Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 14.8
14-16.
a. An edit test for a reasonable number of hours worked would guard against this problem.
Requiring a supervisor to verify hours worked would also be useful.
b. A control should be programmed into the computer enabling the credit manager to cut off
c. This problem could be solved through a separation of duties control procedure and insistence
on the two-week vacation rule.
d. The system should prompt any key-entry operator about which account is being accessed.
example, through a supervisory control. Finally, an informal knowledge of Ben Landsford
may have provided clues to his fraud.
14-17. Among other things, this question is intended to emphasize the importance of
employee relations as a component of computer security. Thus, perhaps the most important
computer files. It is also likely that record counts were not being used since, if they were, there
would have been a discrepancy between the number of records written on the new file and the
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 14.9
14-18.
—————————————--Test for——–——————
——-
APPLICATIONS:
Field name
Numerical Data
Alphabetic Data
Reasonableness
Completeness
Sign
Redundancy
Code from Internal
Table
Sequence
Consistency
INVOICING:
Customer number
X
X
X
X
X
X
Customer name
X
Salesperson number
X
X
X
X
X
X
X
Invoice number
X
X
X
X
Item catalog number
X
X
X
X
X
X
X
Quantity sold
X
X
X
X
X
X
X
Unit price
X
X
X
X
X
Total price
X
X
X
X
SALESPERSON ACTIVITY:
Salesperson number
X
X
X
X
X
X
X
Salesperson name
X
Department number
X
X
X
X
X
Sales volume
X
X
X
X
Regular hours worked
X
X
X
X
Overtime hours worked
X
X
X
X
INVENTORY CONTROL:
Item catalog number
X
X
X
X
X
X
X
Item description
X
Unit cost
X
X
X
X
Units out
X
X
X
X
Units in
X
X
X
X
PURCHASING:
Vendor catalog number
X
X
X
X
X
Item description
X
Vendor number
X
X
X
X
X
X
Number ordered
X
X
X
X
Cost per unit
X
X
X
X
Total amount
X
X
X
X
SM 14.10
14-19.
a. Bank transactions should be pre-coded with either a deposit code or withdrawal code.
the day.
b. An edit test of length would guard against this error.
d. This is a programming error. The program should also be tested first with a test deck. The
f. The computer program which processes this form should compare the first two digits of the
access to authorized users.
h. A batch control total should be used.
1. All systems changes and transactions should be initiated and authorized by user departments.
Case Analyses
14-21. Bad, Bad Benny: A True Story
1. The same person handles all cash functions/lack of segregation of duties, lack of sufficient
too much authority given to one employee.
SM 14.11
2. Set policies for cash handling (e.g., require two signatures on checks over a certain amount,
organizational structure and responsibilities; keep updated list of approved vendors and
3. Testing audit trails (transactions from origination to destination), reconciliations of account
14-22. Hammaker Manufacturing: Security Controls
1. Hammaker Manufacturing (HM) could experience several data security problems if proper
controls are not instituted with the new system. Without proper controls, unauthorized
Confidential data files of a sensitive nature should be protected from unauthorized use.
Personal data, such as personnel records (health records, salary) and customer records
2. HM must incorporate control measures to limit access to the system itself and to the data
Some users may be authorized to use the system, but are not authorized to access all data
3.
equipment:
1) Restrict access to only those who are authorized to use the equipment.
2) Protect against fire damage by installing water-fed sprinkler or carbon dioxide systems.
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 14.12
4) Properly insure all equipment.
(b) Some physical safeguards which can be employed to provide protection for the data are as
follows:
1) Protect the files from deliberate damage by limiting the number of people who have
(c) Possible measures which can be employed to provide physical security for the data
processing center facilities are listed below:
2) Limit access to the data processing center facilities by employing guards, by requiring
personnel to wear security badges, and/or by the use of dial-lock combinations.
14-23. Brazos Valley Inc.
1. At least four computer control weaknesses that existed at BV prior to the flood occurrence
include:
programs.
3) The location of the facility on the ground floor behind large plate glass windows which
SM 14.13
2. At least five components that should be incorporated in a formal disaster recovery plan in
3) Detailed written procedures for recovery of operations, which should include instructions
on obtaining critical information from off-site storage, planning of a communications link
between headquarters and the emergency site, as well as telephone numbers of all the
team members.
3. At least three factors, other than the plan itself, that BV’s management should consider in
formulating a formal disaster recovery plan include: