CHAPTER 7
CONTROL AND ACCOUNTING INFORMATION SYSTEMS
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
7.1 Answer the following questions about the audit of Springer’s Lumber & Supply
a. What deficiencies existed in the internal environment at Springer’s?
The fiinternal environment” refers to the tone or culture of a company and helps
The internal environment also refers to management’s attitude toward internal
1. Management authority is concentrated in three family members, so there are
2. Since the company has a finear monopoly” on the business in the Bozeman area,
3. Lines of authority and responsibility are loosely defined, which make it difficult
4. Management may have engaged in ficreative accounting” to make its financial
b. Do you agree with the decision to settle with the Springers rather than to prosecute
them for fraud and embezzlement? Why or why not?
Whether or not to settle with the Springers is a matter of opinion, with reasonable
arguments on both sides of the issue.
The reasons for reaching a settlement are clearly stated: the difficulty of
7-1
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
On the other hand, the evidence of fraud here seems strong. If this kind of
7-2
©2018 Pearson Education, Inc.
Accounting Information Systems
c. Should the company have told Jason and Maria the results of the high-level audit?
Why or why not?
Whether or not Jason and Maria should have been told the results of the high-level
audit is also a matter of opinion. The investigative team is apparently trying to keep
its agreement to maintain silence by telling as few people as possible what really
happened. On the other hand, Jason and Maria were the ones who first recognized
the problems; it seems only right that they be told about the outcome.
Many lessons may be drawn from this story.
1. Auditors should view the condition of an organization’s control environment as
2. Fraud is more easily perpetrated and concealed when many perpetrators are
3. Purchasing and payroll are two areas that are particularly vulnerable to fraud.
4. Determining whether fraud has actually occurred is sometimes quite difficult,
5. Frauds do occur, so auditors must always be alert to the possibility of fraud.
6. Auditors should not accept management’s explanations for questionable
7.2 Effective segregation of duties is sometimes not economically feasible in a small
business. What internal control elements do you think can help compensate for this
threat?
Small companies can do the following things to compensate for their inability to implement
an adequate segregation of duties:
Effective supervision and independent checks performed by the owner/manager may
Fidelity bonding is a second form of internal control that is critical for persons
7-3
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
Document design and related procedures are also important to internal control in this
Document design should include sequential prenumbering to facilitate subsequent review.
Where appropriate, employees should be required to sign documents to acknowledge
7-4
©2018 Pearson Education, Inc.
Accounting Information Systems
In small organizations, management can use computers to perform some of the
7.3 One function of the AIS is to provide adequate controls to ensure the safety of
organizational assets, including data. However, many people view control procedures
as fired tape.” They also believe that, instead of producing tangible benefits, business
controls create resentment and loss of company morale. Discuss this position.
Well-designed controls should not be viewed as fired tape” because they can actually
Consider a control procedure mandating weekly backup of critical files. Regular
performance of this control prevents the need to spend a huge amount of time and money
It is probably impossible to eliminate resentment or loss of morale among all employees,
but these factors may be minimized if controls are administered fairly and courteously.
Of course, there is a cost-benefit tradeoff in implementing internal controls. If an
Another factor is the obtrusiveness of the controls. When the user sees no clear need or
7-5
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
7.4 In recent years, Supersmurf’s external auditors have given clean opinions on its
financial statements and favorable evaluations of its internal control systems. Discuss
whether it is necessary for this corporation to take any further action to comply with
the Sarbanes–Oxley Act.
The Sarbanes-Oxley Act of 2002 (SOX) applies to publicly held companies and their
SOX has had a material impact on the way boards of directors, management, and
As a result of SOX, Supersmurf’s management and their audit committee must take a more
Audit Committee
Audit committee members must be on the company’s board of directors and be
Management
The CEO and CFO at companies with more than $1.2 billion in revenue must prepare
Management must prepare an annual internal control report that states
7-6
©2018 Pearson Education, Inc.
Accounting Information Systems
oManagement assessed the company’s internal controls and attests to their
oAuditors were told about all material internal control weaknesses and fraud
7-7
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
Management must base its evaluation on a recognized control framework, developed
SOX also specifies that a company’s auditor must attest to as well as report on
7.5 When you go to a movie theater, you buy a prenumbered ticket from the cashier. This
ticket is handed to another person at the entrance to the movie. What kinds of
irregularities is the theater trying to prevent? What controls is it using to prevent
these irregularities? What remaining risks or exposures can you identify?
There are two reasons for using tickets.
1. The theater is trying to prevent cashiers from stealing cash by providing greater control
2. Prenumbered tickets are also used so cashiers cannot give tickets to their friends. The
7-8
©2018 Pearson Education, Inc.
Accounting Information Systems
7.6 Some restaurants use customer checks with prenumbered sequence codes. Each food
server uses these checks to write up customer orders. Food servers are told not to
destroy any customer checks; if a mistake is made, they are to void that check and
write a new one. All voided checks are to be turned in to the manager daily. How
does this policy help the restaurant control cash receipts?
The fact that all documents are prenumbered provides a means for accounting for their use
7.7 Compare and contrast the following three frameworks: COBIT, COSO Integrated
Control, and ERM.
The COBIT Framework consolidates systems security and control standards into a single
1. Business objectives, to ensure information conforms to and maps into business
objectives.
2. IT resources, including people, application systems, technology, facilities, and data.
3. IT processes, including planning and organization, acquisition and implementation,
It has five components:
1. Control environment, which are the individual attributes, (integrity, ethical values,
7-9
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
2. Control activities, which are control policies and procedures that help ensure that the
COSO’s Enterprise Risk Management Framework is a new and improved version of the
Integrated Control Framework. It is the process the board of directors and management use
to set strategy, identify events that may affect the entity, assess and manage risk, and
provide reasonable assurance that the company achieves its objectives and goals. The basic
principles behind ERM are:
Companies are formed to create value for their owners.
ERM adds three additional elements to COSO’s IC framework:
Because the ERM model is more comprehensive than the Internal Control framework, it
will likely become the most widely adopted of the two models.
7-10
©2018 Pearson Education, Inc.
Accounting Information Systems
7.8 Explain what an event is. Using the Internet as a resource, create a list of some of the
many internal and external factors that COSO indicated could influence events and
affect a company’s ability to implement its strategy and achieve its objectives.
An event is fian incident or occurrence emanating from internal or external sources that
affects implementation of strategy or achievement of objectives.” An event can have a
positive or a negative impact.
The following table lists some of the many internal and external factors that COSO indicated
could influence events and affect a company’s ability to implement its strategy and achieve its
COSO’s Nine ERM Event Categories
EVENT CATEGORIES
External Factors Internal Factors
ECONOMIC INFRASTRUCTURE
• Availability of capital; lower or higher costs
of capital
• Inadequate access to or poor allocation of
capital
7-11
©2018 Pearson Education, Inc.
Ch. 7: Control and Accounting Information Systems
NATURAL ENVIRONMENT PERSONNEL
• Natural disasters such as fires, floods, or
earthquakes
• Workplace accidents, health or safety
concerns
POLITICAL PROCESS
• Election of government officials with new
political agendas
• Process modification without proper change
management procedures
SOCIAL TECHNOLOGY
and services demand or creates buying
opportunity
TECHNOLOGICAL
7-12
©2018 Pearson Education, Inc.
Accounting Information Systems
7.9 Explain what is meant by objective setting and describe the four types of objectives
used in ERM.
1. Strategic objectives are high-level goals that align with the company’s mission,
support it, and create shareholder value. Management should identify alternative
2. Operations objectives deal with the effectiveness and efficiency of company
operations and determine how to allocate resources. They reflect management
3. Reporting objectives help ensure the accuracy, completeness, and reliability of
4. Compliance objectives help the company comply with all applicable laws and
7-13
©2018 Pearson Education, Inc.