prior to accessing the database. Establish individual or group access rights for security purposes. Quickly add new asset details in a single input screen. A simple process for depreciation calculations whether for individual assets or groups of assets. Several methods of depreciation including Straight Line, Double Straight Line, Reducing Balance, Variable Rate, Adjusted Declining, Digressive, MACRS, ACRS, adjustments and Residual, Multiple Units of Production (MUOP) and Non Depreciating The ability to forecast depreciation as far into the future as desired. The ability to recalculate the current period’s depreciation to reflect updates in the asset register. A powerful, built-in report engine that provides more than 100 standard reports and thousands of customizable reports. A full audit history for events including disposals, transfers, asset splits, relifes and revaluations can be accessed in seconds. The ability to physically and financially move an asset from one cost center to another without rekeying information. The software can display asset images and associated documents such as emails, invoices, purchase orders and contracts.
168. Read the article at this link: http://www.fixedassetinfo.com/articles/adventures1.asp. Describe why the scenario described is unethical. Also, list controls or other steps that management could have taken to prevent or detect this scenario. Answer: Yes, it is unethical. Even if the company had no specific policy about the use of cars by family members, the employee should have known this is unethical. There are many reasons for the use by a family member to be unethical. First, the asset is not being used for a business related purpose. Second, this forces the company to pay expenses (gasoline and maintenance) that should be personal expenses. Also, the company is not likely to have insurance coverage that would cover a driver other than the employee. There are very few controls that would be effective in this situation. This is true because the asset (car) is not located on company property and therefore, proper supervision cannot be applied to ensure the asset is not misused. The best controls are setting good policies and enforcing those policies. Two important policies would be a specific policy limiting company car use to employees only, and a good code of ethics for employees. These policies alone cannot prevent such misuse, but may make employees less likely to try such misuse. There is one new technology solution the company could consider. A GPS unit could be installed in each car and this unit could be monitored to track the location, speed, and stops of each car. Since this would be an expensive system, the company would have to determine whether it is cost effective. 169. Using an Internet search engine, search for the terms “Patti Dale” and theft (be sure to include the quotation marks around the name). Explain the unethical behavior that occurred. Also, explain any internal controls that you believe were missing or not followed in this case. Answer: Patti Dale was a 20 year employee of the University of North Texas who organized a payroll fraud scheme that resulted in the theft of $255,185 from UNT. She allowed students and friends of her son to falsify payroll time sheets. She issued paychecks for work not done and received a kickback from these students. She also fraudulently hired friends of her son and paid them for work they did not do. It appears the most important internal control missing is segregation of duties. No single person should authorize hiring and approve time cards. It appears her supervisor, the Dean, should have been approving time cards. An automated system of time keeping such as ID badge swiping or biometric record keeping systems would have reduced the falsified time records. Ms. Dale also had submitted over $65,000 in falsified travel expenditures.
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 11: Conversion Processes and Controls TEST BANK – CHAPTER 11– TRUE / FALSE 1. Because of the manpower and computer programmers required to control robotics, robotics has had little influence manufacturing. 2. Resources required in the conversion process include materials, labor, overhead, and fixed assets. 3. Even if a firm is a service or sales firm it may conduct some sort of manufacturing operation. 4. The major function within the conversion process is the logistics function. 5. The three primary components of the logistics function are 1) planning, 2) production, and 3) sales. 6. The research and development effort is part of the planning process rather than the operations process. 7. A bill of materials lists both physical items and skill requirements needed to construct an item of inventory. 8. Maintenance and control is concerned with maintaining the capital resources used to support production, including production facilities and other fixed assets. 9. Routing is the issuance and movement of materials through the sales process. 10. Inventory warehousing involves managing the holding area for finished goods awaiting sale. 11. The final hub in the logistics function is sales. 12. Standard costs are expected costs based on projections of a product’s required resources. 13. Standard costs include direct materials, direct labor, and overhead. 14. Perpetual inventory systems involve updating the inventory and cost of sales accounts only at the end of the period. 15. Because conversion processes involve the physical movement of inventory throughout the operating facility and these movements are normally accomplished by material handling personnel the burden of sufficient internal controls is not required. 16. Complete, up-to-date, and accurate documentation on production orders is needed to support the conversion process.
17. Physical controls should be in place in the company’s storerooms, warehouses, and production facilities in order to safeguard the inventories held therein. 18. When perpetual inventory concepts are utilized, a physical inventory count to determine the quantity of inventory on hand is not required. 19. To ensure that delays and shutdowns in one part of the manufacturing facility do not affect another part of the manufacturing facility IT integration of all or part of the company’s processing applications is usually not accomplished. 20. Computer-aided manufacturing (CAM) involves the complete automation of the production process, including the full replacement of human resources with computers. 21. MRP stands for Management Resource Projections. 22. Just-in-time (JIT) production systems are concerned with minimizing or eliminating inventory levels of all inventory items. 23. Earnings management is the act of misstating financial information in order to improve financial statement results. 24. Absorption costing involves the inclusion of both variable and fixed costs in the determination of unit costs for ending inventories and cost of goods sold. 25. Management should not consider the moral implications of replacing human resources with electronic resources based on the cost/benefit concept. 26. The systems, processes, and internal controls are part of a corporate governance structure. 27. Corporate governance requires proper financial stewardship, and since inventories, fixed assets, and office supplies are the largest assets reported on a balance sheet, financial stewardship in these areas is especially important. ANSWERS TO TEST BANK - CHAPTER 11 - TRUE/FALSE: 1. 2. 3. 4. 5. 6.
F F T T F T
7. 8. 9. 10. 11. 12.
F T F T F T
13. 14. 15. 16. 17. 18.
T F F T T F
19. 20. 21. 22. 23. 24.
F T F T T T
25. F 26. T 27. F
TEST BANK – CHAPTER 11 – MULTIPLE CHOICE 28. A company’s conversion processes includes all of the following except: A. materials. B. office supplies. C. labor. D. overhead 29. A company must have systems in place to accomplish all of the following except: A. capture data. B. vocalize data. C. record data. D. summarize data. 30. The conversion process is initiated when the company recognizes: A. the receipt of raw materials. B. the shipment of finished goods to customers. C. the need to conduct operations. D. None of the above. 31. Overhead includes all of the following except: A. various other expenses necessary to run the operating facility. B. the president’s salary. C. fixed assets. D. indirect labor and materials. 32. The major activities within the conversion process include all but A. strategic planning that supports the company’s operational goals. B. optimizing the use of the employees, property, and inventories that are needed in operations. C. controlling production flows, ensuring product quality. D. and preparing the related cost accounting and financial accounting records. 33. Which of the following company activities would not be considered a productive activity? A. The manufacture of automobiles. B. The treatment of patients in a medical facility. C. Providing consulting services. D. All of the above, A, B, and C, are considered productive activities. 34. The process of logical, systematic flow of resources throughout the organization is referred to as: A. logistics. B. planning. C. reporting. D. sales forecast.
35. The component of the logistics function that directs the focus of operations is referred to as: A. logistics. B. planning. C. reporting. D. sales forecast. 36. The form that specifies the components of a product, including descriptions and quantities of materials and parts needed is the: A. operations list. B. bill of materials. C. engineering. D. capital budgeting. 37. The form that describes the chain of events that constitute a product’s production is referred to as the: A. operations list. B. bill of materials. C. engineering. D. capital budgeting. 38. The process that plans the timing for production activities is referred to as: A. operations list. B. bill of materials. C. scheduling. D. capital budgeting. 39. The form that authorizes production activities for a particular sales order or forecasted needs is referred to as the: A. production schedule. B. production orders. C. maintenance and control process. D. human resources process. 40. The process that is concerned with maintaining the capital resources used to support production is referred to as: A. the production schedule. B. production orders. C. maintenance and control. D. the human resources process. 41. A ___________________ outlines the specific timing required for a sales order, including the dates and times designated for the production run. A. production schedule B. production orders schedule C. maintenance and control schedule D. human resources schedule
42. The responsible for managing the placement and development of sufficient qualified personnel which includes hiring and training workers as well as maintaining records of their performance is the task of: A. the production schedule department. B. the production orders department. C. the maintenance and control department. D. the human resources department. 43. The responsible for managing and recording the movement of inventory in the many different directions that it may go throughout the conversion process is assigned to the: A. production schedule department. B. inventory control department. C. maintenance and control department. D. the human resources department. 44. The issuance and movement of materials into the various production phases is referred to as: A. production scheduling process. B. inventory control process. C. the routing process. D. the production orders process. 45. Which document provides the descriptions and quantities of materials taken into production for a specified sale or other authorized production activity? A. The routing slip. B. The shipping notice. C. The purchase requisition. D. The sales order. 46. Inventory ___________________ managing the holding area for finished goods awaiting sale. A. purchase order B. shipping notice C. purchase requisition D. warehousing 47. The major function within the conversion process is the: A. sales order function. B. sales forecast function. C. logistics function. D. reporting function. 48. The component of the logistics function that directs the focus of operations is the: A. operations component. B. resource management component. C. planning component. D. the sales component.
49. The planning component of the logistics function has all of the following elements except: A. maintenance and control. B. engineering. C. scheduling. D. capital budgeting. 50. The resource management component of the logistics function has all of the following elements except: A. maintenance and control. B. human resources. C. inventory control. D. capital budgeting. 51. The operations component of the logistics function has which of the following elements? A. maintenance and control. B. production. C. inventory control. D. capital budgeting. 52. The responsibility to conduct make/buy decisions is usually given to: A. engineering. B. capital budgeting. C. operations. D. research and development. 53. Capital budgeting: A. is responsible for the issuance of stocks and bonds to finance operations. B. plans the capital resources needed to support operations. C. is responsible for the procurement of production materials. D. is not a function of a company once established and functioning. 54. Engineering is responsible for: A. designing the product while operations is responsible the bill of materials and the operations list. B. designing the plant and equipment used in manufacturing. C. is responsible for the procurement of production equipment. D. designing the product and creating the bill of materials and the operations list. 55. The bill of materials is the: A. cost of raw materials purchased from a vendor. B. document of instructions utilized to assemble a product. C. form that specifies the components of a product. D. designing the product and creating the bill of materials and the operations list. 56. The operations list is the: A. schedule of production for the day, week, or month as specified by the company. B. document of instructions utilized to assemble a product. C. form that specifies the components of a product. D. designing the product and creating the bill of materials and the operations list.
57. Scheduling: A. plans the timing for acquisition of fixed assets. B. does not take into account machine breakdowns. C. takes into consideration all the open sales orders. D. does not take inventory needs. 58. Production orders: A. outline the specific timing required for sales orders. B. authorize production activities for a particular need or order. C. are forecasts of needs based on known and anticipated sales. D. are issued by the engineering department to correct product deficiency issues. 59. A production schedule: A. does not contain requirements due to sales forecasts. B. does not contain information from the bill of materials. C. contains information from the operations list. D. are issued by the maintenance and control department. 60. The department responsible for training production personnel is the: A. production department. B. human resources department. C. engineering department. D. None of the above. 61. Economic order quantity (EOQ) is a function: A. of the purchasing customer or client. B. of the sales force to provide the purchasing customer or client with the greatest value. C. of the responsibility of engineering through the operations list. D. associated with inventory control. 62. Routing is: A. the path electronic messages follow in the inventory system. B. the issuance and movement of materials into the various production phases. C. the physical movement of materials from the point of sale to the customer. D. the physical movement of materials from the vendor to the inventory stores facility. 63. Inventory status reports: A: are generated only for raw materials. B. are only generated for finished goods. C. are prepared at various stages of the production process. D. are only generated for work in process. 64. Select the true statement from the choices below. A: Inventory stores and warehousing are both concerned with raw materials. B. Neither inventory stores nor warehousing are concerned with raw materials. C. Inventory stores is concerned with raw materials and warehousing is concerned with finished goods. D. Inventory stores is concerned with finished goods and warehousing is concerned with raw materials.
65. The term “operations” is commonly used to refer to: A: the main function of the business. B. any function of the business which generates revenues. C. only those functions of the business accomplished by the operations department. D. only those functions which move inventory through the production cycle. 66. Operations may be performed by all of the following except: A: continuous processing of homogeneous products. B: batch processing. C. custom, made-to-order processing. D. Each of the above is a valid form of operations. 67. The final hub in the logistics function is: A: packaging. B: quality control. C. sales. D. shipping to the customer. 68. Rework refers to: A. generating a better quote for a customer. B. overhaul of a manufacturing machine. C. additional procedures to bring a product up to specifications. D. parts that are beyond repair at any cost. 69. The final hub in the logistics function which involves a follow-up to production, where the products are inspected before they are moved to the warehouse or shipping area is referred to as: A. quality control. B. shipping notice. C. purchase requisition. D. warehousing. 70. The expected cost based on projections of a product’s required resources which includes direct materials, direct labor and overhead is referred to as: A. quality control costs. B. sales order cost. C. rework costs. D. standard costs. 71. A system which involves recording purchases of raw materials inventory, recording all the components of work in process, and recording the total cost of sales for products completed and sold is referred to as: A. a perpetual inventory system. B. the accounting information system. C. a periodic inventory system. D. None of the above.
72. Perpetual inventory systems: A. record changes in inventory categories only at the end of each period. B. record changes in inventory categories only when sales are made. C. record changes in inventory categories whenever material is moved from one category to another. D. does not address raw materials. 73. Variances represent the differences between: A. actual costs and the standard costs applied. B. raw materials ordered and raw materials received. C. the sales targets and sales accomplishments. D. actual quantity on hand and quantity according to the inventory system. 74. Standard costs are: A. the responsibility of production accountants. B. the expected costs based on required resources. C. the costs normally paid for a component. D. are the prices the customer is expected to pay upon sale. 75. Standard costs take into consideration all of the following except: A. the cost of materials utilized to maintain production equipment. B. the cost of labor used to operate the production machinery. C. the cost of the sales manager’s salary. D. factory overhead items that cannot be directly correlated to product production. 76. Perpetual inventory systems: A. are only updated at the end of each fiscal period. B. are concerned only with finished goods. C. are not concerned with raw materials. D. involve every level of inventory necessary for production. 77. Periodic inventory systems: A. are only updated at the end of each fiscal period. B. are concerned only with finished goods. C. are not concerned with raw materials. D. may not reflect current inventory levels. 78. Variances: A. represent the differences between actual costs and the standard costs applied. B. represent the difference between design specifications and production results. C. represent flaws in the production results. D. Each of the answers, A, B, and C are correct. 79. Variances: A. are only investigated if they are unfavorable. B. are always investigated. C. will always result in the improvement of the logistics function. D. may not result in any changes in the logistics function.
80. Which of the following is not a responsibility given to the individuals making purchases for the company? A. Purchasing raw materials for production. B. Specifying the order and sequence of payments to vendors. C. Selecting vendors. D. Specifying the quantities to be ordered. 81. Which of the following activities in the conversion process does not require express authorization? A. Initiation of production orders. B. Issuance of materials into the production process. C. Transfer of finished goods to the warehouse or shipping areas. D. Initiation of a sales order. 82. Segregation of duties is accomplished by which of the following? A. Accounting personnel having restricted access to physical inventory. B. Warehouse personnel signing all documents related to material movements. C. Production personnel restricted to one manufacturing station at all times. D. None of the above. 83. Security of assets and documents include all of the following except: A. water sprinklers. B. adequate insurance coverage. C. restricted movement of office supplies. D. security guards. 84. In inventory systems, when the actual quantity and the accounting records quantity are compared it is referred to as: A. perpetual inventory. B. inventory resolution. C. the physical inventory reconciliation. D. periodic inventory. 85. Cost-benefit can be defined as: A. Gross profit after sales are made. B. cameras and security guards to protect construction materials in a restricted access warehouse. C. verifying inventory levels at the end of each working shift. D. alarm systems and vaults for fine jewelry inventories. 86. The activity in the conversion process that does not require express authorization is: A. the initiation of production orders. B. the issuance of materials into the production process. C. the transfer of finished goods to the warehouse or shipping areas. D. the movement of production pieces from one stage of production to the next.
87. Within the logistics function, segregation of duties means: A. one person should not have both inventory and accounting responsibilities. B. one person should not have production responsibilities over more than one station. C. one person should not have quality assurance responsibilities over a work station other than his own. D. each person can only have one duty or function in the production function. 88. Physical controls include all but: A. fences and alarm systems. B. security guards. C. high tech security tools. D. Each of the answers, A, B, and C are correct. 89. Physical inventory counts should only include: A. finished goods. B. finished goods and raw materials. C. finished goods and work-in-process. D. raw materials, work-in-process, and finished goods. 90. When there is a difference between the inventory records quantity and the physical count of inventory: A. there is a variance. B. the difference can be ignored if minor. C. the difference is resolved through inventory reconciliation. D. the difference is ignored if the physical quantity exceeds inventory record quantity. 91. Which of the following factors does not influence the need to safeguard and monitor inventory movement? A. Inconsistent or high levels of inventory movement. B. If the inventory is held at various locations. C. If a company’s inventory items are difficult to differentiate. D. Each of the answers, A, B, and C are correct. 92. The ________________ software allows engineers to work with advanced graphics at electronic work stations to create 3-D models that depict the production environment. A. computer-integrated manufacturing systems (CIMs) B. computer aided design (CAD) C. material resource planning (MRP) D. computer aided manufacturing (CAM) 93. _________________ involves the automated scheduling of production orders and movement of materials in the production process. A. Computer-integrated manufacturing systems (CIMs) B. Computer aided design (CAD) C. Material resource planning (MRP) D. Computer aided manufacturing (CAM)
94. _____________ integrates all of the conversion processes to allow for minimal disruptions due to reporting requirements or inventory movement issues. A. Computer-integrated manufacturing systems (CIMs) B. Computer aided design (CAD) C. Material resource planning (MRP) D. Computer aided manufacturing (CAM) 95. IT systems permit or allow all of the following except: A. automatic computation of materials requirements based on sales orders. B. reduced internal security measures. C. automatic updating of inventory status reports D. timely transfer of inventories throughout the process, 96. Computerization of the conversion process results in all except: A. Automatic computation of materials requirements based on purchase orders. B. Timely transfer of inventories throughout the process. C. Automatic updating of inventory status reports. D. Automatic computation of materials requirements based on sales orders 97. Select the false completion to the statement which starts “A computer-based conversion process:” A. requires less data input into the system. B. automatically prepares financial accounting entries and cost accounting reports. C. yields greater benefits in terms of workforce efficiency. D. permits more systematic scheduling which allows for greater flexibility. 98. Select the true statement. A. Computer-aided manufacturing (CAM) requires computer-aided design. B. Computer-aided design is always two dimensional. C. Computer-aided design may be three dimensional. D. Computer-aided design requires additional manpower during assembly. 99. Just-in-time (JIT) production systems: A. require close communications with the engineering department. B. do not require close communications with vendors. C. require closely controlled inventory levels. D. do not require additional monitoring. 100. The act of misstating financial information in order to improve financial statement results is referred to as: A. just in time production systems. B. manufacturing resource planning. C. earning management. D. absorption costing.
101.
_____________ involves the inclusion of both variable and fixed costs in the determination of unit costs for ending inventories and cost of goods sold. A. Just in time production systems B. Manufacturing resource planning C. Earning management D. Absorption costing
102. Ethical issues of manufacturing include all except: A. reassignment or retraining vice termination due to automation. B. absorption costing. C. production of excessive inventory levels. D. earnings management. 103. Absorption costing requires: A. production inefficiencies to be immediately identified. B. production to absorb the cost of waste and yield factors not considered in other costing methods. C. includes both variable and fixed costs in unit costs. D. the transfer of values to the income statement through inventory accounts. 104. Earnings management: A. is the act of misstating financial information. B. is the goal of cost/benefit relationships. C. accomplished through the proper management of inventory and sales. D. is an ethical goal of management. 105. Manpower displacement through automation: A. is considered a benefit through cost/benefit analysis. B. should be a concern of management. C. is the goal of proper engineering. D. seldom results in termination of employees. 106. Corporate governance requires all of the following except a/an: A. system. B. process. C. product. D. internal control system. 107. When the proper tone of corporate governance is in place: A. encouraging ethical conduct is unnecessary. B. effectiveness is not improved. C. risk of fraud tends to increase. D. proper stewardship of assets increases.
ANSWERS TO TEST BANK - CHAPTER 11 - MULTIPLE CHOICE: 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43.
B B C B A D A B B A C B C A D B
44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59.
C A D C C A D B D B D D C C B C
60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75.
B D B C C A D B C A D A C A B C
76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91.
D D A D B D A C C D D A D D C D
92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107.
B C A B A A C C C D B C A B C D
TEST BANK - CHAPTER 11 – END OF CHAPTER QUESTIONS: 108. Manufacturing has changed in recent years as a result of each of the following factors except: A. globalization B. technological advances C. increased competition D. lack of economic prosperity 109. The term conversion processes is often used synonymously with A. operations. B. production. C. manufacturing. D. All of the above. 110. Which of the following activities is not part of the planning component of the logistics function? A. Research and development B. Capital budgeting C. Human resource management D. Scheduling 111. Which of the following activities is an inventory control activity? A. Engineering B. Maintenance C. Routing D. Quality control 112. Which of the following statements concerning an operations list is true? A. It is an engineering document that describes the chain of events within a company’s conversion process. B. It is an engineering document that specifies the descriptions and quantities of component parts within a product. C. It is a capital budgeting document that describes the chain of events within a company’s conversion process. D. It is a capital budgeting document that specifies the descriptions and quantities of component parts within a product. 113. Which of the following terms relates to the control of materials being held for future production? A. Routing B. Work-in-process C. Stores D. Warehousing
114. Which of the following questions is most likely to be found on an internal control questionnaire concerning a company’s conversion processes? A. Are vendor invoices for materials purchases approved for payment by someone who is independent of the cash disbursements function? B. Are signed checks for materials purchased mailed promptly without being returned to the department responsible for processing the disbursement? C. Are approved requisitions required when materials are released from the company’s warehouse into production? D. Are details of payments for materials balanced to the total posted to the general ledger? 115. When additional procedures are necessary to bring a defective product up to its required specifications, this is referred to as A. rework. B. scrap. C. work-in-process. D. variance reporting. 116. A firm expects to sell 1000 units of its best-selling product in the coming year. Ordering costs for this product are $100 per order, and carrying costs are $2 per unit. Compute the optimum order size, using the EOQ model. A. 10 units B. 224 units C. 317 units D. 448 units 117. Which of the following internal controls is typically associated with the maintenance of accurate inventory records? A. Performing regular comparisons of perpetual records with recent costs of inventory items B. Using a just-in-time system to keep inventory levels at a minimum C. Performing a match of the purchase request, receiving report, and purchase order before payment is approved D. Using physical inventory counts as a basis for adjusting the perpetual records 118. If a manufacturing company’s inventory of supplies consists of a large number of small items, which of the following would be considered a weakness in internal controls? A. Supplies of relatively low value are expensed when acquired. B. Supplies are physically counted on a cycle basis, whereby limited counts occur quarterly and each item is counted at least once annually. C. The stores function is responsible for updating perpetual records whenever inventory items are moved. D. Perpetual records are maintained for inventory items only if they are significant in value. 119. The goal of a physical inventory reconciliation is to A. determine the quantity of inventory sold. B. compare the physical count with the perpetual records. C. compare the physical count with the periodic records. D. determine the quantity of inventory in process.
120. Which of the following is not considered a benefit of using computerized conversion systems? A. Automatic computation of materials requirements B. Increased sales and cost of sales C. Increased efficiency and flexibility D. Early error detection and increased accuracy 121. Which of the following represents a method of managing inventory designed to minimize a company’s investment in inventories by scheduling materials to arrive at the time they are needed for production? A. The economic order quantity (EOQ) B. Material resource planning (MRP) C. First-in, first-out (FIFO) D. Just-in-time (JIT) 122. For which of the following computerized conversion systems is Wal-Mart well known? A. CAD/CAM B. MRP-II C. CIMs D. JIT ANSWERS TO TEST BANK - CHAPTER 11 – END OF CHAPTER QUESTIONS: 108. D 109. D 110. C
111. C 112. A 113. C
114. C 115. A 116. C
117. D 118. C 119. B
120. B 121. D 122. D
TEST BANK - CHAPTER 11 - SHORT ANSWER QUESTIONS 123. What are the three resources that an organization must have to conduct a conversion (or transformation) process? Answer: The three resources are materials, labor, and overhead. 124. Do conversion processes occur in manufacturing companies only? Why or why not? Answer: All companies have a conversion process. That is, all companies use resources to provide an output for customers. Even in the case of service companies, or non-profit organizations, there are conversion processes. Manufacturing companies typically have more complex conversion processes. 125 Why are conversion activities typically considered routine data processes? Answer: Within conversion processes, there are daily, routine processes that occur. For example, laborers may assemble parts every day. Since these processes occur daily, and repetitively, they are routine. 126. Differentiate between a bill of materials and an operations list. Answer: The bill of materials is a list of materials and components that are ingredients to manufacture a particular product. The operations list is the set of steps or operations, in the necessary sequence, to manufacture a product. The operations list includes the locations, resources, and standard timings.
127. Differentiate between the roles of the engineering and the research and development departments. Answer: Research and development focuses on improvement of products or product lines. It is intended to develop new products, or improvements to existing products. Engineering designs the detailed specifications for each product to be manufactured. Research and development would have a more future focus that engineering. 128. What are the two types of documents or reports are likely to trigger the conversion process? Answer: A sales order or a sales forecast would trigger the conversion process. Manufacturing would not be started until a need for products was documented on either a sales order or sales forecast. 129. What are the three primary components of logistics? Answer: They are planning, resource management, and operations. Planning is concerned with which products will be made, how many of each of these products, which resources are required, and the timing of production. Resource management is the monitoring and controlling of the use of resources such as the facilities, human resources, and inventory. Operations is the day-to-day performance of production activities. 130. What types of information must be taken into consideration when scheduling production? Answer: The information that should be considered includes all open sales orders, inventory needs, and resources available. 131. Differentiate between a routing slip and an inventory status report. Answer: A routing slip documents materials removed from the storeroom and placed into production. An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 132. What are the conversion responsibilities of the maintenance and control, inventory control, inventory stores, and human resources departments? Answer: Maintenance and control maintains the fixed assets such as production facilities, machinery, equipment, and vehicles. Inventory control manages and records the movement of materials and inventory. Inventory stores controls the raw materials held in storage that will eventually be used to produce goods. 133. What is the purpose of an inventory status report? Answer: An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 134. What is the overall goal of the inventory control department? Answer: Its purpose is to manage and record the movement of materials and inventory throughout the production process. 135. What is the purpose of the quality control department? Answer: The purpose is to inspect products and to allow products that meet quality standards to be moved to a warehouse or shipping area. Products that do not meet quality standards are returned to production for rework or they are scrapped.
136. What is the purpose of determining standard costs? Answer: Standard costs are used as benchmarks of comparison for actual costs. Comparing actual costs to standard costs allows managers to determine whether excessive resources are being used in production. 137. What should be done when unfavorable variances are discovered? Answer: These differences (variances) help pinpoint problem areas in production. Since unfavorable variances result from actual costs that exceed standard costs, they may indicate that excessive resources are being used in production. This information could be used to improve logistics in the conversion processes. 138. Why would perpetual inventory records be preferable to periodic inventory records in a manufacturing company? Answer: With perpetual inventory records, management always has up-to-date information about inventory levels. Having such information improves the ability to plan production schedules and to plan purchases of material. 139. Which three activities in the conversion process should require specific authorization before they are begun? Answer: The three processes that should require specific authorization are: initiation of production orders; issuance of materials to production; and transfer of finished goods. 140. Why is it important to separate the functions of inventory control and the production stations? What could go wrong if these functions were not separated? Answer: Inventory control maintains records of inventory, while production stations have custody of materials during production. Custody duties and recording duties for raw materials and good being produced should always be segregated. If these duties are not segregated, one person has both custody and record keeping duties. That person could steal materials or goods and alter records to cover up the theft. 141. Why is it so important that variance reports be prepared in a timely manner? Answer: Variances serve as independent checks on the accuracy and completeness of production costs. They also indicate to management where changes may need to be made to improve the production processes. If variances are not examined on a timely basis, they are much less effective in serving the functions of independent checks. 142. Explain how a physical inventory count would differ in a company using a perpetual inventory system versus one using a period inventory system. Answer: In a perpetual inventory system, a physical inventory count is used to verify the accuracy of inventory records. If a difference exists between the inventory balances and a physical count, perpetual inventory records are adjusted to ensure that the recorded balances equal the physical count. In a periodic system of inventory, there is no ending balance in the records and the physical count is used to determine the balance to place in the inventory control records.
143. When IT systems are used in conversion processes, what are some of the resulting advantages to the organization? Answer: There are often gains in productivity and flexibility, with reductions in time and cost. Also, IT systems often integrate processing applications, planning, resource management, operations, and cost accounting. This increases workforce efficiency and reduces paperwork and costs. 144. How can programmed controls within the IT system for conversion processes enhance internal controls? Answer: There are several ways that programmed controls enhance internal control. First, validation of data can detect input errors before actions are initiated. Also, the system may be programmed to issue error reports for errors or unauthorized events in production. As examples, the system could issue error reports if a work-in-process record is not generated for a production order, or if the same operation is performed at multiple work stations, or when an employee performs incompatible operations. 145. What is the difference between CAD, CAM, and CIM? Answer: CAD is computer aided design. By using the computer in the design process, it becomes more effective and efficient. CAM is computer aided manufacturing. It usually involves computer controlled robotics to perform production procedures. CIM is computer integrated manufacturing. It encompasses more than CAM because it integrates financial and cost accounting, along with computer controlled manufacturing. That is, the computer controls robotic manufacturing, and also captures, records, and maintains accounting information about production processes. 146. What is the difference between MRP, MRP-II, and ERP? Answer: All three are software systems. MRP is materials requirement planning and it is used to plan, coordinate and track materials in a manufacturing process. MRP II is manufacturing resources planning software. An AMR II system is more comprehensive and includes the ability to plan, coordinate, and track manufacturing resources. This would include materials, labor, and facilities. ERP is enterprise resource planning system. It is software that helps plan, coordinate, and track all enterprise resources. Thus ERP is more encompassing than MRP II, and MRP II is more encompassing than MRP. 147. How can conversion processes be manipulated to show higher earnings? Answer: Cost accounting uses absorption costing in which fixed overhead is applied to units produced. When excess units are produced, these excess units become part of ending inventory, and the fixed overhead attached to those units is set aside in ending inventory. Therefore, as more units are added to ending inventory, more fixed overhead is deferred and net income becomes higher. Income can be manipulated by producing more units than needed and putting those units in ending inventory.
TEST BANK - CHAPTER 11 - SHORT ESSAY 148. Consider a company that is in the business of producing canned fruits for grocery stores. (It is not in the business of growing the fruit.) List the items that would likely be included as this company’s direct materials, direct labor, indirect materials, and other overhead. Answer: The direct materials would be many different kinds of fruits such as pineapple, peaches, grapes, cherries, pears, and mandarin oranges. The direct materials could also include sugar or fructose. The indirect materials might be water. Direct labor would be those workers that work directly in the cleaning, peeling, slicing, and packaging of the fruit. Even if these processes are automated, rather than manual, the workers who operate the slicing or packaging machinery are direct labor. Other overhead includes other costs of running the canning operation that are not direct materials or direct labor. This could include utilities, rent, depreciation, machine maintenance, and supplies. 149. Give some examples of manufacturing processes that would fit into each of the three different types of production processes: continuous processing, batch processing, and custom made-toorder. Answer: Continuous processing examples: Soft drink bottling, beer bottling, frozen meal processing (Lean Cuisine, Banquet), cereal, toy making such as dolls, electronics manufacturing such as i-pods, power generation as in coal-fired plants. Examples of batch manufacturing might be: wine making, gasoline production, prescription pill production. Many things that could be continuous production might also be made in batches for convenience or efficient use of machinery. For example, equipment to bottle soft drinks might be used for a few hours to bottle a batch of Pepsi, then be cleaned and set to produce a batch of Mountain Dew. Examples of custom, made-to-order manufacturing would include consumer products identified as customized. For example, BeyondBikes.com makes custom mountain bikes using specific parts chosen by the customer. Also, many companies make custom manufactured products for other companies. Examples would include specially machined parts or components, custom made manufacturing machinery or tools, and print shops that print custom made printed material. 150. List and describe each activity within the planning component of the logistics function. Answer: Planning includes: research and development, capital budgeting, engineering, and scheduling. Research and development is the design of new products, or the redesign of existing products to improve the existing products. Capital budgeting is the planning needed in the outlay of funds to acquire capital assets. Capital assets include the facilities and equipment needed to conduct operations. Engineering develops the product specifications for each product, to include the bill of materials and the operations list. Scheduling sets the timing for production activities. Scheduling should minimize idle time and schedule products to meet the demands of the sales forecast or inventory needs.
151. Some companies use the same facility for both inventory stores and warehousing. Describe the difference between these two inventory control activities, and how the respective areas might be distinguished within the facility. Answer: Inventory stores usually is the term used for raw materials or components used as inputs to manufacture products. A warehouse is the storage location for finished products. Thus, inventory stores is the storage for inputs, while the warehouse is storage for the out puts. Since both are physical storage locations for manufacturing facilities, they have common needs for security and physical controls, as well as proper and accurate record keeping. 152. For the following activities within the conversion process, place them in sequence that indicates the order in which they would normally be performed: • Inspection of goods • Materials issuance • Preparation of time sheets • Preparation of a bill of materials • Preparation of an inventory status report • Preparation of a production schedule Answer: Preparation of a production schedule Preparation of a bill of materials Materials issuance Preparation of time sheets Inspection of goods Preparation of an inventory status report 153. Describe the purpose of each of the following cost accounting records or reports: • Work-in-process and finished goods inventory accounts Answer: Both are inventory accounts to track the amount of goods in process and the quantity of completed goods respectively. • Bill of materials Answer: It specifies the quantities needed of each raw material or component to manufacture a particular product. • Variance reports Answer: Variance reports show differences between actual costs and standard costs (expected costs). These reports are used to pinpoint problem areas that may require logistics changes to improve the manufacturing process. • Routing slips Answer: The routing slip is used to document the movement of material. This tracks the physical movement of materials in the conversion process.
154. Describe how a cost accountant would cancel a production order upon completion of the related product. Why is this important? Answer: The documentation for the order, called the production order, should be marked in a manner to show it is complete. For example, a cost accountant might sign a particular line to show it is completed, or stamp the production order with the word “Completed”. This cancelling of the document is important so that the exact status of the order is clear and so that the document may not be misused to commit fraud. For example, a production order not cancelled could be used to fraudulently begin a new production run so that the products could be stolen. 155. When taking a physical inventory count at a typical manufacturing facility, which category of inventory (raw materials, work-in-process, or finished goods) is likely to be the most time consuming to count and determine the relevant costs for? Why? Answer: Work-in-process is likely to be the most time consuming. This is because the work-inprocess includes all units in production at various stages of completion and these units could be located at many different work stations or work centers. Tracking the location, quantity, and stage of completion for each work-in-process unit would be more complex than tracking units of raw materials or finished goods. 156. Identify several factors that indicate the need for more extensive internal controls covering conversion processes. Answer: The factors include: the number of products made; the value or size of products (valuable or small products are more likely to be stolen), high levels of inventory movement, inventory held at various locations, and inventories that are difficult to value.
157. Match the IT systems on the left with their definitions on the right: • CAD Answer: B. Electronic workstation including advanced graphics and 3-D modeling of production processes. • CAM Answer: G. Production automation, including use of computers and robotics. • MRP Answer: F. Automated scheduling of production orders and materials movement. • MRP-II Answer: C. Automated scheduling of manufacturing resources, including scheduling, capacity, and forecasting functions. • ERP Answer: E. A single software system that includes all manufacturing and related accounting applications. • CIMs Answer: A. A network including production equipment, computer terminals, and accounting systems. • JIT Answer: D. The minimization of inventory levels by the control of production so that products are produced on a tight schedule in time for their sale. TEST BANK - CHAPTER 11 - PROBLEMS 158.
Question not available.
159.
Question not available.
160. Using an Internet search engine, search for the terms “CAD” _“industrial robots.” Identify a company (name and location) that provides manufacturing automation by using robotics. Describe some of the robotic operations that are featured on the company’s website. Answer: FANUC Robotics America is the leading supplier of robotic automation in the US. They provide robotics for assembly, packing, parts transfer, material removal, welding, and painting. There are too many robotics to explain each, but as an example, FANUC sells a P-10 door opener that is a vertically articulated robot designed specifically for opening automobile and truck doors to facilitate robotic interior painting. There are other companies that provide industrial robots, including KUKA, Epson Robotics, Fischerteknic, Denso, and Motoman. There are many other companies and a student might find names other than these. 161.
Question not available.
162. Explain how the over-production of inventories can be seen as unethical in an absorption costing environment. Answer: In absorption costing, fixed overhead is allocated to each unit of inventory. Thus, overproduction that leads to increased levels of finished goods inventory results in more fixed overhead in the ending inventory valuations. A higher ending inventory valuation leads to lower cost of goods sold and thereby, higher net income. If the only purpose for this overproduction is to manipulate net income, it is unethical because it misleads those who use the financial statements. 163. Price discounts are commonly used in the business world as incentives for customers. How may this practice (or its misuse) be deemed unethical? Answer: If it is used as a coercive tactic to lure customers into purchasing early and therefore increasing profit in a given year, it can be unethical. This is true if the major intent is to inflate profits. Certainly, there are legitimate reasons to grant discounts, but it becomes unethical when the intent is to use discounts to inflate sales. 164.
Question not available.
ACCOUNTING INFORMATION SYSTEMS ADMINISTRATIVE PROCESSES AND CONTROLS TURNER / WEICKGENANNT CHAPTER 12: Administrative Processes and Controls TEST BANK – CHAPTER 12 – TRUE / FALSE 1. The sale of bonds should be considered a regular, recurring process since these types of transactions are recorded in the general ledger. 2. Administrative processes are transactions and activities that either are specifically authorized by top managers or are used by managers to perform administrative functions. 3. Not all organizations require long-term, capital assets such as land, buildings, and equipment to operate. 4. Capital usually comes from assets or short-term debt. 5. Source of operational processes are those processes to authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. 6. The board of directors must decide between debt, assets, or equity for capital funds. 7. An underwriter is a third party that contracts with a corporation to bring a new issue of securities to the public market. 8. Operations processes are those processes which authorize, execute, manage, and properly account for debt. 9. A corporation’s own stock that is repurchased by the company on the open market is a marketable security. 10. For both source of capital processes and investment processes, the important control is the specific authorization and oversight by top management. 11. Business processes in an organization do not include events that are accounting transactions.
1
12. Subsidiary ledgers maintain the detail information regarding routine transactions, with an account established for each entity. 13. Special journals are journals that are established to record the transactions of specific customers and vendors. 14. In the case of a manual accounting system, an approved journal voucher must be forwarded to the general ledger department before transactions can be recorded. 15. Approvals for each journal voucher are specific authorizations. 16. An example of good internal control is having one person responsible for the value of the total of the sales in the sales journal and another person responsible for the balance of sales in the general ledger. 17. General ledger employees should record journal vouchers, but they should not authorize journal vouchers, have custody of assets, or have recording responsibility for any special journals or subsidiary ledgers. 18. A well-defined chart of accounts would contain an account titled “Rent.” 19. Because of their access to the accounting system, internal managers need less detailed reports than external users. 20. External users need detailed balance information on every existing account in the general ledger. 21. Service firm internal reports are more likely to focus on sales and the status of projects. 22. Unethical and fraudulent behaviors are much more likely to be initiated by employees, not .management. 23. One of the reasons that management, not employees, initiate more unethical and fraudulent activities are that employees do not have access to much of the documentation needed to affect the event. 24. Employees are more likely to hide or conceal fraudulent activity in the records of fixed assets and capital acquisition events than elsewhere. 25. Reports disseminated to lower level managers are usually used to provide feedback and establish production schedules or sales goals.
2
26. To set a proper ethical tone, top managements should measure several factors of managerial performance without over-emphasizing profitability or cost cutting. 27. The only method of exercising corporate governance over administrative processes and financial reporting is through the company’s budgeting process. 28. Because of regulatory and auditing issues, good corporate governance does not depend upon the ethical conduct of management. ANSWERS TO TEST BANK - CHAPTER 12 - TRUE/FALSE: 1. 2. 3. 4. 5. 6.
F T F F F F
7. 8. 9. 10. 11. 12.
T F F T F T
13. 14. 15. 16. 17. 18.
3
F T F T T F
19. 20. 21. 22. 23. 24.
F F T F T F
25. 26. 27. 28.
F T F F
TEST BANK – CHAPTER 12 – MULTIPLE CHOICE 29. Capital or investment processes: A. is a regular and frequent event. B. only requires the specific approval of someone such as a senior accountant. C. requires the specific approval of top management or board of directors. D. can be considered revenue since it results in cash inflows. 30. Capital or investment processes: A. is a regular and frequent event. B. do not require established procedures or internal controls due to their infrequency. C. require established procedures and internal controls even though they are considered infrequent events. D. do not involve the company’s own bond issues. 31. Conversion processes, systems and controls result from transactions: A. that are large volumes of daily materials transactions. B. that are large volumes of daily sales and cash inflow transactions. C. that are periodic. D. that are infrequent. 32. Revenue and return processes, systems and controls result from transactions: A. that are large volumes of daily materials transactions. B. that are large volumes of daily sales and cash inflow transactions. C. that are periodic. D. that are infrequent. 33. Administrative processes, systems and controls result from transactions: A. that are large volumes of daily materials transactions. B. that are large volumes of daily sales and cash inflow transactions. C. that are periodic. D. that are infrequent or intermittent. 34. External reports do not include: A. balance sheets. B. income statements. C. sales reports. D. cash flows.
4
35. Internal reports do not include: A. balance sheets. B. sales reports. C. cash flows. D. inventory status reports. 36. Select the answer that contains only external reports. A. Balance sheet, income statement, cash flow statement. B. Sales, balance sheet, income statement. C. Balance sheet, income statement, aged receivables. D. Sales, inventory, aged receivables. 37. Select the answer that contains only internal reports. A. Balance sheet, income statement, cash flow statement. B. Sales, balance sheet, income statement. C. Balance sheet, income statement, aged receivables. D. Sales, inventory, aged receivables. 38. Payroll transactions are considered: A. large volume daily events. B. small volume daily events. C. periodic events. D. intermittent or infrequent events. 39. Raw material events can be found in which two processes? A. 1) Revenue and return processes, systems & controls and 2) expenditures and return processes, systems & controls. B. 1) Expenditures and return processes, systems & controls and 2) conversion processes, systems & controls. C. 1) Conversion processes, systems & controls and 2) Administrative processes, systems & controls. D. 1) Administrative processes, systems & controls and 2) Revenue and return processes, systems & controls. 40. Capital is/are the funds: A. utilized to acquire long-term and short-term or current assets. B. received from customers from accounts receivable. C. utilized to acquire long-term assets D. that are cash inflows regardless of source.
5
41. The decision to raise or acquire capital funds is: A. the responsibility of contract stock underwriters. B. the responsibility of contract bond underwriters. C. affects only bonds. D. is the responsibility of the board of directors. 42. Capital funds are acquired through: A. the issuance of bonds only. B. the issuance of stocks and/or bonds. C. the issuance of stocks only. D. the initiation of debt instruments only. 43. Long-term debt is considered: A. Bonds and loans with payment schedules several years in the future. B. stocks. C. loans with payment due in the near future. D. All of the above, A, B, and C, are examples of long-term debt. 44. Equity is considered: A. Bonds and loans with payment schedules several years in the future. B. stocks. C. loans with payment due in the near future. D. All of the above, A, B, and C, are examples of long-term debt. 45. The transactions and resulting processes related to loans, bonds payable, and stock should be executed only when A. received funds have been expended through the purchase of fixed assets. B. the transactions are completed. C. top supervisors authorize them D. top management or the board of directors authorize them. 46. Select the correct statement from those listed below. A. Issuance of bonds and the origination of loans are considered debt while the issuance of stock is considered equity. B. Issuance of bonds and the origination of loans are considered debt while the issuance of stock is considered revenue. C. Issuance of bonds, the origination of loans, and the issuance of stock are all considered debt. D. Issuance of bonds, the origination of loans, and the issuance of stock are all considered equity.
6
47. Items associated with debt do not include: A. interest. B. maturity date. C. dividends. D. changes in stockholders’ equity. 48. Items associated with equity include all but: A. interest. B. maturity date. C. dividends. D. changes in stockholders’ equity. 49. Investment processes: A. issue stock. B. issue bonds. C. purchase of fixed assets. D. invest excess funds. 50. The _____________ of a corporation has the responsibility for making investment decision. A. board of directors. B. chief financial officer. C. treasurer. D. president/CEO. 51. The _____________ of a corporation usually has physical custody of securities held as investments. A. treasurer. B. president/CEO. C. board of directors. D. chief financial officer. 52. Corporations with complex IT systems: A. may automate their investment process. B. still handle all investment processes manually. C. generally isolate the investment process from their accounting application. D. cannot forecast surplus cash levels.
7
53. Select the true statement from those given below. A. Capital processes require top management approval while investment processes only require treasurer approval. B. Both the capital process and the investment process require only treasurer approval. C. Both the capital process and the investment process require top management approval. D. Neither the capital process nor the investment processes require top management approval. 54. Fraud associated with the capital and investment process is: A. is generally the actions of the employees handling the cash associated with transactions. B. usually related to management fraud. C. prevented by the use of electronic funds transfers. D. usually not pursued by the Securities and Exchange Commission. 55. The proper sequence of events for the accounting cycle is: A. journalize, post, trial balance, adjusting entries, financial statements, and closing entries. B. journalize, post, trial balance, adjusting entries, closing entries, and financial statements. C. journalize, post, adjusting entries, trial balance, closing entries, and financial statements. D. trial balance, adjusting entries, journalize, post, closing entries, and financial statements. 56. Special journals include: A. accounts receivable journal, cash receipts journal, payroll journal, purchases journal, and sales journal. B. accounts payable journal, cash disbursements journal, payroll journal, purchases journal, and sales journal. C. cash disbursements journal, cash receipts journal, general journal, payroll journal, purchases journal, and sales journal. D. cash disbursements journal, cash receipts journal, payroll journal, purchases journal, and sales journal. 57. Special journals so not include the: A. sales journal B. inventory journal. C. cash receipts journal. D. payroll journal.
8
58. Special journals include the: A. accounts receivable journal. B. accounts payable journal. C. purchases journal. D. inventory journal. 59. Select the correct statement from the following. A. To review purchases from a vendor inspect the purchases journal, to review payments to a vendor inspect the cash receipts journal. B. To review purchases from a vendor and review payments to a vendor inspect the cash disbursements journal. C. To review the purchases from a vendor inspect the purchases journal, to determine inventory levels of a specific item inspect the inventory journal. D. To review the payments to a vendor inspect the cash receipts journal, to determine inventory levels of a specific item inspect the inventory journal. 60. Select the correct statement from the following: A. The accounts payable journal will not show detail of purchases from a vendor. B. Details of amounts owed by a customer in are the accounts payable journal. C. The sales journal contains all sales information. D. Details of amounts owed to a vendor are contained in the purchases journal. 61. Select the correct statement from the following: A. If the trial balance debits equal the trial balance credits, adjusting entries are not necessary. B. Adjusting entries are made after the adjusted trial balance report is printed. C. Accounts payable information in detail can be found in both the general ledger and the accounts payable subsidiary ledger. D. Financial statements must be prepared before the closing entries are journalized. 62. Sales and sales returns can affect which journals? A. Accounts receivable, accounts payable, inventory, and sales. B. Accounts receivable, cash, inventory, and sales. C. Accounts receivable, accounts payable, purchases, and inventory. D. Sales, cash receipts, cash disbursements, inventory, and purchases. 63. Special journals are: A. utilized for infrequent special journal entries. B. for regular and recurring transactions. C. not utilized in automated accounting processes. D. often the source of information regarding a specific customer.
9
64. The sales journal would have columns for: A. a debit to sales, a credit to accounts receivable. B. a debit to cash, a debit to accounts receivable, and a credit to sales. C. a debit to accounts receivable and a credit to cost of goods sold. D. a debit to accounts receivable and a credit to sales. 65. Subsidiary ledgers: A. would not contain the detailed information of a customer’s account. B. would contain the detailed information of a customer’s account. C. would contain only information related to secondary interests of the organization. D. would not be utilized in automated accounting processes. 66. When special journals are utilized: A. a general journal is not required. B. segregation of duties is required. C. a general journal is still utilized for infrequent and unique journal entries. D. a general ledger is not required. 67. Corrections to posting errors are made: A. before the first trial balance. B. only after the first trial balance. C. when discovered. D. only when directed by top management. 68. Closing entries are: A. journalized in all of the special journals. B. journalized in the general journal. C. journalized in the subsidiary ledgers. D. journalized in the general ledger. 69. Closing entries: A. close all of the general ledger accounts. B. end the fiscal period. C. close all of the subsidiary ledger accounts. D. are journalized in the subsidiary ledgers. 70. Today’s automated accounting process: A. is built on a structure independent of manual accounting. B. does not require special journals or subsidiary ledgers. C. is built on an operational structure similar to manual accounting. D. eliminate errors in the accounting process.
10
71. Today’s automated accounting process: A. helps the user by identifying modules for activities. B. precludes the use of subsidiary ledgers. C. requires manual posting of general journal transactions. D. All of the above, A, B, and C, are correct. 72. Transactions are recorded in the special journals and subsidiary ledgers: A. at the time of the transaction. B. only when approved by top management. C. only during the adjusting process. D. only during the closing process. 73. Posting to the general ledger occurs: A. as the transaction is recorded in the special journals. B. is not required if special journals are utilized. C. automatically at the end of each business day. D. only when proper authorization has been given. 74. In automated accounting: A. paper vouchers are still required before the posting process is started. B. transaction information may be held in a special module awaiting posting. C. general ledger accounts are updated as transactions are recorded in special journals. D. authorization is required for each specific transaction. 75. As computerized accounting systems get more and more complex and integrated: A. the level of authorization for posting gets higher in the level of responsibilities. B. the level of authorization for posting has not changed. C. the level of authorization for posting gets lower in the level of responsibilities. D. more levels of authorization are required. 76. Select the correct statement from the following. A. general ledger employees should have custody of any assets that they record in the general ledger. B. General ledger employees should never be given responsibility for authorizing any journal vouchers. C. General ledger employees should record journal vouchers from any operational departments when received. D. All of the above, A, B, and C, are correct.
11
77. Select the correct statement from the following. A. general ledger employees should not have custody of any assets that they record in the general ledger. B. General ledger employees should never be given responsibility for authorizing any journal vouchers. C. General ledger employees should only record journal vouchers that have been authorized by the appropriate manager. D. All of the above, A, B, and C, are correct. 78. General ledger employees should record journal vouchers, but they should not A. have recording responsibility for any special journals or subsidiary ledgers. B. authorize journal vouchers. C. have custody of assets. D. All of the above, A, B, and C, are correct. 79. Segregation of duties: A. remains unchanged between computerized and manual accounting. B. may be more difficult in less complex computerized accounting systems. C. is not a factor with computerized accounting systems. D. is not a factor with manual accounting systems. 80. When transactions are posted in a computerized accounting system: A. the user must post all transactions awaiting in the module. B. segregation of duties is not a factor. C. can select which batches of transactions to post. D. anyone with general ledger access can post the transactions. 81. Within ERP systems: A. a single user with a password may be authorized to purchase and receive the item. B. segregation of duties and responsibilities allows incompatible privileges. C. purchasing requires a different approval than receiving. D. user profiles are not recorded within the system.
12
82. While using a manual general ledger system, the audit trail could consist of: 1. general ledger. 2. electronic images. 3. journal vouchers. 4. paper documents. 5. source documents. 6. special journals. 7. subsidiary ledgers. A. 1, 2, 3, 4, 5, 6, and 7. B. 1, 3, 4, 5, 6, and 7. C. 1, 2, 4, 5, 6, and 7. D. 1, 2, 4, 6, and 7. 83. While using a computerized IT accounting system, the audit trail could consist of: 1. general ledger. 2. electronic images. 3. journal vouchers. 4. paper documents. 5. source documents. 6. special journals. 7. subsidiary ledgers. A. 1, 2, 3, 4, 5, 6, and 7. B. 2. C. 2, 4, 5, and 7. D. 1, 4, 6, and 7. 84. Audit trails: A. can proceed only from the source document to the journal entry. B. can proceed only from the journal entry to the source document. C. is only utilized by the CPA auditors. D. can be from the source document to the journal entry or from the journal entry to the source document. 85. Security of source documents: A. is essential for both manual general ledger systems and IT accounting systems. B. is not a factor with IT accounting systems since the source documents are electronic images. C. is not a factor with manual general ledger systems since they are printed documents in archive files. D. None of the options, A, B, or C, are correct.
13
86. Select the correct statement from those listed below. A. Investors and creditors use nonfinancial feedback to evaluate business performance. B. Internal managers need only nonfinancial feedback for proper planning and control of operations. C. Internal managers need reports at the same frequency as external users. D. Internal managers need much more frequent and detailed reports than external users. 87. Internal users: 1. need more frequent reports than external users. 2. need the same reports as external users to manage the operation. 3. do not utilize nonfinancial information in the planning and control of operations. 4. utilize nonfinancial information in the planning and control of operations. A. Only 1. B. Only 1 and 4. C. Only 1 and 2. D. Only 4. 88. The external general purpose financial statements/reports are the: 1. aged accounts payable report. 2. aged accounts receivable report. 3. balance sheet. 4. income statement. 5. inventory statement. 6. statement of cash flows. 7. statement of retained earnings. A. 1, 2, 3, 4, 5, 6, and 7. B. Only 1, 2, 3, 4, 6, and 7. C. Only 3, 4, 6, and 7. D. Only 1, 3, 4, 6, and 7. 89. Financial statements: A. are generated from the values of the special journals and subsidiary ledgers. B. are presented with complete chart of account detail. C. may contain condensed data from the general ledger. D. show units in inventory and dollar value of those units.
14
90. The four general purpose financial statements: A. are generated at the end of each month. B. are generated at the end of each fiscal period. C. are distributed only to external users. D. are distributed only to internal users. 91. Internal reports of financial information: A. are standardized by the AICPA. B. are the same as those distributed to the external users. C. vary by the user. D. are distributed on the same time schedule as external reports. 92. The factor that does not affect internal reports is: A. the type of organization. B. the audit status of the organization. C. the underlying function being managed. D. the time horizon. 93. The account that a manufacturing operation and a retail firm would have in common would be: A. raw materials. B. work in process. C. labor. D. inventory. 94. A service firm would focus on: A. raw materials and work in process. B. sales and project status. C. work in process and labor. D. raw materials and labor. 95. A common interest for manufacturing, retail, and service firms is: A. inventory. B. revenues. C. profitability. D. Both B and C. 96. Not-for-profit organizations would be interested in: A. cash flows, revenues, and expenditures. B. cash flows, funding sources, and expenditures. C. revenues, expenses, and funding sources. D. cash inflows, cash outflows, and profits.
15
97. Select the true statement from those listed below. A. Managers only need reports showing dollar values. B. Managers only need reports showing unit data. C. All managers need the same information. D. Managers need the information associated with their area of responsibility. 98. Studies show: A. that for day-to-day operations unit data is the critical element. B. that for day-to-day operations general ledger dollar value is the critical element. C. that the general ledger dollar values have little impact on long-term time horizons. D. Both A and B are correct. 99. Unethical or fraudulent behavior 1. can occur in administrative processing of an organization. 2. can occur in the reporting functions of an organization. 3. are much more likely to be initiated by management. 4. are much more likely to be initiated by employees. A. Only 1, 2, and 3 are correct. B. Only 1, 2, and 4 are correct. C. Only 1 and 3 are correct. D. Only 2 and 4 are correct. 100. Select the true statement from the following. A. Employee fraud is more prevalent in the routine processes. Management fraud is more prevalent in administrative processes and reporting. B. Employee fraud is less prevalent in the routine processes and administrative processes. Management fraud is more prevalent in operational processes and reporting. C. Employee fraud is less prevalent in the administrative processes. Management fraud is more prevalent in operational processes and reporting. D. Employee and managerial fraud is prevalent in the routine processes as well as the administrative processes and reporting equally.
16
101. in a properly controlled system of administrative and reporting functions, 1. employees have access to related assets or source documents. 2. administrative processes are tightly controlled by supervisors. 3. employees have the authority to initiate processes such as investing. 4. in processes such as sales and cash receipts employees are given general authorization to initiate and process transactions. A. Only 1 and 4 are true. B. Only 1, 2, and 4 are true. C. Only 4 is true. D. Only 1, 3, and 4 are true. 102. Examples of employee initiated fraud would not include: A. the writing off uncollectible accounts of a friend even when it could be collected. B. the inflation of hours worked on time card C. the theft of cash or checks from the mailroom. D. the release of false or misleading general purpose financial statements. 103. Fraud is: A. harder to conceal in the routine events of conversion and sales because of their visibility. B. harder to conceal in the administrative processes such as investments because of the limited access to the records. C. harder to conceal when initiated by top management due to limited access to the records. D. precluded by proper internal control processes. 104. The raising of capital: A. requires the complete and honest details of the utilization of the funds. B. should be supported by correct and factual financial statement values. C. should be supported by correct and factual financial statement footnotes. D. All of the above, A, B, and C, are correct. 105. The four primary functions of corporate governance do not include: A. management oversight. B. inventory control. C. financial stewardship. D. ethical conduct.
17
106. A proper corporate governance structure must be in place in order to properly deter instances of: and reports. A. fraud. B. theft. C. misuse or manipulation of administrative resources. D. All of the above, A, B, and C, are correct. 107. When management designs and implements effective administrative processes: A. delegation of responsibility is prohibited. B. the ability to steal or misuse capital is eliminated. C. constant monitoring is necessary. D. the responsibility of executing related capital functions to employees is prohibited. 108. When management designs and implements effective administrative processes: A. delegation of responsibility is prohibited. B. a budgeting process is a method of corporate governance. C. the responsibility of executing related capital functions to employees is prohibited. D. the ability to steal or misuse capital is eliminated.
ANSWERS TO TEST BANK - CHAPTER 12 - MULTIPLE CHOICE: 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45.
C C A B C C A A D C B C D B A B C
46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62.
A C A D C C A C B A D B C C A D B
63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79.
18
B D B C C B B C A A D B C B D D B
80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96.
C A B B D A D B C C B C B D B D B
97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108.
D A B A C C A D B D C B
TEST BANK – CHAPTER 12 – END OF CHAPTER QUESTIONS: 109. Which of the following is not part of an administrative process? A. The sale of stock B. The sale of bonds C. The write-off of bad debts D. The purchase of marketable securities 110. Which of the following statements is not true regarding source of capital transactions? A. These processes should not be initiated unless there is specific authorization by management at a top level. B. Source of capital processes will result in potential dividend or interest payments. C. Retirement of debt is a source of capital process. D. The fact that these transactions and processes cannot occur without oversight by top management means other controls are not necessary. 111. The officer within a corporation that usually has oversight responsibility for investment processes is the A. controller. B. treasurer. C. chief executive officer (CEO). D. chief accounting officer (CAO). 112. Which of the following statements is not true regarding internal controls of capital and investment processes? A. Internal controls aimed at preventing and detecting employee fraud in capital and investment processes are not as effective. B. Top management fraud, rather than employee fraud, is more likely to occur. C. Any fraud is likely to involve manipulating capital and investment processes. D. Because of top management oversight, the auditor need not review these processes. 113. Which of the following statements is true? A. Routine transactions are recorded in the general journal. B. Nonroutine transactions are entered in the general journal. C. Nonroutine transactions are recorded in a subsidiary ledger. D. Nonroutine transactions are recorded in a special journal.
19
114. Regarding subsidiary ledgers and general ledger control accounts, which of the following is not true? A. Total balances in a subsidiary ledger should always equal the balance in the corresponding general ledger account. B. The general ledger maintains details of subaccounts. C. Control is enhanced by separating the subsidiary ledger from the general ledger. D. Reconciling a subsidiary ledger to the general ledger can help to detect errors or fraud. 115. Which of the following statements regarding the authorization of general ledger posting is not true? A. Posting to the general ledger always requires specific authorization. B. User IDs and passwords can serve as authorization to post transactions to the general ledger. C. A journal voucher serves as authorization for manual systems. D. As IT systems become more automated, the authorization of general ledger posting is moved to lower levels of employees. 116. In a manual system with proper segregation of duties, an employee in the general ledger department should only A. authorize posting to the general ledger. B. post transactions to the general ledger. C. reconcile the subsidiary ledger to the general ledger. D. post transactions to the subsidiary ledger. 117. Which of the following statements about reporting is true? A. External users need detailed, rather than summarized, information. B. All reports, internal and external, are derived only from general ledger data. C. All organizations need similar internal reports. D. Internal reports are tailored to the specific needs of each management level and function. 118. Which of the following is not an area of measure in a balanced scorecard? A. Vendor B. Customer C. Financial D. Learning and growth ANSWERS: 109. C 110. D
111. B 112. B
113. B 114. B
20
115. A 116. B
117. D 118. A
TEST BANK – CHAPTER 12 – SHORT ANSWER QUESTIONS 119. What characteristics of administrative processes are different from the characteristics of revenue, expenditures, or conversion processes? Answer: The characteristics of administrative processes that are different from revenue, expenditure, or conversion processes are the frequency of occurrence and the extent of management authorization. Whereas revenue, expenditure, and conversion processes typically occur on a regular, recurring basis (usually daily), administrative processes occur on a non-regular basis, either as the need arises or on a periodic basis. Therefore, revenue, expenditure, and conversion processes usually involve established procedures and controls that allow these processes to occur without intervention or specific authorization by management. Administrative processes, on the other hand, typically require that specific authorization for each transaction would be necessary. 120. How do other processes (revenue, expenditures, conversion) affect the general ledger? Answer: Revenue, expenditure and conversion processes affect the general ledger periodically through the administrative processes of financial reporting. This is the process of funneling all of the transactions into the general ledger accounts so they can be included in various financial reports. 121. How would you describe capital? Answer: Capital can be described as the funds used to acquire the long-term capital assets of an organization. Capital usually comes from long-term debt or equity. 122. Describe the nature of the authorization of source of capital processes. Answer: Source of capital processes are those processes that authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. Because of the magnitude and importance of these methods of raising capital, these financial instruments should be used only when necessary. The transactions and resulting processes related to loans, bonds, and stock should be executed only when management authorizes, and the use of the resulting capital must be properly controlled and used. 123. How does the specific authorization and management oversight of source of capital processes affect internal controls? Answer: Since top management authorizes and controls the capital transaction processes, there is inherent control. The fact that these transactions and processes cannot occur without specific authorization and oversight by top management is a strong internal control.
21
124. Describe when an organization would have a need to undertake investment processes. Answer: An organization would need to undertake investment processes when it finds that it has more funds on hand than necessary to operate the business. The proper performance of the stewardship function would suggest that management should park (or invest) the excess funds in a place that it can earn a return. 125. Why is the monitoring of funds flow an important underlying part of investment processes? Answer: The monitoring of funds flow is an important part of the investment process because funds should be invested only if management has no immediate plans for their use. Therefore, future cash needs of the organization should be monitored regularly in comparison with cash balances to determine if there are excess funds available for investment. 126. How are IT systems potentially useful in monitoring funds flow? Answer: IT systems can help management to monitor the organization’s cash needs by forecasting future cash payments and collections. The system can continually compare current cash balances to forecasted needs and sources and provide feedback to top management about potential excess funds that would be available for investing. 127. Explain how cash resulting from source of capital processes may be handled differently than cash in revenue processes. Answer: The cash resulting from source of capital processes is likely to be handled differently than in revenue processes because of the large sums of money involved in source of capital transactions. Whereas collections from revenue processes are typically handled by the organization’s employees, these employees are not likely to handle the large sums of cash that tend to result from stock sales or other source of capital transactions. Instead the funds are usually transferred electronically between brokers and banks. 128. What advantages would motivate management to conduct fraud related to source of capital processes? Answer: Management may be motivated to conduct fraud through the source of capital processes because of the large sums of money that tend to result from these transactions. In addition, there is a lack of traditional controls covering this process; there are no other employees responsible for reporting or controlling these transactions. Internal controls are not as effective in this area because of their nonregular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes.
22
129. Why are internal controls less effective in capital and investment processes? Answer: Internal controls are not as effective in this area because of their nonregular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 130. How is a special journal different from a general journal? Answer: A special journal is a chronological record of specific types of transactions (such as a sales journal, purchases journal, cash receipts journal, etc.); whereas a general journal records irregular, non-recurring transactions that are not included in a special journal. 131. How is a subsidiary ledger different from a general ledger? Answer: A subsidiary ledger is a detailed record of routine transactions, with an account established for each entity; whereas a general ledger is a summary of information from special journals, with specific accounts established for each type of transaction. A subsidiary ledger is updated whenever new transactions occur. A general ledger is updated periodically for the summarization of the special journal details. 132. In what way are subsidiary ledgers and special journals replicated in accounting software? Answer: Subsidiary ledgers and special journals are replicated in accounting software as they are summarized for the general ledger postings at the end of the period. Although transaction recording in the special journals and subsidiary ledgers takes place at the time the transaction occurs, their replication in the general ledger is an end-of-period summarization process. 133. Within accounting software systems, what is the purpose of limiting the number of employees authorized to post to the general ledger? Answer: Limiting the number of employees authorized to post to the general ledger allows management to give general authority to certain employees to post to the general ledger. Through the assignment of limited access to the general ledger module, management can limit the capability of general ledger posting to selected employees. When an employee with the appropriate access level logs into the accounting system, he can process the general ledger posting. Employees who have not been given access to general ledger posting will be unable to post to the general ledger. In this manner, management may be able to prevent the recording of unauthorized general ledger transactions.
23
134. In a complex IT system, how may a customer actually “authorize” a sale? Answer: A customer may actually authorize a sale in a complex IT environment when their inventory systems interact. For example, When a customer’s inventory levels fall below an establish reorder point, the IT system may authorize a transfer of products from the supplier to the customer. This means that the sale and subsequent update of sales and receivable accounts are triggered by the customer’s computer system. Therefore, these systems require pre-existing and negotiated relationships between buyer and seller companies. Both parties must have already approved these processes and established IT systems that execute the processes. 135. To properly segregate duties, what are the three functions that general ledger employees should not do? Answer: Three important segregations should be in place in a manual general ledger system. The three segregations are that the general ledger employees should record journal vouchers, but they should not (1.) authorize journal vouchers, (2.) have custody of assets, or (3.) have responsibility for recording the transactions in the subsidiary ledgers. 136. In an IT accounting system, which IT controls ensure the security of the general ledger? Answer: In an IT accounting system where the records are electronic file images, access to the system is limited through the use of user IDs, passwords, and resource authority tables. These general controls establish which employees have access to specific records or files. 137. Describe the nature of reports for external users. Answer: Since external users do not need detailed balance information on every existing account in the general ledger, certain accounts may be combined or “rolled up” into a single line item that appears on a financial statement. This summary process may occur for all of the line items on the general purpose financial statements. The four general purpose financial statements, the balance sheet, income statement, statement of cash flows, and statement of retained earnings, are each derived from general ledger account balances. These general ledger balances are rolled up in such a manner as to provide summarized information that is useful to evaluate business performance.
24
138. Does the general ledger provide all information necessary for internal reports? Answer: The general ledger does not provide all information necessary for internal reports. Internal reports often rely on information from various parts of the organization. For instance, manufacturing, retail, service, and charitable organizations would each use different types of information to manage the details of their revenue and expenditure processes. In each of these scenarios, non-financial information is often useful to managers in order to supplement the financial information derived from the general ledger. In addition, there may be detailed financial and non-financial information in an organization’s accounting system that is useful for internal reporting purposes but may not be readily apparent in the general ledger. In addition, internal reports may contain past or future information that is not included in the current period’s general ledger. 139. How would operational internal reports differ from financial internal reports? Answer: Operational internal reports focus on non-financial details of operations, such as machine hours, down-time, inventory and sales units, headcounts for human resources, etc. These types of operational reports may not be prepared from data in the general ledger. However, as transactions are recorded in the accounting processes, financial as well as non-financial data is accumulated. Therefore, the accounting system often records both financial and operational data that can be used in reports. Financial reports, on the other hand, are prepared directly from ledgers, journals, and other accounting records. 140. How does time horizon affect the type of information in internal reports? Answer: In day-to-day management, managers are more likely to use unit measures and physical counts. For time horizons of one month or longer, however, managers are more likely to use financial measures such as those generated by information in the general ledger.
25
141. Why are managers, rather than employees, more likely to engage in unethical behavior in capital and investment processes? Answer: There are three main reasons why management may be more likely to engage in unethical behavior in the capital and investment processes: • Employees typically do not have access to the assets or records in the capital and investment processes. These assets and records are controlled by management because of their non-routine nature and because of the high amounts of related funds. • Internal controls for these processes are dependent upon the close scrutiny and specific authorization of top management, whereas employees typically have no authority over these types of transactions. However, managers are most likely to be tempted to alter or hide financial information in an effort to improve the appearance of the organization’s financial results for investors and creditors. • The non-routine nature of these transactions makes it more difficult to hide fraudulent transactions. Fraud as committed by employees would be much easier to hide within the volumes of transactions in the routine processes like revenues, expenditures, etc. 142. How do processes with large volumes of transactions make fraudulent behavior easier? Answer: The routine nature and large volumes of transactions in the processes for sales, purchases, payroll, etc. make it easier for employees to hide fraudulent transactions or unethical behavior. Fraud may be hidden in the large masses of transactions within these processes. 143. Explain the importance of full disclosure in source of capital processes. Answer: Full disclosure is extremely important in the source of capital processes so that creditors can be fully informed of all relevant information in making credit decisions. Accordingly, financial reports and other disclosures must be complete and accurate in order to avoid misleading any current or potential creditors.
26
TEST BANK – CHAPTER 12 – SHORT ESSAY 144. Describe the steps in source of capital processes and explain how top management is involved. Answer: When the need for capital arises, the Board of Directors is consulted for approval and for determination of whether debt of equity capital will be pursued. If equity capital is chosen, a stock underwriter will be contracted to sell the shares of stock and collect the proceeds. The company will need to determine whether or not to pay dividends. If debt capital is chosen, the company will need to decide whether it should issue bonds or borrow the funds. If bonds are chosen, the company will contract with a bond underwriter, who will sell the bonds and collect the proceeds, as well as handle the periodic payment of interest. If funds are borrowed, arrangements must be made for the bank loan by contracting with creditors. The proceeds will be collected and periodic interest will be paid. Throughout this process, management is involved in most of these steps. Management would present the need for capital to the Board of Directors. Depending on the source of capital determined by the Board, management would then be responsible for contracting with the appropriate party (stock or bond underwriter or bank creditor). Finally, management would be involved in the arrangements for collecting proceeds from the source of capital processes as well as the payment of interest or dividends. 145. Describe the steps in investment processes and explain how top management is involved. Answer: When excess funds are identified, they are to be evaluated in comparison with upcoming needs of the organization. If it is decided that the excess should be invested, the type of investment must be determined. The company may invest in marketable securities, in which case it would contract with a stock broker to buy stocks or bonds (and sell these securities as necessary). Alternatively, the company may invest in treasury stock, in which case it would contract with a stock broker to buy the treasury shares and reissue shares as desired. Throughout this process, management involvement occurs at many points. Management is responsible for monitoring cash flows to determine if excess funds exist and if they are available for investment or needed for upcoming operations. Management would also be responsible for contracting with a stock broker for the purchase of stocks, bonds, or treasury stock (as well as the subsequent sale of these investments, as needed).
27
146. Explain the internal control environment of source of capital and investment processes. Answer: For both source of capital and investment processes, the important control is the specific authorization and oversight by top management. The very close supervision of these transactions helps prevent risks related to the theft or misuse of the cash that is related to capital and investment processes. In addition, the large sums of money involved in capital and investment decisions usually dictates that the cash not be handled by the regular company employees. Instead, the funds are likely to be transferred electronically between brokers and banks. Because of the high risk of management fraud in these processes and the potential for management circumvention of controls, typical internal controls such as segregation of duties and reconciliations are not as effective in the prevention or detection of fraud surrounding these processes. As an added control feature, auditors are often urged to carefully examine capital and investment transactions. 147. Describe the steps in a manual accounting cycle. Answer: When a transaction occurs, it must be identified as either routine or nonroutine. Routine transactions are recorded in a special journal and subsidiary ledger; non-routine transactions are recorded in the general journal. At the end of the day, week, or other period, the journals and ledgers are summarized and posted to the general ledger. General ledger totals are summarized in a trial balance, and end-ofperiod adjusting entries are prepared. The adjusted general ledger is used to prepare financial statements. Once the financial statements are completed, closing entries are prepared, and then the cycle may begin anew. 148. Describe why it is true that there may be two authorizations related to revenue, expenditures, and conversion processes before they are posted to the general ledger. Answer: In a properly controlled accounting system, transactions within the revenue and conversion processes must be authorized before they are carried out. In addition, another authorization is needed to begin the process of posting entries from the special journals and subsidiary ledgers to the general ledger. Thus, there may be two authorizations related to these routine processes.
28
149. For each report shown, indicate in the appropriate column whether the report is likely to be for internal or external users (some reports may be both), and whether data would come exclusively from the general ledger. Report Name Income statement Aged accounts receivable Inventory stock status Open purchase orders Machine down-time Cash flow statement Production units produced Answer: Report Name Income statement Aged accounts receivable Inventory stock status Open purchase orders Machine down-time Cash flow statement Production units produced
Internal or External
Exclusively G/L Data?
Internal or External External Both Internal Internal Internal External Internal
Exclusively G/L Data? Yes No No No No No No
TEST BANK – CHAPTER 12 – PROBLEMS 150. Compare source of capital processes with sales processes in terms of a. the frequency of transactions; b. the volume of transactions; c. the magnitude in dollars of a single transaction; and d. the manner of authorization. Answer: Compared with the sales processes, (a. and b.) source of capital processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), source of capital transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that a source of capital transaction occurs. In addition, (c.) the magnitude of an individual source of capital transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, source of capital transactions require specific authorization of management.
29
151. Compare investment processes with sales processes in terms of a. the frequency of transactions; b. the volume of transactions; c. the magnitude in dollars of a single transaction; and d. the manner of authorization. Answer: Compared with the sales processes, (a. and b.) investment processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), investment transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that an investment transaction occurs. In addition, (c.) the magnitude of an individual investment transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, investment transactions require specific authorization of management. 152. Exhibit 12-9 shows a screen capture from Dynamics GP® accounting software. The following modules in Dynamics GP® are shown: > Financial > Sales > Purchasing > Inventory > Payroll > Manufacturing >Fixed Assets
30
153. For each of the transactions listed, explain which module would you choose and why. a. Entering an invoice received from a supplier. b. Entering the receiving of materials at the shipping dock. c. Enter a check received in payment of an account receivable. d. Posting a batch of sales invoices to the general ledger. e. Enter hours worked by employees. f. Print checks for suppliers Answer: a. Entering an invoice received from a supplier- this would fall under the Purchasing module. The purchasing module is appropriate because it would record the purchase or expenditure in the purchases journal, as well as the related payable to the supplier in an accounts payable subsidiary ledger. b. Entering the receipt of material at the shipping dock – this would fall under the Inventory module. The inventory module is appropriate because it would record the items on hand and the movement of goods available for production. c. Entering a check received in payment of an account receivable – this would fall under the Sales module. The sales module is appropriate because it would include collections of sales in the cash receipts journal and the related customer accounts in the accounts receivable subsidiary ledger. d. Posting a batch of sales invoices to the general ledger – this would fall under the Financial module. The financial module is appropriate because it includes all accounting cycle functions, including the summarization of special journals and their posting to the general ledger. e. Entering hours worked by employees – this would fall under the Payroll module. The payroll module is appropriate because it records all periodic workforce activities in a payroll journal. f. Printing checks for suppliers – this would fall under the Purchasing module. The purchasing module is appropriate because it would record the payment to the supplier in an accounts payable subsidiary ledger as well as the related release of funds in a cash disbursements journal.
31
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 13: Data and Databases TEST BANK – CHAPTER 13 – TRUE / FALSE 1. Data are the set of facts collected from transactions. 2. Information is the set of facts collected from transactions. 3. Information is the interpretation of data that have been processed. 4. Data must be collected to complete a transaction such as a sale. 5. Data does not need to be stored in most cases. 6. The requirements to frequently or infrequently access data are not relevant to the way that the data is stored due to computer access speed. 7. A character is a customer, client, or vendor. 8. A character is a single letter, number, or symbol. 9. A field is a set of characters that fill a space reserved for a particular kind of data. 10. A record is the entire set of fields for a specific entity. 11. An entire set of files is a database. 12. An entire record forms a “database.” 13. Magnetic tape is a storage medium that allows only a sequential access type of storage. 14. Sequential access means that data are stored in sequential or chronological order. 15. Random access means that any data item on the storage media can be directly accessed without reading in sequence.
195
16. Random access means that you are searching for specific data but do not know where it is within the database. 17. Batch processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. 18. Real-time processing occurs when transactions are processed as soon as they are entered. 19. Batch processing occurs when transactions are processed as soon as they are entered. 20. Real-time processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. 21. If real-time processing is to occur, database records must be stored on random access media. 22. Data redundancy occurs when the same customer has more than one database record. 23. Concurrency means that all of the multiple instances of the same data are exactly alike. 24. A record pointer identifies a specific record in a flat database. 25. A relational database stores data in two-dimensional tables that are joined in many ways to represent many different kinds of relationships in the data. 26. Within are relational database a record may have more than one primary key. 27. SQL stands for Sequential Query Language. 28. When using a SQL query language you are restricted to searching two tables for common values such as Vendor Name. 29. Data normalization allows repeating groups such as the same vendor name in multiple locations of the primary key field of the same table. 30. A data warehouse is a temperature controlled building where files and records are retained. 31. Data warehouse files are non-volatile, and not frequently updated while operational databases are updated with each transaction that affects them.
196
32. HIPs, or high-impact processes, are the critically important processes that must be executed correctly if the organization is to survive and thrive. 33. Tools commonly used in data mining are OLAP, ROLAP, and MOLAP. 34. Data mining is the process of searching an operational database for identifiable patterns in the data. 35. To “drill down” is the process of successive expansion of data into more detail, going from high-level data to successively lower levels of data. 36. Because of today’s computing power and Internet accessibility, there has been a substantial increase in the use of centralized databases and centralized processing. 37. In distributed data processing (DDP) and distributed databases (DDB), the processing and the databases are dispersed to different locations of the organization. 38. In centralized data processing the processing and the databases are stored and maintained in a central location. 39. Because of the interaction of the database expansion of a distributed database is difficult and costly. 40. Since distributed databases are under the control of many individual sites rather than a single, centralized site, configuration, conformity, and security are less of an issue. 41. With a client/server system all processing is done on the server. 42. IT general controls assist in preventing unauthorized access while providing adequate backup is the responsibility of the user. 43. Ethical issues related to data utilization are not a consideration for data collection. 44. Since database management and information is the responsibility and asset of the database owner customers should not have the privilege to restrict information contained within it. 45. The organization should institute procedures to insure that all customer data collected retains accuracy, is complete, is current, is relevant, and is reliable”.
197
ANSWERS TO TEST BANK - CHAPTER 13 - TRUE/FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9.
T F T T F F F T F
10. 11. 12. 13. 14. 15. 16. 17. 18.
T T F T T T F T T
19. 20. 21. 22. 23. 24. 25. 26. 27.
198
F F T F T F T F F
28. 29. 30. 31. 32. 33. 34. 35. 36.
F F F T T T F T F
37. 38. 39. 40. 41. 42. 43. 44. 45.
T T F F F F F F T
TEST BANK – CHAPTER 13 – MULTIPLE CHOICE 46. Data is A. the interpretation of facts that have been processed. B. the set of facts collected from transactions. C. set of facts pertaining to accounts payable. D. set of facts pertaining to accounts receivable. 47. Information is A. the interpretation of facts that have been processed. B. the set of facts collected from transactions. C. set of facts pertaining to accounts payable. D. set of facts pertaining to accounts receivable. 48. Data collected would be all but A. name of the customer. B. the selling company’s name. C. the address of the customer. D. the credit card number of the customer. 49. Examples of data collection events are A. transactions that fill customer orders. B. transactions to replenish inventory. C. Neither A nor B are examples of data collection. D. Both A and B are examples of data collection. 50. The reason that detailed data must be collected and stored is: 1. The data must be stored for future transactions or followup. 2. The data must be incorporated into the accounting system so that regular financial statements can be prepared. 3. Management needs to examine and analyze data from transactions to operate the organization. A. Only 1. B. Only 1 and 2. C. Only 1, 2, and 3. D. Include 1, 2, and 3 amoung other reasons.
199
51. Detailed information from a sale may be used by: 1. the sales department. 2. the accounts receivable section. 3. the inventory department. 4. general ledger accountants. 5. customer service. A. only 1, 3, and 5. B. only by 1, 2, 3, and 5. C. only by 1, 2, and 3. D. only by 1, 2, 3, and 4. 52. The reasons for storing data to complete a customer sales transactions include all but: 1. taking the order. 2. pulling the items from the warehouse. 3. shipping the items to the customer. 4. billing the customer. 5. collecting payment on the order. 5. providing feedback to the customer on the order. 6. crediting the customer account for payment. A. 1. B. 1 and 5. C. 2 and 3. D. 5. 53. The reasons to store customer names, addresses, and other similar information include all but: A. to follow up with the customer. B. to create financial reports. C. to expedite future orders. D. to ease the customer’s follow-on ordering processes. 54. Storage media and methods of processing are: A. sequential and random access storage with random and batch data processing. B. sequential and real time access storage with batch and real time data processing. C. batch and random access storage with random and batch data processing. D. sequential and random access storage with batch and real time data processing.
200
55. Select the false statement from the following. A. A character is a single letter only. B. A field is a set of characters. C. A field can be thought of as a column of data. D. A record is the entire set of fields. 56. Select the true statement from the following. A. A character is a single letter only. B. A character is a single number only. C. A character is a single symbol only. D. A character is a single letter, number, or symbol. 57. A field is: A. a row within a record. B. a column within a record. C. a series or collection of records. D. a character is a single letter, number, or symbol. 58. A record is: A. an entire set of fields for a specific entity. B. a series of characters. C. a collection of files. D. another name for a database. 59. A field is A. an entire set of records within a file. B. a row within a record. C. a set of characters. D. a set of files within a database. 60. A file is: A. a set of characters. B. a column within a record. C. a row within a record. D. a collection of related records. 61. A database is: A. a set of characters. B. a row within a file. C. a collection of related records. D. an entire set of files.
201
62. Magnetic tape storage medium allows: A. sequential access storage with random data processing. B. random access storage with random data processing. C. batch access storage with random data processing. D. sequential access storage with sequential data processing. 63. Random access means: A. all data items in the group must be read but the groups do not need to read in order. B. any data item can be retreived without retreiving previous records. C. all data items must be read in the order placed into the system, not alphabetically. D. all data items must be read in alphabetical order, not in the order they were placed in the system. 64. Direct access: A. means no passwords are required to access data items in a database. B. is the same as sequential access. C. is the same as random access. D. is the process used by magnetic tape storage medium. 65. (Magnetic) Disk storage is: A. the same as magnetic tape storage. B. sequential access. C. random access. D. not direct access. 66. (Magnetic) Disk storage is: A. preferred over magnetic tape storage. B. sequential access. C. not random access. D. not direct access. 67. Batch processing: A. occurs when dissimilar transactions are grouped and processed as a group. B. occurs when similar transactions are grouped into a batch and processed as a group. C. occurs when the transaction is processed as soon as it is entered. D. would not be used for payment to vendor type transactions since they are time sensitive.
202
68. Real-time processing: A. would not be used for payment to vendor type transactions since they are not time sensitive. B. occurs when similar transactions are grouped into a batch and processed as a group. C. would be utilized for processes such as payroll due to their time-sensitive nature. D. occurs when the transaction is processed as soon as it is entered. 69. Select the true statement from those provided. A. Batch processing fails to attain the efficiency of real-time processing. B. Real-time processing fails to attain the efficiency of batch processing. C. Real-time processing is efficient for large groups of similar data. D. Real-time processing has less complex audit trails. 70. Select the false statement from those provided. A. Batch processing attains a greater efficiency than real-time processing for large amounts of data items. B. Batch processing has a faster response time than real-time processing due to the grouping of like data items. C. Batch processing should be utilized for payroll type processes as it groups these similar data items. D. Real-time data processing has more complex audit trails for data items than batch processing. 71. Select the false statement from those provided. A. Real-time processing is more complex because of the interactive nature of data processing. B. Real-time processing can efficiently utilize sequential storage concepts. C. The audit trail is as complex within both real-time and batch processing systems. D. Control totals are difficult within real-time processing due to the lack of data item groupings. 72. Real-time data item processing is more complex because: A. it must utilize sequential storage medium. B. it must group data items together before processing. C. the slower response times indicate more systems activity. D. there is duplication of effort in processing transactions.
203
73. Batch processing of data items is less complex because: A. entries are recorded as soon as entered, eliminating queues of data. B. audit trails are not required as required with real-time processing. C. the individuals doing data entry need not learn their jobs to high skill levels. D. the individual processes are not as complex as with real-time processing. 74. Select the correct statement from those provided below. A. Batch processing has a slow response time and must use sequential data storage. B. Batch processing is very efficient for large volumes of transactions while real-time processing has a slower processing time. C. Batch processing is complex while real-time processing is simple. D. Data may be stored either sequentially or randomly in batch and real-time processing. 75. Select the false statement from those provided below. A. Data must be stored sequential order for batch processing and in random order for real-time processing. B. Batch processing is very efficient for large volumes of transactions while real-time processing has a rapid processing time. C. Batch processing is simple while real-time processing is more complex. D. Batch processing has a slow response time and may use random order data access. 76. Select the correct statement from those provided below. A. If batch processing is selected due to payroll and production type processing mandates, the entire system must be batch processing. B. If real-time processing is selected due to sales and inventory type processing mandates, the entire system must be real-time processing. C. If sales and inventory are real-time, payroll and production may be batch processing in a well designed system. D. Because sales are frequently shipped out of warehouses, sales, inventory, and payroll are all good candidates for batch processing concepts. 77. Data redundancy occurs: A. when shared databases are utilized. B. when inventory has the same data in its files as sales has in its files. C. when customer addresses are needed by both shipping and billing. D. in all properly designed database management systems.
204
78. Concurrency: A. provides all departments with the same data at the same time. B. may require the same field to be updated in multiple locations. C. is a feature of a properly designed database to protect data. D. occurs when inventory and sales can access the same data files. 79. Select the correct statement from the following. A. Data redundancy and concurrency are features of well designed database management systems. B. Data redundancy, not concurrency, are features of well designed database management systems. C. Concurrency not, data redundancy, are features of well designed database management systems. D. Data redundancy and concurrency are not features of well designed database management systems. 80. Database management systems, DBMS, are: A. software applications that control and protect the data. B. are printed policies about the use and access to data. C. systems which require each user to create his own master data file. D. systems that allow unlimited access to the data files by all users. 81. Data reveal relationships between records. These can be thought of as: A. one-to-one relationships. B. one-to-one relationships only. C. one-to-many relationships. D. Both A and C are correct. 82. Database relationships may be: 1. one-to-one relationships. 2. one-to-one relationships only. 3. one-to-many relationships. 4. one-to-many relationships only. 5. many-to-one relationships. 6. many-to-one relationships only. 7. many-to-many relationships. 8. many-to-many relationships only. A. 1, 3, 5, and 7 only. B. 2 or 4 or 6 or 8 only, each is exclusive of the others. C. 1 and 3 only. D. 1 or 3 or 5 or 7 only, each is exclusive of the others.
205
83. An example of a one-to-one relationship would be: A. one employee, three timecards for the pay period. B. one customer, one billing address. C. one customer, four shipping addresses. D. two employees, one skill set. 84. An example of a one-to-many relationship would be: A. one employee, three timecards for the pay period. B. one customer, one billing address. C. one customer, one shipping invoice.. D. two employees, one skill set. 85. An example of many-to-many relationship would be: A. one customer for one billing date. B. multiple customers for one inventory item. C. multiple vendors for multiple items. D. one employee, three timecards for the pay period. 86. A flat file database: A. has the ability to call necessary information from linked databases. B. has two dimensions, rows and depth. C. has only columns. D. has two dimensions, rows and columns. 87. Processing of a flat file table is: A. random. B. sequential. C. random or sequential, selectable by the user. D. direct. 88. Flat file records are: A. kept in random order. B. kept is sequential order. C. linked to other records by a common attribute. D. interactive and real-time processed. 89. Tables in a flat file database must: A. must contain at least two data items at the intersection of each row and column. B. contain similar data throughout the row. C. label all columns the same to maintain the relationships of the rows. D. contain similar data in the column.
206
90. Hierarchical databases are not: A. inverted tree structures. B. one-to-one relationships. C. one-to-many relationships. D. many-to-one relationships. 91. A record pointer is: A. a column value that relates to all other values in the row. B. a column value that points to the next address with the linked attribute. C. is a row value that points to the next address with the linked attribute. D. a link that is only required in one-to-many relationships. 92. Hierarchal databases: A. are effective in retrieving records without explicit linkages. B. are efficient in processing large volumes of transactions with explicit linkages. C. do not require built-in linkages, they can be created with queries. D. do not require record pointers. 93. Network databases: A. allow shared branches within the inverted tree structure. B. allow creation of records without complete information. C. are popular today because of LAN and WAN usage. D. are very flexible because of the network access. 94. Relational databases are: A. two-dimensional tables which can be joined in only one way. B. three-dimensional tables allowing increased data relationships. C. two-dimensional tables which can be joined in many ways. D. either two- or three-dimensional as defined by the user. 95. Relational databases are: A. many large tables linked together to associate data. B. many large tables to isolate data within common identifiers. C. many small tables linked by primary keys to associate data. D. single tables with multi-dimensional characteristics – rows, columns, and depth. 96. The primary key of a relational database: A. must be a common identifier for all of the data within the table. B. must never be the first field of the table. C. represents a value that is used to sort, index, and access records with. D. is the password which allows unlimited access to the database.
207
97. Structured query language (SQL): A. isolates data within tables. B. takes advantage of the primary record key to link tables. C. is a complex language used to extract data from a limited number of tables. D. does not allow conditions to be put on the query. 98. With structured query language (SQL): A. one-to-one relationships can be determined. B. one-to-many relationships can be determined. C. many-to-one relationships can be determined. D. All of the possibilities, A, B, and C, are correct. 99. A “Where” condition within a structured query of a relational database: A. must be limited to a location such as “Warehouse #1.” B. may establish a requirement where the results are equal to a specific value. C. may establish a requirement where the results are not equal to a specific value. D. Both B and C are correct. 100. The additive characteristic means: A. the linked tables are synergetic within themselves – linked they are more powerful than alone. B. the values in the preceding fields must total into a following field. C. that if the preceding rules are met, the rule can be met. D. that if the preceding rules are not met, the rule must be met. 101. Data normalization: A. requires repeated groups to be deleted from the same row. B. requires repeated groups to be deleted from the same column. C. allows repeated groups if contained within the column. D. allows repeated rows of information within two or more tables. 102. Select the correct statement from those provided. A. The hierarchal and relational database models are both extremely flexible in their queries. B. The hierarchal model is better suited to queries than the relational database model. C. The relational database model is more flexible in its queries than the hierarchal mode. D. The relational database model has better processing of large volumes of transactions.
208
103. In today’s IT environment: A. processing speed is compromised for query capability with relational databases. B. query capability is compromised for processing speed with relational databases. C. neither querying or processing speed need be compromised with relational databases. D. both querying and processing speed are compromised with relational databases. 104. The loss of transaction processing efficiency: A. is substantial but a necessary trade-off with relational databases. B. is minimized because of the increased computing power available. C. is a primary reason why relational databases are not utilized. D. Both B and C are correct. 105. Select the true statement from those provided below. A. Managers use much the same data as operational departments to manage the organization. B. All users, managers, sales, production, utilize the features of a data warehouse equally. C. Data warehouses are isolated to protect operational information from unauthorized access. D. Managers require access to historical data this is generally not available to other individuals. 106. Select the true statement from those provided below. A. The data warehouse has five to ten years of data while the operational database has current year data. B. The data warehouse has current year data while the operational database has five to ten years of data. C. The data warehouse archives both current and long-term, five to ten years of data, within its storage. D. The data warehouse contains only general ledger type information while the operational database has detail. 107. Data within the data warehouse: A. is volatile – its release is restricted and potentially hazardous to the organization. B. is volatile – it may be deleted by specific users. C. is nonvolatile – it does not change rapidly. D. is nonvolatile – is protected against deletion.
209
108. The data warehouse: A. contains five to ten years of historical data in detail for planning and analysis. B. contains the current fiscal year in detail for planning, analysis, and reporting. C. contains the historical information needed for planning and analysis. D. is not utilized for planning and analysis, this information is extracted from the operational database. 109. High-impact processes (HIPs): A. are critical to the short-term objectives of the organization. B. are only associated with events such as sales and collections. C. are identified and established by single-functional teams. D. are critical to the long-term objectives of the organization. 110. High-impact processes (HIPs): A. determine the structure of the data in the data warehouse. B. address the short-term goals of the organization. C. must compromise user requirements for organizational needs. D. determine the structure of the data in the operational database. 111. Select the true statement from the following. A. High-impact processes (HIPs) are identified by single-functional teams. B. High-impact processes (HIPs) and user’s needs determine the data in the data warehouse. C. High-impact processes (HIPs) address both short-term and long-term objectives. D. High-impact processes (HIPs) determine the long-term strategy of the organization. 112. Standardizing data: A. configures all of the data from one department into a single database for analysis. B. configures all of the data from numerous departments into a single data configuration. C. is not required within relational databases. D. requires sales to keep its own files and references apart from marketing (example). 113. Cleansed or scrubbed data: A. has had all viruses removed. B. has had all fields standardized. C. has had errors and problems fixed. D. is data that has been stored in the data warehouse.
210
114. Uploading data is: A. putting scrubbed files into the operational database. B. putting files from each HIP system into the operational database. C. putting standardized files onto local desktop systems for access. D. putting files from each HIP system into the data warehouse. 115. The purpose of the data warehouse does not include: A. giving managers rich sources of current trends and data. B. storing current fiscal data and activity records. C. providing sales with current customer information. D. giving managers rich sources of historical trends and data. 116. Data is the data warehouse: A. is analyzed by data mining. B. is analzyed by SQL. C. is analyzed by analytical processing. D. Both A and C are correct. 117. Proper data analysis of data warehouse files: 1. improves short-term planning. 2. improves long-term planning. 3. enhances the ability to meet customer needs. 4. increase performance. A. 1, 2, 3, and 4. B. 2, 3, and 4. C. 1, 3, and 4. D. 1, 2, and 4. 118. The various types of online analytical processing (OLAP) does not include: A. MOLAP – Multidimensional online analytical processing. B. NOLAP – Notational online analytical processing. C. ROLAP – Relational online analytical processing. D. All of the above, A, B, and C are types of OLAP systems. 119. Data mining: A. searches for random patterns. B. searches for patterns in the operational database. C. results will not generally predict customer preferences. D. analysizes past patterns to predict future events.
211
120. OLAP tools include all of the following except: A. drill down. B. drill up. C. pivoting. D. time series analysis. 121. OLAP tools include all of the following except: A. consolidation. B. inclusion reports. C. exception reports. D. what if simulations. 122. Drill down within OLAP is: A. identifying trends in the comparison of data in several databases. B. the aggregation or collection of similar data from several databases. C. the presentation of variances from the expected in dollar value. D. is the successive expansion of data as lower levels of data are exposed. 123. Potential variations in conditions that are used to understand interactions between different parts of the business is referred to as: A. exception reports. B. pivoting. C. what-if simulations. D. time series analysis. 124. Data processing and storage: A. must be kept centralized for control and security. B. must be distributed for control and security. C. can be distributed to meet organizational requirements. D. must be kept centralized for efficient operations. 125. Select the correct statement from the following. A. DDP and DDB require dependable and extensive processing power for large organizations. B. Distributed databases can only be accessed by local queries. C. Centralized data processing and databases require dependable and extensive processing power for large organizations. D. The trend in data processing and databases is towards centralization due to reliable internet access and increased computer power.
212
126. Advantages of distributed databases include all except: A. reduced hardware costs. B. Improved responsiveness. C. eased managerial obligations. D. easier incremental growth. 127. Disadvantages of distributed databases include all except: A. increased difficulty in managing the database. B. maintaining integrity of the data. C. easier security controls. D. easier control of the database configuration. 128. Advantages of distributed databases include all except: A. easier incremental growth. B. multiple site access for processing. C. decreased user involvement. D. increased user control. 129. Automatic integrated backup means: A. that each site must accomplish its own backup. B. one site may backup sites it does not normally support. C. if data is lost at one site it may be available from another site. D. All of the above are correct. 130. Automatic integrated backup A. may create problems because a single site’s data may at multiple locations. B. may create problems because backups at multiple sites may have hardware differences. C. at remote sites may not all be the same configuration as the central configuration. D. All of the above are correct. 131. Distributed data processing and databases: A. may require management to enforce hardware and software configuration policies. B. make hardware and software configuration easier as local assests can be utilized. C. ease security concerns as remote systems are not required to maintain connetivity. D. All of the above are correct.
213
132. Client systems usually rely on the network for all except: A. file sharing. B. printing. C. video presentation. D. network/Internet access. 133. Select the true statement from the following: A. Clients are usually workstations that contain data files. B. Servers are usually less capable computing power since their function is routing requirements to resources. C. Servers may contain shared files and resources. D. Servers usually do not control assets such as printers and Internet portals. 134. The three major concerns related to database control and security do not include: A. unauthorized access. B. inadequate backup. C. data integrity. D. adequate backup. 135. Database security includes all accept: A. password protection. B. security tokens. C. LAN structure. D. firewalls. 136. Unauthorized users might include all of the following except: A. hackers attempting to pentrate firewalls. B. sales personnel accessing inventory files. C. human resource managers accessing production reports. D. payroll clerks accessing pay rate databases. 137. Ethical issues associated with data collection and storage include all of the following except: A. collecting only the necessary information for the transaction. B. selling non-sensitive information only to trusted agents. C. correcting errors in data as quickly as possible. D. precluding unnecessary access of customer data by employees.
214
138. It is the ethical responsibility of employees: A. to review customer records not associated with their division for errors. B. distribute necessary information to those without password access. C. identify to management gaps or holes in data protection procedures. D. to backup corporate files on their desktop systems for security. 139. A bank would consider which of the following as nonprivate information? A. Customer name. B. Customer address if the customer is a business. C. Customer phone number if it is listed number. D. All of the above, A, B, and C, are private and privileged types of information. 140. Appropriate information for a medical facility would not include: A. Social Security number. B. health insurance company. C. next of kin notification information. D. personal spending habits. 141. The AICPA Trust Services Principles include: A. management, notice, choice & consent, collection, use & retention, detention, and disclosure to third parties. B. management, choice & consent, collection, use & retention, backup, access, disclosure to third parties, and security for privacy. C. choice & consent, collection, use & retention, access, disclosure to third parties, redundancy for privacy, and quality. D. management, choice & consent, use & retention, access, disclosure to third parties, and monitoring & enforcement. 142. The prevention of industrial espionage is aided by all except: A. password protection and access of files and data. B. smart cards. C. Federal and state laws. D. encryption of data.
215
143. While an employee may have access to privileged information, an example of unethical activities would be: A. a nurse viewing the medications of the next patient. B. a car salesman viewing the credit rating of a customer with a car in for warranty repairs. C. a manager reviewing the hours worked of an assigned employee. D. a warehouseman viewing the availability of materials needed for production. 144. Proper IT controls will not: A. prevent a hacker from penetrating the firewall. B. prevent an unauthorized user from using the computer systems. C. restrict employee access to any information. D. prevent an employee from sharing his password. 145. Ethical responsibilities are: A. shared by company employees only. B. shared by company employees and management only. C. shared by company employees,IT, and management only. D. shared by all concerned including employees, customers, and management.
216
46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65.
B B B D D B D B D A D B A C C D D B C C
66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85.
A B D B B B D D D A C B B D A D A B A C
86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105.
217
D B B D D B B A C C C B D D C B C A B D
106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125.
A C C D A B B C D A D B B D B B D C C C
126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137. 138. 139. 140. 141. 142. 143. 144. 145.
C C C D D A C C B C C B C D D D C B D D
TEXTBOOK – CHAPTER 13 – END OF CHAPTER QUESTIONS 146. Which of the following best describes the relationship between data and information? A. Data is interpreted information. B. Information is interpreted data. C. Data is more useful than information in decision making. D. Data and information are not related. 147. A character is to a field as A. water is to a pool. B. a pool is to a swimmer. C. a pool is to water. D. a glass is to water. 148. Magnetic tape is a form of A. direct access media. B. random access media. C. sequential access media. D. alphabetical access media. 149. Which of the following is not an advantage of using real-time data processing? A. Quick response time to support timely record keeping and customer satisfaction B. Efficiency for use with large volumes of data C. Provides for random access of data D. Improved accuracy due to the immediate recording of transactions 150. If a company stores data in separate files in its different departmental locations and is able to update all files simultaneously, it would not have problems with A. attributes. B. data redundancy. C. industrial espionage. D. concurrency. 151. When the data contained in a database are stored in large, two-dimensional tables, the database is referred to as a A. flat file database. B. hierarchical database. C. network database. D. relational database.
218
152. Database management systems are categorized by the data structures they support. In which type of database management system is the data arranged in a series of tables? A. Network B. Hierarchical C. Relational D. Sequential 153. A company’s database contains three types of records: vendors, parts, and purchasing. The vendor records include the vendor number, name, address, and terms. The parts records include part numbers, name, description, and warehouse location. Purchasing records include purchase numbers, vendor numbers (which reference the vendor record), part numbers (which reference the parts record), and quantity .What structure of database is being used? A. Network B. Hierarchical C. Relational D. Sequential 154. Which of the following statements is not true with regard to a relational database? A. It is flexible and useful for unplanned, ad hoc queries. B. It stores data in tables. C. It stores data in a tree formation. D. It is maintained on direct access devices. 155. A collection of several years’ nonvolatile data used to support strategic decisionmaking is a(n) A. operational database. B. data warehouse. C. data mine. D. what-if simulation. 156. Data mining would be useful in all of the following situations except A. identifying hidden patterns in customers’ buying habits. B. assessing customer reactions to new products. C. determining customers’ behavior patterns. D. accessing customers’ payment histories.
219
157. A set of small databases where data are collected, processed, and stored on multiple computers within a network is a A. centralized database. B. distributed database. C. flat file database. D. high-impact process. 158. Each of the following is an online privacy practice recommended by the AICPA Trust Services Principles Privacy Framework except: A. Redundant data should be eliminated from the database. B. Notification of privacy policies should be given to customers. C. Private information should not be given to third parties without the customer’s consent. D. All of the above. ANSWERS TO TEXTBOOK – CHAPTER 13 – END OF CHAPTER QUESTIONS 146. B 147. A 148. C
149. B 150. D 151. A
152. C 153. C 154. C
220
155. B 156. C 157. B
158. A
TEXTBOOK – CHAPTER 13 – SHORT ANSWER QUESTIONS 159. How does data differ from information? Answer: Data is the basic facts collected from a transaction. Information is data that has been manipulated by summarizing, categorizing, or analyzing to make that data useful to a decision maker. 160. Why is it important for companies to store transaction data? Answer: There are four reasons that a company must collect and store transaction data. Those reasons are: 1) to complete transactions; 2) for follow-up on later transactions or for reference regarding future transactions with the same entity; 3) to prepare external reports such as financial statements; and 4) to provide information to management as they attempt to run the organization efficiently and effectively. 161. Which type of data storage medium is most appropriate when a single record of data must be accessed frequently and quickly? Answer: Random access storage works best for situations in which a single record must be accessed quickly and easily. 162. Identify one type of business that would likely use real-time data processing rather than batch processing. Describe the advantages of real-time processing to this type of business. Answer: A business that sells items on a web site, such as Amazon, would be likely to use real-time data processing. This is true because the system must be able to determine information such as whether an item ordered is currently in stock. The main advantage of real-time processing is its ability to provide information immediately. There are many examples of the need for real-time data processing. Airline reservation systems are another example. 163. Differentiate between data redundancy and concurrency. Answer: Data redundancy occurs when the same data are stored in more than one file. Thus, there is redundant, or repeated data. Concurrency means that all of the multiple instances of the same data are exactly the same. It is harder to achieve concurrency when there is much data redundancy. 164. What is the term for the software program(s) that monitors and organizes the database and controls access and use of data? Describe how this software controls shared access. Answer: This software system is called a Database Management System, or DBMS. The DBMS manages the access of users or processes to the online database. The DBMS manages the data sharing by updating the data available to users immediately upon recording any changes.
221
165. Describe the trade-offs of using the hierarchical model of database storage. Answer: A hierarchical model database is very efficient for processing large volumes of similar transactions. It is not efficient for accessing or processing a single record from a large database. Therefore, it works well with batch processing, but would not be efficient in those situations where accessing a single record, or answering flexible queries, is necessary. 166. Describe the organization of a flat file database. Answer: Flat file records are two dimensional tables with rows and columns. The records are stored in text format in sequential order, and all processing must occur sequentially. No relationships are defined between records. These systems must use batch processing only and batches must be processed in sequence. The system makes the processing of large volumes of similar transactions very efficient. 167. What four conditions are required for all types of databases? Answer: 1) Items in a column must all be the same data type. 2) Each column must be uniquely named. 3) Each row must be unique in at least one column. 4) Each intersection of a row and column must contain only one data item. 168. Within a hierarchical database, what is the name for the built-in linkages in data tables? Which data relationships can be contained in a hierarchical database? Answer: Record pointers are used to link a record to the next record having the same attribute. Using a record pointer system, one-to-one and one-to-many relationships can be represented in a hierarchical database. 169. Which database models are built on the inverted tree structure? What are the disadvantages of using the inverted tree structure for a database? Answer: Both the hierarchical database model and the network database model are based on an inverted tree structure. The network model is more complex because it uses more than one inverted tree structure. This allows two or more paths into the data. Two disadvantages are that new data cannot be added until all related information is known, and deleting a parent record can delete all child records. 170. Which database model is used most frequently in the modern business world? Why do you believe it is frequently used? Answer: The relational database model is now used most frequently. It is frequently used because it is the most flexible database model. An English-like query language, SQL, can be used to retrieve data from the database in a very flexible manner. In addition, the increasing computer power and decreasing cost of computing power have made any inefficiencies in a relational database less significant.
222
171. How is the primary key used in a relational database? Answer: The primary key is the unique identifier for each record in the table and it is used to sort, index, and access records from that table. 172. What language is used to access data from a relational database? Why is the language advantageous when accessing data? Answer: Structured Query Language, SQL, is the language used to access data in a relational database. Its advantage is its English-like query language that allows easy access to the data in the database and presentation in a manner most useful to the user. 173. Which type of database model has the most flexibility for querying? How does this flexibility assist management? Answer: The relational database model is the most flexible database model for querying. It provides important assistance to managers through its flexibility in answering an unlimited number of queries about customers, products, vendors, or any other information in the database. 174. What are the first three rules of normalization? What is meant by the statement that the rules of normalization are additive? Answer: 1) Eliminate repeating groups. 2) Eliminate redundant data. 3) Eliminate columns not dependent on the primary key. Additive means that if a table meets the third rule, it has also met the preceding rules: one and two. 175. Differentiate between a data warehouse and an operational database. Answer: An operational database is the database in which data is continually updated as transactions are processed. The operational database includes data for the current fiscal year and it supports day-to-day operations and record keeping for the transaction processing systems. The data warehouse is an integrated collection of enterprise-wide data that includes five to 10 years of non-volatile data, and it is used to support management in decision making and planning. Periodically, new data is uploaded to the data warehouse from the operational data, but other than this updating process, the data in the data warehouse does not change. 176. How is data mining different than data warehousing? Answer: Data mining is the use of data analysis tools to analyze data in a data warehouse. Tools such as OLAP are used in data mining. An example of data mining is analyzing sales data to determine customer buying patterns. The data warehouse is the database in which the data to be analyzed is stored.
223
177. How has Anheuser-Busch used data warehousing and data mining successfully? Answer: Anheuser-Busch has used a data warehouse and data mining to analyze sales history, price-to-consumer, holidays and special events, daily temperature, and forecasted data such as anticipated temperature to create forecasts of sales by store and by product. Data are used by salespeople and distributors to rearrange displays, rotate stock, and inform stores of promotion campaigns. Using these buying trends, Anheuser-Busch creates promotional campaigns, new products, and local or ethnic target marketing. 178. Identify and describe the analytical tools in OLAP. Answer: The analytical tools that are usually part of OLAP are: drill-down, consolidation, pivoting, time-series analysis, exception reports, and what-if simulations. Drill down is the successive expansion of data into more detail, going from high-level data to successively lower levels of data. Consolidation is the aggregation or collection of similar data; it is the opposite of drill down in that consolidation takes detailed data and summarizes it into larger groups. Pivoting is examining data from different perspectives. Time series analysis is the comparison of figures over several successive time periods to uncover trends. Exception reports present variances from expectations. What-if simulations use changing variables to examine interactions between different parts of the business. 179. Differentiate between centralized data processing and distributed data processing. Answer: In centralized data processing, data processing and databases are stored and maintained in a central location. In distributed data processing, the processing and the databases are dispersed to different geographic locations of the organization. A distributed database is actually a collection of smaller databases dispersed across several computers on a computer network. 180. What are the “clients” and “servers” in a client/server distributed database system? Answer: Servers are computers or processes that manage files and databases, printers, or networks. Clients are usually PCs or workstations that run the applications. Clients rely on servers for resources such as files, printers, and even processing power.
224
181. Why is control over unauthorized access so important in a database environment? Answer: Data are valuable resources that must be protected with good internal controls such as those that prevent unauthorized access. Access controls help prevent unauthorized users from accessing, altering, or destroying data in the database. The database is such a critical resource for most organizations that they must insure the data is accurate and complete. 182. What are some internal control measures that could prevent a hacker from altering data in your company’s database? Answer: Measures that prevent hackers from accessing and altering data include authentication and hacking controls such as login procedures, passwords, security tokens, biometric controls, firewalls, encryption, intrusion detection, and vulnerability assessment. In addition to these controls, the database management system (DBMS) must be set up so that each authorized user has a limited view (schema) of the database. 183. Why are data considered a valuable resource that is worthy of extensive protection? Answer: The database of an organization is a critically important component of the organization. Data are a valuable resource that must be protected with good internal controls. Missing or incorrect data can have a negative impact on the ability to conduct the necessary business processes.
225
TEXTBOOK – CHAPTER 13 – SHORT ESSAY 184. Arrange the following data storage concepts in order from smallest to largest, in terms of their size: file, record, database, character, and field. Answer: The hierarchy of terms is character, field, record, file, and database. 185. Think of a telephone book as a database. Identify the fields likely to be used in this database. If you were constructing this database, how many spaces would you allow for each field? Answer: The fields and suggested sizes that usually be needed are: last name (24), first name (24), middle initial or name (24), address line 1 (50), address line 2 (50), apartment number (12), city (24), state (2), zip code (9), phone number (10). For businesses, a field for business name (40) would be used rather than last name and first name. The number of spaces for each field can vary. Of course, fields such as zip code and phone number are more certain. It is important that the field size must be slightly larger than the longest item to appear in that field. In the case of items for which we know the size precisely, the field size can be set accordingly. For example, zip codes will never include more than 9 digits. 186. Suppose that a large company uses batch processing for recording its inventory purchases. Other than its slow response time, what would be the most significant problem with using a batch processing system for recording inventory purchases? Answer: A company would not know its true inventory balance until the batch of transactions was processed. There would be no online, current balance of inventory to be used to respond to inquiries from managers, employees, or customers. Therefore, purchases and sales of inventory might need to be delayed until the batch processing occurs and new balances are known. This delay can cause the company to maintain higher or lower levels of inventory than may be desired. With a longer time to place an order, the company might need to maintain higher inventory levels to avoid a stock out. 187. Arrange the following database models in order from earliest development to most recent: network databases, hierarchical databases, flat file databases, and relational databases. Answer: The historical order is flat file, hierarchical, network, and relational databases.
226
188. Categorize each of the following as one-to-one, one-to-many, or many-to-many relationships. • Subsidiary ledgers and general ledgers. Answer: This is best categorized as a one- to-many relationship. A general ledger account, such as accounts receivable, could have many supporting sub-accounts in the accounts receivable subsidiary ledger. It is also true that a general ledger would have many subsidiary ledgers (accounts receivable, accounts payable, inventory, payroll). • Transactions and special journals. Answer: This is best categorized as a one- to-many relationship. A special journal, such as sales journal, would have many supporting transactions recorded in the special journal. • General ledgers to trial balances. Answer: This is best categorized as a one-to-one relationship. For each time period, one set of general ledger balances would result in one trial balance. 189. How might a company use both an operational database and a data warehouse in the preparation of its annual report? Answer: A company would use the operational database for the current fiscal year reports, but may need past information from the data warehouse to prepare comparative financial statements from previous years. The company might also use the data warehouse to examine and report important trends in financial information. 190. Using Anheuser-Busch’s BudNet example presented in this chapter, think about the list queries that might be valuable if a company like Gap Inc. used data mining to monitor its customers’ buying behavior. Answer: The Gap could use queries related to: the effects of promotional pricing; dates or holiday buying patterns; dates when seasonal style updates should be introduced in stores; regional clothing preferences; ethic group clothing patterns; and GAP sales in relation to competitors.
227
TEXTBOOK – CHAPTER 13 – PROBLEMS 191. Differentiate between batch processing and real-time processing. What are the advantages and disadvantages of each form of data processing? Which form is more likely to be used by a doctor’s office in preparing the monthly patient bills? Answer: Batch processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. The alternative to batch processing is real time processing. Real-time processing occurs when transactions are processed as soon as they are entered. Real-time processing is interactive because the transaction is processed immediately. The advantages of batch processing are that it is an efficient way to process a large volume of like transactions, it is less complex than real-time systems, it is easier to control and maintain an audit trail; and the data can be stored in less complex, sequential storage. The major disadvantage of batch processing is the slow response time. Balances are not updated in real-time and therefore, management does not have current information at all times. The major advantage of real-time processing is the rapid response time. Since balances are updated in real-time, management always has current information. The disadvantages of real-time processing are that it is less efficient for processing large volumes of like transactions; it is more complex than batch systems; it is more difficult to control and maintain an audit trail; and data must be stored in random access databases. Monthly processing of patient bills could be batch processing. There would be a high volume of like transactions at month-end.
228
192. Allibyr Company does not use a database system; rather, it maintains separate data files in each of its departments. Accordingly, when a sale occurs, the transaction is initially recorded in the sales department. Next, documentation is forwarded from the sales department to the accounting department so that the transaction can be recorded there. Finally, the customer service group is notified so that its records can be updated. Describe the data redundancy and concurrency issues that are likely to arise under this scenario at Allibyr. Answer: There would be much data redundancy in this system. For example, customer name, address, and other contact information must be maintained in separate files in both the sales department and the customer service department. Customer service and the sales department would have nearly identical fields in their data, but maintained in separate files. It may take hours our days for the sale documentation to move from one department to the next. Therefore not all departments have the same information stored in their files at the same time. After a sale is recorded in the sales department, it may be days before that sale is recognized in the customer service department. Therefore on any given day, managers in the two departments will be operating with feedback from data sets that do not match. If someone in the sales department needs to check with customer service regarding a particular sale, it is possible that the customer service department has not yet received information for that sale. This lengthens response time in answering queries or following up on orders. 193. List and describe the steps involved in building a data warehouse. Answer: The steps are: identify the important data to be stored in the data warehouse; standardize that data across the enterprise; scrub or cleanse the data; and upload that data to the data warehouse. Identifying the proper data requires examining user needs and high-impact processes (HIPs). HIPs are the processes that are critically important and that must be executed correctly if the organization is to survive and thrive. Data needed by users and data from HIPs should be in the data warehouse. The data must then be standardized across the enterprise. Various subunits within the enterprise might have conflicting definitions or field names for the same type of data. The designers of the data warehouse must design a standard format for the data. The data must also be scrubbed or cleansed to remove errors and inconsistencies in the data. The data must then be uploaded to the data warehouse. Also there should be a periodic upload of data from the operational databases into the data warehouse.
229
194. Describe the advantages and disadvantages of using a distributed database and distributed data processing. Do you think the advantages are worthwhile? Explain your answer. Answer: The advantages are: 1) Reduced hardware cost. Distributed systems use networks of smaller computers rather than a single mainframe computer. This configuration is much less costly to purchase and maintain. 2) Improved Responsiveness. Access is faster since data can be located at the site of the greatest demand for that data. Processing speed is improved since the processing workload is spread over several computers. 3) Easier incremental growth. As the organization grows or requires additional computing resources, new sites can be added quickly and easily. Adding smaller, networked computers is easier and less costly than adding a new mainframe computer. 4) Increased user control and user involvement. If data and processing are distributed locally, the local users have more control over the data. This control also allows users to be more involved in the maintenance of the data and users are therefore more satisfied. 5) Automatic integrated backup. When data and processing are distributed across several computers, the failure of any single site is not as harmful. Other computers within the network can take on extra processing or data storage to make up for the loss of any single site. The disadvantages are: 1) Increased difficulty of managing, controlling, and maintaining integrity of the data. 2) Increased likelihood of concurrency problems. Yes, I think it is worthwhile to have distributed, local control of the data and automated, integrated backup of a distributed system. However, greater attention must be paid to controls that ensure the security and concurrency of the data in a distributed system. 195. Describe the ethical obligations of companies to their online customers. Answer: A company must put processes and safeguards into place to protect the privacy and confidentiality of customer data. The nine privacy practices described by the AICPA Trust Services Principles are a good source of the guidelines a company should follow.
230
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 14: E-Commerce and E-Business TEST BANK – CHAPTER 14 – TRUE / FALSE 1. E-business is the use of electronic means to enhance business processes. 2. E-commerce is electronically enabled transactions between a business and its customers. 3. E-commerce is the use of electronic means to enhance business processes. 4. E-commerce only involves transactions between the business and its customers. 5. Packet switching is the method used to send data over a computer network. 6. A router is an electronic hardware device that is connected to each computer to connect it to a network. 7. A protocol is a standard data communication format that allows computers to exchange data. 8. TCP/IP is an abbreviation for terminal communications protocol/Internet protocol 9. The Internet (interconnected networks) serves as the backbone for the World Wide Web (WWW). 10. A backbone provider is an organization such as the National Science Foundation (NSF) which funded the Internet and/or the WWW. 11. Regional ISPs connect to the backbone through lines that have less speed and capacity than the backbone. 12. Local ISPs connect to the backbone through lines that have less speed and capacity than the backbone. 13. A web server is a computer and hard drive space that connects to the backbone through lines that have less speed and capacity than the backbone. 14. A web server is a computer and hard drive space that stores web pages and data.
15. The standard form of encryption embedded in e-commerce sites and in web browser software is “Safe Sending Language” (SSL). 16. Due to interstate trade events and taxation issues the U.S. Government has standardized the definition of e-commerce. 17. The common term for business-to-consumer e-commerce is B2C. The common term for business-to-business electronic sales is B2B. 18. E-commerce provides the potential for much richer marketing concepts that include video, audio, product comparisons, and product testimonials or product tests. 19. Because of computer interaction and the capability of almost instant verification business across the World Wide Web has a lower probably of fraud, hackers, and compromised customer privacy. 20. The AICPA Trust Services Principles do not protect the history of purchases since these are classified as “public knowledge events.” 21. The AICPA Trust Services Principles state that the customer should be given the choice regarding the collection and retention of data. 22. The AICPA Trust Services Principles state that the customer need not be contacted if a business is going to release non-sensitive information about the customer to a third party. 23. The supply chain is the linked processes from the raw material vendor through the manufacturer ending at the stage of finished goods. 24. The supply chain may be larger at either or both ends as more than one vendor may supply the same materials and more than one customer may purchase the finished products. 25. A strength of the supply chain concept is that inconsistencies or poor quality within the supply chain will be compensated by other strengths resulting in an overall satisfactory product. 26. An example of vertical integration is a manufacturer who mines the raw materials, produces the product, and then sells it in company owned stores. 27. The differentiating factor between B2C and B2B is where B2C might purchase two books; a B2B purchase might involve ten thousand books.
2
28. One advantage in the B2B e-business environment is that operations costs can be reduced through inventory reductions and efficiencies can be increased by location of nearby assets when needed. 29. An intranet is a private network accessible only to the employees of a company. 30. Because intranets do not transmit information through the Internet or WWW they do not use protocols such as TCP/IP. 31. An extranet is similar to an internet except that it offers access to a greater number of sites than a standard Internet or WWW connection. 32. One characteristic that the Internet, intranets, and extranets have in common is that they are all networks that are intended for the sharing of information and the conducting of transactions. 33. The general public has general access to the intranet and extranet networks. 34. XML is a rich language that facilitates the exchange of data between organizations via web pages. 35. In XBRL complex financial statements are presented only in a static mode. 36. Traditional EDI is a real-time processing system due to the 24 hour, 7 day a week operation of computers and servers. 37. Management has an ethical obligation to create and enforce policies and practices which ensure that private customer data are not misused. 38. Because of their sensitive nature, companies seldom sell or share customer lists or customer data. 39. While there is no requirement to disclose a privacy policy on a website, it is an ethical obligation to disclose and follow the policy.
3
ANSWERS TO TEST BANK - CHAPTER 14 - TRUE/FALSE: 1. T 9. T 17. T 2. T 10. F 18. T 3. F 11. T 19. F 4. F 12. F 20. F 5. T 13. F 21. T 6. F 14. T 22. F 7. T 15. F 23. F 8. F 16. F 24. T
4
25. 26. 27. 28. 29. 30. 31. 32.
F T T T T F F T
33. 34. 35. 36. 37. 38. 39.
F T F F T F T
TEST BANK – CHAPTER 14 – MULTIPLE CHOICE 40. E-commerce: A. is business-to-business electronic trading and process integration. B. is electronically enabled transactions between a business and its vendors. C. is electronic recording and control of internal processes. D. is electronically enabled transactions between a business and its customers. 41. E-business: 1. is a narrower concept than e-commerce. 2. services the customers and the vendors. 3. is electronic recording and control of internal processes. 4. uses electronic means to enhance business processes. A. 1 only. B. 2 and 3 only. C. 2, 3, and 4 only. D. 1, 2, 3, and 4. 42. The internal processes of e-business do not include: A. access to personnel records. B. access to fringe benefit information. C. on-line sales to customers. D. travel and expense reporting. 43. E-commerce: A. sales will usually be large dollar amounts with only a few items are sold. B. is the sale of goods or services from a business to retailers. C. is the sale of goods or services to an end-user consumer. D. Both A and B are correct answers. 44. E-business 1. includes the sale of raw materials between companies. 2. includes using the Internet as an electronic network. 3. sales will usually be smaller dollar amounts with many sales. 4. is a broader concept than e-commerce. A. 1, 2, 3, and 4. B. 2, 3, and 4 only. C. 1, 3, 4 only. D. 1, 2, and 4 only.
5
45. Packet switching is a method of: A. turning routers off and on to send messages between computers. B. dividing large messages into bundles for transmission over a network. C. isolating computers connected to the network by disconnecting them. D. keeping all associated bundles of the message on one network path. 46. The transmission of packets: A. must be determined by the sender manually. B. must be accomplished via the same network path. C. allows great versatility in the transmission of data. D. has diminished because of advances in connectivity. 47. The transmission of packets: A. are usually sent in sequential order. B. must be received in sequential order. C. must follow the same network path. D. will bundle small messages into larger bundles for transmission. 48. A router is: A. a software application that creates path instructions for packets. B. is hardware that connects two or more networks. C. must receive its instructions from the user manually. D. Both B and C are correct. 49. The proper actions and capabilities is: A. packet switching bundles small messages into large messages for transmission while routers determine the best path through the network. B. packet switching replaces the need for routers to determine the best path for the message through the network. C. packet switching and routers both bundle small messages into large messages for transmission. D. packet switching divides large messages into small bundles for transmission while routers determine the best path through the network. 50. A protocol is required so that: A. computers from the same manufacturer can communication with each other. B. computers from different manufacturers can communicate with each other. C. so that communications within the network can be routed properly. D. Answers A, B, and C are all correct.
6
51. Protocols can be considered: A. a proprietary language to a specific computer manufacturer. B. a language native to the network so all computers can translate it. C. unnecessary if the computer is communicating on a LAN. D. unnecessary if the computer is using packet switching and routers. 52. TCP/IP is: A. trunk controlling protocol/intranet protocol. B. transmission control protocol/intranet protocol. C. trunk controlling protocol/Internet protocol. D. transmission control protocol/Internet protocol. 53. The ARPANET was: A. restricted to universities, libraries, research organizations, and commercial carrier access. B. was designed in the 1990s to augment the growing Internet and intranet systems. C. does not require the use of protocols such as TCP/IP because of the limited access. D. restricted to universities, libraries, and research organizations. 54. The Internet: A. is a series of LANs connected together to increase their local capability. B. is a series of networks connected to provide a global connectivity. C. is generally restricted to universities, libraries, and research organizations. D. utilizes the World Wide Web as a backbone to increase its capabilities. 55. The Internet: A. utilizes LANs as a backbone to increase connectivity. B. is a system of unconnected networks. C. utilizes the World Wide Web as a backbone. D. is compatible to graphic user interface tools. 56. The expansive growth of web servers occurred: A. in the early 1990s – 1990~1994. B. in the mid 1990s – 1993~1996. C. in the late 1990s – 1995~2000. D. in the early 2000s – 2000~2004.
7
57. The proper sequence of Internet connectivity between users is: A. regional ISP to national backbone provider to regional ISP. B. local ISP to national backbone provider to network access point to national backbone provider to local ISP. C. regional ISP to national network access points to regional ISP. D. local ISP to regional ISP to national backbone provider to network access points to national backbone provider to regional ISP to local ISP. 58. A backbone provider is an organization: A. that provides direct Internet access to the end users. B. that provides regional ISPs direct access to the Internet. C. that provides high-speed access to local ISP users. D. that provides high-speed access to regional ISP users. 59. The Internet backbone is: A. the network between the local ISP and the regional ISP. B. the network between the regional ISP and the local ISP. C. the network between the local ISP and the national backbone provider. D. the network between national backbone providers. 60. Regional ISPs: A. connect directly to the Internet backbone through network access points. B. connect to the Internet backbone through local ISPs utilizing network access points. C. provide the connection between local ISPs and national backbone providers. D. provide end users direct connects to the Internet backbone through network access points. 61. Regional ISPs do not include: A. EarthLink. B. BellSouth. C. MCI. D. America Online. 62. Backbone providers would not include: A. MCI. B. Sprint. C. America Online. D. BBN.
8
63. Local ISPs would include: A. MCI and Sprint. B. America Online and EarthLink. C. BBN and a local cable company. D. television and cable companies. 64. A web server is: A. always located at national backbone provider levels. B. always located at regional ISP provider levels. C. is a computer and hard drive space that stores web pages and data. D. always the access between the national backbone provider and the backbone. 65. HTML is: A. a language which allows computers to connect to the Internet and WWW. B. a protocol language allowing user level computers to connect to local ISPs. C. is a language utilized to present website words, data, and pictures. D. used for information sharing between the Internet and WWW. 66. HTML allows: A. user level computers to connect to the Internet through an ISP. B. user level computers a way to display information the way it was intended to be displayed. C. local and regional ISPs to interact with national backbone providers. D. national backbone providers to exchange information about trunk traffic. 67. An example of a URL is: A. cjb@jhs-email.com. B. http://www.cjb.org. C. jhs-email.com. D. All of the above, A, B, and C, are examples of URLs. 68. Select the true statement from the following. A. URL stands for uniform real-time locator while http stands for hypertext transmission protocol. B. URL stands for uniform resource location while http stands for hypertext translation protocol. C. URL stands for uniform resource locator while http stands for hypertext transmission protocol. D. URL stands for uniform real-time location while http stands for hypertext transmission protocol.
9
69. When a valid URL is entered into your web browser: A. your computer will send a network access protocol (NAP) command to your network server. B. your computer will send an http command to your internet access point requesting information. C. your command will be translated into TCP/IP and sent directly to a national backbone provider. D. your computer will directly access the Internet and WWW in its search for the information. 70. HTTP stands for: A. hypertext transmission protocol. B. hypertransmission terminal protocol. C. hypertext terminal protocol. D. hypertext translation protocol. 71. An example of a domain name is: A. jhs-email.com. B. cjb@jhs-email.com. C. http://www.cjb.org. D. All of the above, A, B, and C, are examples of domain names. 72. A URL is converted to an IP: A. by TCP/IP capabilities of the user level computer. B. by a DNS accessed when the browser sends the command. C. by the local ISP provider. D. by the national backbone provider. 73. SSL – secure sockets layering: A. reduces the frequency of Internet connection disconnects. B. ensures that TCP/IP is correctly configured for Internet browsing. C. is an effective way to prevent web pages from denial of service attacks. D. is an encryption system which reduces the probably of improper use of transmitted data. 74. The ways to determine a secure sockets layering connection is: A. the “s” at the end of “www”. B. the “s” at the end of “http.” C. the padlock on the lower bar of most web browsers. D. Both answers, B and C, are correct.
10
75. Select the correct statement from the following. A. B2C and B2B are both considered e-commerce. B. B2C is considered e-commerce while B2B is considered e-business. C. B2B is considered e-commerce while B2C is considered e-business. D. B2C and B2B are both considered e-business. 76. The common element in B2B and B2C is: A. both require a physical selling point. B. a downloadable product. C. both require access to the business’s website. D. both require SSL (secure sockets layering) to complete the transaction. 77. Advantages of e-commerce include all except: A. a narrower market for goods and services. B. increased access to information. C. the lack of geographic constraints. D. All of the answers, A, B, and C, are advantages of e-commerce. 78. All of the following are true statements about e-commerce except: A. e-commerce sites normally conduct sales 24 hours a day, 7 days a week, 12 months a year. B. e-commerce sales are except from sales taxes due to the lack of a physical site. C. e-commerce consumers can search for better prices and more information easily. D. e-commerce consumers may incur shipping and handling charges not incurred by retail customers. 79. E-commerce sites may: 1. provide access to manufacturer information on the product. 2. may provide tax free sales of retail goods. 3. require shipping and handling fees to be paid. 4. provide links to live or video presentations of product information. 5. not provide as quick order processing as the company’s retail locations. A. 1, 2, 3, 4, and 5 are correct. B. 1, 3, 4, and 5 are correct. C. 1, 2, 4, and 5 are correct. D. 1, 2, 3, and 4 are correct.
11
80. Select the true statements from the following. 1. Fraud, theft, or theft of data on the Internet and WWW are reduced by its regulated and controlled state. 2. A customer may feel isolated from the product because of the inability to touch or handle the product. 3. E-commerce customers may be targeted for solicitations based on their purchasing history. 4. E-commerce customers will often incur a shipping and handling charge with purchases. 5. E-commerce customers will always find the best product at the best price. A. 1, 2, 3, 4, and 5 are all true statements. B. 2, 3, and 4 are all true statements. C. 1, 3, 4, and 5 are all true statements. D. 1, 4, and 5 are all true statements. 81. E-commerce business benefits include all except: A. a lower cost of advertising per customer reached. B. more interaction with video and audio product comparisons. C. more rigid advertising and product presentation requirements. D. All of the above, A, B, and C, are benefits of e-commerce. 82. E-commerce businesses are: A. normally confined to more restrictive marketing due to the larger market. B. more likely to incur greater order processing costs because of technology costs. C. less confined in inventory stocking than a retail facility. D. less flexible in pricing structures due to WWW and Internet distribution of information. 83. All of the following are disadvantages of e-commerce except: A. faster order processing prevents good assurance of order correctness. B. greater probability of fraud or compromised customer privacy. C. more complex sales, inventory, and payment applications. D. All of the above, A, B, and C, are disadvantages of e-commerce. 84. With the advent of technology, the Internet, and the WWW: A. commerce is moving only from physical to electronic positioning. B. commerce has maintained its stance of physical and electronic. C. commerce is moving both from electronic to physical and from physical to electronic. D. No notable trends have been identified.
12
85. Select the correct statement from those below. A. Bricks and mortar refer to traditional stores while e-tailers are both brick and mortar and e-commerce businesses. B. Bricks and mortar refer to stores with both physical and electronic presences while e-tailers are e-commerce businesses only. C. Bricks and mortar refer to traditional stores while brick and click businesses are both brick and mortar and e-commerce businesses. D. Bricks and mortar refer to traditional stores while brick and click refers to ecommerce businesses. 86. The AICPA’s Trust Services Principles state that online privacy focuses on: 1. Name 2. Address 3. Social Security number 4. government ID numbers 5. employment history 6. personal health conditions 7. personal financial information 8. history of purchases 9. credit records A. 1, 2, 3, 4, 5, 6, 7, 8, and 9. B. 1, 2, 3, 4, 6, 7, 8, and 9 only. C. 1, 2, 3, 4, 5, 6, 7, and 9 only. D. 1, 2, 3, 4, 5, 6, 7, and 8 only. 87. The AICPA’s Trust Services Principles practice that states a specific person or persons should be assigned the responsibility to insure that privacy practices are followed by employees is under the title of: A. monitoring and enforcement. B. security for privacy. C. management. D. choice and consent. 88. The AICPA’s Trust Services Principles practice that states a company should have policies and practices to maintain the privacy of customer data is under the title of: A. choice and consent. B. collection. C. use and retention. D. notice.
13
89. The AICPA’s Trust Services Principles practice that states the organization should provide the choice to its customers regarding the collection of data is under the title of: A. choice and consent. B. collection. C. use and retention. D. notice. 90. The AICPA’s Trust Services Principles practice that states the organization should ask about the collection, retention, and of the use is under the title of: A. use and retention. B. access. C. choice and consent. D. disclosure to third parties. 91. The AICPA’s Trust Services Principles practice that states that only the data that is necessary for the purpose of conducting the transaction should be collected is under the title of: A. use and retention. B. collection. C. choice and consent. D. security for privacy. 92. The AICPA’s Trust Services Principles practice that states the organization should use customers’ personal data only in the manner described in “notice” is under the title of: A. security for privacy. B. monitoring and enforcement. C. use and retention. D. choice and consent. 93. The AICPA’s Trust Services Principles practice that states that customers should have access to the data provided so that the customer can view, change, delete, or block further use of the data provided is under the title of:. A. access. B. choice and consent. C. security for privacy. D. use and retention.
14
94. The AICPA’s Trust Services Principles practice that states that organizations should receive explicit or implicit consent of the customer before providing information to third parties is under the title of: A. choice and consent. B. security for privacy. C. monitoring and enforcement. D. disclosure to third parties. 95. The AICPA’s Trust Services Principles practice that states that the organization has the necessary protections to try to insure that customer data is not lost, destroyed, altered, or subject to unauthorized access is under the title of: A. choice and consent. B. security for privacy. C. monitoring and enforcement. D. disclosure to third parties. 96. The AICPA’s Trust Services Principles practice that states that all customer data collected remains “accurate, complete, current, relevant, and reliable” is under the title of: A. choice and consent. B. quality. C. monitoring and enforcement. D. use and retention. 97. The AICPA’s Trust Services Principles practice that states that the organization should have procedures to address privacy related inquiries or disputes is under the title of: A. choice and consent. B. quality. C. monitoring and enforcement. D. use and retention. 98. Internal processes of the organization include all of the following except: A. transactions involving suppliers. B. movement of raw materials. C. timekeeping and labor management. D. sharing of data files among workers. 99. The supply chain: A. is usually smaller at the customer end. B. is usually more complex for service firms. C. includes manufacturing facilities. D. does not include any internal resources.
15
100. The supply chain: A. ends once the raw materials arrive at the manufacturing facility. B. is an external process only. C. is both an internal and external process. D. ends once the product is manufactured and ready for sale. 101. The correct sequence of the supply chain is: A. secondary suppliers, suppliers, manufacturer, warehouses, distributors, retailers, and customers. B. suppliers, secondary suppliers, manufacturer, warehouses, distributors, retailers, and customers. C. suppliers, secondary suppliers, manufacturer, distributors, warehouses, retailers, and customers. D. suppliers, secondary suppliers, manufacturer, distributors, warehouses, retailers, and customers. 102. The correct statement regarding the supply chain and B2C is the supply chain extends from the: A. secondary supplier and ends with the retailer while B2C is from the manufacturer to the final consumer. B. secondary supplier and ends with the retailer while B2C is from the manufacturer to the final consumer. C. secondary supplier and ends with the manufacturer while B2C is from the retailer to the final consumer. D. secondary supplier and ends with the final customer while B2C is from the retailer to the final consumer. 103. The correct statement regarding the supply chain and B2B is the supply chain extends from the: A. secondary supplier and ends with the retailer while B2B is from the manufacturer to the final consumer. B. secondary supplier and ends with the final customer while B2B is from the secondary supplier to the distributor. C. secondary supplier and ends with the manufacturer while B2B is from the supplier to the retailer. D. secondary supplier and ends with the final customer while B2B is from the retailer to the final consumer.
16
104. Vertical integration of the supply chain occurs when: A. one organization owns all of the companies capable of accomplishing a specific task. B. all of the organizations that can accomplish a specific task are located in one geographic region. C. several organizations agree to produce a single product under a common label. D. one organization owns the supply chain from raw materials through distribution and sales. 105. Select the correct statement from the following: A. B2C is typically many line items per order while B2B is typically few line items per order. B. B2C is typically few line items per order while B2B is typically many line items per order. C. B2C uses purchase order forms while B2B utilizes credit card purchasing. D. B2C buyers usually have a relationship with the seller while B2B do not have a prior relationship. 106. An intranet is: A. a private network accessible only to the employees of a company. B. a public network accessible by the customers and vendors of a company. C. a public network accessible by the entire supply chain of a company. D. a private network accessible by the entire supply chain of a company. 107. B2C e-commerce requires: A. access to the intranet. B. access to the extranet. C. access to the Internet. D. all of the above, A, B, and C. 108. An extranet is: A. a private network accessible only to the employees of a company. B. a public network accessible by the customers and vendors of a company. C. a public network accessible by the entire supply chain of a company. D. a private network accessible by select members of the supply chain. 109. Select the correct statement from those provided below. A. Intranet access is generally open to select members of the supply chain. B. Internet access is generally open to select members of the supply chain. C. Extranet access is generally restricted to company employees. D. Extranet access is generally open to select members of the supply chain.
17
110. When a company uses the: A. intranet for exchanges such as B2C transactions, it must give access to potential customers. B. Internet for exchanges such as B2C transactions, it must give access to potential customers. C. Internet for exchanges such as B2C transactions, it must preclude potential customers default access. D. extranet for exchanges such as B2C transactions, it must preclude potential customers default access. 111. Firewalls: A. prevent internal users from accessing unacceptable web sites through the intranet. B. permit internal users direct access to the Internet to accomplish B2B transactions. C. prevent vendors from viewing inventory levels via the intranet. D. prevent external users from accessing the extranet or intranet. 112. Select the correct statement from the following. A. XML is extensible markup language while XBRL is extensible business reporting language. B. XML is extensive markup language while XBRL is extensive business reporting language. C. XML is example markup language while XBRL is example business reporting language. D. XML is extensible manipulation language while XBRL is extensible business reporting language. 113. XML: A. allows dynamic financial statements to be published on websites. B. provides standards for the automatic exchange of financial data. C. facilitates the exchange of data between organizations via web pages. D. is based on XBRL language for the construction of business web pages. 114. EDI via ANSI X.12 implementation is hampered by: A. high costs. B. usable only on small projects. C. limited transfer of files and data formats. D. Both A and C above are correct answers.
18
115. Internet EDI, or EDIINT, features all of the following except: A. low cost. B. heavy infrastructure. C. industry standard. D. entire supply chain integration. 116. Value added networks or VANs, features all of the following except: A. transaction fees. B. complicated. C. industry standard. D. limited access. 117. As a metalanguage, XML: A. places a data tag that the beginning and end of each page identifying the contained data. B. places a data tag that the beginning and end of each data item identifying the contained data. C. places a data tag only at the beginning of the data identifying the following data item. D. is usable on both EDI and EDIINT networks. 118. XBRL: A. is a language that allows data extraction from financial statements. B. is the base or core language for XML, also a metalanguage. C. requires that financial statements be submitted in printed format. D. Both answers B and C are correct. 119. Companies that engage in e-commerce, B2C sales with consumers: A. have the legal obligation of complying with the AICPA Trust Services Principles. B. have the same kind of obligations to conduct their business ethically as companies transacting business any other way. C. have legal obligations that suggest that customers should be so informed regarding customer privacy. D. are required by law to have a local presence for the resolution of customer complaints.
19
ANSWERS TO TEST BANK - CHAPTER 14 – MULTIPLE CHOICE: 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55.
D C C C D B C A B D D B D D B C
56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71.
C D D D C C C D C C B B C B A A
72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87.
20
B C C B C A B D B C B A C C A C
88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103.
D A C B C A D B B C A C C A D B
104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119.
D B A C D D B D A C D B D B A B
TEXTBOOK – CHAPTER 14 – END OF CHAPTER QUESTIONS 120. Which of the following statements is true? A. E-business is a subset of e-commerce. B. E-commerce is a subset of e-business. C. E-business and e-commerce are exactly the same thing. D. E-business and e-commerce are not related. 121. An electronic hardware device that is located at the gateway between two or more networks is a A. packet switch. B. URL. C. router. D. protocol. 122. The type of organization that serves as the main trunk line of the Internet is called a A. local ISP. B. regional ISP. C. global ISP. D. backbone provider. 123. Which of the following is not a direct advantage for the consumer from commerce? A. Access to a broader market B. More shopping convenience C. Reduced order-processing cost D. Information sharing from the company 124. Each of the following represents a characteristic of B2B commerce except A. electronic data interchange. B. electronic retailing. C. data exchanges. D. preexisting business relationships. 125. Each of the following represents an application of B2C commerce except A. software sales. B. electronic retailing. C. data exchanges. D. stock trading.
21
126. Before forwarding customer data, an organization should receive explicit or implicit consent of the customer. This describes which of the AICPA Trust Services Principles online privacy practices? A. Consent B. Use and retention C. Access D. Onward transfer and disclosure 127. Which of the following process within a supply chain can benefit from IT enablement? A. All process throughout the supply chain B. Only internal process within the supply chain C. Only external process within the supply chain D. exchange process between a company and its suppliers 128. When a company has an e-business transaction with a supplier, it could be using A. the Internet. B. an intranet. C. an extranet. D. Either the Internet or an extranet. 129. Intranets are used for each of the following except A. communication and collaboration. B. business operations and managerial monitoring. C. web publishing. D. customer self-service. 130. When there is no necessity for a preexisting relationship between buyer and seller, that transaction is more likely to b classified as A. B2B. B. B2C. C. B2E. D. Either B2B or B2C. 131. Which of the following IT controls would not be important in an extranet? A. encryption B. Password C. Antivirus software D. Penetration testing E. All of the above are important IT controls.
22
132. A company’s computer network uses web servers, HTML, and XML to serve various user groups. Which type of network best serves each of the following users? Employees Suppliers A. Intranet Extranet B. Intranet Internet C. Internet Extranet D. Internet Internet 133. An extensible markup language designed specifically for financial reporting is A. Internet DI B. XML C. XBRL D. XFRL ANSWERS TO TEXTBOOK – CHAPTER 14 – END OF CHAPTER QUESTIONS 120. B 121. C 122. D
123. C 124. B 125. C
126. D 127. A 128. D
23
129. A 130. B 131. E
132. A 133. C
TEST BANK – CHAPTER 14 – SHORT ANSWER QUESTIONS 134. How do e-commerce and e-business differ? Answer: E-business is a very broad concept that includes any electronically enabled business process. E-business can include electronic enhancements of processes with trading partners, as well as internal processes. E-commerce is a subset of e-business and it includes electronic sales between a retail business and an end consumer. Ecommerce is conducted via the Internet, while e-business could use the Internet as well as other electronic means. 135. What was the original purpose of the network of computers that eventually became the Internet? Answer: The original purpose was to facilitate communication and sharing of work between universities engaged in research for the Department of defense. 136. Why was ARPANET designed with many different alternative routes for network traffic? Answer: ARPANET was designed during the height of the Cold War with the USSR and there were many fears of nuclear attack. A design with many alternative routes could still operate if a nuclear attack destroyed one or more of those routes. 137. Why is a standard protocol necessary in computer networks? Answer: There may be many different brands or types of computers on a network, and these computers could use different operating systems. In order for these various computer systems to communicate, there must be a standard protocol. The protocol establishes the common communication method. 138. How quickly did Internet usage by the public grow after the Internet was opened to business transactions in 1994? Answer: The public use of the Internet exploded in growth after it was opened to business transactions. This was especially true in the 1998 to 2001 period. 139. Describe the relationship between national backbone providers, regional ISPs, and local ISPs? Answer: Backbone providers make up the main trunk-lines of the Internet. They are made up of high capacity , high speed lines. Regional Internet Service Providers (ISP) connect to the backbone providers with lines with less speed and capacity than backbone providers. The local ISPS then connect to the regional ISPs and these local ISPs provide Internet connect to local customers.
24
140. What is the importance of a standard formatting language for Web pages and a standard addressing system? Answer: The standard formatting language for web pages is HTML. A standard formatting language is necessary to show a web page in the same form on the many different kind of computers connected to the World Wide Web. There is a similar reason to have a standard addressing system. Various types of computers need a way to locate the desired web site If a standard method of accessing web sites exists, the computer browsers can be built to use the standard addressing system on the various kinds of computers. 141. Which types of costs can be reduced when a company decides to engage in B2B e-commerce on the Internet? Answer: Marketing costs, order processing costs, and distribution costs can be reduced by engaging in B2C sales. 142. What are the differences between brick and mortar retailers and clicks and mortar retailers? Answer: Brick and mortar refers to retailers that sell in traditional forms in a building that customers visit to make a purchase. Clicks and mortar refers to retailers who have traditional sales in a building, but also sell to customers via the Internet. 143. According to the Online Privacy section of the AICPA Trust Services Principles, what types of personal information should be protected? Answer: All information collected from customers should remain private unless the customer has given implicit or explicit permission to share such information with third parties. In addition, companies should collect only data necessary to conducting the transaction. 144. If you could condense the ten areas of Online Privacy in the AICPA Trust Principles, into a shorter list (three, four, or five point list), how would you word that list? Answer: Collect only necessary data, keep that data private unless the customer gives permission to share it, make sure you have enforced policies to store and use the data as the customer intends you to use it, notify the customer of how you intend to use the data. 145. What is meant by “monitoring and enforcement” regarding online privacy practices? Answer: It means that a company should continuously monitor how well it follows its privacy practices and that they must put processes in place to ensure privacy practices are followed.
25
146. How is E-business a more broad concept than e-commerce? Answer: E-commerce refers to web-based sales between a business and an end consumer. E-business is a much broader concept that includes electronic forms of process improvement throughout the supply chain. Thus it can include processes between a business and its suppliers, a business and its customers, or internal processes. It also includes many forms of electronic enhancement beyond webbased. 147. Describe the concept of a supply chain. Answer: It is the set of linked activities from the acquisition and delivery of raw materials, through the manufacture, distribution, and delivery to a customer. Why is it important to insure an efficient flow of goods throughout the supply chain? Any slow-down or bottle neck in the supply chain can slow or stop the entire supply chain. 148. Which functions within the supply chain can be enhanced through the use of ebusiness? Answer: Virtually any process within the supply chain can be enhanced through ebusiness. 149. How are activities in the supply chain interdependent? Answer: They are interdependent in that one step in the supply chain drives the following step. For example, a secondary supplier must provide products to a supplier, who then converts it to a product to be sold to the manufacturer. 150. In what ways are the characteristics of e-business different from e-commerce? Answer: E-business is often business to business, while e-commerce is business to consumer. In an e-business order, it is likely to be a large dollar order, with many line items, and with a business that we have a pre-existing relationship. An ecommerce order may be from an unknown customer and each order may be a small dollar amount, but a large volume of orders. E-commerce transactions are likely to be credit card transactions while e-business transactions are likely to involve purchase orders and invoices. 151. What are the three levels of network platforms that are utilized in e-business and which groups use each level? Answer: The Internet is used by internal and external users, potentially including anyone in the world. Extranets are used by trading partners and are not available to the entire world. Intranets are used by employees within the company.
26
152. Which type of users should have access to an intranet? Answer: Only those inside the company. 153. Which type of users should have access to an extranet? Answer: Trading partners such as suppliers, secondary suppliers, and distributors. 154. What types of controls should be used to properly limit access in intranets and extranets? Answer: Authentication controls should be used, including controls such as user Ids, passwords, access levels, computer logs, and authority tables. Also, hacking and break-in controls should be used. These include controls such as firewalls, encryption, security policies, VPN, vulnerability assessment, penetration testing, and intrusion detection. 155. Why is the use of XML advantageous in Internet EDI? Answer: XML allows a more rich exchange of data than traditional EDI. For example, it could allow the exchange of product descriptions, pictures, or even databases of information regarding products. 156. In what ways are XBRL financial statements advantageous when compared to traditional paper financial statements? Answer: XBRL statements can be viewed by a browser, or printed. In addition, the viewing of an XBRL statement on a web browser could be much more interactive. For example a reader of the statements could click on an item such as sales to see more underlying detail of the sales total. 157. What are some of the ethical obligations of companies related to e-commerce? Answer: Companies have an obligation to collect, store, and use customer data in a ethical manner. These obligations are described in the ten privacy practices of the AICPA Trust Services Principles. 158. Is there a difference between ethical obligations and legal obligations in regards to online privacy? Answer: Yes, for example, there is no legal obligation to have a privacy policy displayed on the company web site. However, companies that wish to be very ethical should display privacy practices.
27
TEST BANK – CHAPTER 14 –SHORT ESSAY 159. Much of the e-business and e-commerce conducted by companies uses the Internet as the form of electronic communication. Describe other electronic means to conduct e-business or e-commerce. Answer: Electronic Data interchange (EDI) and Electronic Funds Transfer (EFT) are other communication means. 160. How does the use of HTML, URLs, domain names, and SSL contribute to an Internet that can be used world-wide? Answer: There are many different types or brands of computers throughout the world and these computers use different operating systems. There must be some common standards within the Internet to allow these various types of computers to read and interact with the Internet. HTML, URLs, domain names, and SSL are all standards in use world-wide that facilitate a user-friendly Internet. Without such common standards, it would not be as easy to connect to and use the Internet. 161. Describe the benefits to the consumer of B2C sales. Answer: Customers benefit in through increased access, speed, convenience, and information sharing inherent in B2C sales. They have access to a broader market, 24 hours a day, every day, and therefore more product choices. B2C also often results in lower prices, quicker deliver, and marketing targeted specifically to the customers’ needs. Customers also sometimes have the opportunity to conduct live chats with company representatives, or can view FAQs about the products. 162. Describe the benefits to the company of B2C sales. Answer: Benefits to the company are: a broader market of customers beyond the geographic area of any stores they maintain; reduced marketing, order processing, and distribution costs; higher profits; the ability to conduct richer marketing; and the ability to react quickly to market changes. 163. Describe the benefits to a company that engages in B2B transactions via the Internet. Answer: They are a wider potential market, reduced transaction cost, higher profits, faster cycle times for product purchase or sale and cash flow, reduction in keying of information and reduced data errors. 164. What are the ten areas of privacy practices described in the Online Privacy section of the AICPA Trust Services Principles? Answer: The ten areas are: management, notice, choice and consent, collection, use and retention, access, disclosure to third parties, security for privacy, quality, monitoring and enforcement.
28
165. Describe the activities that take place in the supply chain of a manufacturing firm. Answer: Before a manufacturer can produce goods, it must buy raw materials from suppliers. Often those suppliers also need to purchase raw materials, so there are secondary suppliers in the supply chain. The internal processes of manufacturing are also part of the supply chain. Upon completion, products must be distributed through warehouses or distributors to retailers, who then sell these goods to customers. 166. Describe the differences between B2C and B2B. Answer: B2C is a sale between a company and an end consumer. B2B is a sale or purchase between two companies. The differences in these types of transactions causes many differences in the characteristics of the transactions. A B2B sale is likely to be ordered via a purchase order, with many line items on the purchase order, with a relatively high total dollar amount. These B2B sales are between companies with preexisting relationships in which they have negotiated specific shipping instructions or prices. B2C sales are relatively smaller dollar amounts, but with a larger volume of sales transactions. It may be a sale to a customer with no preexisting relationship to the company and it is likely to be a credit card sale. 167. Explain the importance of user authentication and network break-in controls in extranets. Answer: Only trading partners such as suppliers, secondary suppliers, distributors, or retailers should have access to an extranet. That is, it should not allow any user on the web to log in. Thus, there must be extensive authentication controls. These controls in include user Id, password, log in procedures, biometric devises or security tokens, computer logs, and authorization tables. Since the extranet often uses internet network facilities, it can be susceptible to hackers or other network break-ins. Controls such as firewalls, encryption, SSL, vulnerability assessments, penetration testing, and intrusion detection must be used. 168. What are the advantages of Internet EDI over traditional EDI? Answer: The Internet allows cost-free exchanges of data. In traditional EDI, the companies usually pay a VAN for network capabilities and communication. The software and systems for Internet EDI are also simpler and cheaper than those for traditional EDI. Even very small companies can afford hardware and software to conduct Internet EDI.
29
TEST BANK – CHAPTER 14 – PROBLEMS 169. Explain the hardware or standards that were developed during the ARPANET that were an important foundation for the Internet of today. There were hardware items or standards developed during the ARPANET time frame. These include packet switching, routers, and the TCP/IP protocol. Packet switching is the method to send data over a computer network. Data is divided into small packets and sent individually. Packets may travel different routes and as they arrive, they are reassembled into the original data. A router is hardware that serves as a gateway between two or more networks. TCP/IP is an acronym for transmission control protocol/Internet protocol. It is the protocol used today. 170. The Pizza Pie Pit is a local chain of pizza restaurants in Dallas. The chain has 30 locations throughout the city and its suburbs. The management is considering opening a Web site to conduct e-commerce with customers. Describe any benefits that might be derived from this move. A move to sales on the web site may not increase the geographic area from which the Pizza Pie Pit draws customers. This is because the delivery area is not likely to change. However, it may experience increased sales due to the convenience of placing pizza orders online. It will also be likely to increase the accuracy of orders and reduce the costs of filling pizza orders. Pizza Pie Pit may also see a benefit to the marketing available on the web site, for examples, they could put pictures of pizzas on “special” and perhaps increase the sales of promotional items. If these benefits do occur, the company will experience increased profits. 171. Using your favorite search website, enter the term “privacy seal” and search. Answer the following questions: What is the purpose of a Web privacy seal? The purpose of a privacy seal is to inform customers that the company web site adheres to high standards of privacy of data. When a company displays a privacy seal, they are alerting customers that the company can be trusted to maintain the privacy of customer data. Which organizations provide Web privacy seals to web-based companies? Providers include the Better Business Bureau, TRUST-e, CPA WebTrust (AICPA), PrivacyBot.com, ValidatedSite.com, and International Bureau of Certified Internet Merchants. What are the advantages to a company that maintains a Web privacy seal? Those parties that provide privacy seals indicated that having a privacy seal leads to increased customer confidence and higher revenue. What are the benefits to a consumer of shopping a website that has a privacy seal? The consumer should feel a greater sense of confidence that their data is private. There should also be fewer concerns about negative consequences such as a customer’s contact information being sold, or identity theft.
30
172. Visit the website www.cpawebtrust.org and answer the following questions: What is a WebTrust seal? A WebTrust Seal is placed on a web site of a company that has been examined by a CPA firm to determine that it has appropriate privacy practices and that it adheres to those practices. Which organization sanctions the WebTrust seal? The American Institute of Certified Public Accountants (AICPA) What kind of professional can provide a WebTrust seal to a company? Licensed CPAs who have been trained in WebTrust service examinations. What must this professional do before providing a WebTrust seal? For a firm to become a licensed WebTrust Services provider, the firm must: be in good standing with the AICPA; be a CPA majority owned firm; be part of a recognized quality control system; and, sign a licensing agreement and remit an annual licensing fee to the AICPA. 173. Enter the Web site of a popular retail company that sells a large volume of goods or services on the Internet. Search for company “Privacy Policies” on that Web site. If you do not find any privacy policies, continue visiting other company Web sites until you do find privacy policies. Once you have found a company with privacy policies, describe how the company policies do or do not meet the privacy practices in the AICPA Trust Principles. The solution will depend on which company the student uses in their answer. For any company, the student answer should compare the privacy practices against those in the AICPA Trust services Principles privacy practices. The following sample answer is based on Target ®, the retail department store, www.target.com, accessed on February 15, 2008. The Target web site has privacy practices at http://sites.target.com/site/en/spot/page.jsp?title=privacy%5Fpolicy and it is divided into three main areas: What information we collect How we may share information How you can limit our sharing or information Target identifies the information it collects such as name, address, e-mail address, phone number, credit card number, and it discloses there may be other information collected. This other information might include personal preferences or information about other people such as gift recipients. The site indicates there are several parties they may share information with. Those uses include: use by Target to offer products or services, Amazon.com when goods are purchased from Amazon on target’s site, carefully selected companies and organizations, and service providers such as printing companies or web host companies.
31
The site also discloses how a customer can limit use of data provided. It appears that when information is collected by Target, customers are giving implicit consent to use information as outlined in the privacy practices. Within the privacy policy, there are clickable links to allow a customer to limit use or sharing of information. For example, one link allows customers to prevent sharing of information to companies or organizations outside the Target family of companies. Thus, the Target site does include some of the privacy practices in the AICPA Trust Services Principles, but not all. It does seem to include adequate notice, consent, and disclosure to third parties as described above. However, the site describes little, if any, information about management, collection, access, security for privacy, quality, or monitoring and enforcement. The site does briefly describe use of the information, such as for offering special promotions. There is no information about the retention of data. Therefore, the Target site partially describes use and retention. 174. Using an Internet search engine, search for the terms “Internet EDI” and “Kate and Ashley.” Explain how Coty applies Internet EDI. This solution is based on an article at http://www.computerworld.com.au/index.php/id;1618362747 accessed of February 15, 2008. the article indicates that Coty, the cosmetics manufacturer of Kate and Ashley, is using a blend of old and new technology as it sells the fragrance to WalMart. The old part of the technology is EDI. It is using standard and traditional data formats for EDI exchange with Wal-Mart. The article describes the new technology as the “transport mechanism”. Coty is transmitting EDI information to Wal-Mart using the Internet, rather than a Value Added Network (VAN). The technology costs less and is simple to implement. It also eliminates the fees paid to VANs. The article also describes that the increase in the use of internet EDI is driven by companies such as Wal-Mart. Wal-Mart is requiring its vendors to use Internet EDI. Meijer is another company that encouraged Coty to use Internet EDI for its information exchanges.
32
175. Visit the www.xbrl.org Web site. Click on the “Latest News” link, and then the “articles” link. After reading three or four of the most recent articles about XBRL, briefly describe what those articles say about XBRL. The student solution to this problem will vary greatly and depend on when they view the XBRL site and which articles they choose. As of the end of 2007, some items about XBRL are: The Shanghai stock exchange in China is asking companies to use XBRL to file reports. In Belgium, over 290,000 companies will be using XBRL to file accounts with the National Bank of Belgium. The majority of European Banking Supervisors are using XBRL as either a required or optional format. In the United States, the SEC is considering mandatory XBRL filing for the Fall of 2008.
33
ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 15: IT Infrastructure for E-Business TEST BANK – CHAPTER 15 – TRUE / FALSE 1. The intent of an ERP (enterprise resource planning) system is to provide a single software application for revenue, expenditures, conversion, and administrative processes. 2. The intent of an ERP (enterprise resource planning) system is to provide a sales and inventory software application that will interact with the general ledger software with its sales and inventory transactions. 3. An enterprise resource planning (ERP) system integrates all business processes and functions into a single software system using a single database. 4. An enterprise resource planning (ERP) system would update accounts receivable and inventory when purchased goods are received from a vendor. 5. An enterprise resource planning (ERP) system allows a sales representative to provide the date that inventory for sale will be received from a vendor to a customer upon order placement. 6. Manufacturing resource planning software systems are outgrowths of the ERP concept. 7. ERP applications use modules such as financial, human resources, data warehouse, and analytics. 8. ERP data is stored in both financial and operational databases. 9. The data warehouse is up dated as transactions are processed. 10. Today’s ERP systems can be traced back to the first generation of materials requirements planning software. 11. Early MRP applications utilized sales forecasts to compute material requirements for production. 12. The purpose of MRP II was to integrate manufacturing, engineering, marketing, finance, and human resources units to run on the same information system.
13. SAP R/3 had tremendous growth due to the use of closed architecture and clientserver hardware compatibility. 14. Y2K compatibility issues arose because computers kept dates in mm/dd/yy type formats. 15. MRP II has additional modules including customer relationship management and supply chain management for enhanced e-commerce transactions. 16. MRP II systems let vendors track customer inventory levels and trigger inventory shipments when prearranged levels are met. 17. Spending for ERP and ERP II systems has been consistently growing since the mid 1990s and the Y2K events. 18. The financial module of an ERP such as SAP might contain such components as financial accounting, management accounting, corporate governance, and inventory. 19. The production development module of an ERP such as SAP might contain such components as production planning, manufacturing execution, operations analysis, and enterprise asset management. 20. ERP systems such as SAP normally batch their financial transactions for processing due to the large amounts of data. 21. ERP systems such as SAP normally post their financial transactions in real-time for current information through all of the appropriate modules. 22. Management must examine feedback from the ERP system to assist in the proper management and control of operations and financial conditions. 23. Supply Chain Management integrates supply and demand management within and across companies. 24. Processes in supply chain management involve trading processes from a supplier to a business only. 25. Sales and service is a term for software solutions that help businesses manage customer relationships in an organized way. 26. CRM is a term for software solutions that help businesses manage customer relationships in an organized way.
2
27. CRM success depends entirely on the implementation of the software package designed for customer relationship support. 28. Tier one includes software often used by large, multinational corporations. 29. Tier two describes software used by midsize businesses and organizations. 30. Tier one describes software used by midsize businesses and organizations. 31. Tier two includes software often used by large, multinational corporations. 32. Peoplesoft uses the terms “back office” in reference to managerial functions and “front office” in reference to customer and sales functions. 33. mySAP was the first “pure Internet” architecture, with no programming code residing on the client computer. 34. The strength of SAP is the human resources aspects of an organization. 35. The strength of Peoplesoft is the human resources aspects of an organization. 36. The best fit software is usually defined by the client’s hardware and intranet structure. 37. When ERP implementation is started all of the legacy system must be replaced for proper operation. 38. Best of breed means picking the best ERP software on the market for the particular type of business or organization. 39. Business process reengineering (BPR) is the purposeful and organized changing of business processes to make them more efficient. 40. Business process reengineering means tailoring both the business process to IT and the IT process to the business process for best functionality and processing. 41. Customizing an ERP system is recommended wherever the business has an existing process to accomplish a goal and that process is not compatible with the ERP system. 42. Customizing an ERP system should be limited due to cost and upgrading to the system in the future.
3
43. ERP implementation costs are kept to a minimum by retaining the legacy computer hardware and operating systems. 44. Due to the integration of design, ERP systems do not require extensive testing if implementation does not entail best of breed or legacy modules. 45. Because the ERP system will cleanse and correct data errors while importing legacy data into its RDBMS, a minimum of time, effort, and dollars will be spent on data conversion. 46. Training of employees will be minimal due to BPR and system’s integration. 47. The big bang theory is the easiest to implement since the switch from the legacy system to the ERP system is done on a single date throughout the organization. 48. The big bang theory of implementation is preferred due to the limited problems incurred in transition. 49. Modular implementation and pilot implementation are both considered concept of implementation. 50. Location-wise implementation and pilot implementation are both considered concept of implementation. 51. The real-time nature of processing decreases the total processing time and allows more immediate feedback to management. 52. The real-time nature of processing increases the total processing time and precludes immediate feedback to management. 53. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. 54. ERP systems can grow with the business. 55. ERP implementation regarding IT infrastructure benefits include building business flexibility for current and future changes 56. The integration of an ERP system compensates for its scope, size, and complexity to make implementation less risky than most IT systems.
4
57. Since the sale of goods in an ERP system may automatically trigger more production, which in turn would trigger the purchase of raw materials there is a significant need to ensure that these integrated processes are triggered at the correct time and in the correct amounts. 58. Since ERP systems are modular the risks of implementation enterprise-wide are minimized. 59. Within an ERP system unauthorized access to a purchase module could trigger a related unauthorized payment within accounts payable. 60. Based on each employee’s ID and password, audit trails can be constructed and reports generated to identify the employees who initiated or conducted specific transactions or tasks. 61. Due to their level of integration, ERP systems have difficulties in properly segregating duties. 62. The ERP system can incorporate a matrix of tasks that are compatible.
5
ANSWERS TO TEST BANK - CHAPTER 15 - TRUE/FALSE: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.
T F T F T F F F F T T F F
14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26.
T T T F F F F T T T F F T
27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39.
6
F T T F F F F F T F F F T
40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52.
T F T F F F F F F F T T F
53. 54. 55. 56. 57. 58. 59. 60. 61. 62.
T T T F T F T T F T
TEST BANK – CHAPTER 15 – MULTIPLE CHOICE 63. Select the true statement from those provided below. A. An ERP system is designed to interact with a stand-alone sales and inventory application to create general ledger information. B. An ERP system is designed to be a stand-alone software application to accomplish revenue, expenditures, conversion, and administrative processes. C. An ERP system will accomplish e-commerce but relies on other software applications for the accomplishment of e-business transactions. D. An ERP system will not collect, process, store, and report the data resulting from e-business transactions. 64. An ERP system uses: A. one database for each module associated with the organization – sales, inventory, human resources, etc. B. one database for manufacturing, one database for sales, one database for administrative, and one database for design and research. C. one database which contains all data items associated with the organization. D. relational databases for interactive queries between modules and departments. 65. An enterprise resource planning (ERP) system would: A. update both accounts receivable and inventory when purchased goods are received from a vendor. B. update both accounts payable and accounts receivable when inventory purchased from a vendor is received. C. update both accounts payable and sales when purchased goods are received from a vendor. D. update both accounts payable and inventory when purchased goods are received from a vendor. 66. An enterprise resource planning (ERP) system allows a sales representative to provide a customer with all of the following information except: A. is the product in stock? B. what is the price of the product? C. what is the cost of the product? D. when will it be shipped?
7
67. MRP applications are: A. management resource programs. B. manufacturing resources planning software systems. C. management reporting programs. D. manufacturing reporting programs. 68. ERP modules include all except: A. financial. B. operational database. C. sales and services. D. product development and manufacturing. 69. Within an ERP program: A. the operational database contains five to ten years of transaction histories. B. the data warehouse is updated as daily transactions are recorded. C. the data warehouse contains five to ten years of transaction histories. D. the data warehouse information is available to sales personnel for customer histories. 70. Interfaces between modules of ERP systems would be accepted for all of the following except: A. sales and inventory. B. sales and human resources. C. sales and accounts receivable. D. sales and manufacturing. 71. Material requirements planning (MRP) software: 1. calculated raw materials quantities needed for manufacturing. 2. calculated lead times on raw materials orders. 3. calculated material needs on accounts payable data. A. 1, 2, and 3. B. 1 and 2 only. C. 2 and 3 only. D. 1 and 3 only. 72. The purpose of MRP II was to integrate all of the following into a single database except: A. human resources. B. manufacturing. C. marketing. D. finance.
8
73. SAP R/3: A. operates on a mainframe environment with closed architecture. B. operates on a client-server environment with open architecture. C. operates on a client-server environment with closed architecture. D. operates on a mainframe environment with open architecture. 74. Y2K compatibility issues arose because: A. older computer systems recorded dates in mm/dd/yyyy formats and memory for these was expense. B. older computer systems recorded dates in mm/dd/yyyy formats and memory in older systems was unreliable. C. old computer systems kept dates in mm/dd/yy formats. D. memory in older systems would fail when challenged with a mm/dd/yy formatted date. 75. Select the correct statement from those provided below. A. MRP II allows interaction between suppliers and their customers via the internet or other electronic means. B. While MRP II provides automatic inventory reordering, it does not allow suppliers to see customer inventory levels. C. MRP II systems preclude e-commerce and e-business transactions due to internal security measures to protect data. D. To increase operational response times, MRP II systems utilize operational databases but not data warehouses. 76. Reasons to upgrade ERP systems since the initial implementation include all of the following except: A. Y2K compliance concerns. B. the need for better customer service. C. multi-national sites of operation. D. compliance with the Sarbanes-Oxley Act. 77. The financial module of an ERP such as SAP would include all of the following components except: A. inventory. B. financial accounting. C. management accounting. D. corporate governance.
9
78. The sales and services module of an ERP such as SAP would include all of the following components except: A. sales order management. B. inventory. C. professional services delivery. D. incentive and commissions management. 79. The financials module of an ERP system such as SAP would include all of the following except: A. accounts payable. B. statement of cash flows. C. accounts receivable. D. All of the above, A, B, and C, would be in the financials module of an ERP program such as SAP. 80. Management would use the _____________ module for feedback from the ERP system to assist in the proper management and control of operations. A. financials. B. corporate services. C. analytics. D. human capital management. 81. To employ analytical processes on the organization’s data: A. data mining is performed on the operational database. B. data is uploaded to the analytics module’s database. C. data mining is performed on the data warehouse. D. data is uploaded to the financials module’s database. 82. Supply chain management is: 1. the management and control of all materials. 2. the management and control of all funds related to purchasing. 3. the management of information related to the logistics process. 4. limited to the flow of materials from vendors into the production cycle. A. 1, 2, 3, and 4 are all correct. B. 1, 2, and 3 are correct. C. 1, 2, and 4 are correct. D. 1, 3, and 4 are correct.
10
83. Processes in supply chain management: 1. involve trading processes from a supplier to the business. 2. involve trading processes from the business to a customer. 3. involve trading between the business and other intermediaries. 4. do not include any transactions once raw materials are put into production. A. 1, 2, 3, and 4 are all correct. B. 1, 2, and 4 are correct. C. 1, 2, and 3 are correct. D. 1, 3, and 4 are correct. 84. The term for software solutions that help businesses manage customer relationships in an organized way is: A. sales and service. B. customer relationship management. C. corporate services. D. human capital resources. 85. Critical factors of CRM success include: A. successful software implementation and effective employee utilization. B. effective use of the analytics module’s data. C. the effective use by employees of the sales and services module’s data. D. All of the above, A, B, and C, are correct. 86. The two tiers of ERP systems are: A. the internal tier and external tier. B. the vendor & customer tier and the employee tier. C. the large, multinational corporation tier and the midsize business tier. D. the acquisitions tier and the sales tier. 87. The ERP program that uses the term “back office” in reference to managerial functions and “front office” in reference to customer and sales functions is: A. SAP R/3. B. Oracle Applications. C. Peoplesoft. D. mySAP. 88. The first “pure Internet” architecture, with no programming code residing on the client computer was: A. SAP R/3. B. Oracle Applications. C. Peoplesoft. D. mySAP.
11
89. ERP tier two software applications include: A. Axapta, Epicor, MAS 500 ERP, Microsoft Dynamics, and Macola ERP. B. Axapta, Epicor, MAS 500 ERP, JD Edwards, and Macola ERP. C. Axapta, Epicor, MAS 500 ERP, Microsoft Access, and Macola ERP. D. Axapta, Epicor, SAP R/1, Microsoft Dynamics, and Macola ERP. 90. Select the true statement from the following: A. The strength of SAP is its human resources capabilities. B. The strength of Peoplesoft is its manufacturing capabilities. C. The strength of SAP is its financial reporting capabilities. D. The strength of Peoplesoft is its human resources capabilities. 91. ERP implementation: A. must accomplish a full ERP system implementation. B. may install only selected modules. C. must be done one module at a time. D. is a short duration process due to total integration of the software. 92. Best of breed means: A. picking the best ERP software on the market for the particular type of business or organization. B. picking the best individual software applications on the market to accomplish a particular type of business function. C. picking the best consulting firm to accomplish implementation of the ERP software. D. utilizing the most capable employees within the organization work with the implementation of the ERP application. 93. The advantage of “best of the breed” is: A. the best functionality of the ERP system as a result of total implementation. B. the best functionality of a unique process of the organization. C. best cost of implementation of the ERP system. D. total integration of the ERP modules
12
94. Business process reengineering (BPR): 1. aligns business processes with IT systems to record processes. 2. reengineer the underlying processes to be more effective. 3. improves the efficiency of the underlying process through automation. 4. requires significant investment in IT resources. 5. does not have a mutual enhancement effect with IT. A. 1, 2, 3, 4, and 5. B. 1, 3, 4, and 5 only. C. 1, 2, 3, and 5 only. D. 1, 3, and 4 only. 95. When computerized technology is introduced into processes, the processes A. must utilize standardized forms and screens for data entry. B. can be radically redesigned to take advantage of the speed and efficiency of computers to improve processing efficiency. C. data retrieval from the databases will be restricted to upper management for analysis. D. Both B and C are correct. 96. Business process reengineering means: A. configuring the business processes to conform to the functionality of the IT system. B. configuring the IT system to the business process for best processing speed. C. matching the IT and business processes to achieve the greatest mutual benefit from each. D. configuring both IT and business processes to meet the goals of ERP. 97. Business process reengineering means: A. reconfiguring the ERP system to fit the current methods of the organization. B. retaining general software applications as legacy systems to reduce training and implementation costs. C. modifying business processes to take advantage of the capabilities of the ERP system. D. acquiring additional computer networking resources to effectively handle current business processes.
13
98. Customizing an ERP system: 1. will tailor the ERP system to the user. 2. may have a prohibitive cost. 3. may hinder future system upgrades. 4. is recommended wherever possible. A. 1, 2, 3, and 4. B. 1, 2, and 4 only. C. 1, 3, and 4 only. D. 1, 2, and 3 only. 99. Data conversion will: 1. require an appropriate amount of time. 2. be done as at a minimal cost. 3. import data from many legacy systems into a single RDBMS. 4. require cleansing of errors and configuration inconsistencies. A. 1, 2, 3, and 4. B. 1, 2, and 4 only. C. 1, 3, and 4 only. D. 1, 2, and 3 only. 100. The big bang theory of ERP is: A. buy one integrated system to accomplish all business processes. B. switching from the legacy system to the ERP throughout the organization on one date. C. commencing training and data cleansing throughout the organization on one date. D. exporting all of the data from the legacy system to the ERP system on one date for configuration control 101. All of the following are implementation of software systems except: A. the big bang implementation. B. location-wise implementation. C. hardware implementation. D. modular implementation. 102. When one site is utilized as the pilot approach to ERP it is referred to as: A. big bang implementation. B. hardware implementation. C. location-wise implementation. D. modular implementation.
14
103. The advantages and disadvantages of modular implementation are: A. full system integration is available but hardware incompatibilities exist. B. installation and training is minimized but full system integration is not available. C. all employees are exposed to some portion of the ERP system but critical information is still in the legacy system. D. critical information is still available in the legacy system but technical support is not readily available for the legacy system. 104. Benefits of an ERP system include all of the following except: A. the real-time nature of processing increases the total processing time. B. The interactive nature of the modules allows processes to interact with each other. C. ERP systems have evolved from many years of software experience so the software reflects tried and true practices. D. There is the capability to analyze large amounts of data in a single database. 105. ERP system benefits include all except: A. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. B. ERP systems are configured upon implementation to exceed any reasonable business growth in the future. C. the ERP systems incorporate modules to conduct e-commerce and ebusiness. D. Analytical tools that enable detailed analysis of the data are incorporated into ERP systems. 106. Organizational benefits of ERP implementation include all except: A. retaining long-held work patterns and work focus. B. facilitating organizational learning. C. building a common vision. D. Increased employee morale and satisfaction 107. Factors which adversely affect the implementation of an ERP system do not include: A. cost. B. complexity. C. size. D. scope.
15
108. With an ERP implementation failure of one module: A. the rest of the system will operate correctly. B. the rest of the system can stop or disrupt operations. C. that one module will automatically revert to the legacy system. D. will result in the entire system reverting to the legacy system. 109. Due to ERP system integration: A. online privacy is significantly increased. B. access to one module may result in inappropriate activities in other modules. C. security of the system is protected against unauthorized physical or logical access. D. availability is increased due to the modular design. 110. The ERP module that aids in meeting the requirements of the Sarbanes-Oxley Act is the: A. analytics module. B. corporate services module. C. financials module. D. human capital management module. 111. With the proper implementation of an ERP system: A. fraud due to inappropriate transaction recording is eliminated. B. employee IDs, passwords, and segregated duties aid in internal control measures. C. audit trails are not necessary due to ID and password security concepts. D. All of the above, A, B, and C, are correct answers.
16
ANSWERS TO TEST BANK - CHAPTER 15 – MULTIPLE CHOICE: 63. 64. 65. 66. 67. 68. 69. 70. 71. 72.
B C D C B B C B B A
73. 74. 75. 76. 77. 78. 79. 80. 81. 82.
B C A A A B C C C B
83. 84. 85. 86. 87. 88. 89. 90. 91. 92.
17
C B A C B C A D B B
93. 94. 95. 96. 97. 98. 99. 100. 101. 102.
B D B C C D C B C C
103. 104. 105. 106. 107. 108. 109. 110. 111.
B A B A A B B B B
TEXTBOOK – CHAPTER 15 – END OF CHAPTER QUESTIONS 112. Which of the following advantages is least likely to be experienced by a company implementing an enterprise resource planning (ERP) system? A. Reduced cost B. Improved efficiency C. Broader access to information D. Reduced errors 113. An ERP system is a software system that provides each of the following except A. collection, processing, storage, and reporting of transactional data. B. enhancement of e-commerce and e-business. C. coordination of multiple business processes. D. physical controls for the prevention of inventory theft. 114. Which of the following is not a feature of an ERP system’s database? A. Increased efficiency B. Increased need for data storage within functional areas C. Increased customer service capability D. Increased data sharing across functional areas 115. Manufacturing companies implement ERP systems for the primary purpose of A. increasing productivity. B. reducing inventory quantities. C. sharing information. D. reducing investments. 116. What company developed the first true ERP systems? A. Microsoft B. Peoplesoft C. SAP D. IBM 117. In the late 1990s, the Y2K compatibility issue was concerned primarily with computer systems’ A. file retrieval capability. B. data storage. C. human resource comparisons. D. capital budgeting.
18
118. The primary difference between ERP and ERP II systems is that ERP II may include A. Internet EDI. B. logistics modules. C. Reporting modules. D. a data warehouse. 119. Which of the following is not one of the reasons for increased spending on ERP systems in recent years? A. The need for Sarbanes-Oxley compliance B. Globalization and increased competitive pressures C. The need for earnings management D. The need for customer service enhancements 120. Supply chain management (SCM) is a critical business activity that connects a company more closely with its A. customers. B. suppliers. C. subsidiaries. D. customers and suppliers. 121. The type of ERP system used by large, multinational corporations is known as A. big bang implementation. B. modular implementation. C. Tier one software. D. Tier two software. 122. Which of the following ERP approaches accomplishes the ERP implementation beginning with one department? A. the pilot method B. the modular implementation approach C. the big bang approach D. the location-wise implementation method 123. Which of the following statements best describes the risks of ERP systems? A. The risks of implementing and operating ERP systems are nearly identical to the risks of implementing and operating IT systems. B. The risks of operating and implementing ERP systems are greater than the risks of implementing and operating IT systems, due to the scope, size, and complexity of ERP systems. C. The risks of implementing ERP systems are greater than the risks of implementing IT systems, but the operating risks are nearly identical. D. The risks of operating ERP systems are greater than the risks of operating IT systems, but the implementation risks are nearly identical.
19
ANSWERS TO TEXTBOOK – CHAPTER 15 – END OF CHAPTER QUESTIONS 112. A 113. D 114. B
115. C 116. B 117. B
118. A 119. C
20
120. D 121. C
122. B 123. A
TEST BANK – CHAPTER 15 – SHORT ANSWER QUESTIONS 124. Describe how ERP systems enhance efficiency in a business organization. Answer: ERP systems enhance efficiency by controlling all business processes in one software system. That is, a single system collects, processes, stores, and reports data resulting from all sales, purchase, conversion, and administrative processes. In addition, ERP systems enable e-commerce and e-business, thus further enhancing efficiencies. 125. Why is real-time processing essential in an ERP system? Answer: Real-time processing is essential in an ERP system because all employees in the organization need to use the same information. Since data is stored in a single database, it is important that the most up-to-date information is available because of its usefulness in so many areas of the organization. 126. How has ERP increased the responsibilities of customer service representatives? Answer: Since customer services representatives have access to complete and timely information through the ERP system, they are able to answer important questions pertaining to availability of stock, timing of production, purchases, deliveries, and shipments, as well as historical information about customer orders and buying habits. The ERP’s ability to integrate company-wide information enables customer service representatives to deliver better service, thus facilitating a higher level of customer satisfaction. 127. What is an MRP II system and how is it different than the ERP systems in use today? Answer: Manufacturing Resource Planning (MRP II) software systems is focused on the movement and use of resources needed by a manufacturing company, such as purchasing, warehousing, and the scheduling of deliveries, production, and shipping. MRP II systems evolved into ERP systems when the system’s functionality increased to include processes related to marketing, distribution, human resources, etc. 128. What are the two databases used by ERP systems? Answer: The ERP system often utilizes two different databases. These two databases are the operational database and the data warehouse. The operational database contains the data necessary to conduct day-to-day operations and produce management reports. It is continually updated as transactions are processed. The data warehouse contains non-volatile historical information that is used to support management decision-making.
21
129. Differentiate between the “enterprise-wide” and “non-volatile” features of a company’s data warehouse. Answer: Data is enterprise-wide when it is pulled from the operational database (which pertains the operations of the entire organization), and is then maintained in the data warehouse for many periods. Data is non-volatile because it does not change rapidly in the same way that operational data changes. Periodically, new enterprise-wide data from the operational database is uploaded to the data warehouse, but other than the updating process, the data in a data warehouse does not change. 130. What was unique about SAP’s first ERP system? Answer: SAP’s first ERP system was unique in that it integrated all business processes (not just manufacturing) and that it made data available in real time. 131. Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name? Answer: SAP differentiated new versions of its software by coding them as R/1, R/2, and R/3, where the “R” stands for “real-time processing” and the number relates to the version. SAP R/1 was SAP’s first release, which integrated all business processes and made data available in real time. R/2 allowed for interactivity between modules and added more features (such as order tracking). R/3 used client-server hardware that allowed the system to run on a variety of computer platforms and allowed for third-party companies to develop software that will integrate with SAP R/3. 132. How do ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners? Answer: ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners by using EDI, Internet EDI, or extranets to connect with suppliers and customers. Exhibit 15-2 depicts a view of an ERP II system. 133. How did the tragic events of September 11, 2001 affect the market for ERP systems? Answer: The events of September 11, 2001 caused drastic reductions in sales of ERP systems, as nearly all companies reduced IT spending. The economy experienced a downturn and all most businesses were cutting expenses, including IT expenditures.
22
134. What are some of the activities included in an ERP module for supply chain management? Answer: Supply chain management (SCM) is the management and control of all materials, funds, and related information in the logistics process from the acquisition of raw material to the delivery of finished products to the customer. The supply chain involves trading processes from a supplier to a business, as well as trading processes between the business and its customers and other intermediaries. Similar to internal processes, these trading processes can experience improved efficiency by using ERP systems to initiate, record, store, and report these processes. 135. What are some of the features of an ERP module for customer relationship management? Answer: Customer relationship management (CRM) allows organizations to manage customer relationships in an organized manner by providing a database of detailed customer information that management, salespeople, and customer service representatives can readily access. This database generally includes historical information regarding customer purchases, which can be used to match customer needs with products, inform customers of service requirements, and analyze customer buying behavior. 136. Which company is today’s top-seller of ERP systems in the U.S.? Answer: SAP is the top-selling tier one manufacturer of ERP systems in the U.S. (through 2007). 137. Differentiate between Oracle’s “back office” and “front office” modules. Answer: Back office modules are the ERP modules such as financial, manufacturing, supply chain, procurement, and human resources applications that typically do not involve interaction with the customer. The front office modules are for sales, marketing, service and call center functions that are visible to customers. 138. Which tier one company introduced the first ERP system that was “pure internet,” requiring no programming code to reside on the client computer? Answer: Peoplesoft is the tier one company that introduced the first “pure internet” ERP system that required no programming code to reside on the client computer. 139. Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? For a human resources placement company? Answer: SAP is the tier one ERP company that is likely to provide the “best fit” for a manufacturing firm because its systems evolved from MRP II systems. For a human resources placement company, Peoplesoft is likely to be the “best fit” because it evolved from a human resources software system.
23
140. Why is business process reengineering an important aspect of ERP implementation? Answer: Business process reengineering (BPR) an important aspect of ERP implementation because it aligns business processes with the underlying IT systems used to record processes. In addition, it improves efficiency and effectiveness of these processes. When technology is introduced intro business processes, BPR and IT can have a mutually-enhancing relationship: IT capabilities support the business processes and the business processes can be redesigned to match the capabilities of the IT system. Therefore, BPR is important because of its role in improving process efficiencies. 141. Why should customization of an ERP system be limited? Answer: Customization of an ERP system should be limited because of issues with cost and upgrading. Any customizations may require changing or writing new programming code and this can be a very expensive and time-consuming task. The cost of customization can easily exceed the cost of packaged ERP software. Second, any customizations cannot be automatically incorporated when the ERP vendor provides an upgraded version of the ERP software. Therefore, upgrading to the new version may mean losing any customizations. 142. Differentiate between location-wise and modular implementation approaches to the conversion to an ERP system. Answer: In a location-wise implementation of an ERP system, the organization chooses a specific location or sub-unit of the organization and implements the ERP system in that location only. This approach can be considered a “pilot” approach in which the ERP is first carried out in a sub-unit of the larger organization. This means that any resulting problems will be isolated within the pilot unit so that the entire organization is not impacted. In a modular implementation, the ERP system is implemented one module at a time. The implementation team will normally focus on the most critical module first and complete the implementation of modules in descending order. This allows the organization to take advantage of the new features of the module in the ERP system without affecting all processes in the organization. 143. Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate? Answer: The location-wise implementation method is considered a “pilot” approach because the ERP is first implemented in a single location or sub-unit of the organization before it is implemented across the entire organization. This allows any problems to be worked out in an isolated area without impacting the entire organization. Thus, the changes and resolutions experiences in this pilot area can be used to guide the subsequent implementations.
24
144. How can an ERP system assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002? Answer: ERP systems assist a company in its efforts to comply with the SarbanesOxley Act of 2002 by providing real-time financial information to facilitate the reporting requirements of the Act. For instance, enhanced financial modules of an ERP system may provide feedback information to management regarding internal controls, which is important for complying with the reporting requirements of section 404 of the Act. In addition, ERP systems can enhance internal controls by providing for the proper segregation of duties and establishment of authority, as well as the real-time monitoring and reporting of exceptions.
25
TEST BANK – CHAPTER 15 – SHORT ESSAY 145. Why was there so much growth in the sales of ERP systems in the late 1990s? Answer: There are two major contributing factors to the rapid growth in sales of ERP software in the late 1990s. One factor was the explosive growth of e-commerce and the dot-com boom that occurred during this time period. To enable e-commerce and accelerate business processes in order to meet the demands of e-commerce sales, companies needed integrated systems such as ERP. A second factor was the valid concern about Y2K compatibility of existing software systems in companies. Many companies were rapidly trying to replace legacy software systems in the late 1990s before the year 2000 changeover occurred. Many were facing uncertainty as to whether their legacy software would work after 1999. System professionals were concerned that older legacy systems would “blow up” when faced with a date of 2000 or later. 146. What are the five most common reasons for increased spending on ERP systems in the early 2000s? Which of these reasons was the impetus for Viper’s ERP implementation in 2003? Answer: Some of the reasons for this increased ERP spending are: a. The need to improve customer service through standardizing and combining business processes. This necessitates ERP software that can support standardized and combined processes. b. Global companies that operate in several countries may have separate ERP systems in various countries. Many of these companies decide to replace these various ERP systems with one centrally managed ERP system for the entire company. c. Aging ERP systems that were installed prior to Y2K need replacement to meet competitive demands faced by companies. d. Bigger IT budgets in 2005 replaced leaner budgets between 2001 and 2004. Companies began increasing overall IT spending, including spending on ERP systems. e. To enhance compliance with the Sarbanes-Oxley Act. Viper Motorcycle Company implemented an ERP system primarily to enhance compliance with the Sarbanes-Oxley Act of 2002.
26
147. Match the ERP modules on the left with the purpose of the related processes on the right: Financials a. Taking customer orders and preparing for the impending revenue and cash collection. Human b. Maintenance of the general ledger and supporting Resources journals and sub-ledgers. Procurement c. Keeping track of purchasing and movement of goods and Logistics and materials. Manufacturing d. Accounting for personnel and payroll activities. Sales and e. Data mining and other processes for obtaining Services feedback and supporting managerial decision-making. Analytics f. Planning and scheduling of conversion activities. Answer: Financials Human Resources Procurement and Logistics Manufacturing Sales and Services Analytics
b. Maintenance of the general ledger and supporting journals and sub-ledgers. d. Accounting for personnel and payroll activities. c. Keeping track of purchasing and movement of goods and materials. f. Planning and scheduling of conversion activities. a. Taking customer orders and preparing for the impending revenue and cash collection. e. Data mining and other processes for obtaining feedback and supporting managerial decision-making.
27
148. What potential advantages and disadvantages exist with respect to engaging a consultant for an ERP implementation? Discuss. Answer: The primary advantages of hiring a consulting firm include: a. Experience. The use of consultants may provide for a more effective implementation, as long as it is performed by professionals having experience with similar implementations. The experience of a consultant may be translated into savings for the company, particularly with respect to the avoidance of costly and time-consuming mistakes. b. Efficiency. Due to the experience of professional consultants, time savings may be realized in terms of avoidance of unproductive time spent on training, trialand-error, etc. c. Less strain on employees. The company’s human resources may be relieved so they can engage in their normal activities with minimal disruption to the normal routine. The most significant disadvantages of hiring a consulting firm include: a. Cost. Consultants may be expensive, and can significantly increase the cost of the overall ERP implementation. b. Limited availability. Consultants are typically hired to perform a certain function or are retained for a limited period of time. The ongoing need for the implementation team to address issues may create problems for the company who used consultants that are no longer accessible. 149. What are the primary benefits of an ERP system? What are the primary risks? Answer: The primary benefits of an ERP system are the following: a. The interactive nature of the modules that allows processes to interact with each other. For example, the ordering and receiving processes can automatically trigger payment processes. b. The real-time nature of processing that decreases the total processing time and allows more immediate feedback to management. c. The “best practices” nature of the processes in ERP systems. ERP systems have evolved from many years of software experience with various companies and the software reflects tried and true practices. d. The single database that enhances sharing of information between the business’ functional areas and between processes. e. The capability to analyze large amounts of data in a single database. Analytical tools are incorporated in ERP systems that allow detailed analysis of the data. f. The capability to enhance e-commerce and e-business. The ERP systems of today incorporate modules to fully incorporate e-commerce and e-business. g. The capability to interact in real-time with trading partners. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. h. The capability of ERP systems to be scalable. Scalable means the system can grow with the business.
28
(149 CONT.) The primary risks of an ERP system are the following: a. The large size, scope, and complexity of ERP systems cause their implementation to be very costly, time consuming, and potentially disruptive to operations. (Implementation risk) b. The potential for failure of the system may cause business disruption across the entire enterprise. (Operation risk) 150. What are Shang and Seddon’s five dimensions of ERP benefits? Answer: The five dimensions of ERP benefits are: a. Operational benefits, including reductions in time and costs, and improvements in productivity, quality, and customer service. b. Managerial benefits, including improvements in resource management, planning, decision-making, and performance. c. Strategic benefits, including support for various aspects of business growth. d. IT infrastructure benefits, including increased flexibility and infrastructure capability, as well as cost reductions. e. Organizational benefits, including the facilitation of organizational learning, change management, and employee morale. 151. Name the AICPA Services Trust Principles’ five operations risks? Why are these risks greater for ERP systems than for other IT systems? Answer: The five areas of operations risks are as follows: a. Security. The system is protected against unauthorized (physical and logical) access. b. Availability. The system is available for operation and use as committed or agreed. c. Processing integrity. System processing is complete, accurate, timely, and authorized. d. Online privacy. Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. e. Confidentiality. Information designated as confidential is protected as committed or agreed. These risks are greater for ERP systems than for other IT systems because of its size and complexity. Security becomes a greater risk because the processes are integrated, and often automatically triggered in ERP systems. Therefore, any unauthorized user can affect more processes than would be true in an older, legacy system. For example, unauthorized access to a purchase module in an ERP system could allow an unauthorized user to trigger not only purchase activities, but the related payment within Accounts Payable.
29
Availability risks are also magnified in ERP systems because of the integrated nature of processes. The failure of an ERP system has the potential to stop or disrupt all processes across the entire enterprise. Processing integrity risks are more significant in ERP systems due to the interconnected nature of an enterprise-wide system. Incorrect data generated in a given process can automatically trigger other processes and post flawed data to other processes. Processes may be triggered at the wrong time and incorrect data can be spread over several processes and ERP modules. It is important to understand that such processing integrity problems are possible in any IT system. But they have the potential to be more damaging in an ERP system. Online privacy and confidentiality risks are also magnified in ERP systems. ERP systems often have sales and customer relationship management modules in an ecommerce mode. This means that sales and customer data is exchanged via the Web or EDI. In ERP systems these front-office systems of e-commerce and sales are automatically integrated into the back-office systems of an ERP system. The backoffice modules are the financials, supply chain management, and human resources modules. Therefore, in an ERP system, the e-commerce activity of customers often automatically integrates into the general ledger and related processes. This interconnectivity causes more potential areas for private or confidential information to be available. 152. Explain how an ERP system can enhance internal controls? Specifically, how can it facilitate the separation of duties? Answer: Since the passage of the Sarbanes-Oxley Act of 2002, ERP systems have been improved to include enhancements to internal controls. These enhancements include functions that assist management in complying with sections of the Act by providing feedback information to management regarding internal controls. For processes tracked by the ERP software, a report can be generated that identifies which employees are authorized to initiate and conduct processes. Based on each employee’s ID and password, audit trails can be constructed and reported that indicate which employees initiated or conducted individual processes. This module within the ERP system can map processes to assist management in understanding whether duties are appropriately segregated within the process. Segregation of duties is an important part of internal control that can help prevent errors and fraud. ERP systems can be used to properly segregate duties. The ERP system can incorporate a matrix of tasks that are incompatible duties. For each employee ID and password, the system can check the employee’s access to various tasks to insure that no employee can initiate or conduct incompatible tasks. The ERP system electronically segregates duties by limiting the types of transactions each employee can perform. For example, a single employee should not have system access to initiate a purchase and record it as received. In an ERP system in which integrated
30
modules often automatically trigger events, recording the receipt can automatically initiate a check for payment. Thus, it is important that a single employee not have authorization in the ERP system to initiate a purchase and also record the receipt. In addition to the preventative nature of attempting to restrict incompatible duties, an ERP system also allows real-time monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what was expected, they can be reported to management in real-time. Therefore, an ERP system can assist management in monitoring internal control, monitoring errors and problems, and monitoring exceptions to internal controls.
31
TEST BANK – CHAPTER 15 – PROBLEMS 153. Explain the hardware or standards that were developed during the ARPANET that were an important foundation for the Internet of today. There were hardware items or standards developed during the ARPANET time frame. These include packet switching, routers, and the TCP/IP protocol. Packet switching is the method to send data over a computer network. Data is divided into small packets and sent individually. Packets may travel different routes and as they arrive, they are reassembled into the original data. A router is hardware that serves as a gateway between two or more networks. TCP/IP is an acronym for transmission control protocol/Internet protocol. It is the protocol used today. 154. Describe the ERP’s modular interface that is necessary in a typical manufacturing environment. Answer: An ERP system is a multi-module software system that integrates all business processes and functions of the entire organization into a single software system, using a single database. Each of the software modules of an ERP system is intended to collect, process, and store data of a functional area of the organization and to integrate with related processes. For example, a module may be designed to process purchase transactions and record all data about purchase orders. This module must integrate with accounts payable and inventory since the vendor must be paid and inventory increased as the purchased goods arrive. Each module automates business activities of a functional area within an organization. Information is updated real-time in the ERP database, so that employees in all business units are using the same information, and all information is up-to-date. Since the data is stored in a single database, each functional area can easily share information with other areas of the organization. 155. Identify and describe the first generation of ERP systems used in the 1970s, and the second generation of ERP systems used in the 1980s. Answer: The first generation of ERP software was called Materials Requirements Planning (MRP) software. MRP software of the 1970s allowed plant managers to coordinate the planning of production and raw material requirements. MRP software determined order size and timing of raw materials based on sales forecasts and factoring in lead times for order and delivery of materials. The typical computer hardware of the 1970s that was used to enable an MRP system was mainframe computers, sequential file processing, and electronic data interchange (EDI). The EDI allowed up-to-date information about inventories and status of orders to be processed quickly. As mainframe computers improved in speed and power during the 1980s, MRP software evolved into Manufacturing Resource Planning (MRP II) systems. MRP II was much more broad and encompassing than MRP software. MRP software was intended to provide for the purchase of raw materials to support manufacturing needs. The purpose of MRP II
32
was to integrate manufacturing, engineering, marketing, and finance units to run on the same information system and to use a single database for these functions. As MRP and MRP II systems became more popular in large manufacturing companies, early pioneers of ERP systems were working on a broader concept of information system software. Five former IBM systems analysts began work on an early version of ERP software in 1972. These five formed a company that was to become Systems, Applications and Products in Data Processing (SAP). SAP designed the first true ERP system that was called SAP. SAP was intended to integrate all business processes, not just manufacturing, and to make data available in real time. To the financial accounting system, they added modules for Materials Management, Purchasing, Inventory Management and Invoice Verification. SAP release 2, or SAP R/2 was released in 1978. The new version took full advantage of the current mainframe computer technology, allowing for interactivity between modules and additional capabilities like order tracking. 156. Compare and contrast the functionality of the Logistics module and Supply Chain Management activities. Answer: The logistics function manages all processes related to the purchase and movement of materials and finished goods. This module incorporates the purchase processes, as well as the processes and data resulting from the movement inventories. It is a subset of the functions included in the supply chain management activities. Supply chain management (SCM) activities encompass the planning and management of all sourcing, procurement, conversion, and logistics functions. SCM also includes coordination and collaboration with suppliers, intermediaries, third party service providers, and customers. 157. Suppose a company is experiencing problems with omitted transactions in the conversion processes: i.e., inventory transactions are not always being recorded as they occur. How can an ERP system help to alleviate such a problem? Answer: An ERP system could help alleviate problems with omitted transactions through its internal control enhancements. For example, ERP systems allow realtime monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what is expected (as in the case of omitted transactions), they can be reported to management immediately. In addition, the system can identify employees involved with the recording of specific transactions, which may help identify the source of a problem so that it may be corrected quickly.
33
158. Using an internet search engine, search for the terms “best of breed” + ERP. Locate information that addresses the debate/dilemma faced by many companies regarding the decision implementing best of breed technology versus new applications from an ERP vendor. Write a brief memo to discuss this issue. Answer: Answers to this questions may vary. Following is a sample response: The ERP approach treats the customer as an entity like any other entity, such as an invoice or a sales order. Most, if not all, ERP modules now have CRM modules that allow you to pull up and manipulate customer data at will. The view of the customer may contain summarizations of activities conducted elsewhere in the system that relate to that customer. For example, if a customer places an order with your company, a sales person that is looking at that customer in the hopes of penetrating the account more deeply can see that there is already an outstanding order. This may trigger him/her to offer an appropriate discount on another product or offer add-on product to the one just sold. The ERP approach is, in most cases, the most seamless solution. ERP companies like Peoplesoft either developed or acquired CRM modules and integrated them into the larger suite. The downside to this approach is that their CRM modules may not have all the functionality you need in areas like marketing and decision analysis. This approach may require you to spend money extending their baseline functionality to meet your specific business needs. The best of breed approach aims to integrate a feature-rich CRM system, such as advanced functionality in different areas such as customer service, customer support, order entry, and marketing. In most cases these systems are traditional client-server applications, but offer extensive Web-enabled features. The vendors of these applications often provide out-of-the-box connectors to popular ERP systems to ease the pain of integration. The upside to using these systems includes extensive front-office functionality. Often you can provide most, if not all, your customer-facing units with the functionality that they need. The user interfaces to these systems are often very easy to use, and there are a multitude of vendors providing training, installation, and customization services. The integration of systems, however, is always a challenge. There’s always some piece of data not included in the integration routines, or some piece of middleware (the software connecting the systems) that breaks. This approach will always require you to spend money on integration services, unless you have the staff to do it yourself.
34
159. Using an internet search engine, search for the terms “big bang” + ERP. Identify at least one company that represents a success story with regard to this ERP implementation method (other than Marathon, as described in the Real World Example). Also identify at least one company that experienced problems with this approach (other than the city of Tacoma, as described in the Real World Example). Answer: Answers may vary for this question. Some sample responses follow: Some companies that have had success with regard to their experiences with big bang implementation of ERP software include the United Nations Development Programme, Hewlitt-Packard, Strategic Petroleum Reserve (63 days ahead of schedule and 4% under budget) , and others. Some companies that have experienced problems with the big bang approach to ERP implementation include Nike, Iowa’s Department of Administrative Services, Hershey’s, LTV Steel, Fox Meyer, and others. 160. Access the web site at www.big4guy.com and find an article titled “Why Implement an ERP Enterprise Resource System SAP Oracle. Briefly describe the reasons for an ERP implementation. Discuss whether the points in this article match with concepts in this chapter. Answer: This article lists four reasons to implement an ERP system. They are: No Support is available for their legacy systems. The vendors of such legacy systems, The vendor found the entire product too costly to maintain and support hence has closed shop. Most legacy systems operate as separate disparate systems. Interconnectivity is minimal. This leads to duplication of effort. Data entered in one system is required to again re-entered other systems. Data accuracy is a big issue with legacy systems. Responsibility and accountability for data and processes cannot be fixed on specific individuals. To achieve efficiencies and customer satisfaction, it is important to have a system which can support management’s intention of growth. To survive in competitive scenarios, it is important that system supports processes and people. Yes, these points are also mentioned in the chapter. Legacy systems are costly and difficult to support, and they do lead to duplication of effort or data. In addition, ERP systems can be more accurate because there is not duplication of data and therefore fewer chances there will be conflicts in the data (concurrency of the data is improved). ERP systems do allow the company to provide better customer support. The early part of this chapter describes how customer queries can be more efficiently handled with an ERP system
35