Reference no: EM13542477
CASE 1
Belly Baby Boutique company was founded by Elly Jensen in 1986 and has grown steadily over the years. Elly now has 17 stores throughout the central and northern parts of the state. Since Elly was an accounting major in college and worked for a large regional CPA firm for 13 years prior to opening her first store, she places a lot of value on internal controls. Further, she has always insisted on a state of the art accounting system that connects all of her stores’ financial transactions and reports.
Elly employs two internal auditors who monitor internal controls and also see ways to improve operational effectiveness. As part of the monitoring process, the internal auditors take turns conducting periodic reviews of the accounting records. For instance, the company takes a physical inventory at all stores once each year, and an internal auditor oversees the process. Elliot Ebel, the most senior internal auditor, just completed a review of the accounting records and discovered several items of concern. These were:
· Physical inventory counts varied from inventory book amounts by more than 5% at two of the stores. In both cases, physical inventory was lower.
· Two of the stores seem to have an unusually high amount of sales returns for cash.
· In 10 of the stores gross profit has dropped significantly from the same time last year.
· At four of the stores, bank deposit slips did not match cash receipts.
· Once of the stores had an unusual number of bounced checks. It appeared that the same employee was responsible for approving each of the bounced checks.
· In seven of the stores, the amount of petty cash on hand did not correspond to the amount in the petty cash account.
Required:
1. For each of these concerns, identify a risk that may have created the problem.
2. Recommend an internal control procedure to prevent the problem in the future.
3. Rank the concerns from most worrisome to least worrisome. If you could only fix 2 things what would those two be and why?
CASE 2
The Big Corporation has recently grown substantially and must upgrade its information systems. The company is developing a new, integrated, computer- based information system. In conjunction with the design of the new system, management is reviewing the data processing security to determine what new control features should be incorporated. Two areas of concern are ( 1) confidentiality of company and customer records and ( 2) protection of data, computer equipment, and facilities.
The new information system will process all company records, including sales, purchases, budgeting, customer, creditor, and personnel information. The stores and warehouses will be linked to the main computer at corporate headquarters by a system of remote terminals. This will permit data to be communicated directly to corporate headquarters or to any other location from each location within the terminal network. Employees will also be able to access the system with laptops and handheld devices via a secured wireless network.
At the current time, certain reports have restricted distribution because not all levels of management need to receive them or because they contain confidential information. The introduction of remote terminals in the new system may provide access to these restricted data by unauthorized personnel. Management is concerned that confidential information may become accessible and be used improperly.
The company’s management is also concerned with potential physical threats to the system, such as sabotage, fire damage, water damage, or power failure. With the new system, a computer shutdown would severely limit company activities until the system is operational again.
Required:
1. Identify and briefly explain the problems The Big Corporation could experience with respect to the confidentiality of information and records in the new system.
2. Recommend measures The Big Corporation could incorporate into the new system that would ensure the confidentiality of information and records in this new system.
3. What safeguards can The Big Corporation develop to provide physical security for its ( a) computer equipment, ( b) data, and ( c) data processing center facilities?
CASE 3
The Four Seasons Resort Community is an elegant, thriving four- season resort and a community of over 1,200 single family homes, 1,000 time- share units, and a multimillion dollar ski business. Guests visiting the resort can enjoy the indoor/ outdoor water park; play golf on one of the two 18- hole championship golf courses; ski, snowboard, or snow tube in the winter on 14 trails that are all lighted for night skiing; or relax at the full- service spa. There are also three dining rooms, card rooms, nightly movies, and live weekend entertainment.
The resort uses a computerized system to make room reservations and bill customers. Following standard policy for the industry, the resort also offers authorized travel agents a 10% commission on room bookings. Each week, the resort prints an exception report of bookings made by unrecognized travel agents. However, the managers usually pay the commissions anyway, partly because they don’t want to anger the travel agencies and partly because the computer file that maintains the list of authorized agents is not kept up- to- date.
Although management has not discovered it, several employees are exploiting these circumstances. As often as possible, they call the resort from outside phones, pose as travel agents, book rooms for friends and relatives, and collect the commissions. The incentive is obvious: rooms costing as little as $ 100 per day result in payments of $ 10 per day to the ‘‘ travel agencies’’ that book them. The scam has been going on for years, and several guests now book their rooms exclusively through these employees, finding these people particularly courteous and helpful.
Required
1. Would you say this is a computer crime? Why or why not?
2. What internal controls would you recommend that would enable the resort’s managers to prevent such offenses?
3. Classify the controls that you just identified above as either preventive, detective, or corrective controls.
4. How does the matter of accountability ( tracing transactions to specific agencies) affect the problem?
CASE 4
The Department of Taxation of one state is developing a new computer system for processing state income tax returns of individuals and corporations. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using the Social Security numbers of individuals and federal identification numbers for corporations. The new system should be fully implemented in time for the next tax season. The new system will serve three primary purposes:
· Data will be input into the system directly from tax returns through CRT terminals located at the central headquarters of the Department of Taxation.
· The returns will be processed using the main computer facilities at central headquarters. The processing includes ( 1) verifying mathematical accuracy; ( 2) auditing the reason-ableness of deductions, tax due, and so forth through the use of edit routines ( these routines also include a comparison of the current year’s data with prior years’ data); ( 3) identifying returns that should be considered for audit by revenue agents of the department; and ( 4) issuing refund checks to taxpayers.
· Inquiry service will be provided to taxpayers on request through the assistance of Tax Department personnel at five regional offices. A total of 50 CRT terminals will be placed at the regional offices.
A taxpayer will be able to determine the status of his or her return or get information from the last 3 years’ returns by calling or visiting one of the department’s regional offices. The state commissioner of taxation is concerned about data security during input and processing over and above protection against natural hazards such as fires or floods. This includes protection against the loss or damage of data during data input or processing and the improper input or processing of data. In addition, the tax commissioner and the state attorney general have discussed the general problem of data confidentiality that may arise from the nature and operation of the new system. Both individuals want to have all potential problems identified before the system is fully developed and implemented so that the proper controls can be incorporated into the new system.
Required
1. Describe the potential confidentiality problems that could arise in each of the following three areas of processing, and recommend the corrective action( s) to solve the problems: ( a) data input, ( b) processing of returns, and ( c) data inquiry.
2. The State Tax Commission wants to incorporate controls to provide data security against the loss, damage, or improper input or use of data during data input and processing. Identify the potential problems (outside of natural hazards such as fires or floods) for which the Department of Taxation should develop controls, and recommend possible control procedures for each problem identified
CASE 5
Mary Christiansen is an audit manager in a medium- size public accounting firm. Mary graduated from college 7 years ago with a degree in accounting. She obtained her CPA certification soon after she joined the firm where she currently works. Mary is a financial auditor; she has had little training in auditing computerized information systems.
The current engagement Mary is working on includes a complex information processing system with multiple applications. The financial accounting transactions are processed on a server. The IT department employs 25 personnel, including programmers, systems analysts, a database administrator, computer operators, technical support, and a director. Mary has not spoken with anyone in the department because she is fearful that her lack of technical knowledge relative to IT will cause some concern with the client.
Because Mary does not understand the complexities of the computer processing environment, she is unable to determine what risks might result from the computerized system’s operations. She is particularly worried about unauthorized changes to programs and data that would affect the reliability of the financial statements.
Mary has spoken to Dick Blick, the partner who has responsibility for this audit client, about her concerns. Dick has suggested that Mary conduct more substantive testing than she would undertake in a less complex processing environment. This additional testing will hopefully ensure that there are no errors or fraud associated with the computer processing of the financial statements.
Requirements
1. Do you think that Dick Blick’s suggested approach is the most efficient way to control risks associated with complex computer environments?
2. How should Mary respond to Dick’s suggestion?
3. What can a public accounting firm, such as the one in which Mary works, do to ensure that audits of computerized accounting information systems are conducted efficiently and effectively?
4. Should Mary be allowed to conduct this audit given her limited skill level?