Complete
Solutions for Accounting Information System 12e by Marshall B. Romney Paul J. Steinbart
IF You Want To Purchase A+ Work Then Click The Link
Below , Instant Download
CHAPTER
10
INFORMATION SYSTEMS
CONTROLS FOR SYSTEMS RELIABILITY – PART 3: PROCESSING INTEGRITY AND AVAILABILITY
10.1 Two ways to create processing integrity controls in Excel
spreadsheets are to use the built-in Data Validation tool or to write custom
code with IF statements. What are the relative advantages and disadvantages of
these two approaches?
10.2 What is the difference between using check digit verification and
a validity check to test the accuracy of an account number entered on a
transaction record?
10.3 For each of the three basic options for replacing IT
infrastructure (cold sites, hot sites, and real-time mirroring) give an example
of an organization that could use that approach as part of its DRP.
Be prepared to defend your answer.
10.4 Use the numbers
10–19 to show why transposition errors are always divisible by 9.
10.5 What are some business processes for which an organization might
use batch processing?
10.6 Why do you
think that surveys continue to find that a sizable percentage of organizations
either do not have formal disaster recovery and business continuity plans or
have not tested and revised those plans for more than a year?
10.1 Match the following terms with their
definitions:
|
1. business continuity
plan (BCP)
|
1. a. A
file used to store information for long periods of time.
|
|
2. completeness check
|
1. b. A
plan that describes how to resume IT functionality after a disaster.
|
|
3. hash total
|
1. c. An
application control that verifies that the quantity ordered is greater than
0.
|
|
4. incremental daily
backup
|
1. d. A
control that verifies that all data was transmitted correctly by counting the
number of odd or even bits.
|
|
5. archive
|
1. e. An
application control that tests whether a customer is 18 or older.
|
|
6. field check
|
1. f. A
daily backup plan that copies all changes since the last full backup.
|
|
7. sign check
|
1. g. A
disaster recovery plan that contracts for use of an alternate site that has
all necessary computing and network equipment, plus Internet connectivity.
|
|
8. change control
|
1. h. A
disaster recovery plan that contracts for use of another company’s
information system.
|
|
9. cold site
|
1. i. A
disaster recovery plan that contracts for use of an alternate site that is
pre-wired for Internet connectivity but has no computing or network
equipment.
|
|
10. limit check
|
1. j. An
application control that ensures that a customer’s ship-to address is entered
in a sales order.
|
|
11. zero-balance test
|
1. k. An
application control that makes sure an account does not have a balance after processing.
|
|
12. recovery point
objective (RPO)
|
1. l. An
application control that compares the sum of a set of columns to the sum of a
set of rows.
|
|
13. recovery time
objective (RTO)
|
1. m. A
measure of the length of time that an organization is willing to function
without its information system.
|
|
14. record count
|
1. n. The
amount of data an organization is willing to re-enter or possibly lose in the
event of a disaster.
|
|
15. validity check
|
1. o. A
batch total that does not have any intrinsic meaning.
|
|
16. check digit
verification
|
1. p. A
batch total that represents the number of transactions processed.
|
|
17. closed-loop
verification
|
1. q. An
application control that validates the correctness of one data item in a
transaction record by comparing it to the value of another data item in that
transaction record.
|
|
18. parity checking
|
1. r. An
application control that verifies that an account number entered in a
transaction record matches an account number in the related master file.
|
|
19. reasonableness test
|
1. s. A
plan that describes how to resume business operations after a major calamity,
like Hurricane Katrina, that destroys not only an organization’s data center
but also its headquarters.
|
|
20. financial total
|
1. t. A
data-entry application control that verifies the accuracy of an account
number by recalculating the last number as a function of the preceding
numbers.
|
|
21. turnaround document
|
1. u. A
daily backup procedure that copies only the activity that occurred on that
particular day.
|
|
|
1. v. A
data-entry application control that could be used to verify that only numeric
data is entered into a field.
|
|
|
1. w. A
plan to ensure that modifications to an information system do not reduce its
security.
|
|
|
1. x. A
data-entry application control that displays the value of a data item and
asks the user to verify that the system has accessed the correct record.
|
|
|
1. y. A
batch total that represents the total dollar value of a set of transactions.
|
|
|
1. z. A
document sent to an external party and subsequently returned so that
preprinted data can be scanned rather than manually reentered.
|
10.2 Excel Problem
Enter the following data into a spreadsheet and then perform the
following tasks:
|
Employee Number
|
Pay rate
|
Hours worked
|
Gross Pay
|
Deductions
|
Net pay
|
|
12355
|
10.55
|
38
|
400.90
|
125.00
|
275.90
|
|
2178g
|
11.00
|
40
|
440.00
|
395.00
|
45.00
|
|
24456
|
95.00
|
90
|
8550.00
|
145.00
|
8405.00
|
|
34567
|
10.00
|
40
|
400.00
|
105.00
|
505.00
|
1. a. Calculate
examples of these batch totals:
§ A hash total
§ A financial total
§ A record count
1. b. Assume
the following rules govern normal data:
§ Employee numbers are
five-digits in length and range from 10000 through 99999.
§ Maximum pay rate is $25,
and minimum is $9.
§ Hours worked should never
exceed 40.
§ Deductions should never
exceed 40% of gross pay.
Give a specific example of an error or probable error in the data
set that each of the following controls would detect:
§ Field check
§ Limit check
§ Reasonableness test
§ Cross-footing balance test
1. c. Create
a control procedure that would prevent, or at least detect, each of the errors
in the data set.
§ Employee number not numeric
10.3 Excel Problem
The Moose Wings Cooperative Flight Club owns a number of airplanes
and gliders. It serves fewer than 2,000 members, who are numbered sequentially
from the founder, Tom Eagle (0001), to the newest member, Jacques Noveau
(1368). Members rent the flying machines by the hour, and all must be returned
on the same day. The following six records were among those entered for the
flights taken on September 1, 2010:
|
Member #
|
Flight Date
MM/DD/YY
|
Plane Used
|
Takeoff time
|
Landing time
|
|
1234
|
09/10/10
|
G
|
6:25
|
8:46
|
|
4111
|
09/01/10
|
C
|
8:49
|
10:23
|
|
1210
|
09/01/10
|
P
|
3:42
|
5:42
|
|
0023
|
09/01/10
|
X
|
1:59
|
12:43
|
|
012A
|
09/01/10
|
P
|
12:29
|
15:32
|
|
0999
|
09/01/10
|
L
|
15:31
|
13:45
|
Valid plane codes (plane used column): C = Cessna, G = glider, L =
Lear Jet, P = Piper Cub)
1. a. Identify
and describe any errors in the data.
1. b. For
each of the five data fields, suggest one or more input edit controls that
could be used to detect input errors.
Enter
the data in a spreadsheet and create appropriate controls to prevent or at
least detect the input errors.
1. d. Suggest
other controls to minimize the risk of input errors.
10.4 The first column in Table 10-3
lists transaction amounts that have been summed to obtain a batch total.
Assume that all data in the first column are correct. Cases a through d each
contain an input error in one record, along with a batch total computed from
that set of records.
For each case (a-d), compute the difference between the correct
and erroneous batch totals and explain how this difference could help identify
the cause of the error.
10.5 Excel Problem
Create a spreadsheet with the following columns:
§ Plaintext character
§ ASCII code (7-bits, binary
number)
§ First bit
§ Second bit
§ Third bit
§ Fourth bit
§ Fifth bit
§ Sixth bit
§ Seventh bit
§ Number of bits with value =
1
§ Parity bit for odd parity
coding
§ Parity bit for even parity
coding
1. a. Enter
the 26 letters a-z (lowercase) and the ten digits (0-9) in the plaintext column
2. b. The
ASCII column should convert the plaintext character to the binary code used by
your computer.
3. c. The
next seven columns should each display one bit of the ASCII code, beginning
with the leftmost digit. (Hint: Excel provides text functions that can select
individual characters from a string).
4. d. The
tenth column should sum the number of bits that have the value ‘1’. (Hint: the
text functions used to populate columns 3-9 return a text string that you will
need to convert to a numeric value).
5. e. The
eleventh column should have a 1 if the number in the tenth column is odd and 0
if the number in the tenth column is even.
6. f. The
twelfth column should have a 1 if the number in the tenth column is even and a
0 if the number in the tenth column is odd.
10.6 The ABC Company is considering
the following options for its backup plan:
1. Daily full backups:
§ Time to perform backup = 60
minutes
§ Size of backup = 50 GB
§ Time to restore from backup
= 30 minutes
2. Weekly full backups plus daily incremental backup:
§ Same time, storage, and
restoration as above to do a weekly backup on Friday, plus
§ Time to perform daily
backup = 10 minutes
§ Size of daily backup = 10
GB
§ Time to restore each daily
backup file = 5 minutes
3. Weekly full backups plus daily differential backup:
§ Same time, storage, and
restoration as above to do a weekly backup on Friday, plus
§ Time to perform daily
backup = 10 minutes first day, growing by 5 minutes each day thereafter
§ Size of daily backup = 10
GB first day, growing by 10 GB each day
§ Time to restore
differential backup file = 5 minutes first day, increasing by 2 minutes each
subsequent day
Which approach would you recommend? Why?
10.7 Which control(s) would best
mitigate the following threats?
a. The hours worked field in a payroll transaction record
contained the value 400 instead of 40. As a result, the employee received a
paycheck for $6,257.24 instead of $654.32.
b. The accounts receivable file was destroyed because it
was accidentally used to update accounts payable.
c. During processing of customer payments, the digit 0 in a
payment of $204 was mistakenly typed as the letter “O.” As a result, the
transaction was not processed correctly and the customer erroneously received a
letter that the account was delinquent.
d. </inst>A salesperson mistakenly entered an online
order for 50 laser printers instead of 50 laser printer toner cartridges.
e. A 20-minute power
brownout caused a mission-critical database server to crash, shutting down
operations temporarily.
f. A fire destroyed the data center, including all
backup copies of the accounts receivable files.
1. g. After
processing sales transactions, the inventory report showed a negative quantity
on hand for several items.
1. h. A
customer order for an important part did not include the customer’s address.
Consequently, the order was not shipped on time and the customer called to
complain.
i. When entering a large credit sale, the clerk typed in the
customer’s account number as 45982 instead of 45892. That account number did
not exist. The mistake was not caught until later in the week when the weekly
billing process was run. Consequently, the customer was not billed for another
week, delaying receipt of payment.
1. i. A
visitor to the company’s Web site entered 400 characters into the five-digit
Zip code field, causing the server to crash.
1. j. Two
traveling sales representatives accessed the parts database at the same time.
Salesperson A noted that there were still 55 units of part 723 available and
entered an order for 45 of them. While salesperson A was keying in the order,
salesperson B, in another state, also noted the availability of 55 units for
part 723 and entered an order for 33 of them. Both sales reps promised their
customer next-day delivery. Salesperson A’s customer, however, learned the next
day that the part would have to be back-ordered. The customer canceled the sale
and vowed to never again do business with the company.
1. k. The
warranty department manager was upset because special discount coupons were
mailed to every customer who had purchased the product within the past 3 years,
instead of to only those customers who had purchased the product within the
past 3 months.
The clerk entering details about a large credit sale mistakenly
typed in a nonexistent account number. Consequently, the company never received
payment for the items.
1. l. A
customer filled in the wrong account number on the portion of the invoice being
returned with payment. Consequently, the payment was credited to another
customer’s account.
1. m. A
batch of 73 time sheets was sent to the payroll department for weekly processing.
Somehow, one of the time sheets did not get processed. The mistake was not
caught until payday, when one employee complained about not receiving a
paycheck.
q. Sunspot activity resulted in the loss of some data
being sent to the regional office. The problem was not discovered until several
days later when managers attempted to query the database for that information.
10.8 MonsterMed Inc. (MMI) is an online
pharmaceutical firm. MMI has a small systems staff that designs and writes
MMI’s customized software. The data center is installed in the basement of its
two-story headquarters building. The data center is equipped with halon-gas
fire suppression equipment and an uninterruptible power supply system.
The computer operations staff works a two-shift schedule, five
days per week. MMI’s programming staff, located in the same building, has
access to the data center and can test new programs and program changes when
the operations staff is not available. Programmers make changes in response to
oral requests by employees using the system. Since the programming staff is
small and the work demands have increased, systems and programming
documentation is developed only when time is available. Backups are made
whenever time permits. The backup files are stored in a locked cabinet in the
data center. Unfortunately, due to several days of heavy rains, MMI’s building
recently experienced serious flooding that destroyed not only the computer
hardware but also all the data and program files that were on-site.
a. Identify at least five weaknesses in MonsterMed Inc.’s backup
and DRP procedures.
b. Evaluate change controls at MonsterMed Inc.
10.9 Excel Problem
Create data validation rules in a spreadsheet to perform each of
the following controls:
1. a. Limit
check – that values in the cell are < 70
2. b. Range
check – that values in the cell are between 15 and 65
3. c. Sign
check – that values in the cell are positive
4. d. Field
check – that values in a cell are only numeric
5. e. Size
check – that cell accepts no more than 40 characters of text
6. f. Reasonableness
check – that cell’s value is less than 75% of cell to its left
A. g. Validity
check – that a value exists in a list of allowable values
10.10 Excel Problem
Creating and testing check digits.
a. Create a spreadsheet that will take as input a
five-digit account number and calculate a check digit using this formula: (5 x
left-most digit + 4 x next digit + 3 x third digit + 2 x fourth digit + fifth
digit) modulus division by 7. (Modulus division returns the remainder – for
example: 11 modulus division by 3 = 2). The check digit then becomes the 6th (right-most) digit in
the account number. Your spreadsheet should look like this:
b.
Add another panel to the spreadsheet that takes as input a six-digit account
number and uses the check digit formula in part a to test whether or not the
account number is valid. Your solution should look like this:
10. 11 For each of the following scenarios, determine
whether the company’s current backup procedures enable it to meet its recovery
objectives and explain why:
a. Scenario 1:
§ Recovery point objective =
24 hours
§ Daily backups at 3:00 am,
process takes 2 hours
§ Copy of backup tapes picked
up daily at 8:00 am for storage off-site
b. Scenario 2: Company makes daily incremental backups
Monday-Saturday at 7:00 pm each night. Company makes full backup weekly, on
Sunday at 1:00 pm.
§ Recovery time objective = 2
hours
§ Time to do full backup = 3
hours
§ Time to restore from full
backup = 1 hour
§ Time to make incremental
daily backup = 1 hour
§ Time to restore each
incremental daily backup = 30 minutes
c. Scenario 3: Company makes daily differential backups
Monday-Friday at 8:00 p.m each night. Company makes full backup weekly, on
Saturdays, at 8:00 am.
§ Recovery time objective = 6
hours
§ Time to do full backup = 4
hours
§ Time to restore from full
backup = 3 hours
§ Time to do differential
daily backups = 1 hour on Monday, increasing by 30 minutes each successive day
§ Time to restore
differential daily backup = 30 minutes for Monday, increasing by 15 minutes
each successive day
Case 10-1 Ensuring Systems Availability
The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different
aspects of disaster recovery and business continuity planning:
1. Gerber, J. A., and
Feldman, E. R. 2002. “Is Your Business Prepared for the Worst?” Journal of Accountancy (April): 61-64.
2. McCarthy, E. 2004. “The
Best-Laid Plans,” Journal of Accountancy (May):
46-54.
3. Myers, R. 2006.
“Katrina’s Harsh Lessons,” Journal of Accountancy (June):
54-63.
4. Phelan, S., and Hayes, M.
2003. “Before the Deluge – and After,” Journal of Accountancy (April):
57-66.
Read one or more of the following articles that your professor
assigns plus section DS4 of COBIT version 4.1 (available at www.isaca.org) to answer the following questions:
1. 1. What
does COBIT suggest as possible metrics for evaluating how well an organization
is achieving the objective of DS4? Why do you think that metric is useful?
1. 2. For
each article assigned by your professor, complete the following table,
summarizing what each article said about a specific COBIT control objective (an
article may not address all 10 control objectives in DS4):
Case 10-2 Change Controls
Read section AI6 in version 4.1 of COBIT (available at www.isaca.org) and answer the following questions:
1. 1. What
is the purpose of each detailed control objective – why is it important?
AI6.1 Change Standards and Procedures
AI6.3 Emergency Changes
AI6.4 Change Status Tracking and Reporting
AI6.5 Change Closure and Documentation
1. 2. How
is each of the suggested metrics useful?
No comments:
Post a Comment