Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 3.7
customers who have been complaining in his absence, would be good ideas. There are just too
many danger signs here to let this situation go unexamined.
Problems
3-12. The scenarios presented in these brief descriptions actually happened. They are
controversial matters and can lead to good classroom discussions. Although there are no right or
wrong answers, the authors suggest the following as preferred responses:
solid ground.
b. An individual’s right to privacy sometimes conflicts with corporate goals. This scenario
points to the importance of developing corporate policies about such matters—especially the
use company-assigned or strong passwords, and (2) explicitly require employees to hide their
passwords from public view can help.
employee.
e. The discovery from this audit is a major red flag. The company should employ a forensic
f. This action is perhaps unethical but not illegal. It is not much different from hiring shills in
live auctions to bid up prices.
as fraud.
3-13. This problem requires students to create a report on a recent computer abuse that they
SM 3.8
easy, the lack of detailed information in most of them usually makes it more difficult to create
3-14. Suggested Control procedures are as follows:
slips of new hires to department managers.
b. The incompatible function in this example allows a clerk to handle cash and to manipulate
the accounts affected by the cash payments.
system.
d. The only way lapping accounts receivable can be performed successfully over this much time
is by continued access and diligent activity. Enforcing the two-week vacation rule usually
thwarts it.
hard disks.
f. This is a breach of confidentiality, and certainly unethical behavior. The employees of
employees understand their importance and seriousness.
3-15. The Association of Fraud Examiners (ACFE) Checklist and points are as follows:
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 3.9
Case Analyses
3.16 Find-a-Fraud
1. Potential red flags are: After hours sales, sales during vacation periods, large number of sales
2.
which could indicate the potential for false sales
3. It appears most likely that Employee C is engaged in some form of fraud involving fictitious
year-end.
3-17. The Resort
2. This would be classified as fraud because employees are intentionally deceiving the
3. One obvious control for this application is for the resort to formally adopt a policy
before paying booking commissions. It may also be cost effective for managers to handle
4. Classification will depend on the controls that students identify. Using the first example
resort so that they learn how management expects them to behave in the future, which would
be an example of a corrective control.
5. The lack of accountability is critical to this fraud because it is the resort’s policy of paying
deterrent to others.
3-18. The Department of Taxation
1. a) Confidentiality problems that could arise processing input data and recommended
corrective actions are as follows:
Problems
Controls
1) Unauthorized user of
terminal.
a) Limit physical access to terminal room used for data
input and/or require data input personnel to wear
color-coded badges for identification
b) Use different passwords for each user and change
them frequently
2) Online modification
of program by
operator to by-pass
controls.
a) Prohibit program modification from input or inquiry
terminals
b) Secure the documentation that indicates how to
perform operations other than input of tax returns
c) Do not hire operators with programming skills
d) Prohibit programmers from computer room
3) Use of equipment
for unauthorized
processing or
searching through
files.
a) Use passwords that limit access to only that part of
the system needed for input of current tax data
b) Secure the documentation that indicates how to
perform operations other than input of tax returns
b) Confidentiality problems that could arise processing returns and recommended corrective
actions are as follows:
Problems
Controls
1) Operator
intervention to
input data or to gain
output from files.
a) Limit operator access to only that part of the
documentation needed for equipment operation
b) Prohibit operators from writing programs or modifying the
system
c) Daily review of console log messages and/or run times
2) There might be
attempts to screen
individual returns
on the basis of sex,
race, surname, etc.
a) Institute programming controls such that there is a definite
sequence to creating or maintaining programs. This
sequence should contain reviews at general levels and
complete trial runs.
Problems
Controls
1) Unauthorized user
with a valid
taxpayer ID using
the system.
a) Use a sign-in/sign-out register for persons using the
system
b) Require users to show some form of identification
c) Use a programmed sequence of questions which only valid
users are likely to be able to answer
d) Prohibit phone responses
2) Taxpayer or
regional state
employee use of
equipment for
unauthorized
processing or
searching through
files.
a) Use passwords to limit access to output of tax information
b) Secure the documentation that indicates how to perform
tasks other than taxpayer inquiries
c) Have the terminals lock out for repeated login errors or
attempts to break security
d) Have a code system that logs each entry and data inquiry
by user
e) Provide daily activity reporting to supervisors and/or
auditors showing terminal numbers, user numbers, type of
processing, name of files accessed, and unacceptable
requests
2. Potential problems and possible controls to provide data security against loss, damage, and
improper input or use of data are as follows:
Problems
Controls
1) Loss of tax return
data before any file
updates.
a) Keep copies of tax returns in a safe location and
(temporarily) organized for reprocessing if necessary
b) Maintain a transaction log on backing media for possible
recall
2) Improper input or
use of data during
processing.
a) Verify data entry or enter twice by different operators
b) Prohibit data entry through inquiry terminals
c) Process routine items at specified times, thus preventing
unauthorized runs of vital information
3) Incomplete
processing of tax
a) Computer prompting of terminal operators for appropriate
input
input and run control totals
SM 3.12
entered from input
or inquiry
terminals.
supervisory action
b) Periodic checks of all software packages so that any
illegal modifications can be detected
