test bank

test bank

Discussion Questions

beneath the mask

1. (SO 2) Why is it important to establish and monitor credit limits for customers? Allow customers to order an excess over what they are able to pay poses a large risk for companies.  It is important to review a customer’s credit worthiness and based on that credit worthiness, establish a credit limit.  Once the limit is established, the company should have processes or methods to ensure the credit limit is not exceeded.  Without a limit, or monitoring that limit, the company has the risk of not being paid for goods or services purchased by customers.
2. (SO 2) Distinguish between a pick list and a packing slip. Although the information on these two documents is essentially the same, they are used for two different purposes.  Both documents contain the items and quantities for a particular customer order.  However, the pick list is used in the warehouse to pull items from the warehouse shelves, while the packing slip is included in the box or boxes shipped to the customer.  The packing slip tells the customer which items should be in the shipment.
3. (SO 2) How can an effective system of internal controls lead to increased sales revenue? When an effective systems of internal controls is in place, managers may be able to spend less time overseeing operations and can therefore, spend more time on revenue growth strategies and activities.  For example, with a proper set of general authorization procedures for sales, a manager would not need to approve each sale individually.  This gives the manager more time to focus on activities that could lead to increased revenue.
4. (SO 2) Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts? Custody of assets and responsibility for record keeping should always be segregated.  In this case, the person shipping the goods has custody and could therefore, steal assets.  Access to customer records would allow that person to also alter records to hide the theft.  The alteration to the records could include deleting the sale or writing off the sale as a bad debt.
5. (SO 3) What is the purpose of a credit memorandum? The credit memorandum documents the fact hat a customer has returned goods.  The credit memorandum is also used to reduce the customer’s receivable account balance based upon the return of goods.
6. (SO 3) How are sales invoices used (in a manual system) in the preparation of credit memos? The sales invoice is matched to the receiving report that results from returned goods.  This match is necessary to verify the fact that the merchandise was in fact sold to the customer, and to verify the selling price that should be refunded.
7. (SO 2) How can a security guard in a warehouse be considered an important component of a company’s accounting system? Internal controls over asses should include physical controls to prevent theft or misuse.  For example, cash should be locked in a safe to prevent the theft of cash.  Likewise, a security guard can help prevent theft or misuse of assets.  This internal control would not prevent all theft, but would help reduce any theft.
8. (SO 3) How could fraud be perpetrated through the sales returns process? In the absence of good internal controls, there are several types of fraud that could occur in sales returns.  These include: 1) customers returning goods not originally purchased from the company, 2) customers requesting a refund higher than the original sales amount, 3) requesting refunds for goods that were never returned, but submitting false documentation of a return, and 4) theft of returned goods by an employee.
9. (SO 6,7,8) Identify and distinguish between the three types of IT systems used in the sales process. The three types of IT systems described are EDI, Internet EDI, and point of sale systems.  EDI and Internet EDI are used in company to company sales of goods and services.  In EDI systems, the buyer and seller computer systems are connected and order data is exchanged electronically.  EDI typically uses a value added network (VAN), while Internet EDI uses the internet to exchange data.  Internet EDI is usually much more cost effective than EDI because the exchange via the Internet can be cost free.  A POS system is used in end consumer sales such as retail stores and restaurants.  A POS system usually is a touch screen, or bar code system at the cash register that records the sale and updates the appropriate cash, sales, and inventory accounts.  All three systems are IT enablement of the sales process and they each improve the efficiency and effectiveness of sales processes.
10. (SO 6) Distinguish between B2B sales and B2C sales. Other than those presented in this chapter, name a company from your personal experience that uses B2C sales. B2B sales are IT enabled sales between two businesses.  B2C sales are IT enabled sales between a business and an end consumer.  A student could mention any online retailer, online bank, online broker, airline, or travel agent as examples of B2C.
11. (SO 6) List the advantages of e-commerce systems. The advantages are reduced costs, shorter sales cycles, increased accuracy and reliability of sales data, and an increase in the potential market.
12. (SO 6) Identify two of the biggest risks to companies who use e-commerce, along with controls to prevent these risks. Two of the business risks of e-commerce would be availability and security. If a company relies on online sales extensively, any failure in the hardware or software may make the online sales system unavailable and this causes lost sales.  These lost sales can at times be very large losses.  Unauthorized access or hackers represent a big risk to e-commerce.  Placing sales online opens the company to unauthorized access and hacking, and therefore potential loss or destruction of data.
13. (SO 6,7) What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems? Reconciliations and verifications are important in the integration of front end and back end systems. As data moves from a front end system, such as an online sales system, to a back end system, such as warehouse systems, a reconciliation or verification can ensure the data was transmitted between systems accurately.
14. (SO 6) Why is a redundant server system needed in an e-commerce environment? Availability is extremely important in e-commerce systems. Any failure of the system represents lost sales because the system is not available for customer use. A large e-commerce company could lose thousands of dollars in sales from a two or three hour downtime.
15. (SO 6) Why should a company continuously monitor the capacity of its e-commerce system?
16. (SO 7) What are the three components of an EDI system? The three component parts are: 1) intercompany transfer, indicating the sale/purchase is between two companies; 2) computer to computer, indicating the computer system of the two companies are connected; and 3) a standard format for business documents to facilitate the intercompany transference of electronic documents.
17. (SO 7) What are the three standard parts of an EDI data transmission? Header and trailer data, labeling interchanges, and data segments. Header data is data about the file or transmission being sent.  The header identifies the beginning and end of a particular transaction data set.  Trailer data is also data about the file or transmission and identifies the end of a particular transaction data set.  Labeling interchanges identify the type of transactions in the set, such as a set of sales invoices.  Data segments include the actual data within the invoices, such as quantities and prices.
18. (SO 7) How could it be possible for two companies to conduct EDI if they are not directly connected with each other? Two companies could use a value added network (VAN) as a third party to serve as the provider of electronic inboxes for EDI exchanges.
19. (SO 7) List the advantages of an EDI system. The advantages are elimination of keying, keying errors, and the time needed for keying, the elimination of mailing time and postage costs, reduction of inventory levels, and competitive advantage and/or preservation of existing business.
20. (SO 6,7,8) What is the purpose of maintaining transaction logs? Why are they especially important in IT systems? Transaction logs serve as the audit trail of transactions processed by the computer.  Review of these logs can ensure that transactions are lost or unaccounted for.  The logs also help ensure a company can avoid repudiation of sales.
21. (SO 8) List some advantages of a POS system. Advantages are: ease of use by employees, the elimination of manually entered data, real-time access to prices and inventory levels, real-time credit card authorization, real-time update of affected accounting records, immediate summaries and reports of sales and cash, and integration with the general ledger accounts.
22. (SO 8) Why are backup systems one of the most important controls for POS systems? A system failure in a POS system would interrupt or halt sales. Such lost sales can be a large dollar amount and there could be future lost sales if customers become irritated by the system failures.  To avoid these failures and the resulting lost sales, a company should maintain some type of backup system.
23. (SO 9) Describe a popular fraud scheme where company employees misuse the sales revenues cutoff. This is called leaving sales open. It counts sales from the first few days of the next month in the current month, and thereby inflates sales.

Brief Exercises

beneath the mask

24. (SO 2, SO 4) Describe what is likely to occur if company personnel erroneously recorded a sales transaction for the wrong customer? What if a cash receipt was applied to the wrong customer? Identify internal controls that would detect or prevent this from occurring.  If the sale is attached to the wrong customer, the wrong customer would be billed and it may cause both the wrong customer and the correct customer to have a negative opinion about the company.  In addition, if the company does not maintain adequate documentation, it may be difficult to determine which customer should be billed.  Therefore, the company may not be able to collect the cash they should have collected.  If a cash receipt is applied to the wrong customer, then two customer balances will be erroneous. The company would continue to bill the customer who paid, while not billing the correct amount to the wrong customer. Without adequate documentation, it would be difficult to correct this situation.   The internal controls that would help prevent these errors are maintaining adequate documentation, including source documents such as sales orders and remittance lists; the matching of key documents before recording;  reconciliations and verifications of invoices to receivables; and supervision.
25. (SO 4) Debate the logic used in the following statement: “The person responsible for handling cash receipts should also prepare the bank reconciliation because he is most familiar with the deposits that have been made to the bank account.” It is true that if a person could be absolutely trusted to do both duties, it may be more efficient.  However, having both duties provides opportunity and temptation for that person to steal cash and cover up the theft. In addition, a single person doing both duties might make an error affecting both the receipts and reconciliation.  Segregating these duties may slightly decrease the efficiency of bank reconciliations, but the positive benefits of fraud prevention or detection and error detection outweigh any efficiencies.
26. (SO 7) Revenue systems are crucial in the healthcare industry, where hundreds of billions of dollars are spent annually reconciling revenues and billing data from the perspectives of providers (doctors and clinics, etc.) and payers (insurance companies). Briefly describe how EDI would be beneficial in this industry. Describe the purpose of the header data and trailer data. In an EDI system, the computer systems of the biller and payer are connected and they would greatly speed up the billing and paying process, as well as decrease the errors in the process.  Without EDI, the would be keying errors, delays related to keying data and mailing bills and payments.  The header and trailer data identify the transaction data set so that the two computer systems can ensure the correct transaction data is matched.  The header and trailer also identify the beginning and end of a transaction data set.
27. (SO 2, SO 3, SO 4) Use the process maps in this chapter to answer the following questions:
    1. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? The sale should be disapproved (rejected).
    2. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order? The goods are shipped, an invoice is prepared and mailed; the following records are updated: sales, general ledger; and a month end statement is prepared and mailed to the customer.
    3. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000? The clerk should first check to make sure of the balance.  Then, that customer’s balance would be decreased to $900.
    4. When is it necessary for an accounts receivable clerk to notify a customer? An accounts receivable clerk would not need to notify customers.
28. (SO 2) Describe how the matching of key information on supporting documents can help a company determine that its revenue transactions have not been duplicated. For any sale, return or cash transaction, only one set of matching documents should exist. Once the documents are matched and recorded for a particular transaction, they should be filed as a completed transaction.  Thus, that same transaction would not be recorded again since the source documents are filed.
    beneath the mask

(SO 2,3) Describe how the use of pre-numbered forms for receiving reports and credit memos can help a company determine that sales return transactions have not been omitted from the accounting records.  When pre-numbered forms are used, it is much easier to ensure that the entire series of transactions have been accounted beneath the mask

solution manual test bank

solution manual test bank

Discussion Questions

six rules for brand revitalization

3. (SO 1) What are assurance services? What value do assurance services provide? Assurance services are accounting services that improve the quality of information. Many services performed by accountants are valued because they lend credibility to financial information.
4. (SO 2) Differentiate between a compliance audit and an operational audit. A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness.
5. (SO 2) Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits.
6. (SO 2) Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems. The IT environment plays a key role in how auditors conduct their work in the following areas:

• consideration of risk
• determination of audit procedures to be used to obtain knowledge of the accounting and internal control systems
• design and performance of audit tests.

7. (SO 3) Describe the three causes of information risk. Information risk is caused by:

• Remote information; for instance, when the source of information is removed from the decision maker, it stands a greater chance of being misstated.
• Large volumes of information or complex information.
• Variations in viewpoints or incentives of the preparer.

8. (SO 3) Explain how an audit trail might get “lost” within a computerized system. Loss of an audit trail occurs when there is a lack of physical evidence to view in support of a transaction. This may occur when the details of accounting transactions are entered directly into the computer system, with no supporting paper documents. If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered.
9. (SO 3) Explain how the presence of IT processes can improve the quality of information that management uses for decision making. IT processes tend to provide information in a timely and efficient manner.  This enhances management’s ability to make effective decisions, which is the essence of quality of information.
10. (SO 4) Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting. The standards of fieldwork provide general guidelines for performing the audit. They address the importance of planning and supervision, understanding internal controls, and evidence accumulation. The standards of reporting address the auditor’s requirements for communicating the audit results in writing, including the reference to GAAP, consistency, adequate disclosures, and the expression of an overall opinion on the fairness of financial statements.
11. (SO 4) Which professional standard-setting organization provides guidance on the conduct of an IT audit? The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit.
12. (SO 5) If management is responsible for its own financial statements, why are auditors important? Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP. Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements. To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid.
13. (SO 6) List the techniques used for gathering evidence. The techniques used for gathering evidence include the following:

• physically examining or inspecting assets or supporting documentation
• obtaining written confirmation from an independent source
• rechecking or recalculating information
• observing activities
• making inquiries of company personnel
• analyzing financial relationships and making comparisons to determine reasonableness

14. six rules for brand revitalization
15. (SO 6) During which phase of an audit would an auditor consider risk assessment and materiality? Risk assessment and materiality are considered during the planning phase of an audit.
16. (SO 7) Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic. Auditing through the computer is necessary when the auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form. Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit.
17. (SO 8) Explain why it is customary to complete the testing of general controls before testing application controls. Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested. The effectiveness of general controls is considered the foundation for the IT control environment. If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls.
18. (SO 8) Identify four important aspects of administrative control in an IT environment. Four important aspects of administrative control include:

• personal accountability and segregation of incompatible responsibilities
• job descriptions and clear lines of authority
• computer security and virus protection
• IT systems documentation

18. (SO 8) Explain why Benford’s Law is useful to auditors in the detection of fraud. Benford’s Law recognizes nonuniform patterns in the frequency of numbers occurring in a list, so it is useful to auditors in the identification of fabricated data within account balances such as sales, accounts receivable, accounts payable, cash disbursements, income taxes, etc. If fraudulent data are presented, they would not likely follow the natural distribution that Benford’s Law sets forth.
19. six rules for brand revitalization
20. (SO 8) Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience. Student’s responses are likely to vary greatly. Examples of physical controls may include card keys and configuration tables, as well as other physical security features such as locked doors, etc. Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply.
21. (SO 8) Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls. Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data. However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accounting system (i.e., the hash totals are used only for their control purpose and have no other numerical significance).
22. (SO 8) The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques. The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors. The results of the test must be compared with predicted results. An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations. An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system. The testing occurs simultaneously with the company’s actual transaction processing.
23. (SO 9) Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems. Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits. Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances. Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly.
24. (SO 9) What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these tools. CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems. These tools help auditors perform routine testing in an efficient manner. The types of tests that can be performed using GAS or DAS include:

• mathematical and statistical calculations
• data queries
• identification of missing items in a sequence
• stratification and comparison of data items
• selection of items of interest from the data files
• summarization of testing results into a useful format for decision making

24. (SO 10) Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects. On the other hand, an adverse opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements.
25. (SO 10) Why is it so important to obtain a letter of representations from an audit client? The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements. In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit. This serves as a significant piece of audit evidence.
26. (SO 11) How can auditors evaluate internal controls when their clients use IT outsourcing? When a company uses IT outsourcing, auditors must still evaluate internal controls. This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center.
27. (SO 12) An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Professional skepticism is most closely associated with the principle of Objectivity and Independence. Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements. This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest.

six rules for brand revitalization

Brief Exercises

six rules for brand revitalization

28. (SO 2) Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity. Provide an example of how a personal relationship might impair an auditor’s objectivity. An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates. For example, if an auditor owned stock in a client company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc.  Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements.

(SO 3) From an internal control perspective, discuss the advantages and disadvantages of using IT-based accounting systems.  The advantages of using IT-based accounting systems are the improvements in internal control due to the reduction of human error and increase in speed. The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and six rules for brand revitalization review of transactions

testbank

Discussion Questions

database administration

1. (SO 3) At the beginning of the chapter, the real world example of Allstate’s IT expenditure is mentioned. Prior to the implementation of their IT governance committee, “whoever spoke the loudest or whoever had the biggest checkbook,” got to select IT projects.  What do you think the problems were with this kind of approach?  There would be no long-term strategy in how they spent money on IT projects.  Therefore, it would be less likely that the company is buying and using the type of IT systems that support what the company wished to accomplish in the long-term.
2. (SO 1) Why is it important that IT systems be aligned with the business strategy? IT systems are critical systems that support and enhance business processes and business strategy.  If the IT systems do not support the business strategy, the company will find it much more difficult to achieve the long-term goals.
3. (SO 1) Why would IT governance include measuring the performance of IT Systems? IT governance is the proper management of IT. Without monitoring the performance of IT, there is no feedback to determine whether it is meeting the needs of the company, and meeting the objectives it was intended to achieve.
4. (SO 3) What is the difference between technical feasibility and operational feasibility? Technical feasibility examines whether technology exists to accomplish the objectives in a proposed IT system.  Operational feasibility is an examination of whether the organization could operate the proposed IT systems, given the limitations of the personnel and resources within the company.
5. (SO 3) How does the analysis of feasibilities in the systems planning phase help to prioritize system changes? A feasibility analysis may eliminate some proposed IT systems as not feasible.  Of those remaining under consideration, the feasibility analysis helps determine which proposed IT systems are most feasible.  Thus, those that are more feasible would have a higher priority and those that are less feasible have a lower priority.
6. (SO 4) What is the advantage of studying the current system within the systems analysis phase? It is easier to determine how to improve ther efficiency and effectiveness of a system if that system is well understood.  A study of the current system helps determine which areas need improvement.
7. (SO 4) During the systems analysis phase, which two data collection methods help determine user requirements? Interviews and questionnaires both solicit information or opinions from users.  These methods allow users to have input in determining system requirements.
8. (SO 5) What are the advantages of purchased software when compared with software developed in-house? Purchased software is usually less costly, more reliable, and has a shorter implementation time.
9. (SO 5) Why might it be important follow some or all of the SDLC phases for purchased software? Even when software is purchased, it often must be modified or customized.  The SDLC phases help organize and manage those steps to modify or customize the software.
10. (SO 5) How is conceptual design different from detailed design? The detailed design is much later in the process and creates the entire set of specifications necessary to build and implement the system. The conceptual design is earlier and is much more general in nature. It establishes alternative conceptual designs.
11. (SO 5)Within the system design phase, what are the purposes of evaluation and selection? The purpose is to assess the feasibility of each alternative conceptual design and to select the alternative design that best fits the organization’s needs.
12. (SO 5) Which part of the system design phase would include designing rows and columns of output reports? Why is it important to design reports? The detailed design part of system design includes creating the details of output reports.  Output reports include the information that users need to accomplish their jobs and without properly designed outputs, they cannot efficiently do these jobs.
13. (SO 6) What is the purpose of software testing? The purpose is to uncover problems in the system that would lead to erroneous accounting data.
14. (SO 6) How are accountants involved in data conversion? Accountants should do two things in data conversion. The first is to oversee the data conversion to make sure all data are completely and accurately converted. Accountants should also reconcile the converted data with the old data to insure it was accurately converted.  They would compare control totals of the old and converted data to accomplish the reconciliation.
15. (SO 6) Why is a direct cutover conversion risky? It is risky because the old system is no longer in operation, and therefore, the old system cannot be used as a backup system in the event of errors or problems with the new system.
16. (SO 6) Why is parallel conversion costly? It consumes more time and money because it requires running two systems at the same time.
17. (SO 6) Why is user acceptance important? The project team is more likely to solicit and use feedback from users if they know that users must sign off on the new system. In other words, the project team cannot say their job is finished until the user sign off occurs.
18. (SO 6) Why is post-implementation review undertaken? It is undertaken to help those involved in the SDLC to learn from any mistakes they made during the process.
19. (SO 8) How does the SDLC serve as an internal control? It is an internal control in the sense that it helps ensure that IT systems meet organizational needs and that the development and implementation of new IT systems is properly controlled.
20. (SO 9) What ethical obligations do employees have as IT systems are revised? Employees should make an honest effort to participate as requested in the SDLC, learn new system processes that result, and properly use the new systems and processes.

database administration

Brief Exercises

21. (SO 1) Describe the role that the Board of Directors should play in IT governance. The board must oversee all aspects of IT within the organization. They must articulate and communicate the direction for IT, stay aware of development, investments, and costs in IT.  They should receive and review reports on major IT projects and regular performance reports, and ensure that there are suitable resources and infrastructure available.

22. (SO 3, 5) Two feasibility studies occur during the SDLC: one during systems planning, and one during systems design. Describe the differences between these two feasibility studies.  In the systems design phase, the feasibility study is more detailed and the scope is different.  At this part of the system design phase, the alternative system conceptual designs have been narrowed to one alternative.  Thus, the feasibility study focuses on the details of that one design.  The estimates of the technology needed, the operational requirements, the costs, and the implementation schedule can be more precise.  In the systems planning phase, the purpose is to assess the feasibility of several alternative conceptual designs and to narrow the alternative conceptual designs.

23. (SO 4) There are four methods of data collection used in the study of the current system: observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods. In observation and documentation review, the project team views strengths and weaknesses of the system from their own perspective and they are not asking for user feedback.  Interviews and questionnaires are methods to ask for user input.  Interviews are face-to-face and verbal in the collection of user feedback.  Questionnaires can be anonymous and written.  Both interviews and questionnaires can be structured or unstructured.

24. (SO 4) Describe the purpose of Business Process Reengineering during the System Design phase. During the system design phase, the changes inherent in a new IT system may require changes in the underlying business processes. BPR is as radical rethinking and redesign of a business process to take advantage of the speed and efficiency of computers. BPR allows the company to make sure they are leveraging the capabilities of IT to improve the efficiency of the business processes.

25. (SO 6) There are four methods of system conversion: parallel, direct cutover, pilot, and phase-in. Describe these four methods and how they differ. A parallel conversion is the operation of both the old system and the new system for a limited period of time.  A direct cutover occurs when the new system begins as of a certain date and the old system is discontinued on that same date.  In a pilot conversion, the new system is implemented in a subunit or subunits within the organization.  The old system would continue in other parts of the organization.  In a phase-in conversion, the new system is introduced in modules, rather than the entire system at once.  In comparing the four methods, the direct cutover is the most risky and the parallel is least risky.  The pilot and phase-in approaches may take a longer total time to achieve a conversion to the entire new system across the organization.

26. (SO 7) Operation and maintenance is the longest and costliest part of the SDLC. Explain why this is true. When a company has completed the SDLC and implemented a new system, the intent is to operate it for a few years to capture the benefits of the new system.  Therefore maintaining and operating the system may last for several years and therefore, be the most costly part also.

27. (SO 7) Describe how IT performance reports are important in IT governance. Regular monitoring of IT systems is necessary to ensure that the systems are meeting their objectives and performing as expected. If management never received performance reports, it would be difficult to know whether systems improvements or revisions were needed.

28. (SO 9) What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes Oxley Act? These restrictions are intended to increase the independence of CPA firms that provide audit services for companies. The concern was that if a company receives fees from a client for consulting work, they may be less independent of the client’s wishes and more likely to allow clients to provide misleading accounting information to the investing public.

database administration

Problems

(SO 1) Mega Corporation just became a public corporation when shares of stock were sold to the public three months ago.  A new board of directors has been appointed to govern the corporation.  Assume that you will be giving a presentation to the board members on their responsibilities for IT systems.  Write a report that could be delivered to the board.

The board of directors of a company has a set of very important responsibilities related to IT systems.  As top management of the company, the board must take responsibility to ensure that the organization has processes that align IT systems to the strategies and objectives of the company.  To carry out this responsibility, the board must do certain functions, or ensure there are processes to carry out the following functions:

* Align IT strategy with the business strategy
* Cascade strategy and goals down to lower levels of the organization
* Provide structures that facilitate implementation of strategy and goals
* Insist that an IT control framework be adopted and implemented
* Measure and review IT performance

The more detailed activities needed to carry out these board responsibilities are as follows:

* Articulate and communicate long-term strategy
* Stay aware of latest developments in IT
* Insist that IT be a regular agenda item at board meetings
* Stay aware of the company’s investments, and competitors
investments in IT
* Ensure the senior IT official’s reporting level is appropriate to the role
of IT.
* Ensure the board has a clear view of the risks and returns of current
or proposed IT systems
* Receive and review regular reports on the progress of IT projects,
and on IT performance.
* Ensure adequate resources, skills, and infrastructures to meet
strategic goals for IT systems

If the board o database administration f directors focuses on these activities, it will help the

student resource

student resource

1. SO4) How does the use of public cloud computing reduce costs? Since cloud computing is usually a pay-for-service model, it means that companies need to pay only for the level of service needed. There is no need to maintain (and incur the costs associated with) a large IT system to accommodate peak demand periods.  In addition, cloud computing allows a company to reduce its investment in IT hardware and personnel.

understanding abnormal child

2. (SO4) Why is a private cloud less risky than a public cloud? A private cloud is developed, owned, maintained, and used by the user company; therefore, the company controls the security, availability, processing integrity, and confidentiality of its data. Accordingly, there is significantly less risk of losing data and applications.

3. (SO 4) Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files? EDI involves transferring electronic business documents between companies. Because EDI involves the use of a network or the Internet, risks of unauthorized access are prevalent. In order to authenticate trading partner users to accomplish the transfer of business documents, other company data files may be at risk of unauthorized use.

understanding abnormal child

4. (SO 5) Why is it critical that source documents be easy to use and complete?  Source documents should be easy to use and complete in order minimize the potential for errors, incomplete data, or unauthorized transactions are entered from those source documents into the company’s IT systems. Since source documents represent the method of collecting data in a transaction, they need to be easy to use in order to reduce the risk of incorrect or missing data in the accounting system.

5. (SO 5) Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited.   Student responses are likely to vary, but may include field checks, validity checks, limit checks, range checks, reasonableness checks, completeness checks, or sign checks. Although sequence checks and self-checking digits are additional input validation checks, they are not likely to be cited because they are applicable to transactions processed in batches, which is not likely to apply to students’ web transactions.

6. (SO 5) How can control totals serve as input, processing, and output controls? Control totals can be used as input controls when they are applied as record counts, batch totals, or hash totals to verify the accuracy and completeness of data that is being entered into the IT system. These same control totals can be used as processing controls when they are reconciled during stages of processing to verify the accuracy and completeness of processing. Finally, to ensure accuracy and completeness, the output from an IT system can be reconciled to control totals, thus serving as an output control. Therefore, totals at any stage can be compared against the initial control total to help ensure the accuracy of input, processing, or output.

7. (SO 5) What dangers exist related to computer output such as reports? Output reports contain data that should not fall into the wrong hands, as the information contained in reports is often confidential or proprietary and could help someone commit fraud. Therefore, the risk of unauthorized access must be controlled through strict policies and procedures regarding report distribution, retention, and disposal.

Brief Exercises

8. (SO 2,5) Categorize each of the following as either a general control or an application control:

understanding abnormal child

1. validity check – application control (input)
2. encryption – general control
3. security token – general control
4. batch total – application control (input, processing, and output)
5. output distribution – application control (output)
6. vulnerability assessment – general control
7. firewall – general control
8. antivirus software – general control

9. (SO 5) Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error.

1. The zip code field was left blank on an input screen requesting a mailing address. – Completeness check
2. A state abbreviation of “NX” was entered in the state field. – Validity check
3. A number was accidentally entered in the last name field. – Field check
4. For a weekly payroll, the hours entry in the “hours worked
   field was 400. – Limit check or range check
5. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. – Reasonableness check

understanding abnormal child

10. (SO 3) For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. In a similar manner, list a risk and control in each of the following categories:

 

1. Security. Risk: an unauthorized user could record an invalid transaction. Control: security token to limit unauthorized users.
2. Availability. Risk: An unauthorized user may shut down a program. Control: intrusion detection to find instances of unauthorized users.
3. Processing Integrity. Risk: environmental problems such as temperature can cause glitches in the system. Control: temperature and humidity controls.
4. Confidentiality. Risk: an unauthorized user could browse data. Control: encryption.

11. (SO 4) For each of the following parts of an IT system of a company, write a one-sentence description of how unauthorized users could use this as an “entry point”:

 

1. A local area network (LAN). Each workstation or the network wiring on the LAN are access points where someone could tap into the system.
2. A wireless network. The wireless signals broadcast into the air could be intercepted to gain access to the system.
3. A telecommuting worker. The telecommuter’s computer may be infected with a virus that allows a perpetrator to see the login ID and password.
4. A company website to sell products. A hacker may try to break through the web server firewall to gain access to company data.

understanding abnormal child

12. (SO 5) Explain the risk categories for cloud computing and how these risks may differ from a company that maintains its own IT hardware, software, and data.

Security – All processing, storing, and reading data occur over the Internet under a cloud computing model; therefore, the third party provider must maintain good security controls.  For a company that maintains its own data, it is responsible for its own security.

Availability – In a cloud computing model, any service interruptions are under the control of a third party provider; whereas, a company that maintains its own data would need to implement its own backups, business continuity, and disaster recovery plans.

Processing Integrity – All control of software installation, testing, and upgrading is transferred to the third-party provider of cloud computing services; whereas, a company that maintains its own data is responsible for the accuracy and completeness of its own processing.

Confidentiality – Under cloud computing, the control of maintaining confidentiality is transferred to the third-party provider rather than resting in the hands of the user company.

13. (SO 5) Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls:

 

1. Form design. A well-designed form will reduce the chance of erroneous or incomplete data. It could also increase the speed at which the form is completed.
2. Form authorization and control. Forms should have a signature line to indicate that the underlying transaction was approved by the correct person. Blank documents should be properly controlled to limit access to them.
3. Retention of source documents.  Source documents should be maintained as part of the audit trail. They also serve as a way to look up data when queries are raised.

14. (SO 5) Explain how control totals such as record counts, batch totals, and hash totals serve as input controls, processing controls, and output controls. Control totals serve as expected results after input, processing, or output has occurred. At each stage, the current totals can be compared against the initial control total to help ensure the accuracy of input, processing, or output.

15. (SO 6) Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical. Student responses will vary significantly. Some possibilities include copyrighted music or video downloading from an unauthorized source, viewing pornography on computers at work, shopping or other browsing while at work, using a work computer to store personal files or process personal work, using company e-mail systems for personal e-mail (some companies may not consider this as problematic as other potential unethical acts).

 understanding abnormal child

Problems

16. (SO 1, 2) Explain why an organization should establish and enforce policies for its IT systems in the following areas regarding the use of passwords for log-in:

1. Length of password. Passwords should be at least eight characters in length. This would make it difficult for a hacker to guess the password in order to gain unauthorized access to the system.
2. The use of numbers or symbols in passwords. Passwords should contain a mix of alphanumeric digits as well as other symbols. There may also be a mix of case sensitive letters. This would make it difficult for a hacker to guess the password.
3. Using common words or names as passwords. Names, initials, and other common names should be avoided as passwords, as they tend to be easy to guess.
4. Rotation of passwords. Passwords should be changed periodically, approximately every 90 days.  This will limit the access of a hacker who has gained unauthorized access.
5. Writing passwords on paper or sticky notes. Passwords should be committed to the user’s memory and should not be written down.  If they are documented, this increases the likelihood that an unauthorized user may find the password and use it to gain access to the system.

17. (SO 2) The use of smart cards or tokens is called two-factor authentication. Answer the following questions, assuming that the company you work for uses smart cards or tokens for two-factor authentication.

 

Required:

1. What do you think the advantages and disadvantages would be for you as a user? As a user, the advantages of two-factor authentication would be the security of the information in the system that I am using.  I would know that it would be difficult for an unauthorized user to alter a system that uses two-factor authentication, so I have more confidence in the data within such a system.  In addition, it is relatively easy to remember a password and to transport a smart card or security token. On the other hand, I might consider the use of two-factor authentication to be a disadvantage because it places more responsibility on me, the user.  For instance, in order to access the system, I have to remember my password and maintain control of a security device. It might be considered an inconvenience to a user to maintain a smart card or security token and remember to keep it accessible at all times that I may need to access the system. It might also be susceptible to loss, similar to a set of keys.
2. What do you think the advantages and disadvantages would be for the company? From the company’s perspective, the advantage of two-factor authentication is the strength of the extra level of security.  The company has additional protection against unauthorized access, which makes it difficult for a hacker to access the system.  The disadvantage is the cost of the additional authentication tools that comprise the dual layer of security.

18. (SO 4) Many IT professionals feel that wireless networks pose the highest risks in a company’s network system.

 

Required:

1. Why do you think this is true? Wireless networks pose the highest risks in a company’s network computer system because the network signals are transported through the air (rather than over cables). Therefore, anyone who can receive radio signals could potential intercept the company’s information and gain access to its network. This exposure is considered greater than in traditional WANs and LANs.
2. Which general controls can help reduce these risks? A company can avoid its exposure to unauthorized wireless network traffic by implementing proper controls, such as wired equivalency privacy (WEP) ore wireless protected access (WPA), station set identifiers (SSIDs), and encrypted data.

 

19. (SO 5) Control totals include batch totals, hash totals, and record counts. Which of these totals would be useful in preventing or detecting IT system input and processing errors or fraud described as follows?

 

1. A payroll clerk accidentally entered the same time card twice. Any of the three control totals could be used: A batch total could detect that too many hours were entered; A hash total could detect that an employee number summation was overstated; A record count cou understanding abnormal child ld detect that too many time cards were entered.

textbook solutions

textbook solutions

Discussion Questions

tourism management

2. (SO 1) What is the difference between general controls and application controls? General controls are internal controls that apply overall to the IT accounting systems; they are not restricted to any particular accounting application. Application controls apply within accounting applications to control inputs, processing, and outputs. They are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed.

tourism management

3. (SO 1) Is it necessary to have both general controls and application controls to have a strong system of internal controls? Yes, it is necessary to have both types of controls in a strong system of internal controls.  Since they cover different aspects of the IT accounting systems and serve different purposes, both are important and necessary. An IT system would not have good internal control if it lacked either general or application controls.

4. (SO 2) What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems? If an organization does not authenticate users of its IT systems, a security breach may occur in which an unauthorized user may be able to gain access to the computer system. If hackers or other unauthorized users gain access to information to which they are not entitled, the organization may suffer losses due to exposure of confidential information. Unauthorized users may gain access to the system for the purpose of browsing, altering, or stealing company data.  They could also record unauthorized transactions, shut down systems, alter programs, sabotage systems, or repudiate existing transactions.

5. (SO 2) Explain the general controls that can be used to authenticate users. In order to authenticate users, organizations must limit system log-ins exclusively to authorized users. This can be accomplished by requiring login procedures, including user IDs and passwords. Stronger systems use biometric identification or security tokens to authenticate users. In addition, once a user is logged in, the system should have established access levels and authority tables for each user. These determine which parts of the IT system each user can access. The IT system should also maintain a computer log to monitor log-ins and follow up on unusual patterns.

6. (SO 2) What is two-factor authentication with regard to smart cards or security tokens? Two-factor authentication limits system log-ins to authorized users by requiring them to have possession of a security device such as a smart card or token, and also have knowledge of a user ID and/or password.  Both are needed to gain access to the system.

7. (SO 2) Why should an organization be concerned about repudiation of sales transactions by the customer? Repudiation is the attempt to claim that the customer was not part of a sales transaction that has taken place. Organizations may suffer losses if customers repudiate sales transactions. If companies do not have adequate controls to prevent repudiation, they may not be able to collect amounts due from customers. However, organizations may reduce the risk of such losses if they require log-in of customers and if they maintain computer logs to establish undeniably which users take particular actions. This can provide proof of online transactions.

8. (SO 2) A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow.  Is it possible for a firewall to restrict too much data flow?  Yes, it is possible for a firewall to restrict legitimate data flow as well as unauthorized data flow.  This may occur if the firewall establishes limits on data flow that are too restrictive. In order to prevent blocking legitimate network traffic, the firewall must examine data flow and attempt to determine which data is authorized or unauthorized. The packets of information that pass through the firewall must have a proper ID to allow it to pass through the firewall.

9. (SO 2) How does encryption assist in limiting unauthorized access to data? Encryption is the process of converting data into secret codes referred to as cipher text. Encrypted data can only be decoded by those who possess the encryption key or password. It therefore renders the data useless to any unauthorized user who does not possess the encryption key. Encryption alone does not prevent access to data, but it does prevent an unauthorized user from reading or using the data.

tourism management

10. (SO 2) What kinds of risk exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID? WEP, WPA, and SSIDs can limit the risk of unauthorized access to wireless networks, which transmit network data as high frequency radio signals through the air. Since anyone within range of these radio signals can receive the data, protecting data is extremely important within a wireless network. This can be accomplished through encryption via wired equivalency privacy (WEP), through encryption and user authentication via wireless protected access (WPA), and through password protection of the network sending and receiving nodes via service set identifiers (SSIDs).

11. (SO 2) Describe some recent news stories you have seen or heard regarding computer viruses. Student responses will vary greatly depending upon the date this is discussed, but should describe situations of computer malfunctions caused by network break-ins where damaging actions were upon an organization’s programs and data.

12. (SO 2) What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related? Business continuity planning is a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks so that continuation of the IT system is always possible. On the other hand, disaster recovery planning is a reactive program for restoring business operations, including IT operations, to normal after a catastrophe occurs. These two concepts are related in that they are both focused on maintaining IT operations at all times in order to minimize business disruptions.

13. (SO 2) How can a redundant array of independent disks (RAID) help protect the data of an organization? RAID accomplishes redundant data storage by setting up two or more disks as exact mirror images. This provides an automatic backup of all data. If one disk drive fails, the other (maintained on another disk drive) can serve in its place.

14. (SO 2) What kinds of duties should be segregated in IT systems? In an IT system, the duties to be segregated are those of systems analysts who analyze and design the systems, programmers who write the software, operators who process data, and database administrators who maintain and control the database. No single person should develop computer programs and also have access to data.

15. (SO 2) Why do you think the uppermost managers should serve on the IT governance committee? An IT governance committee should be comprised of top management in order to ensure that appropriate priority is assigned to the function of governing the overall development and operation of the organization’s IT systems. Since the committee’s functions include aligning the IT systems to business strategy and to budget funds and personnel for the effective use of IT systems, it is important that high-ranking company officials be aware of these priorities and involved in their development. Only top management has the power to undertake these responsibilities.

tourism management

16. (SO 3,4) Why should accountants be concerned about risks inherent in a complex software system such as the operating system? Accountants need to be concerned about the risks inherent in the organization’s software systems because all other software runs on top of the operating system. These systems may have exposure areas that contain entry points for potential unauthorized access to software and/or data. These entry points must be controlled by the proper combination of general controls and application controls.

17. (SO 4) Why is it true that increasing the number of LANs or wireless networks within an organization increases risks? Increasing the number of LANs or wireless networks within an organization increases exposure areas, or entry points through which a user can gain access to the network. Each LAN or wireless access point is another potential entry point for an unauthorized user. The more entry points, the more security risk the organization faces.

18. (SO 4) What kinds of risks are inherent when an organization stores its data in a database and database management system? Since a database management system involves multiple use groups accessing and sharing a database, there are multiple risks of unauthorized access. Anyone who gains access to the database may be able to retrieve data that they should not have. This multiples the number of people who potentially have access to the data. In addition, availability, processing integrity, and business continuity risks are also important due to the fact that so many different users rely on the system. Proper internal controls can help to reduce these inherent risks.

19. (SO 4) How do telecommuting workers pose IT system risks? The network equipment and cabling that enables telecommuting can be an entry point for hackers or other break-ins, and the teleworker’s computer is another potential access point that is not under the company’s direct control. Therefore, it is difficult for the company to monitor whether telecommuters’ computers is properly protected from viruses and other threats. These entry points pose security, confidentiality, availability, and processing integrity risks.

tourism management

20. (SO 4) What kinds of risks are inherent when an organization begins conducting business over the Internet? The Internet connection required to conduct web-based business can expose the company network to unauthorized use. The sheer volume of users of the World Wide Web dramatically increases the potential number of unauthorized users who may attempt to access an organization’s network of computers. An unauthorized user can compromise security and confidentiality, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, the existence of e-commerce in an organization poses online privacy risks.

solution manual test bank

solution manual test bank

Discussion Questions

managerial economics

1. (SO 1) Management is held accountable to various parties, both internal and external to the business organization. To whom does management have a stewardship obligation and to whom does it have reporting responsibilities? Management has a stewardship obligation to the shareholders, investors, and creditors of the company, i.e., any parties who have provided funds or invested in the company.  Management has a reporting responsibility to business organizations and governmental units with whom the company interacts.

2. (SO 2, 4) If an employee made a mistake that resulted in a loss of company funds and misstated financial reports, would the employee be guilty of fraud? Discuss. No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is no theft or concealment, so fraud does not exist.

3. (SO 2, 3) Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss. Student responses may vary.  Those agreeing that it is possible may refer to the fraud triangle and note that the incentive may be job-related (such as opportunities to produce enhanced financial statements, which may increase the company’s stock price, increase compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization may involve plans to make restitution. On the other hand, some students may reject the notion that management fraud could be in a company’s best interest, as it puts the company at great risk.  When frauds are discovered, they are often devastating due to the financial restatements and loss of trust.

4. (SO 7) Distinguish between internal and external sources of computer fraud. Employees are the source of internal computer fraud.  When employees misuse the computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is known as internal computer fraud.  On the other hand, external sources of computer fraud are people outside the company or employees of the company who conduct computer network break-ins. When an unauthorized party gains access to the computer system to conduct hacking or spoofing, this is known as external computer fraud.

5. (SO 7) Identify and explain the three types of internal source computer fraud. The three types of internal source computer fraud are input manipulation, program manipulation, and output manipulation. Input manipulation involves altering data that is input into the computer. Program manipulation involves altering a computer program through the use of a salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves altering reports or other documents generated from the computer system.

managerial economics

6. (SO 7) Describe three popular program manipulation techniques. The salami technique accomplishes a fraud by altering small “slices” of computer information.  These slices of fraud are difficult to detect because they are so small, but they may accumulate to a considerable amount if they are carried out consistently across many accounts.  This is often accomplished by rounding or applying minor adjustments. The perpetrator typically steals the amounts represented by these slices or uses them to his or her benefit.

A Trojan horse program is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud. For example, a customer account may be automatically written off upon the processing of a new batch of transactions.

A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud. Trap doors are unique hidden entrances to computer programs that are written into the software applications to provide a manner of testing the systems.  Although they should be removed prior to implementation, they may remain to provide a tool for misusing the system to perpetrating fraud.

managerial economics

7. (SO 7) Distinguish between Internet spoofing and e-mail spoofing. Internet spoofing involves a person working through the Internet to access a computer network while pretending to be a trusted source. The packet of data containing the Internet protocol (IP) address contains malicious data such as viruses or programs that capture passwords and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to scam the recipients.

8. (SO 10) What are the objectives of a system of internal control? The objectives of an internal control system are as follows:

• To safeguard assets from fraud or errors
• To maintain accuracy and integrity of accounting data
• To promote operational efficiency
• To ensure compliance with management directives

9. (SO 10) Name and distinguish among the three types of internal controls. The three types of internal controls are preventative controls, detective controls, and corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any undesired acts before they occur. Detective controls help employees uncover or discover problems that may exist. Corrective controls involve steps undertaken to correct existing problems.

10. (SO 10) Identify the COSO report’s five interrelated components of internal controls. According to the COSO report, there are five interrelated components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring.
11. (SO 10) Name the COSO report’s five internal controls activities. According to the COSO report, there are five internal control activities: authorization of transactions, segregation of duties, adequate records and documents, security of records and documents, and independent checks and reconciliations.
12. (SO 10) Distinguish between general and specific authorization. General authorization is a set of guidelines that allows transactions to be completed as long as they fall within established parameters. Specific authorization means that explicit approval is needed for that single transaction to be completed.

13. (SO 10) Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks? Close supervision may serve as a compensating control to lessen the risk of negative effects when other controls, especially segregation of duties, are lacking.
14. (SO 10) Why is a policies and procedures manual considered an element of internal control? Formally written and thorough documentation on prescribed policies and procedures should establish clarity and promote compliance within a business organization, thus providing an important element of internal control. The policies and procedures should cover both manual and automated processes and control measures, and must be communicated to all responsible parties within the company.

15. (SO 10) Why does a company need to be concerned with controlling access to its records? Securing and protecting company records is important to ensure that they are not misused or stolen. Unauthorized access or use of records and documents allows the easy manipulation of those records and documents, which can result in fraud or a concealment of fraud.

16. (SO 10) Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls. Mandatory vacations and periodic job rotation policies provide for independent monitoring of the internal control systems. Internal control responsibilities can be rotated so that someone is monitoring the procedures that are typically performed by someone else, which enhances the effectiveness of those procedures.

17. (SO 10) Name the objectives of an effective accounting system. An effective accounting system must accomplish the following four objectives:

• Identify all relevant financial transactions of the organization.
• Capture the important data of these transactions.
• Record and process the data through appropriate classification, summarization, and aggregation.
• Report the summarized and aggregated information to managers.

18. (SO 10) What does it mean when information flows “down, across, and up the organization”? A business organization must implement procedures to assure that its information and reports are communicated to the appropriate management level. This communication is described by COSO as “flowing down, across, and up that organization”. Such a communication flow assists management in properly assessing operations and making changes to operations as necessary.
19. (SO 10) Provide examples of continuous monitoring and periodic monitoring. Any ongoing review activity may be an example of continuous monitoring, such as a supervisor’s examination of financial reports and a computer system’s review modules. An example of periodic monitoring is an annual audit performed by a CPA firm or a cyclical review performed by internal auditors.

20. (SO 10) What are the factors that limit the effectiveness of internal controls? It is not possible for an internal control system to provide absolute assurance because of the following factors that limit the effectiveness of internal controls:

• Flawed judgments
• Human error
• Circumventing or ignoring established controls

In addition, excessive costs may prevent the implementation of some controls.

managerial economics

21. (SO 11) Identify and describe the five categories of the AICPA Trust Services Principles. The AICPA Trust Services Principles are divided into the following five categories of risks and controls:

• Security. Security is concerned with the risk of unauthorized physical and logical access, such as breaking into the company’s facilities or computer network.
• Availability. Availability is concerned with the risk of system interruptions or failures due to hardware of software problems such as a virus.
• Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete, or improperly authorized information due to error or fraud.
• Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a customer’s personal information.
• Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of company information.

22. (SO 11) Distinguish between the Trust Services Principles of privacy and confidentiality. Both privacy and confidentiality are concerned with the risk of in appropriate access or use of information. However, privacy is focused on protecting the privacy of a customer’s personal information; whereas confidentiality is focused private information about the company itself and its business partners.
23. (SO 10) Identify the four domains of high-level internal control. As set forth in Appendix B, COBIT establishes four domains of high level control objectives. These include planning and organization, acquisition and implementation, delivery and support, and monitoring.

Brief Exercises

24. (SO 2, 3) What possible motivation might a business manager have for perpetrating fraud? Management might be motivated to perpetrate fraud in order to improve the financial statements, which may have the result of increasing the company’s stock price and increasing incentive-based compensation. Altered financial information might also have the effect of delaying cash flow problems and/or bankruptcy, as well as improving the potential for business transactions such as mergers, borrowing, stock offerings, etc.

managerial economics

25. (SO 5) Discuss whether any of the following can be examples of customer fraud:

• An employee billed a customer twice for the same transaction. This is not an example of customer fraud; rather, the customer is being defrauded in this scenario.  This is an example of employee fraud (assuming that the double-billing was intentional and the resulting cash receipts are stolen by employees).
• A customer remitted payment in the wrong amount. This may be an example of customer fraud, assuming that the payment was made as a deceptive tactic to avoid the full amount of the customer’s liability.
• A customer received merchandise in error, but failed to return it or notify the sender.  Although this scenario involves a customer’s improper receipt of goods, it would not be considered customer fraud since it was the result of an error. Regardless of whether the error was committed by the company or the customer, deception is a required element of fraud.

26. (SO 7) Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business. Computer hacking is the term commonly used for computer network break-ins. Hacking may be undertaken for various purposes, including theft of proprietary information, credit card theft, destruction or alteration of data, or merely thrill-seeking. Industrial espionage is the term used for theft of proprietary company information. Although computer hacking provides one method of conducting industrial espionage, a computer is not always required to steal company information.  Fraudsters trying to conduct industrial espionage may also resort to digging through the trash in order to gain information about a target company.

27. (SO 9) What are some ways in which a business could promote its code of ethics?

The best way for a company to promote its code of ethics is for its top managers to live by it on a day-to-day basis. If the code is well documented and adhered to by management, others in the organization are likely to recognize its importance.  Furthermore, if discipline and/or discharges are applied to those who violate the code, this will serve as a strong message regarding the importance of the code.

28. (SO 10) Describe why the control environment is regarded as the foundation of a business’s system of internal control. The control environment is regarded as the foundation of a system of internal controls because it sets the tone of an organization and influences the control consciousness of its employees. Thus, the tone at the top flows through the whole business organization and affects behavior at every level. It also provides the discipline and structure of all other components of internal control. COSO identifies the tone set by management as the most important factor related to providing accurate and complete financial reports.

29. (SO 10) Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why. Student responses will vary. Characteristics of a risky control environment include absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management philosophy and operating style, overlapping duties and vague lines of authority, lack of employee training, and an inactive board of directors. On the other hand, a conservative control environment is characterized by a rigidly enforced code of ethics, a conservative management philosophy and operating style, clearly established job descriptions and lines of authority, a focus on employee training and organizational development, and an accountable and attentive board of directors.

30. (SO 10) Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? The steps involved in risk assessment include:

• Identify the sources of risk, both internal and external.
• Determine the impact of such risks in terms of finances and reputation.
• Estimate the likelihood of such risks occurring.
• Develop an action plan to reduce the impact and probability of identified risks.
• Execute the action plan on an ongoing basis.

It would not likely be effective for an organization to hire consultants to develop its risk assessment plan because company-specific experience and expertise are needed in order to do this work effectively.  For instance, members of management who are actively involved in day-to-day operations and reporting will likely have the best ability to identify risks, determine the impact of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may be useful in assisting with the development and implementation of the action plan, the first three steps of the risk assessment process would likely depend upon the working knowledge of members of the company’s management.

31. (SO 10, 11) Discuss the accuracy of the following statements regarding internal control:

• The more computerized applications within a company’s accounting system, the lower the risk will be that fraud or errors will occur. It is not necessarily true that extensive computerized application will lower a company’s risk of fraud. This is because computerized systems also increase vulnerabilities such as unauthorized access, business interruptions, and inaccuracies. The technological complexities that accompany sophisticated computer applications call attention to the need for extensive internal controls to reduce the risk of fraud and errors.
• The more involved top management is in the day-to-day operations of the business, the lower the risk will be that fraud or errors will occur. It is certainly true that the tone at the top (the tone set by top management) is the most important factor of internal control.  Accordingly, it can be implied that involved managers would promote strong internal controls.  However, although this is often true, it will be true only when top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a conservative approach to operations and financial reporting, and cultivati managerial economics ng clear communications and responsibilities.

testbank

testbank

Discussion Questions

managerial economics

1. (SO 1) What is the relationship between business processes and the accounting information system? As the systematic steps are undertaken within a business processes, the corresponding data generated must be captured and recorded by the accounting information system.
2. (SO 1) Why is it sometimes necessary to change business processes when IT systems are applied to business processes? When IT systems are applied to business processes, some of the detailed transaction data may no longer be taken from paper-based source documents, and manual processing may no longer be needed to summarize and post that data.  Accordingly, some of the related manual steps within the business process can be eliminated or changed.
3. (SO 2) Are manual systems and processes completely outdated? No, manual systems and business processes are not completely outdated. Manual records and tasks may still be involved in the business processes of even the largest and most sophisticated accounting information systems.

managerial economics

4. (SO 2) What is the purpose of source documents? Source documents capture the key data of a transaction, including date, purpose, entity, quantities, and dollar amounts.

5. (SO 2) What are some examples of turnaround documents that you have seen? An example of a turnaround document, as described in the chapter, is a credit card statement, where the statement itself (as received in the mail by the credit card holder) represents the output of the credit card company’s accounting information system. When the credit card holder returns the top portion of the statement with his or her payment, it then becomes an input to the company’s cash collection process.

6. (SO 2) Why would the training of employees be an impediment to updating legacy systems? One of the advantages of legacy systems is that they are well supported and understood by existing personnel who are already trained to use the system. Since those legacy systems are not generally based on user-friendly interfaces and they tend to be use software written in older computer languages, there is likely to be a significant investment of time and human resources required to maintain the system. In addition, legacy systems are often difficult to modify. Employees may be reluctant to forego their investment or to commit additional time in support of an updated system that becomes more challenging to maintain.
7. (SO 2) Why is it true that the accounting software in and of itself is not the entire accounting information system? The accounting software is not the entire accounting information system; rather, it is a tool that supports the organization’s unique business processes. The software must often be customized to meet the needs of the organization and to integrate well with the manner in which transactions are processed.  The human resources and/or manual records and documents that are part of the business processes are also an integral part of the accounting information system.
8. (SO 2) How is integration across business processes different between legacy systems and modern, integrated systems? Integration across business processes within a legacy system is extremely challenging and costly, as those systems are usually not based on user-friendly interfaces that are difficult to modify.  It is also difficult to find programmers to perform such tasks. The result is that organizations which integrate business processes between legacy systems typically must resort to enhancements to their existing software or bridging their existing software to new systems or interfaces.  On the other hand, modern, integrated systems are based on a single software system that integrates many or all of the business processes within the organization, thus eliminating the coordination and updating efforts required by the older systems.
9. (SO 3) How does client-server computing divide the processing load between the client and server? In client-server computing, the processing load is assigned to either the server or the client on the basis of which one can handle each task most efficiently. The server is more efficient in managing large databases, extracting data from databases, and running high-volume transaction processing software applications. The client is more efficient at manipulating subsets of data and presenting data in a user-friendly, graphical-interface environment.

managerial economics

10. (SO 3) Why do you think the client computer may be a better computer platform for presentation of data? The client computer is better for presentation of data because it manipulates subsets of data without being bogged down by the processing load of the entire data set. In addition, the client computer maintains presentation software in a user-friendly format for reporting purposes.

11. (S04) What are the distinguishing characteristics of cloud computing? Cloud computing is a centralized approached to computing, whereby computing services are outsourced to a third party provider. Accordingly, a company’s software and data may reside on the server of the provider. This offers many advantages, including the ability to scale the level of service to the needs of the company, as well as cost savings associated with the reduced infrastructure.

managerial economics

12. (S04) Why do you think a company would benefit from using cloud computing rather than client server computing? The primary benefits of cloud computing are in the areas of access, scalability, and cost savings. Companies are likely to benefit from using cloud computing when their employees may need to access and read data from many different locations while using different types of computing devices. In addition, since cloud computing is a pay-for-service model, companies only pay for the level of service they need, so it is not necessary to invest in capacity that may not yet be required. Also, the cost savings result from the reduced infrastructure (including equipment, hardware, software, maintenance, and technical employees).

managerial economics

13. (SO4) If your personal data were stored on a computer in cloud computing, would you have any concerns about it? Student responses may vary, and although the risks of cloud computing are discussed in a later chapter, students may identify concerns about security of private data stored in the cloud and access to data in the event of a service interruption.

14. (SO 5) Why do you think there are different market segments for accounting software? There are different market segments for accounting software to support the different needs of organizations depending on their size and the complexities of their business processes.
15. (SO 5) How would accounting software requirements for large corporations differ from requirements for small companies? Larger companies tend to need more power and functionality from their software systems because of their size and the complexities of their business processes. This may especially be true of large, multinational corporations which need to integrate business processes located all around the globe. Small companies are not likely to need such extensive power and functionality from their systems.
16. (SO 5) What are some of the differences between ERP systems and accounting software for small companies? ERP systems are multimodule software systems designed to manage all aspects of an enterprise. The modules (financials, sales, purchasing, inventory management, manufacturing, and human resources) are based on a relational database system that provides extensive set-up options to facilitate customization to specific business needs.  Thus, the modules work together to provide a consistent user interface. These systems are also extremely powerful and flexible. Many of the software systems in the small and mid market categories are not true ERP systems with fully integrated modules; however, these systems assimilate many of the features of ERP systems.
17. (SO 5) Why would accounting software development companies be interested in expanding their software products into other market segments? Software development companies and software vendors often attempt to increase the appeal of their software products to more than one market segment when the features of their products may fit the needs of different sized organizations. In addition, there is a trend toward increasing the functionality of existing systems to offer increased flexibility and functionality to meet such diverse needs. Since business organizations make considerable investments in the software products that comprise their accounting information systems, it is not surprising that there is much competition among the companies that provide these systems.

18. (SO 6) Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data? Manual input of data is still important to understand in today’s accounting environment. Many business organizations still use some manual processes for reading source documents and keying the relevant information into the accounting information system. Even high-tech point of sale systems require manual processes to input the accounting data contained on bar codes.
19. (SO 6) What are the advantages to using some form of IT systems for input, rather than manual input? Using IT systems for input has the advantages of reducing the time, cost, and errors that tend to occur with manual data input.

20. (SO 6) Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system? With manual input, human efforts are required to write on the source documents and to manually key in the data. Errors tend to occur from time-to-time with such a system. On the other hand, the manual steps of writing and keying are eliminated when using a bar code system, thus reducing the likelihood of error.

21. (SO 7) In general, what types of transactions are well suited to batch processing? Batch processing is best suited to applications having large volumes of similar transactions that can be processed at regular intervals, such as payroll.

22. (SO 7) Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing? By necessity, batch systems involve a time lag while all transactions in the batch are collected. This means that available information in files will not always be current, as it would be in real-time systems. Therefore, when constantly up-to-date information is needed by users on a timely basis, batch processing is likely to be unsuitable for transaction processing.

23. (SO 7) How would real-time processing provide a benefit to managers overseeing business processes? Real-time processing is beneficial for business managers because it provides for system checks for input errors. Therefore, errors can be corrected immediately, thus increasing the quality of the information for which the manager is held accountable. In addition, real-time systems enhance the efficiency of information availability.
24. (SO 8) How do internal reports differ from external reports? Although internal and external reports are both forms of output from an accounting information system, they have different purposes. Internal reports provide feedback to managers to assist them in running the business processes under their control. On the other hand, external reports (such as the financial statements) are used by external parties to provide information about the business organization.

25. (SO 8) What are some examples of outputs generated for trading partners? Invoices and account statements are examples of outputs generated for customers; whereas checks and remittance advices are examples of outputs sent to vendors.

26. (SO 8) Why might it be important to have internal documents produced as an output of the accounting information system? It is important to produce internal documents as an output of an accounting information system because internal documents provide feedback needed by managers assist them in running the business processes under their control. These internal documents can be customized to allow a manger to “drill down” into the details of the process being managed.
27. (SO 9) How does documenting a system through a pictorial representation offer benefits? A pictorial representation of an accounting information system is beneficial because it provides a concise and complete way for accountants to analyze and understand the procedures, processes, and the underlying systems that capture and record the accounting data.

managerial economics

Brief Exercises

28. (SO 1) Think about your most recent appointment at the dentist’s office. Describe the business process that affected you as the patient/customer. In addition, describe the administrative and accounting processes that are likely to support this business.

As a patient, you would experience the revenue processes as you receive services from the hygienist and dentist. You would also be affected by the billing and collections processes when you receive an invoice for services rendered and submit payment for those services.

The dental office would need to have specific steps in place for recording the services provided to each patient so that they can be properly billed and reported. These steps may be very detailed, especially in instances where patient fees must be allocated between dental insurance companies and the patients themselves. There would also need to processes in place for purchasing, as a dentist’s office is expected to make regular purchases of supplies as well as to handle the other operating costs of the business. Payroll processes would also be needed to account for the time and pay of each employee in the dentist’s office, and fixed asset processes would be needed to support the investments in and depreciation of office furniture and equipment, fixtures, and dental equipment. Finally, it is possible that the business may have administrative processes in place to handle investment, borrowing, and capital transactions.  Once these transactions are recorded, the business must have processes in place to post the related data to the general ledger and summarize it in a manner that facilitates the preparation of financial statements and other accounting reports.

29. (SO 2) Describe the purpose of each of the following parts of a manual system:

1. source document – captures the key data of a transaction, including the date, purpose, entity, quantities, and dollar amounts.
2. turnaround document – provides a connection between different parts of the accounting system by serving as the output of one system and the input to another system in a subsequent transaction.
3. general ledger – provides details for the entire set of accounts used in the organization’s accounting systems.
4. general journal – captures the original transactions for non routine transactions, adjusting entries, and closing entries.
5. special journal – captures the original transactions for routine transactions such as sales, purchases, payroll, cash receipts, and cash disbursements.
6. subsidiary ledger – maintains detailed information regarding routine transactions, with an account established for each trading partner.

30. (SO 2) Consider the accounting information system in place at an organization where you have worked. Do you think that it was a manual system, legacy system, or an integrated IT system? Describe one or two characteristics of that accounting information system that lead you to your conclusion.

managerial economics

Student responses are likely to vary greatly, as they may refer to any work experience.  Characteristics of manual systems may include paper-based documents and records, and manual processes performed by humans.  Characteristics of legacy systems may include older technology including a mainframe computer and the use of software languages such as COBOL, RPG, Basic, and PL1. Characteristics of an integrated IT system include powerful,

student resource

Discussion Questions

basic animal nutrition

basic animal nutrition

1. (SO 1) How might the sales and cash collection processes at a Wal-Mart store differ from the sales and cash collection processes at McDonald’s? Wal-Mart sells items that are pre-priced and bar coded with that price.  Therefore the cash registers at Wal-Mart use bar code scanners.  However, McDonalds sells fast foods that are not bar coded.  The cash registers at McDonalds use touch screen systems that require a cashier to indicate the items purchased. The cash collection processes are not different.  In both cases, the employee collects the cash or credit card, and returns any change.
2. (SO 1) Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order? Student responses may vary, however, following are a few examples:  Often, at either the drive-through or the inside cash register, the customer can see a screen that displays the items ordered. In addition, a fast food restaurant uses pre-designed slots to hold certain types of menu items.  When a customer orders a particular sandwich, the person filling the order knows exactly which slot to pull the sandwich from.  Each customer receives a printed receipt with the items listed and the customer can verify the accuracy.
3. basic animal nutrition
4. (SO 1) How might the sales and cash collection processes at Boeing Co. (maker of commercial passenger jets) differ from the sales and cash collection processes at McDonald’s? Boeing does not sell to end-user consumers; rather, it sells to companies such as airlines.  Therefore Boeing does not have stores, nor inventory in stores, nor cash registers to process sales.  Boeing is more likely to maintain a sales force that visits potential customers to solicit sales.  Those sales may be entered by the salesperson into a laptop computer connected to Boeing’s network.  McDonald’s, on the other hand, sells to consumers, uses order input touch screens at each location, and maintains supplies of perishable food products.
5. (SO 1) Are there business processes that do not in some way affect accounting records or financial statements? There may be processes that do not directly affect accounting records (such as recruiting and hiring a new employee), but all processes have a direct or indirect affect on accounting records.  All processes use resources such as material or employee time.  Therefore, all processes have expenses related to those processes that will affect the accounting records.
6. (SO 2) Briefly describe the five components of an accounting information system.
   1. Work steps within a business process that capture accounting data as the business process occurs.
   2. Manual or computer-based records that capture the accounting data from the business processes.
   3. Internal controls within the business process that safeguard assets and ensure accuracy and completeness of the data.
   4. Work steps that process, classify, summarize, and consolidate the raw accounting data.
   5. Work steps that generate both internal and external reports.
7. (SO 2) Describe how sales data are captured and recorded at a restaurant such as Applebee’s. At most Applebee’s restaurants, a server writes the order on a pad and carries that pad to a cash register.  The server enters the order on a touch screen terminal.  The order information is then displayed on a terminal in the kitchen.  When the customer has finished the meal, the server prints a check and delivers the check to the table.  The customer pays the server by using cash or a credit card.  The server processes the payment on the touch screen register and returns the change or credit card slip to the customer.
8. (SO 2) What occurs in an accounting information system that classifies accounting transactions? For each business process that affects accounting records, the accounting information system must capture any resulting accounting data, record the data, process it through classification, summarization, and consolidation, and generate appropriate reports.
9. (SO 2) What are the differences between internal reports and external reports generated by the accounting information system? Internal reports are used by management to oversee and direct processes within the organization.  External reports are the financial statements used by investors and creditors to make decisions about investing or extending credit to the organization.
10. (SO 3) What types of businesses are in the supply chain of an automobile manufacturer? The types of businesses in an automaker’s supply chain are often manufacturers of parts used in cars.  This would include manufacturers of tires, batteries, steel, plastic, vinyl and leather, as well as many other manufacturers making the thousands of parts in a car.
    basic animal nutrition
11. (SO 3) When a company evaluates a supplier of materials, what kinds of characteristics might be evaluated? The supplier’s characteristics that are likely to be evaluated include price and payment terms, quality, reliability of the materials, as well as whether the supplier can deliver materials when needed.
12. (SO 3) How do you think a company may be able to influence a supplier to meet its business processing requirements? A company may be able to influence a supplier by choosing only suppliers that meet expectations regarding the terms of price, quality, and delivery timing. Those suppliers that do not meet these expectations may not be used in the future. This exerts some influence over suppliers, as the suppliers will lose business if they do not meet the buyer’s requirements.
13. (SO 4) Describe any IT enablement that you have noticed at a large retail store such as Wal-Mart or Target. The most noticeable IT enablement is the use of bar coded systems on the products and how they are read by the cash registers.
14. (SO 4) How do you think the World Wide Web (WWW) has led to business process reengineering at companies such as Lands End or J.Crew? Prior to the World Wide Web, customers placed orders either on the phone or by mail. Both phone and mail orders require employees to take the order and enter it into the computer system.  Using online sales, customers enter their own orders and no company personnel are needed to key orders into the computer system.  Therefore, there was a major change in the number of people employed to key orders.
15. (SO 4) What two kinds of efficiency improvement result from business process reengineering in conjunction with IT systems? The use of IT systems usually leads to two kinds of efficiency improvements. First, the underlying processes are reengineered (through rethinking and redesign) to be conducted more efficiently.  Second, the IT systems improve the efficiency of the underlying processes.
16. (SO 5) Explain the differences between a field, a record, and a file. A field is one set of characters that make up a single data item. For example, last name would be a field in a customer database.  A record is a collection of related fields for a single entity.  For example, last name, first name, address, phone number, and credit card number fields might make up a single customer record.  A file is a collection of similar records. For example, all customer records together make up a customer file.
17. (SO 5) Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee. When the desired action is to access a single record, random access is preferable. If sequential access storage is used, all records must be read in sequence until the desired record is reached.  On the other hand, random access allows a single record to be accessed without the necessity of reading other records.  This makes it more efficient to access a particular employee record to change the pay rate.
18. (SO 5) Why do real-time systems require direct access files? If transactions are to be processed online and in real-time, it is necessary that the computer access a single record immediately. Thus, direct access files are required so the records can be accessed in real-time.
19. (SO 5) Why is data contained in the data warehouse called nonvolatile? Each time a new transaction is completed, parts of the operational data must be updated. Therefore, the operational database is volatile – with constantly changing information.  However, the data warehouse does not change with each transaction.  The data warehouse is only changed when periodic updates occur.  The data in the data warehouse are nonvolatile because they do not change constantly.
20. (SO 5) How is an extranet different from the Internet? The extranet allows access only to selected outsiders, while the Internet is open to an unlimited number of outsiders (essentially anyone having access to the Internet). On the other hand, extranets are typically used by companies to interact with specific suppliers and customers who have been granted access to a company’s network.
21. (SO 6) Prepare a list of the types of businesses that you have been in that use point of sale systems. Student responses may vary, but would likely include department stores, grocery stores, specialty stores, restaurants, gas stations, and car washes.
22. (SO 6) What do you think would be the advantages of an e-payables system over a traditional system that uses paper purchase orders and invoices? An e-payables system should be faster and more efficient than a paper-based system. In addition, fewer processing errors should be expected from an e-payables system.
23. (SO 7) Describe why enterprise risk management is important. All organizations face risks and Enterprise Risk Management (ERM) assists managers in reducing and controlling risk. ERM also involves personnel across the entire business organization, as they implement strategies to achieve the organization’s objectives.
24. (SO 7) What is the difference between general controls and application controls? General controls apply overall to the IT accounting system. They are controls that are not restricted to any particular accounting application.  An example of a general control is the use of passwords to allow only authorized users to log into an IT-based accounting system.  Application controls are used specifically in accounting applications to control inputs, processing, and output.  Application controls are intended to insure that inputs are accurate and complete, processing is accurate and complete, and that outputs are properly distributed, controlled, and disposed.
25. (SO 7) In what way is a code of ethics beneficial to an organization? If top management institutes a code of ethics and emphasizes this code by modeling its principles and disciplining or discharging those who violate the code, it can help reduce unethical behavior in the organization.
26. (SO 8) What roles do accountants have in relation to the accounting information system? Accountants are users of the AIS, they assist in the design of the AIS, and they are auditors of the AIS.

basic animal nutrition

Brief Exercises

26. (SO 1) For each category of business processes (revenue, expenditure, conversion, administrative), give an example of a business process. Student responses are likely to vary greatly, as they may refer to any of the subprocesses within each category. For example, the revenue processes include sales, sales returns, and cash collections; the expenditure processes include purchasing, purchase returns, cash disbursements, payroll, and fixed asset processes; the conversion processes include planning, resource management, and logistics; administrative processes include capital processes, investments, and general ledger processes.  Accordingly, any type of business process can be cited to answer this question, but the student must match the example with the appropriate process.

27. (SO 2) Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems? Student responses are likely to vary greatly, as nearly every department within a business organization uses reports generated by the accounting information systems. For example, sales departments need customer account information to help in their efforts to sell products to customers. Purchasing departments need product information to help in their efforts to purchase products needed in the business. These types of information are maintained in accounting information systems. There are numerous additional examples that could apply.

28. (SO 3) Explain a supply chain linkage and give an example. A supply chain linkage is the connection of activities in the supply chain, including the entities, processes, and information flows that involve the movement of materials, funds, and related information through the full logistics process – from the acquisition of raw materials to the delivery of finished products to the end user. It therefore includes the linked activities of vendors, service providers, customers, and intermediaries. In addition to the example of McDonald’s buns given in the text, another example would be a shirt sold by the Gap. The Gap’s supply chain linkage would likely include a supplier from whom the shirt was purchased, a manufacturer who assembled and sewed the shirt, a secondary supplier that provided the fabric from which the shirt was constructed, and a farmer who raised cotton used to make the fabric.

29. (SO 4) Explain how business process reengineering occurs. Also, explain how it differs from the typical changes in company policies. With business process reengineering (BPR), the underlying business processes are reengineered to be conducted more efficiently. In other words, a comprehensive rethinking and redesign takes place in order to enhance performance of the process.  A key component of BPR is the leveraging of IT capabilities to improve process efficiencies. BPR differs from typically organizational change in that it involves “thinking outside the box” in order to offer completely new and improved methods for business processes.

30. (SO 5) For an accounts receivable system, what kind of data would be found in the master files and transaction files, respectively? An accounts receivable master file would include relatively permanent data necessary to process customer transactions. This would include a record for each customer. The data in the master file would likely include customer name, address, phone numbers, credit limit, and current balance.  A transaction file for accounts receivable would contain the relatively temporary data that must be processed to update the master file, such as details from individual sales and cash collection transactions from customers.

31. (SO 5) Describe the differences in the following three types of processing:
    1. Batch processing involves the grouping of similar transactions to be processed together;
    2. Online processing involves processing individual transactions, one-at-a-time; and
    3. Real-time processing is an online processing method that involves the immediate processing of individual transactions.

32. (SO 5) The networks discussed in this chapter were LANs, Internet, intranet, and extranet. Explain each. A LAN is a computer network that spans a relatively small area such as a building or group of buildings within a business organization. The Internet is the global computer network made up of millions upon millions of computers and subnetworks throughout the world. An intranet is an organization’s private computer network, accessible only by employees of that organization to share data and manage projects.  An extranet is an expansion of an intranet that allows limited access to designated outsiders such as customers and suppliers.

33. (SO 7) Give a brief summary of each of the following:
    1. enterprise risk management is an ongoing strategy-setting and risk assessment process that is effected by top management but involves personnel across the entire entity.
    2. corporate governance is an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process.
    3. IT governance is the corporate governance process that applies specifically to the proper management, control, and use of IT systems.
34. (SO 9) Describe why accountants should be concerned about ethics. Accountants should be concerned about ethics because accounting information systems are often the tools used to commit or cover up unethical behavior. Accountants need to be aware of the possibility of fraud within the AIS so that they can help develop and implement effective internal controls to reduce the risk of such unethical acts. In addition, accountants need to be prepared to resist the temptation to commit unethical acts and to avoid being coerced into assisting with a fraudulent cover-up.

35. (SO 9) Kelli Droyer is currently pursuing her accounting degree at Bromfeld University. She has excelled in each of her major courses to date; however, she tends to struggle in her computer classes and with assignments requiring use of computer technology.  Nevertheless, Kelli confidently claims that she will become an excellent accountant.  Comment on the practical and ethical implications of her position.  Kelli is mistaken in her position for the following reasons:

• Practically speaking, accountants need to be well-informed about the operation of accounting information systems, which nearly always involve computer technology. The AIS is the foundation of most accounting functions, so to resist computer technology would be unreasonable, if not impossible. Also, in order to assist in developing internal controls, accountants must understand the processes within the AIS, including the use of technology, so that effective controls can be developed and implemented to reduce risks.
• Ethically speaking, accountants need to be well-informed about the operation of the AIS so that they are poised to recognize fraud and errors that may occur. Without an understanding of the underlying technology, accountants would be unable to effectively capture and monitor business processes. Rather than fulfilling her responsibility as an accountant to develop and implement internal controls, Kelli’s ignorance of the AIS could actually allow fraud to be perpetrated without being prevented or detected.

For these reasons, Kelli’s viewpoint is quite dangerous.

Problems

36. (SO 2) If an accounting information system were entirely a manual system (no computers used), explain how data would be captured, recorded, classified, summarized, and reported. Discuss how the sophistication of the company’s computer system impacts the accounting output and, alternatively, how the requirements for accounting outputs impact the design of the accounting information system. In a manual accounting information system, data would be captured on source documents and recorded by hand in subledgers or special journals. Account classifications would be determined by the accountants responsible for recording the transaction. The accountants would perform mathematical computations to summarize the records and post them to a general ledger. The general ledger would be manually summarized at the end of the period so that financial statements could be prepared. The financial reports would be manually compiled based on the ending general ledger balances.  Since a great deal of paper and human processing are required for a manual system, it is prone to error. More sophisticated, computer-based systems tend to produce more output that is more accurate because they are programmed to process data consistently. They also use programming to perform mathematical computations, which promotes accuracy and time savings. Therefore, IT usage to support business processes results in increased accuracy, increased efficiency, and reduced costs.

The requirements for accounting outputs impact the design of the AIS. Work steps within a business process can be designed to capture data in a manner that is consistent with the desired content and format of the related output.  This promotes efficiency and effectiveness of the overall process.  When business process reengineering is used to design business processes, IT systems can be introduced to take advantage of the speed and efficiency of computers to enhance the AIS.

37. (SO 1,3) Classify each of the following processes as either a revenue process, expenditure process, conversion process, or administrative process:
    1. Selling common stock to raise capital – ADMINISTRATIVE
    2. Purchasing electronic components to manufacture DVD players – EXPENDITURE
    3. Moving electronic components from the stockroom to the production floor to begin making DVD players – CONVERSION
    4. Paying employees at the end of a payroll period – EXPENDITURE
    5. Preparing financial statements – ADMINISTRATIVE
    6. Receiving cash payments from customers – REVENUE
    7. Buying fixed assets – EXPENDITURE
    8. Moving manufactured DVD players from the production floor to the warehouse – CONVERSION

basic animal nutrition

38. (SO 1) Business processes are composed of three common stages: an initial event, a beginning, and an end. For items a through h listed in Problem 47, identify the applicable initial event, beginning, and end of the process. Student responses may vary as their experiences are likely to be different. Different businesses may have different events that trigger these processes; however, the following are common examples:

1. Selling common stock to raise capital: Initial Event – Contacting and communicating with investors; Beginning – Receiving consideration from investor; End – Recording transactions in the accounting records.
2. Purchasing electronic components to manufacture DVD players: Initial Event – Receiving a purchase request from operations personnel; Beginning – Placing an order with a supplier; End – Recording the payment for the component parts.

Moving electronic components from the stockroom to the production floor to begin making DVD players: Initial Event – Receiving a request from the Production department for the movement of materials; Beginning – Removing

textbook solutions

textbook solutions

Chapter 15

ERP Systems

 business market management understanding

Instructor Manual

 

• Overview Of ERP Systems. An Enterprise Resource Planning (ERP) system is a multi-module software system that integrates all business processes and functions of the entire organization into a single software system, using a single database.  Each module is intended to collect, process, and store data of a functional area of the organization and to integrate with related processes.   The ERP system is also part of the IT infrastructure that has enhanced and enabled e-commerce and e-business.  ERP systems and e-business are mutually supporting parts of the organization.  ERP systems enhance e-business and e-business has enhanced the process efficiency of ERP systems.  ERP software operates on a relational database such as Oracle, Microsoft SQL Server, or IBM’s DB2.  An ERP system includes the following components:

  Modules within the ERP system:

1. Financials
2. Human resources
3. Procurement and Logistics
4. Product Development and Manufacturing
5. Sales and Services
6. Analytics

 business market management understanding

Data in a(n)

1. Operational database
2. Data warehouse

   These components are tightly integrated and affect each other.  For example, the manufacturing modules and data are integrated so that sales personnel can immediately see production schedule information, and therefore, give customers more accurate information about product delivery dates.

• The History Of ERP Systems. ERP systems can be traced back to software that was developed during the 1960’s and 1970’s to track inventory in manufacturing companies. The first generation of this software was called Materials Requirements Planning (MRP) software.  MRP software evolved into Manufacturing Resource Planning (MRP II) systems. MRP II was much more broad and encompassing that MRP software by including resources beyond raw materials to support manufacturing needs.   The early pioneers of ERP systems were working on a broader concept of information system software to expand the scope of MRP and MRP II systems.  Systems, Applications and Products in Data Processing (SAP) designed the first true ERP system that was called SAP.  SAP was intended to integrate all business processes, not just manufacturing, and to make data available in real time.  To the financial accounting system, they added modules for Materials Management, Purchasing, Inventory Management and Invoice Verification. SAP release 2, or SAP R/2 was released in 1978.  In 1992, SAP released its third version of SAP called SAP R/3.  Two important features led to a tremendous growth in the demand for SAP R/3.  It used client-server hardware architecture and it was also designed with an open-architecture approach, allowing third-party companies to develop software that will integrate with SAP R/3.  Companies such as Oracle Corporation, PeopleSoft, J.D. Edwards and Baan produced competing ERP systems. During the last half of the 1990s, there was a very rapid growth in the sales of ERP software to Fortune 500 companies.  The two major contributing factors to this growth were 1) explosive growth of e-commerce and the dot-com boom that occurred in the late 1990s, and 2) concerns about Y2K compatibility of legacy systems.  ERP systems have further evolved to include customer relationship management (CRM) and supply chain management (SCM) modules.
• Current ERP System Characteristics. Because of the decline in the stock market and the tragic events of September 11, 2001, nearly all companies made drastic reductions in expenditures on IT systems and software.  IT spending on ERP systems was flat between 2001 and 2003.  Beginning in 2004, the amount of IT spending on ERP systems began to rise again.  In 2005, spending on ERP systems increased above the level in 2004.  ERP spending in 2005 was up 16% over 2004.  Some of the reasons for this increased ERP spending are:
  • ERP systems are so important to daily operations that companies cannot allow them to become outdated.
  • The need to improve customer service through standardizing and combining business processes.
  • Global companies that operate in several countries may have separate ERP systems in various countries and wish to change to one system.
  • Aging ERP systems that were installed prior to Y2K need replacement to meet competitive demands faced by companies.
  • Bigger IT budgets replace leaner budgets in goods economic times.
  • To enhance compliance with the Sarbanes-Oxley Act.
  • To take advantage of new IT technologies such as cloud-based ERP systems.
• ERP Modules
  • The finance module contains the general ledger and subsidiary ledgers for processes such as purchases, cash disbursements, sales, cash receipts, and the remaining processes.  The difference between a typical accounting software system and the financials module of an ERP system is that the financials module is tightly integrated to the other modules on a real-time basis.   This means that as events occur in the organizations, the data is updated in data that can be considered the subsidiary ledgers and the general ledger in real-time.
  • Human Resources. This module in an ERP system incorporates all human resource and payroll processes and data.  This would include all employee information on processes such as performance review, raises, and current wage and deductions.
  • Procurement And Logistics. This ERP module includes all processes related to the purchase and movement of materials and finished goods.  In addition, all processes and data resulting from the movement of raw materials and finished goods are part of this module.
  • Product Development And Manufacturing. The planning and scheduling of production and the management of production is incorporated into this module.
  • Sales And Services. All processes involved in taking and filling customer orders are incorporated into this module.
  • The ERP system is designed to incorporate all enterprise processes into a single database that can be uploaded to a data warehouse.  Data mining and analytical techniques can be employed to gain management insights.  This module in the ERP system incorporates the appropriate data mining and analytical tools to provide reports to management
  • Supply Chain Management. Supply chain management is the management and control of all materials, funds, and related information in the logistics process from the acquisition of raw materials to the delivery of finished products to the end user (customer).  These processes in the supply chain involve trading processes from a supplier to a business, as well as trading processes between the business and its customers and other intermediaries.  Similar to internal processes, these trading processes can experience improved efficiency by using ERP systems to initiate, record, store, and report these processes.
  • Customer Relationship Management. An example of a CRM would be a database of detailed customer information that management and salespeople can reference.  This database generally includes information regarding customers’ purchases, which can be used to do things such as match customer needs with products, inform customers of service requirements, and analyze customer buying behavior.
• Market Segments Of ERP Systems. Tier One includes software often used by large, multi-national corporations.  Tier Two is software used by mid-size businesses and organizations.
  • Tier One Software. Tier one software is usually implemented in very large organizations and is extremely expensive.  A minimum cost to purchase tier one ERP software is approximately $350,000.  Often the cost of the software with all desired modules exceeds $1 million and consulting fees to implement the software can add an extra cost of $1 million or more.  The three most popular ERP systems in tier one are SAP, Oracle, and Peoplesoft.
  • Tier Two Software. Tier two ERP software is intended for organizations in the range of approximately $25 to $250 million in sales.  There are many ERP software systems in the tier two market.  Some of the popular ERP systems are Axapta, Epicor, MAS 500 ERP, Dynamics ERP, and Macola ERP.  ERP software systems such as these have a price range between $30,000 and $100,000.
  • In addition to this trend, all ERP vendors have developed ERP products for cloud computing. For example, SAP offers a cloud-based ERP system for small to medium sized entities (SME’s) called SAP Business ByDesign.  Since it is a cloud-based system, customers who use this software need only a small IT system.  The ERP system can be used through a computer with Internet access and a Web browser.
• Implementation Issues Of ERP Systems.
  • Hiring A Consulting Firm. Very frequently, organizations considering an ERP implementation hire a consulting firm to assist with all or part of an ERP implementation.  If a consultant is hired to assist in the entire process, the consulting firm will help with the remaining factors below.  For example, the consulting firm is likely to assist the organization in evaluating and selecting an ER system, implementing the software, and training employees to use the new system.
  • The Best Fit ERP System. While ERP systems encompass all business processes, each vendor’s software has special areas of strengths.  For example, SAP’s ERP system evolved from Manufacturing Resources Planning (MRP II) software and therefore has been considered particularly strong in its manufacturing related modules. Thus, a manufacturing firm might prefer SAP to Peoplesoft.  Peoplesoft evolved from a Human Resources software system and therefore has been known for its particularly strong HR modules. The organization must consider its business processes and how well each ERP system operates for those processes.  Consulting firms are often used to assist in selecting an ERP system.
  • Which Modules To Implement. Each additional module that an organization chooses to purchase and implement adds cost, implementation time, and implementation difficulties.  For some processes, a company may choose to keep a legacy system, rather than purchase an ERP module for that set of processes.  For example, a company may have an existing legacy system that records and reports fixed asset processes.  Rather than purchase a fixed asset module of an ERP system, the organization may chose to use the legacy system. When determining whether to purchase a particular module, the organization must also recognize that there are also many problems inherent in integrating a legacy system into an ERP system.
  • Best Of Breed, Or ERP Module. ERP systems have broad appeal across many types of organizations and this appeal is accomplished by building ERP modules around standard, generic business processes.  Therefore, some experts believe that an organization is better served by using the ERP system for many processes, but to select some modules from other vendors that are “best of breed”.  Best of breed is a term that means it is the best software on the market for a particular type of business process and for this size of an organization.  A “best of breed” approach is usually applied when an organization has some processes that may be different from the generic processes.
  • Business Process Reengineering. BPR is an important aspect of ERP system implementation.  Since most organizations processes do not match the processes in the ERP system for any individual module, BPR is usually undertaken to make the business processes more compatible with the ERP modules.  For example, an organization’s sales and delivery processes may not currently be done in the same manner as the ERP system was written to handle such processes.  Since ERP systems have been developed through many years of working experience with many organizations, the ERP systems are usually built around effective and efficient process steps.  This fact means that organizations are usually best served by BPR to change their processes to match those in the ERP system.  This BPR not only makes the process more efficient, but it allows the organization to improve process efficiency by capturing the extra efficiencies of the advanced IT processes in the ERP system.
  • Customization Of The ERP System. Most consultants and experts would recommend that the number of customizations be limited to the least amount necessary.  The two primary reasons for limiting customization is cost and upgrading of the system.  Any customizations may require changing or writing new programming code and this can be a very expensive and time-consuming task.  The cost of customization can easily exceed the cost of packaged ERP software.  Second, any customizations cannot be automatically incorporated when the ERP vendor provides an upgraded version of the ERP system.  Therefore, upgrading to the next version may mean losing any customization.
  • The Costs Of Hardware And Software. Implementation of ERP systems usually requires the purchase of new computer hardware, systems software, network equipment and security software.  For ERP implementation in large organizations, hardware costs often exceed one million dollars while in mid-sized organizations, hardware typically costs about half a million dollars. The cost of an ERP software system varies depending on the size of the organization, the number of modules to implement, and whether any “best of breed” modules are to be purchased.  A minimum cost of tier one ERP systems is approximately one million dollars, and in the largest corporations, the total cost can be as much as $100 to $200 million.
  • Testing Of The ERP System. The primary measure of success for ERP implementation is ERP integration.   Because an ERP implementation may involve much integration of various modules, legacy systems, and modules from other vendors, it is imperative that these systems be tested extensively prior to implementation.
  • Data Conversion. Conversion from data in legacy systems to RDBMS can be error prone and time-consuming.   Often the data must be cleansed and errors must be corrected prior to conversion.  An ERP system is intended to bring many data sources into a single database.  The various operational databases of the legacy systems might have incompatible data in several different formats.  An appropriate amount of time, effort, and dollars must be devoted to the proper cleansing and conversion of data.
  • Training Employees. Training is necessary because workers often have to learn a new set of processes. This is a step that organizations should not take lightly.  Poorly trained employees may prevent the organization from fully realizing the benefits or the ERP system, and can cause errors and problems in the processes.  Such errors can disrupt business processes and introduce incorrect data into the system.
  • The Methods Of Conversion To ERP Systems. In the Big Bang approach to implementation, companies implement all modules and all functional areas of the ERP system at once.  This approach requires a tremendous amount of planning and coordination across the entire company.  If well-planned and executed, the Big Bang approach has the potential to reduce the time and cost of implementation.  Although the big bang method dominated early ERP implementations, it partially contributed the higher rate of failure in ERP implementation. Today, not many companies dare to attempt it anymore. In a location-wise implementation of an ERP system, the organization chooses a specific location or sub-unit of the organization and implements the ERP system in that location only.  This approach can be considered a “pilot” approach in which the ERP is first carried out in a sub-unit of the larger organization.  This means that any resulting problems will be isolated within the pilot unit so that the entire organization is not impacted.  In a modular implementation, the ERP system is implemented one module at a time. The implementation team will normally focus on the most critical module first and complete the implementation of modules in descending order.  This allows the organization to take advantage of the new features of the module in the ERP system without affected all processes in the organization.
• Benefits And Risks Of ERP Systems.
  • Benefits Of ERP Systems.
    • The interactive nature of the modules that allows processes to interact with each other.
    • The real-time nature of processing that decreases the total processing time and allows more immediate feedback to management.
    • Benefits to companies from the “best practices” nature of the processes in ERP systems.
    • The single database that enhances sharing of information between the business’ functional areas and between processes.
    • The capability to analyze large amounts of data in a single database by using analytical tools are incorporated in ERP systems that allow detailed analysis of the data.
    • The capability to enhance e-commerce and e-business.
    • The capability to interact in real-time with trading partners.
    • The capability of ERP systems to grow with the business.
  • Risks Of ERP Systems. The implementation risks inherent in an ERP implementation are very similar to risks of implementing any IT system.  However, the scope, size, and complexity of an ERP system increase many of these risks.  Since the intent of an ERP system is to implement the system across the entire enterprise and to incorporate all business processes into the ERP system, the scope, size, and complexity increase tremendously.  This large scope, size, and complexity cause the implementation of an ERP system to be very costly, time consuming, and potentially disruptive to current operations.  The second category of risks is operational risks.  If an IT system fails, it can stop or disrupt operations.  In legacy systems that are not enterprise-wide, a failure of that legacy system may stop or disrupt only part of the organization’s processes.  For example, if a separate legacy system for payroll fails, it would not necessarily disrupt sales or purchase process.  However, an ERP system would normally incorporate all business processes.  Therefore, if the ERP system fails, it has the potential to stop or disrupt all processes across the entire enterprise.
    • ERP Systems And The Sarbanes-Oxley Act Of 2002. Segregation of duties is an important part of internal control that can help prevent errors and fraud.  Segregation, and monitoring segregation can be enhanced with ERP systems.  To effectively use this function of an ERP system, there are important steps the company should accomplish.

1. Establish and maintain a list of incompatible duties.
2. As user ID and passwords are assigned to employees, insure that they are given access and authority only to those parts of the system required.
3. Promotions or other job changes may lead to changes in an employeeès access or authorizations. It is important that a company review the user profile and change any access and authority levels as necessary.
4. Configure the ERP system to track and report any instances where an employee initiated or recorded an event with conflicting abilities.
5. Monitoring these periodic reports or real-time reports allows the appropriate manger to determine if user profiles should be changed to prevent future conflicting abilities.

 business market management understanding

This process can assist management in monitoring internal control, monitoring errors and problems, and monitoring exceptions to internal controls.  An ERP system can also produce other reports related to monitoring internal controls.  The main purpose of these reports is to ensure that transactions are carried out only in accordance with management’s authorization and that unauthorized transactions are prevented or detected.  They also provide objective evidence that management can use when assessing compliance with Sarbanes-Oxley internal control requirements.

  business market management understanding

lutions

test bank

Chapter 14 – E-Commerce and E-Business

 

Instructor Manual

 brock biology of microorganisms

• An Introduction To E-Commerce And E-Business. E-business is the use of electronic means to enhance business processes.  E-business encompasses all forms of on-line electronic trading, consumer-based e-commerce, plus business-to-business electronic trading and process integration, as well as the internal use of IP and related technologies for process integration inside organizations.  E-commerce is electronically enabled transactions between a business and its customers.  E-business is a broader concept that includes not only electronic trade with customers, but also servicing customers and vendors, trading information with customers and vendors, and electronic recording and control of internal processes.  The most common method of conducting e-commerce and e-business uses the Internet to electronically exchange data.  However, there are other forms of conducting business electronically.  These other methods, such as EDI and EFT, use private lines or value-added networks (VAN) to connect companies together electronically.
• The History Of The Internet. In 1965, a researcher at MIT connected a computer in Massachusetts to a computer in California using dial-up telephone lines.  In 1969, the large computers at four major universities were connected via leased telephone lines.  This network grew into a network used by the United States Defense Advanced Research Project Agency and was called ARPANET.  Packet switching and routers are necessary to send data over the network.  Packet switching is the method used to send data over a computer network.  A router is an electronic hardware device that is located at the gateway between two or more networks.  The router forwards these  brock biology of microorganisms packets of data along the best route so that the data reaches its destination.  E-mail,
• which is simply another form of data that can be transmitted over a network, was adapted to ARPANET in 1972.    Ray Tomlinson, of BBN Technologies, developed the idea of using the @ symbol to separate the username from the address. To share data over various computers on a network, a common communication method, or protocol is needed. A protocol is a standard data communication format that allows computers to exchange data.  In the 1970’s, BBN technologies helped develop the TCP/IP protocol that continues in use in the Internet today.  In 1986, the National Science Foundation funded and began to develop a backbone set of servers, gateways, and networks that eventually became what we now call the Internet.  In 1993, Marc Andreessen developed the first graphical user interface (GUI) browser that he named Mosaic.  In 1995, the NSF relinquished control of the Internet backbone to commercial enterprises and the NSF funded backbone was separated from the Internet and returned to a research network.  Since that time, all Internet traffic has been routed through commercial networks.  There was exponential growth of the Internet during the late 1990’s.
• The Physical Structure And Standards Of The Internet.
  • The Network. The Internet is comprised of backbone providers, network access points, regional Internet Service Providers (ISPs), local ISPs, and Internet subscribers.  A backbone provider is an organization that supplies access to high-speed transmission lines that make up the main network lines of the Internet.  Regional ISPs connect to the backbone through lines with less speed and capacity than the backbone.  Local ISPs connect individual users to the Internet.  These Internet subscribers are connected to local ISPs using either dial-up modems, digital subscriber lines (DSL), or cable TV lines.  A Web server is a computer and hard drive space that stores Web pages and data.  These Web servers respond to requests for Web pages or data, and transmit the Web pages or data over the network. Solution manual
  •  brock biology of microorganisms
  • The Common Standards Of The Internet. Since any computer can theoretically link to any other computer on the Internet, there must be common and standard methods to display and communicate the data transmitted via the Internet.  The standard protocol is TCP/IP.  HTML is hypertext markup language.  Nearly all Web sites use HTML to format the words, data, and pictures that you see on a Web page.  In addition to a standard communication protocol and a standard formatting language for Web pages, there must also be a common addressing method to store and locate Web pages.  The addresses of Web sites and Web pages use a Uniform Resource Locater (URL) address. Domains have a suffix that indicates the type of organization owning the rights to that domain name. These include .com for companies, .edu for educational institutions, and .org for non profit organizations.  There are specialized servers on the Internet called Domain Name Servers (DNS), the function of which is to store, index, and provide the IP address for each domain name.  Secure Sockets Layering is an encryption system in which the Web server and the user’s browser exchange data in encrypted form.
• E-Commerce and Its Benefits. In our context, e-commerce will refer to web-based e-commerce.  Also, e-commerce will refer to business to consumer (B2C) sales. Conversely, e-business will include business to business (B2B) electronic transactions.  B2C sales are usually conducted between a retail or service company and a consumer, wherein the consumer interacts with the business via the website.  Both parties benefit from the increased access to the market, the speed and convenience of e-commerce, and ability to share information.
  • Benefits Of E-Commerce For The Customer. .

1. Access to broad market for goods and services. By using e-commerce, the customer is not constrained by geography or geographic boundaries.
2. E-commerce provides more convenient shopping for customers.
3. The wider access to the marketplace provides more choices to the customer.
4. E-commerce is likely to provide lower prices.
5. The information sharing aspect of the Internet and World Wide Web allows the customer to exchange information with businesses before, during, or after the purchase.
6. E-commerce can allow quicker delivery of the product.
7. Customers can receive targeted marketing from businesses that they frequently purchase from.

• Benefits Of E-Commerce For The Business.

1. A broader market, including the potential of a global market for even small businesses
2. Dramatically reduced marketing costs.
3. The potential for much richer marketing concepts that include video, audio, product comparisons, and product testimonials or product tests.
4. The company can quickly react to changes in market conditions.
5. The business using e-commerce is likely to experience reduced order processing and distribution costs.
6. The convenience aspect of e-commerce for the customer means that the business is likely to experience higher sales.
7. Higher sales coupled with reduced marketing, order processing, and distribution costs can lead to much higher profits
   • The Combination Of E-Commerce And Traditional Commerce. Traditional forms of commerce are catalog and store commerce. However, in the retail environment of today, most retailers or service businesses use a combination of traditional commerce and e-commerce.  Traditional forms of commerce have changed to incorporate e-commerce.  However, the reverse is true also. Many e-commerce retailers that began purely as e-commerce forms of business have found that they must add the traditional customer interaction in the form of stores or offices.  A company that is purely traditional stores in e-commerce is called a brick and mortar  At one point in the evolution of e-commerce, businesses that were purely web-based were called e-tailers.  As businesses merged the two, the combined form of business is referred to as a clicks and mortar business.  Alternatively, some call this form of business bricks and clicks.

• Privacy Expectations in E-Commerce. The fourth risk area of IT systems described in the AICPA Trust Services Principles is “Online Privacy”.  The Trust Services Principles say that the “online privacy principle focuses on protecting the personal information an organization may collect from its customers through its e-commerce systems.”  The Trust Services Principles explain ten privacy practices that an organization should follow to insure adequate customer confidence regarding privacy of information, as follows:
  • Management
  • Notice
  • Choice and Consent
  • Collection
  • Use and retention
  • Access
  • Disclosure to third parties Solution manual
  • Security for privacy
  • Quality
  • Monitoring and enforcement
• E-Business and IT Enablement. The business processes enabled by IT systems can be internal processes and external processes. Examples of internal processes are the movement of raw materials within a company, the timekeeping and labor management of workers, the dissemination of employee information such as health and retirement benefits, and the sharing of data files among workers.  Examples of external processes are those that involve suppliers and distributors.  The supply chain is the set of linked processes that take place from the acquisition and delivery of raw materials, through the manufacturing, distribution, wholesale, and delivery of the product to the customer.  The inter-dependency of entities in the supply chain implies that companies should be interested in enhancing and streamlining the processes and exchanges that occur throughout the supply chain.  Any of these processes or linkages between entities can be enabled or enhanced by the use of IT systems.  These interactions between the entities within the supply chain can be a point at which e-business can be applied.  E-business can streamline or reduce costs along any of these interactions within the supply chain.

• B2B – A Part Of E-Business.  B2B is the sale of products or services between a business buyer and a business seller that is electronically enabled by the Internet.  In B2B sales, neither buyer nor seller is an end-user customer.  B2B transactions between supplier and buyer conducted via the Internet offer many advantages to both parties.  Internet based transactions offer a wider potential market, reduced transaction cost, and higher profits.  B2B will also result in faster cycle times for the purchases from suppliers.  This results from the increased efficiency of processing transactions via the Internet.  B2B transactions involve two IT systems exchanging data through the Internet network.  The Internet allows companies to reduce or eliminate manual activities such as keying the order into the computer system, mailing documents to initiate the order, entering receipt of goods, and the keying of documents to initiate payment.    This eliminates data errors since data may longer be manually keyed into the system.  When comparing B2C and B2B, the following is true of B2B:

• The order would have many line items and the dollar amount of each sale is usually large.
• A B2C sale might be a single item, while a B2B sale might be tons of raw materials.
• The B2B sale will have specific shipping details such as type of carrier used, delivery dates, and locations of delivery such as different plants within the company.
• The B2B transaction can involve electronic forms of standard business documents such as purchase order and invoice.
• The B2B transaction is between buyer and supplier and both parties usually have a pre-existing relationship. These parties would have already negotiated many of the details of the transaction such as the determination of prices, discounts, payment terms, credit limits, delivery dates, and delivery locations.
• E-Business Enabling Examples. The Internet can be used in so many different ways to streamline business processes, reduce operational costs, and enhance efficiency that it is difficult to describe the entire range of e-business possibilities. Some examples are:
  • General Electric using e-business to affect the four areas of “buy, make, sell, and strategic”.
  • General Motors applying Internet and IT systems to reduce costs through e-business based marketing, e-business management of products and parts.
  • Komatsu, who recently established an application utilizing e-business that allows distributors to access price quotations online for warranties.
  • Kenworth Truck Company dealers using e-business to provide better service to customers that buy Kenworth trucks. The Internet link between the customer, dealer, and Kenworth allows the customer to generate part inventory orders automatically when the parts need to be reordered.
  • 3M customers can design more effective visual advertising or retail space by using advanced visual software in a cloud application to scientifically analyze reactions to advertisements.
• Intranets And Extranets To Enable E-Business. An intranet is a private network accessible only to the employees of a particular company.  The purposes of an intranet are to distribute data or information to employees, to make shared data or files available, and to manage projects within the company.  An extranet is similar to an intranet except that it offers access to selected outsiders such as buyers, suppliers, distributors, or wholesalers in the supply chain.
• Internal Controls for the Internet, intranets, and extranets. Customers, suppliers, and employees need different levels of access, and access to different types of data. Therefore, a company must carefully implement and maintain proper controls over Internet, extranet, and intranet network connections. Access can be limited through firewalls and user authentication.
• XML And XBRL As E-Business Tools. XML is eXtensible Markup Language. XML is a rich language designed specifically to facilitate the exchange of Web documents. Using XML, designers create customized data tags that enable the definition, transmission, validation, and interpretation of data between applications and between organizations via Web pages.   Internet EDI (referred to as EDIINT) uses the Internet to transmit business information between companies.  There are several advantages to using the Internet or extranets to transmit EDI when compared to private leased lines or VANs.  Internet EDI uses the cost free exchange of the Internet and allows a richer exchange of data by using XML.  As XML becomes the accepted standard in Internet EDI, it will allow companies to exchange more than standard business documents; Spreadsheets, graphs, and databases could all be exchanged by using XML documents to tag the data and the manner in which the data should be presented.   Solution manual
   brock biology of microorganisms
  XBRL is eXtensible Business Reporting Language, which is a XML-based markup language developed for financial reporting.  XBRL provides a standards-based method to prepare, publish, reliably extract, and automatically exchange financial statements.  Using XBRL, dynamic financial statements can be published and manipulated on Web sites.  Financial statements that are coded in XBRL can easily be used in several formats.  They can be printed in paper format, displayed as an HTML Web page, or transmitted to a bank or regulatory agencies as an XML file.  When a financial statement is prepared in XBRL, computer programs such as a Web browser can extract pieces of information from the XBRL file.
• The Ethical Issues In E-Business And E-Commerce. The online privacy principles within the AICPA Trust Services Principles address the ethical obligation for management to treat customer information with due care.  Companies should honestly and fully disclose to customers the data they will collect, how they will protect it, use it, and share it.  Management has an ethical obligation to create and enforce policies and practices that insure private customer data is not misused.

 brock biology of microorganisms