978-1118742938 Chapter 3 Part 2

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 3.7

customers who have been complaining in his absence, would be good ideas. There are just too

many danger signs here to let this situation go unexamined.

Problems

3-12. The scenarios presented in these brief descriptions actually happened. They are

controversial matters and can lead to good classroom discussions. Although there are no right or

wrong answers, the authors suggest the following as preferred responses:

solid ground.

b. An individual’s right to privacy sometimes conflicts with corporate goals. This scenario

points to the importance of developing corporate policies about such matters—especially the

use company-assigned or strong passwords, and (2) explicitly require employees to hide their

passwords from public view can help.

employee.

e. The discovery from this audit is a major red flag. The company should employ a forensic

f. This action is perhaps unethical but not illegal. It is not much different from hiring shills in

live auctions to bid up prices.

as fraud.

3-13. This problem requires students to create a report on a recent computer abuse that they

SM 3.8

easy, the lack of detailed information in most of them usually makes it more difficult to create

3-14. Suggested Control procedures are as follows:

slips of new hires to department managers.

b. The incompatible function in this example allows a clerk to handle cash and to manipulate

the accounts affected by the cash payments.

system.

d. The only way lapping accounts receivable can be performed successfully over this much time

is by continued access and diligent activity. Enforcing the two-week vacation rule usually

thwarts it.

hard disks.

f. This is a breach of confidentiality, and certainly unethical behavior. The employees of

employees understand their importance and seriousness.

3-15. The Association of Fraud Examiners (ACFE) Checklist and points are as follows:

Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman

SM 3.9

Case Analyses

3.16 Find-a-Fraud

1. Potential red flags are: After hours sales, sales during vacation periods, large number of sales

2.

which could indicate the potential for false sales

3. It appears most likely that Employee C is engaged in some form of fraud involving fictitious

year-end.

3-17. The Resort

2. This would be classified as fraud because employees are intentionally deceiving the

3. One obvious control for this application is for the resort to formally adopt a policy

before paying booking commissions. It may also be cost effective for managers to handle

4. Classification will depend on the controls that students identify. Using the first example

resort so that they learn how management expects them to behave in the future, which would

be an example of a corrective control.

5. The lack of accountability is critical to this fraud because it is the resort’s policy of paying

deterrent to others.

3-18. The Department of Taxation

1. a) Confidentiality problems that could arise processing input data and recommended

corrective actions are as follows:

Problems

Controls

1) Unauthorized user of

terminal.

a) Limit physical access to terminal room used for data

input and/or require data input personnel to wear

color-coded badges for identification

b) Use different passwords for each user and change

them frequently

2) Online modification

of program by

operator to by-pass

controls.

a) Prohibit program modification from input or inquiry

terminals

b) Secure the documentation that indicates how to

perform operations other than input of tax returns

c) Do not hire operators with programming skills

d) Prohibit programmers from computer room

3) Use of equipment

for unauthorized

processing or

searching through

files.

a) Use passwords that limit access to only that part of

the system needed for input of current tax data

b) Secure the documentation that indicates how to

perform operations other than input of tax returns

b) Confidentiality problems that could arise processing returns and recommended corrective

actions are as follows:

Problems

Controls

1) Operator

intervention to

input data or to gain

output from files.

a) Limit operator access to only that part of the

documentation needed for equipment operation

b) Prohibit operators from writing programs or modifying the

system

c) Daily review of console log messages and/or run times

2) There might be

attempts to screen

individual returns

on the basis of sex,

race, surname, etc.

a) Institute programming controls such that there is a definite

sequence to creating or maintaining programs. This

sequence should contain reviews at general levels and

complete trial runs.

Problems

Controls

1) Unauthorized user

with a valid

taxpayer ID using

the system.

a) Use a sign-in/sign-out register for persons using the

system

b) Require users to show some form of identification

c) Use a programmed sequence of questions which only valid

users are likely to be able to answer

d) Prohibit phone responses

2) Taxpayer or

regional state

employee use of

equipment for

unauthorized

processing or

searching through

files.

a) Use passwords to limit access to output of tax information

b) Secure the documentation that indicates how to perform

tasks other than taxpayer inquiries

c) Have the terminals lock out for repeated login errors or

attempts to break security

d) Have a code system that logs each entry and data inquiry

by user

e) Provide daily activity reporting to supervisors and/or

auditors showing terminal numbers, user numbers, type of

processing, name of files accessed, and unacceptable

requests

2. Potential problems and possible controls to provide data security against loss, damage, and

improper input or use of data are as follows:

Problems

Controls

1) Loss of tax return

data before any file

updates.

a) Keep copies of tax returns in a safe location and

(temporarily) organized for reprocessing if necessary

b) Maintain a transaction log on backing media for possible

recall

2) Improper input or

use of data during

processing.

a) Verify data entry or enter twice by different operators

b) Prohibit data entry through inquiry terminals

c) Process routine items at specified times, thus preventing

unauthorized runs of vital information

3) Incomplete

processing of tax

returns.

b) Balancing of computer processing at each stage back to

a) Computer prompting of terminal operators for appropriate

input

input and run control totals

SM 3.12

entered from input

or inquiry

terminals.

supervisory action

b) Periodic checks of all software packages so that any

illegal modifications can be detected