Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
CHAPTER 7
CONTROL AND ACCOUNTING INFORMATION SYSTEMS
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
7.1 Answer the following questions about the audit of Springer’s Lumber & Supply
a. What deficiencies existed in the internal environment at Springer’s?
apparent:
b. Do you agree with the decision to settle with the Springers rather than to
prosecute them for fraud and embezzlement? Why or why not?
Whether or not to settle with the Springers is a matter of opinion, with reasonable
arguments on both sides of the issue.
c. Should the company have told Jason and Maria the results of the high-level audit?
Why or why not?
7.2 Effective segregation of duties is sometimes not economically feasible in a small
business. What internal control elements do you think can help compensate for this
threat?
Small companies can do the following things to compensate for their inability to implement
an adequate segregation of duties:
7.3 One function of the AIS is to provide adequate controls to ensure the safety of
organizational assets, including data. However, many people view control procedures
as fired tape.” They also believe that, instead of producing tangible benefits, business
controls create resentment and loss of company morale. Discuss this position.
Well-designed controls should not be viewed as fired tape” because they can actually
7.4 In recent years, Supersmurf’s external auditors have given clean opinions on its
financial statements and favorable evaluations of its internal control systems. Discuss
whether it is necessary for this corporation to take any further action to comply with
the Sarbanes–Oxley Act.
The Sarbanes-Oxley Act of 2002 (SOX) applies to publicly held companies and their
independent of the company. One member of the audit committee must be a financial
expert.
• Audit committees hire, compensate, and oversee any registered public accounting
firm that is employed
• Auditors report to the audit committee and not management
• Audit committees must pre-approve all audit and non-audit services provided by its
auditor
found during their internal control tests.
o Auditors were told about all material internal control weaknesses and fraud
o Significant changes to controls after management’s evaluation were disclosed and
corrected
• Management must base its evaluation on a recognized control framework, developed
7.5 When you go to a movie theater, you buy a prenumbered ticket from the cashier.
This ticket is handed to another person at the entrance to the movie. What kinds of
irregularities is the theater trying to prevent? What controls is it using to prevent
these irregularities? What remaining risks or exposures can you identify?
1. The theater is trying to prevent cashiers from stealing cash by providing greater control
2. Prenumbered tickets are also used so cashiers cannot give tickets to their friends. The
number of tickets sold at the cashier counter can be reconciled with the number of
tickets taken by the usher letting patrons into the theater.
7.6 Some restaurants use customer checks with prenumbered sequence codes. Each food
server uses these checks to write up customer orders. Food servers are told not to
destroy any customer checks; if a mistake is made, they are to void that check and
write a new one. All voided checks are to be turned in to the manager daily. How
does this policy help the restaurant control cash receipts?
7.7 Compare and contrast the following three frameworks: COBIT, COSO Integrated
Control, and ERM.
1. Business objectives, to ensure information conforms to and maps into business objectives.
3. IT processes, including planning and organization, acquisition and implementation,
delivery and support, and monitoring and evaluation.
COSO’s Internal Control Framework is widely accepted as the authority on internal
1. Control environment, which are the individual attributes, (integrity, ethical values,
2. Control activities, which are control policies and procedures that help ensure that the
organization addresses risks and effectively achieves its objectives.
4. Information and communication, which is the system that captures and exchanges the
information needed to conduct, manage, and control organizational operations.
5. Monitoring company processes and controls, so modifications and changes can be
made as conditions warrant.
COSO’s Enterprise Risk Management Framework is a new and improved version of the
Integrated Control Framework. It is the process the board of directors and management use
2. Identifying events that may affect the company
3. Developing a response to assessed risk.
The ERM framework takes a risk-based rather than a controls-based approach. As a result,
7.8 Explain what an event is. Using the Internet as a resource, create a list of some of the
many internal and external factors that COSO indicated could influence events and
affect a company’s ability to implement its strategy and achieve its objectives.
An event is fian incident or occurrence emanating from internal or external sources that
affects implementation of strategy or achievement of objectives.” An event can have a
objectives. Lists like these help management identify factors, evaluate their importance, and
examine those that can affect objectives. Identifying events at the activity and entity levels
allows companies to focus their risk assessment on major business units or functions and
helps align the company’s risk tolerance and risk appetite.
COSO’s Nine ERM Event Categories
EVENT CATEGORIES
External Factors
Internal Factors
ECONOMIC
INFRASTRUCTURE
• Availability of capital; lower or higher costs
of capital
• Inadequate access to or poor allocation of
capital
• Rising or declining unemployment rates
• Availability and capability of company
assets
• Price movements upward or downward
• Complexity of systems
• Ability to issue credit and possibility of
default
• Concentration of competitors, customers, or
vendors
• Presence or absence of liquidity
• Movements in the financial markets or
currency fluctuations
• Lower barriers to competitive entry,
resulting in new competitors
• Mergers or acquisitions
• Potential regulatory, contractual, or criminal
legal liability
NATURAL ENVIRONMENT
PERSONNEL
• Natural disasters such as fires, floods, or
earthquakes
• Workplace accidents, health or safety
concerns
• Emissions and waste
• Employees acting dishonestly or unethically
• Energy restrictions or shortages
• Employee skills and capability
• Restrictions limiting development
• Strikes or expiration of labor agreements
POLITICAL
PROCESS
• Election of government officials with new
political agendas
• Process modification without proper change
management procedures
• New laws and regulations
• Process execution errors
• Public policy, including higher or lower
taxes
• Poorly designed processes
• Regulation affecting the company’s ability
to compete
• Suppliers cannot deliver quality goods on
time
SOCIAL
TECHNOLOGY
• Privacy
• Insufficient capacity to handle peak IT
usages
• Terrorism
• Data or system unavailability
• Corporate citizenship
• Poor systems selection/development
• Human resource issues causing production
shortages or stoppages
• Inadequately maintained systems
• Changing demographics, social mores,
family structures, and work/life priorities
• Security breaches
• Consumer behavior that changes products
and services demand or creates buying
opportunity
• Inadequate data integrity
TECHNOLOGICAL
• New e-business technologies that lower
infrastructure costs or increase demand for
IT-based services
• Emerging technology
• Increased or decreased availability of data
• Interruptions or downtime caused by
external parties
