Complete
Solutions for Accounting Information System 12e by Marshall B. Romney Paul J. Steinbart
IF You Want To Purchase A+ Work Then Click The Link
Below , Instant Download
CHAPTER 11
AUDITING COMPUTER-BASED
INFORMATION SYSTEMS
11.1 Auditing an AIS
effectively requires that an auditor have some knowledge of computers and their
accounting applications. However, it may not be feasible for every
auditor to be a computer expert. Discuss the extent to which auditors
should possess computer expertise to be effective auditors.
11.2 Should internal auditors be members of systems development teams
that design and implement an AIS? Why or why not?
11.3 <para>At present, no Berwick employees have auditing
experience. To staff its new internal audit function, Berwick could (a)
train some of its computer specialists in auditing, (b) hire experienced
auditors and train them to understand Berwick’s information system, (c) use a
combination of the first two approaches, or (d) try a different approach.
Which approach would you support, and why?
</para></question><question
id="ch09ques14" label="9.4">
11.4 The assistant finance director for the city of Tustin, California,
was fired after city officials discovered that she had used her access to city
computers to cancel her daughter’s $300 water bill. An investigation
revealed that she had embezzled a large sum of money from Tustin in this manner
over a long period. She was able to conceal the embezzlement for so long
because the amount embezzled always fell within a 2% error factor used by the
city’s internal auditors. What weaknesses existed in the audit
approach? How could the audit plan be improved? What internal
control weaknesses were present in the system? Should Tustin’s internal
auditors have discovered this fraud earlier?
11.5 Lou Goble, an internal auditor for a large manufacturing
enterprise, received an anonymous note from an assembly-line operator who has
worked at the company’s West Coast factory for the past 15 years. The
note indicated that there are some fictitious employees on the payroll as well
as some employees who have left the company. He offers no proof or
names. What computer-assisted audit technique could Lou use to help him
substantiate or refute the employee’s claim?
11.6. Explain the four steps of the risk-based audit
approach, and discuss how they apply to the overall security of a company.
11.7. Compare and contrast the frameworks for auditing
program development/acquisition and for auditing program modification.
11.1 You are the director of internal auditing at a university.
Recently, you met with Issa Arnita, the manager of administrative data
processing, and expressed the desire to establish a more effective interface
between the two departments. Issa wants your help with a new computerized
accounts payable system currently in development. He recommends that your
department assume line responsibility for auditing suppliers’ invoices prior to
payment. He also wants internal auditing to make suggestions during system
development, assist in its installation, and approve the completed system after
making a final review.
<para>Would you accept or reject each of the following? Why?</para>
a. The recommendation that your
department be responsible for the pre-audit of supplier's invoices.
b. The request that you
make suggestions during system development.
c. The request that you assist
in the installation of the system and approve the system after making a final
review.
11.2 As an internal auditor for the Quick
Manufacturing Company, you are participating in the audit of the company’s AIS.
You have been reviewing the internal controls of the computer system that
processes most of its accounting applications. You have studied the company’s
extensive systems documentation. You have interviewed the information system
manager, operations supervisor, and other employees to complete your
standardized computer internal control questionnaire. You report to your
supervisor that the company has designed a successful set of comprehensive
internal controls into its computer systems. He thanks you for your efforts and
asks for a summary report of your findings for inclusion in a final overall
report on accounting internal controls.
<para>Have you forgotten an important audit step?
Explain. List five examples of specific audit procedures that you might
recommend before reaching a conclusion.
</para></problem>
11.3 As an internal auditor, you have been assigned to
evaluate the controls and operation of a computer payroll system. To test the
computer systems and programs, you submit independently created test
transactions with regular data in a normal production run.
<orderedlist numeration="loweralpha"
inheritnum="ignore" type="ll"
continuation="restarts"><listitem><para><inst></inst>List
four advantages and two disadvantages of this technique.</para></listitem>
<listitem><para><ins</i</para></listitem></orderedlist>
11.4 You are involved in the audit of accounts receivable, which
represent a significant portion of the assets of a large retail corporation.
Your audit plan requires the use of the computer, but you encounter the
following reactions:
<para><para>For each situation, state how the auditor
should proceed with the accounts receivable audit.</para>
1. a. The
computer operations manager says the company’s computer is running at full
capacity for the foreseeable future and the auditor will not be able to use the
system for audit tests.</para></listitem>
1. b. The
computer scheduling manager suggests that your computer program be stored in
the computer program library so that it can be run when computer time becomes
available.
1. c. You
are refused admission to the computer room.</para></listitem>
1. d. The
systems manager tells you that it will take too much time to adapt the
auditor’s computer audit program to the computer’s operating system and that
company programmers will write the programs needed for the audit.
11.5 You are a manager for the CPA firm of Dewey, Cheatem, and Howe
(DC&H). While reviewing your staff’s audit work papers for the state
welfare agency, you find that the test data approach was used to test the
agency’s accounting software. A duplicate program copy, the welfare accounting
data file obtained from the computer operations manager, and the test
transaction data file that the welfare agency’s programmers used when the
program was written were processed on DC&H’s home office computer. The edit
summary report listing no errors was included in the working papers, with a
notation by the senior auditor that the test indicates good application controls.
You note that the quality of the audit conclusions obtained from this test is
flawed in several respects, and you decide to ask your subordinates to repeat
the test.
Identify three existing or potential problems with the way this
test was performed. For each problem, suggest one or more procedures that
might be performed during the revised test to avoid flaws in the audit
conclusions.
</para></problem>
11.6 You are performing an information system audit to evaluate internal controls in Aardvark Wholesalers’ (AW) computer system. From an AW manual, you have obtained the following job descriptions for key personnel:
Director of information systems: Responsible for defining the mission of the information systems
division and for planning, staffing, and managing the IS department.
Manager of systems development and programming: Reports to director of information systems.
Responsible for managing the systems analysts and programmers who design, program, test, implement, and
maintain the data processing systems. Also
responsible for establishing and monitoring documentation standards.
Manager of operations: Reports to director of information systems. Responsible for
management of computer center operations, enforcement of processing standards,
and systems programming, including implementation of operating system upgrades.
Data entry supervisor: Reports to manager of operations. Responsible for supervision of data entry operations and monitoring data
preparation standards.
Operations supervisor: Reports to manager of operations. Responsible for supervision of computer operations staff and monitoring
processing standards.
Data control clerk: Reports
to manager of operations. Responsible for logging and distributing computer
input and output, monitoring source data control procedures, and custody of
programs and data files.
Name two positive and two negative aspects (from an internal
control standpoint) of this organizational structure.
c.
What additional information would you require before making a final judgment on
the adequacy of AW’s separation of functions in the information systems
division?
11.7 Robinson’s Plastic Pipe Corporation uses a
data processing system for inventory. The input to this system is shown in
Table 11-7. You are using an input controls matrix to help audit the source
data controls.
<para>Prepare an input controls matrix using the format and
input controls shown in <link linkend="ch09fig03"
preference="0">Figure 11-3<xref linkend="ch09fig03"
label="9-3"/></link>; however, replace the field names shown
in <link linkend="ch09fig03" preference="0">Figure
11-3<xref linkend="ch09fig03"
label="9-3"/></link> with those shown in <link linkend="ch09table08"
preference="0">Table 11-7<xref linkend="ch09table08"
label="9-8"/></link>. Place checks in the matrix cells
that represent input controls you might expect to find for each field.
</para></problem>
11.8 As an internal auditor for the state auditor’s office, you are
assigned to review the implementation of a new computer system in the state
welfare agency. The agency is installing an online computer system to maintain
the state’s database of welfare recipients. Under the old system, applicants
for welfare assistance completed a form giving their name, address, and other
personal data, plus details about their income, assets, dependents, and other
data needed to establish eligibility. The data are checked by welfare examiners
to verify their authenticity, certify the applicant’s eligibility for
assistance, and determine the form and amount of aid.
Under the new system, welfare applicants enter data on the agency’s Web site or
give their data to clerks, who enter it using online terminals. Each applicant
record has a “pending” status until a welfare examiner can verify the
authenticity of the data used to determine eligibility. When the verification
is completed, the examiner changes the status code to “approved,” and the
system calculates the aid amount.
Periodically, recipient circumstances (income, assets, dependents, etc.)
change, and the database is updated. Examiners enter these changes as soon as
their accuracy is verified, and the system recalculates the recipient’s new
welfare benefit. At the end of each month, payments are electronically
deposited in the recipient’s bank accounts.
Welfare assistance amounts to several hundred million dollars annually. You are
concerned about the possibilities of fraud and abuse.
a. Describe how to
employ concurrent audit techniques to reduce the risks of fraud and abuse.
b. Describe how to use computer audit software to review the work
welfare examiners do to verify applicant eligibility data. Assume that
the state auditor’s office has access to other state and local government
agency
databases.</para></listitem></orderedlist></problem>
11.9 Melinda Robinson, the director of internal
auditing at Sachem Manufacturing Company, believes the company should purchase
software to assist in the financial and procedural audits her department
conducts. Robinson is considering the following software packages:
§ A generalized audit
software package to assist in basic audit work, such as the retrieval of live
data from large computer files. The department would review this information
using conventional audit investigation techniques. The department could perform
criteria selection, sampling, basic computations for quantitative analysis,
record handling, graphical analysis, and print output (i.e., confirmations).
§ An ITF package that uses, monitors,
and controls dummy test data processed by existing programs. It also checks the
existence and adequacy of data entry and processing controls.
§ A flowcharting package that
graphically presents the flow of information through a system and pinpoints control
strengths and weaknesses.
§ A parallel simulation and
modeling package that uses actual data to conduct the same tests using a logic
program developed by the auditor. The package can also be used to seek answers
to difficult audit problems (involving many comparisons) within statistically
acceptable confidence limits.
a. Without regard to any specific computer audit
software, identify the general advantages of using computer audit software to
assist with audits.
b. Describe the audit purpose
facilitated and the procedural steps to be followed by the internal auditor in
using the following:</para>
<itemizedlist
mark="bull"
type="bl"><listitem><inst><listitem><inst>
</inst><para>Generalized audit software package.
Flowcharting package
Parallel simulation and modeling package
11.10 The
fixed-asset master file at Thermo-Bond includes the following data
items: <para>
|
Asset number
|
Date of retirement (99/99/2099 for assets still in service)
|
|
Description
|
Depreciation method code
|
|
Type code
|
Depreciation rate
|
|
Location code
|
Useful life (years)
|
|
Date of acquisition
|
Accumulated depreciation at beginning of year
|
|
Original cost
|
Year-to-date depreciation
|
E<para>xplain several ways auditors can use computer audit
software in performing a financial audit of Thermo-Bond’s fixed
assets.</para></problem>
11.11 You are auditing the financial statements of a cosmetics
distributor that sells thousands of individual items. The distributor keeps its
inventory in its distribution center and in two public warehouses. At the end
of each business day, it updates its inventory file, whose records contain the
following data:
|
Item number
|
Cost per item
|
|
Item description
|
Date of last purchase
|
|
Quantity-on-hand
|
Date of last sale
|
|
Item location
|
Quantity sold during year
|
You will use audit software to examine inventory data as of the
date of the distributor’s physical inventory count. You will perform the
following audit procedures:
1. 1. Observe
the distributor’s physical inventory count at year-end and test a sample for
accuracy.
2. 2. Compare
the auditor’s test counts with the inventory records.
3. 3. Compare
the company’s physical count data with the inventory records.
4. 4. Test
the mathematical accuracy of the distributor’s final inventory valuation.
5. 5. Test
inventory pricing by obtaining item costs from buyers, vendors, or other
sources.
6. 6. Examine
inventory purchase and sale transactions on or near the year-end date to verify
that all transactions were recorded in the proper accounting period.
7. 7. Ascertain
the propriety of inventory items located in public warehouses.
8. 8. Analyze
inventory for evidence of possible obsolescence.
9. 9. Analyze
inventory for evidence of possible overstocking or slow-moving items.
10. 10. Test
the accuracy of individual data items listed in the distributor’s inventory
master file.
<para>Describe how the use of the audit software package and
a copy of the inventory file data might be helpful to the auditor in performing
each of these auditing procedures.</para>
11.12 Which of the following should have
the primary responsibility to detect and correct data processing errors?
Explain why that function should have primary responsibility and why the others
should
not.
1. The data processing manager
2. The computer operator
3. The corporate controller
4. The independent public
accountant
11.1 You are performing a financial audit of the general ledger
accounts of Preston Manufacturing. As transactions are processed, summary
journal entries are added to the general ledger file at the end of the day. At
the end of each day, the general journal file is processed against the general
ledger control file to compute a new current balance for each account and to
print a trial balance.
The following resources are available as you complete the audit:
§ Your firm’s generalized
computer audit software
§ A copy of the general journal
file for the entire year
§ A copy of the general
ledger file as of fiscal year-end
(current balance = year-end balance)
§ A printout of Preston’s
year-end trial balance listing the account number, account name, and balance of
each account on the general ledger control file
Create an audit program for Preston Manufacturing. For each audit step, list
the audit objectives and the procedures you would use to accomplish the audit
program step.
No comments:
Post a Comment