Videos
The following is a list of 13 control plans from this chapter, followed by a list of 10 situations that have control implications. Match the 10 situations with the control plan that would best prevent the system failure from occurring. Because there are 13 control plans, you should have 3 letters left over.
Control Plans
- A. Firewall
- B. Backup batteries and generators
- C. Insurance
- D. Employee badges, guest sign-in, locks on computer room doors
- E. Hot site
- F. Intrusion detection systems
- G. Off-site storage of backup computer programs and data
- H. Training (personnel development)
- I. Personnel termination procedures
- J. Security guards
- K. Program change controls
- L. Operations run manuals
- M. Fidelity Bond
Situations
- 1. The computer users at the Identity Company do not know how to use the computer very well.
- 2. A computer hacker created a program to generate random user IDs and passwords. He used the random number program to access the computer system of Samson, Inc.
- 3. During the nightly computer run to update bank customers’ accounts for deposits and withdrawals for that day, an electrical storm caused a temporary power failure. The run had to be reprocessed from the beginning, resulting in certain other computer jobs not being completed on schedule.
- 4. A fire destroyed part of the computer room and the adjacent library of computer disks at Petunia, Inc. It took several months to reconstruct the data from manual source documents and other hard copy records.
- 5. A competitor flooded the Wolfeson Company Web server with false messages (i.e., a denial-of-service attack). The Web server, unable to handle all of this traffic, shut down for several hours until the messages could be cleared.
- 6. A group of demonstrators broke into a computer center and destroyed computer equipment worth several thousand dollars.
- 7. A computer programmer at Dover Company was fired for gross incompetence. During the two-week notice period, the programmer destroyed the documentation for all programs that he had developed since being hired.
- 8. The cash receipts clerk was on his way to the bank to deposit all the cash and checks received by the company that day when he decided that he would prefer to have a vacation in Brazil. The clerk kept the cash and cashed the checks. All the money was lost to the company.
- 9. A disgruntled programmer at the Going Company planted a logic bomb in the computer program that produced weekly payroll checks. The bomb was triggered to go off if the programmer were ever terminated. When the programmer was fired for continued absenteeism, the next weekly payroll run destroyed all the company’s payroll master data.
- 10. The computer systems at Club, Inc. were destroyed in a recent fire. It took Club several days to get its IT functions operating again.
1)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
The company I have the computer users, who do not know how to use the computer.
Determine the control plan for a given situation:
Training (personnel development): Training can be given to the users to use the computers in a better way.
2)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
A computer hacker generated random user ID and password using the program created by him and he used the ID and password to access the system of Company S
Determine the control plan for a given situation:
Intrusion detection systems: It helps to monitor the personnel who are all trying to access the network. It can also be used to detect denial-of-service attacks.
3)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given the situation:
A temporary power failure in Company D resulting in the run that update customer accounts details regarding deposits and withdrawals has to be processed from the beginning. Due to this, they could not able to complete the jobs on schedule.
Determine the control plan for a given situation:
Backup batteries and generators: Backup batteries help to protect the data from being erased due to power failure.
4)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
At Company P, the fire destroyed the computer room and the library of a computer disk. In order to reconstruct the data from hard copy records, it took several months.
Determine the control plan for a given situation:
Offsite-storage of backup computer programs and data: Offsite-storage helps to reconstruct the data without any difficulty.
5)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
A competitor of Company W flooded the web server of Company W with several messages and the server was shut down until the messages cleared.
Determine the control plan for a given situation:
Insurance: Insurance will help the firm to save the web server of the firm.
6)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
Demonstrators broke into the computer center and demolished the equipment that worth several thousand dollars.
Determine the control plan for a given situation:
Security guards: Having security guards will help the company to protect the firm and equipment from access.
7)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
At Company D, a computer programmer was fired for gross incompetence. He demolished all the programs developed by him since being hired.
Determine the control plan for a given situation:
Personnel termination procedures: The firm should have personnel termination procedure, which will restrict the employees who are working in a notice period to access certain things.
8)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
The clerk kept the cash and cashed the checks, as he prefers to have a vacation rather than depositing in the bank. All the money was lost to the company.
Determine the control plan for a given situation:
Fidelity bond: Fidelity bond will protect the policyholders from the fraudulent acts that are incurred by the specified individuals.
9)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
At Company G, a dissatisfied programmer planted a logic bomb in the computer and the bomb will destroy all the payroll master data if he was terminated by the company. The company’s payroll master data was destroyed, as he was fired for continued absenteeism.
Determine the control plan for a given situation:
Program change controls: Program change control is the control that would reduce the risk that is implemented by the unauthorized systems. A program that performs a credit check and validation should be prevented from the unauthorized alternation which can be done with the help of program change controls.
10)
To determine: The control plan for the given situation.
Introduction:
Accounting Information System (AIS) is said to be the specialized subsystem of the Information System (IS). AIS can be used in the business events for the purpose of collecting, processing, and reporting the financial information.
Explanation of Solution
Given situation:
In the recent fire, the computer systems at Company C was destroyed. It took them several days to re-function the operation again.
Determine the control plan for a given situation:
Hot site: The hot site can be able to accommodate many businesses and it is a fully equipped data center. The hot site will be available to client companies for subscriber fees. A hot site is costly and highly responsive.
Want to see more full solutions like this?
Chapter 8 Solutions
Accounting Information Systems
- Listed here are 20 control plans discussed in the chapter. On the blank line to the left of each control plan, insert a P (preventive), D (detective), or C (corrective) to classify that control most accurately. If you think that more than one code could apply to a particular plan, insert all appropriate codes and briefly explain your answer:arrow_forwardList at least five threats in the process of ERP implementation (any of these steps: ERP product brand selection, module design, installation, testing, and daily operation), and propose at least 10 controls to mitigate the threats in your list. For each threat, there should be at least one proposed control. Elaborate on both the threats and controls. An answer like “Threat 1: Theft of cash. Controls: a. surprise audits; b. running petty cash.” is not sufficient. You need to explain why you think theft of cash is a threat, and how the two controls can mitigate the risk of cash theft.arrow_forwardThe following is a list of 12 control plans from Chapter 8. These are followed by a list of 10 B/AR/CR business process controls or deficiencies. Match the 10 B/AR/CR business process control plans with a pervasive control plan from Chapter 8 that could prevent the deficiencies noted in the preceding list or have an impact on the successful execution of the business process control. Explain the impact that the pervasive control could have. Control Plans from Chapter 8 Access control software (i.e., assignment of access rights to employees) Selection, hiring, and supervision of billing clerks to ensure that they can and do carry out their assigned responsibilities Physical controls for perimeter, building, and computer facilities to prevent loss or destruction of the computer resources Preventive maintenance of computer hardware to ensure reliability and availability Systems development life cycle (SDLC), including testing and approval before implementation of new or revised programs…arrow_forward
- The following is a list of 12 control plans from Chapter 8. These are followed by a list of 10 B/AR/CR business process controls or deficiencies. Match the 10 B/AR/CR business process control plans with a pervasive control plan from Chapter 8 that could prevent the deficiencies noted in the preceding list or have an impact on the successful execution of the business process control. Explain the impact that the pervasive control could have. Control Plans from Chapter 8 Access control software (i.e., assignment of access rights to employees) Selection, hiring, and supervision of billing clerks to ensure that they can and do carry out their assigned responsibilities Physical controls for perimeter, building, and computer facilities to prevent loss or destruction of the computer resources Preventive maintenance of computer hardware to ensure reliability and availability Systems development life cycle (SDLC), including testing and approval before implementation of new or revised programs…arrow_forwardWhich preventive, detective, and/or corrective controls would best mitigate the following threat, and why? (d) An employee received an email purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the email to view the new policy, she infected her laptop.arrow_forwardGeneral Controls. Indicate the benefits of each of the following examples of general controls. a. Echo checks are designed and built into the computer by the manufacturer.b. The company schedules regular maintenance on its computer hardware.c. The company involves users in its design of programs and selection of prepackaged software and programs.d. New programs are tested and validated prior to being implemented.e. Documentation is required prior to modifying existing programs using “emergency”change orders.f. The duties of system analysts, programmers, and computer operators are appropriatelyseparated.g. Appropriate backup and data retention policies are implemented.h. The access rights granted to employees are periodically reviewed and evaluated, giving consideration to known changes resulting from promotions and transfers within the company.arrow_forward
- The following is a list of six control plans from this chapter, and these are followed by a list of five definitions or descriptions of control plans. Match the five definitions or descriptions with a control plan that best matches the definition. Because there are six control plans, you should have one letter left over. Control Plans A. Limit checks B. Tickler files C. Public key cryptography D. Compare input data with master data E. One-for-one checking F. Manual reconciliation of batch totals (hash totals) Definitions or Descriptions 1. Determines if a customer number has been input correctly. 2. Ensures that transmitted messages can be read only by authorized receivers. 3. A control plan that confirms a value that was entered is within a valid range. 4. An area (electronic or manual) where documents or other items are stored that need follow-up. 5. Used to detect changes in batches of events to ensure the validity, completeness, and accuracy of the batch.arrow_forwardWhich preventive, detective, and/or corrective controls would best mitigate the following threat, and why? (e)A company’s programming staff wrote custom code for the shopping cart feature on its website. The code contained a vulnerability that could be exploited when the customer typed in the ship-to address.arrow_forwardThe following is a list of six control plans (A-F). Please match the control plans to each of the control goals and system deficiencies identified in five different companies in the table, below. Control plans: A. Digital signature B. Manually reconcile batch totals C. Preformatted screens D. One-for-one checking of the goods, picking tickets and sales order E. Independent shipping authorization F. Turn around document Control goals and system deficiencies: 1. Zagreb, Inc. receives sales order on its Web server. Several times each day these are downloaded to the order entry and sales system. During the download process several line items are lost. 2. When goods arrive at Toronto Company's warehouse, the shipping clerk keys in the sales order number to retrieve the sales order. Often, the clerk keys the sales order number incorrectly and the wrong sales order is displayed. 3. Central Incorporated's customer send orders over the internet. Central is concerned that some of the orders are…arrow_forward
- Explain how internal control can be enhanced through the proper installation of Information Technology Identify the risks for accounting systems that rely heavily on IT functions. Distinguish between general controls and application controls and give examples at least five Which duties should be segregated in a computer department? Describe the typical duties of computer personnel. What aspects of documentation, file security and retention control procedures are unique to computer systems? What are the responsibilities of the database administrator (DBA) function? Compare the risks associated with network environment to those associated with centralized IT functions.arrow_forwardIdentify whether the following is either preventative, detective or directive controls:arrow_forwardMatch the two lists, below, by placing the capital letter from List 1 in each of the cells preceding the five descriptions in List 2 to which they best relate. One description in List 2 can be answered with 2 matches from List 1. Therefore, you should have 2 letters left over from List 1. List 1: Concepts A. Application (i.e., automated) control. B. Corrective control. C. Control environment. D. Input validity. E. Input completeness. F. Input accuracy G. Update completeness. H. Efficient use of resources. List 1: Capital letter List 2: Definitions/Descriptions 1. Insurance policy reimburses a company for losses due to a fire in a warehouse. 2. Shipping notices have a serial number that is tracked to ensure that they are all input. 3. Computer reviews each input to ensure that all the required data are included. 4. Inventory movements are tracked with a scanner to reduce manual counting. 5. Purchase orders are signed to approve the purchase.arrow_forward
Accounting Information SystemsFinanceISBN:9781337552127Author:Ulric J. Gelinas, Richard B. Dull, Patrick Wheeler, Mary Callahan HillPublisher:Cengage Learning
Pkg Acc Infor Systems MS VISIO CDFinanceISBN:9781133935940Author:Ulric J. GelinasPublisher:CENGAGE L