Você está na página 1de 126

Chapter 9—Controlling Information Systems: Business Process Controls

TRUE/FALSE

1. Specifying control goals is the first step in building a control matrix.

ANS: T

2. In the control matrix the M stands for present controls.

ANS: F

3. A control matrix is a tool that assists in evaluating the control goals and recommended control plans of
an information system.

ANS: T

4. Control efficiency addresses whether the control goals are being achieved.

ANS: F

5. Control effectiveness addresses how individual control plans achieve multiple control goals.

ANS: F

6. The purpose of security controls is to ensure that entity resources are protected from loss, destruction,
disclosure, copying, sale, or other misuse.

ANS: T

7. The following symbol represents a computer process.

ANS: F

8. The following symbol represents a manual process.

ANS: F

183
Controlling Information Systems: Business Process Controls 184

9. The following symbol represents manual keying.

ANS: T

10. The following symbol represents automated keying.

ANS: F

11. Control redundancy addresses whether multiple control plans are directed toward the same control
goal.

ANS: T

12. The purpose of input goals is to ensure input validity, input completeness and input accuracy.

ANS: T

13. The use of the letter P in a control matrix represents a missing control plan.

ANS: F

14. The most error prone and inefficient steps in an operations or information process is master file
updates.

ANS: F

15. A control plan that makes it easier to prepare the document initially and later to input data from the
document is called document design.

ANS: T

16. Written approval takes the form of a signature or initials on a document to indicate that the proper
person has authorized the event.

ANS: T

17. Online prompting helps guide the online entry of data by defining the acceptable length of each data
field and often dictating the acceptable format of certain fields.

ANS: F
Controlling Information Systems: Business Process Controls 185

18. Preformatted screens describes a computer system's asking the user for input or asking questions that
the user must answer.
ANS: F

19. Programmed edit checks are edits automatically performed by data entry programs upon entry of the
input data.
ANS: T

20. Another name for a reasonableness check is a credit limit check.

ANS: F

21. Dollar totals represent a summarization of any numeric data field within the input document or record.
ANS: F

22. The edit that compares calculations performed manually with those performed by the computer to
determine if a document has been entered correctly is referred to as mathematical accuracy checks.
ANS: T

23. A check digit is an extra digit that is added to an identification number to help control the accuracy
with which the number is entered into a computer system.
ANS: T

24. Interactive feedback checks help ensure input completeness by informing the user that the input has
been accepted and recorded.

ANS: T

25. The control plan called data verification is designed to reduce the possibility that one person will
misread or miskey data.

ANS: F

26. A dependency check employs data encryption--specifically public-key cryptography--to authenticate a


system user's identity and to verify the integrity of a message transmitted by that user.

ANS: F

27. A digital signature tests whether the contents of two or more data fields bear the correct logical
relationship.

ANS: F

28. An exception and summary report reflects the transactions that were accepted by the system and
processed and those that were rejected by the system.

ANS: T
Controlling Information Systems: Business Process Controls 186

29. Master data control plans regulate transaction processing by calculating control totals at various points
in a processing run and subsequently comparing these totals.
ANS: F

30. Document/record counts are simple counts of the number of documents entered.
ANS: T

31. A count of the number of invoices being paid by all of the customer remittances is a type of batch
control total called a line or item count.
ANS: T

32. The total dollar value of all invoice totals in a batch of sales invoices is called a hash total.

ANS: F

33. A hash total is the general term to describe the summation of data that would not normally be totaled
except for control purposes.

ANS: T

34. A turnaround document is a document that is printed as an output of multiple computer processes and
is used to capture and input a previous transaction.

ANS: F

35. Batch control plans regulate information processing by calculating control totals at various points in a
processing run and subsequently comparing those totals.

ANS: T

36. In order to implement either a batch sequence check or cumulative sequence check, transactions must
be captured on prenumbered documents.

ANS: T

37. Dollar totals are a summarization of the dollar value of items in the batch.
ANS: T

38. In a batch sequence check a computer program sorts the transactions into numerical order, checks the
documents against the sequence number range, and reports missing, duplicate, and out-of-range event
data.

ANS: T

39. The cumulative sequence check provides input control in those situations in which the serial numbers
are assigned within the organization but later are not entered in perfect serial number sequence.

ANS: T
Controlling Information Systems: Business Process Controls 187

40. Data encryption is a process that employs mathematical algorithms and keys to encode data so that it is
unintelligible to the human eye.

ANS: T

MULTIPLE CHOICE

1. The two primary steps in preparing the control matrix include


a. specifying control goals, recommending control plans
b. specifying control plans, specifying input goals
c. specifying the control environment, identifying information process goals
d. specifying control procedures, identifying process goals
ANS: A

2. The purpose of __________ control goals is to ensure the successful accomplishment of the goals set
forth for the business process under consideration.
a. efficiency
b. effectiveness
c. security
d. input
ANS: B

3. The purpose of __________ control goals is to ensure that all resources used throughout the business
process are being employed in the most productive manner.
a. efficiency
b. effectiveness
c. security
d. input
ANS: A

4. The purpose of __________ control goals is to ensure that entity resources are protected from loss,
destruction, disclosure, copying, sale, or other misuse..
a. efficiency
b. effectiveness
c. security
d. input
ANS: C

5. Immediately endorsing incoming checks satisfies the control goal of


a. ensure effectiveness of operations
b. update completeness and accuracy
c. input accuracy
d. ensure security of resources
ANS: D
Controlling Information Systems: Business Process Controls 188

6. The purpose of input goals is to ensure that


a. input validity, completeness, and accuracy
b. update completeness and accuracy
c. input accuracy
d. none of the above
ANS: A

7. In a control matrix the coding P-1 means


a. process 1
b. process 1 is present
c. process 1 is missing
d. none of the above
ANS: B

8. In a the columns representing control goals in a control matrix, the coding M-1 means
a. a major control plan
b. a missing control plan
c. process 1 is missing
d. none of the above
ANS: C
9. The most error prone and inefficient steps in an operations or information process is
a. report generation
b. master data update
c. data entry
d. none of the above
ANS: C
10. The columns in a control matrix contain headings describe the system's:
a. control goals
b. control plans
c. control environment
d. control procedures
ANS: A

11. In the control matrix, the rows represent:


a. control goals of the operations system
b. recommended control plans including present and missing controls
c. control goals of the information system
d. control goals of the management system
ANS: B
12. Having too many control plans directed at the same control goal is called:
a. control efficiency
b. control effectiveness
c. control redundancy
d. control completeness
ANS: C
Controlling Information Systems: Business Process Controls 189

13. Which of the following symbols represents manual keying?


a.

b.

c.

d.

a. Symbol a.
b. Symbol b.
c. Symbol c.
d. Symbol d.
ANS: B

14. Which of the following symbols represents a manual process?


a.

b.

c.
Controlling Information Systems: Business Process Controls 190

d.

a. Symbol a.
b. Symbol b.
c. Symbol c.
d. Symbol d.
ANS: C

15. Which of the following symbols represents a computer process?


a.

b.

c.

d.

a. Symbol a.
b. Symbol b.
c. Symbol c.
d. Symbol d.
ANS: A
Controlling Information Systems: Business Process Controls 191

16. As an exception to the general rule, which one of the following is not necessarily included in the
systems flowchart?
a. control plan for input accuracy
b. control plan for ensuring efficient employment of resources
c. control plan for ensuring effective employment of resources
d. none of the above
ANS: B

17. Which of the following control plans does not address the control goal of input accuracy?
a. document design
b. written approvals
c. preformatted screens
d. online prompting
ANS: B

18. Which of the following is a control plan in which the source document is designed to make it easier to
prepare the document for input?
a. document design
b. written approval
c. preformatted screens
d. online prompting
ANS: A

19. Which of the following is a control plan that takes the form of signatures or initials on a document to
indicate that a person has authorized the event?
a. document design
b. written approval
c. preformatted screens
d. online prompting
ANS: B

20. Which of the following is a control plan that controls the entry of data by defining the acceptable
format of each data field?
a. document design
b. written approval
c. preformatted screens
d. online prompting
ANS: C

21. Which of the following is a control plan that requests user input or asks questions that the user must
answer?
a. document design
b. written approval
c. preformatted screens
d. online prompting
ANS: D
Controlling Information Systems: Business Process Controls 192

22. A user mistakenly enters the data June 31. The programmed edit check that will detect this error is:
a. online prompting
b. mathematical accuracy check
c. preformatted screen
d. reasonableness check
ANS: D

23. Which of the following reflects a summarization of any numeric data field within the input document
or record?
a. reasonableness check or limit check
b. document/record hash totals
c. mathematical accuracy check
d. check digit verification
ANS: B

24. Which of the following compares manual calculations to computer calculations?


a. reasonableness check or limit check
b. document/record hash totals
c. mathematical accuracy check
d. check digit verification
ANS: C

25. A control that can be used to ensure that all of the characters of a social security number are entered by
a data entry clerk is:
a. dependency check
b. rejection procedures
c. preformatted screens
d. turnaround documents
ANS: C

26. A written approval in the form of a signature or initials on a document indicating that a person has
authorized the event achieves the control goal of:
a. input validity
b. input completeness
c. input accuracy
d. update accuracy
ANS: A

27. A control that can be used to reduce the likelihood of a transposition occurring when an account
number is entered through a remote terminal is:
a. check digit verification
b. data encryption
c. preformatted screens
d. reasonableness checks
ANS: A
Controlling Information Systems: Business Process Controls 193

28. Which of the following control plans is designed to achieve the goal of input completeness?
a. key verification
b. interactive feedback check
c. programmed edit check
d. written approvals
ANS: B

29. A control whose primary purpose is to ensure greater input accuracy is:
a. tickler file
b. preformatted screens
c. interactive feedback checks
d. procedures for rejected inputs
ANS: B

30. Not knowing whether input data has been accepted by the information system, the user enters the data
again, resulting in duplicate event data. The control plan that helps to prevent this error is:
a. key verification
b. interactive feedback check
c. check digit verification
d. online prompting
ANS: B

31. Which of the following control plans is designed to achieve the goal of input accuracy?
a. key verification
b. interactive feedback check
c. batch sequence check
d. cumulative sequence check
ANS: A

32. A control in which two people key the same inputs into a system where they are automatically
compared is called:
a. online prompting
b. key verification
c. computer matching procedures
d. a redundancy check
ANS: B

33. Which of the following control plans is designed both to authenticate a system user's identity and to
verify the integrity of a message transmitted by that user?
a. coding schemes
b. digital signature
c. preformatted screens
d. checking of digit verification
ANS: B
Controlling Information Systems: Business Process Controls 194

34. A control that is primarily directed at ensuring input validity is:


a. digital signature
b. preformatted screens
c. interactive feedback checks
d. online prompting
ANS: A

35. In the control matrix for data entry with master data, digital signatures addresses all of the following
control goals except:
a. ensure security of resources
b. input completeness
c. input validity
d. input accuracy
ANS: C

36. A sales representative enters the customer's account number and the system retrieves certain data about
the customer from master data. This control plan addresses all of the control goals except:
a. ensure efficient employment of resources
b. input completeness
c. input accuracy
d. update completeness
ANS: D

37. A digital signature is aimed primarily at ensuring which of the following information system control
goals?
a. input validity
b. input completeness
c. input accuracy
d. update completeness
ANS: A

38. All of the following are types of programmed edit checks except:
a. a proximity check
b. a document/record hash total
c. a mathematical accuracy check
d. a reasonableness check
ANS: A

39. Which of the following is not a programmed edit check?


a. online prompting
b. check digit verification
c. dependency checks
d. limit checks
ANS: A
Controlling Information Systems: Business Process Controls 195

40. A control report generated by a system that shows data about transactions that were accepted or
rejected during a transaction processing step is called a(n):
a. violation report
b. exception and summary report
c. variance report
d. program change log
ANS: B

41. Which of the following is a batch control total that represents the minimum level of control for input
completeness?
a. dollar totals
b. record counts
c. hash totals
d. item counts
ANS: B

42. A summation of customer account numbers taken from a batch of sales invoices would be classified as
a:
a. record count
b. line count
c. dollar total
d. hash total
ANS: D

43. Which batch control total generally has no other purpose than control?
a. dollar totals
b. record counts
c. hash totals
d. item counts
ANS: C

44. Which of the following types of batch totals is likely to be most effective in assuring the control goal
of input accuracy?
a. line counts
b. document/record counts
c. item counts
d. hash totals
ANS: D

45. When they are sent to a customer and returned with the payment, remittance advices are examples of:
a. batch control totals
b. computer-prepared documents
c. written approval controls
d. turnaround documents
ANS: D
Controlling Information Systems: Business Process Controls 196

46. Which of the following activities is not part of the computer agreement of batch totals:
a. A batch total is manually computed prior to data entry.
b. Data shown on source documents are key entered or scanned.
c. The computer produces a report that includes a batch total.
d. A person reconciles the manual and computer batch totals.
ANS: D

47. Which of the following controls requires that documents be prenumbered before it can be
implemented?
a. completeness check
b. sequence check
c. batch total matching
d. key verification
ANS: B

48. Inputting a range of numbers comprising a batch and then inputting each serially numbered document
is characteristic of the control plan called:
a. cumulative sequence check
b. batch sequence check
c. suspense file of missing numbers
d. computer agreement of batch totals
ANS: B

49. Which of the following statements related to tickler files is false?


a. A tickler file is reviewed on a regular basis for items that do not clear the file on a timely
basis.
b. A tickler file can consist of documents or computer records.
c. A tickler file addresses the control goal of update accuracy.
d. A tickler file addresses the control goal of input completeness.
ANS: C

50. The process of encoding data so that it may only be read by someone having a key is called:
a. a coding scheme
b. encryption
c. dependency checks
d. check digit verification
ANS: B

51. Plaintext and ciphertext are terms associated with __________.


a. coding schemes
b. hash totals
c. programmed edit checks
d. data encryption
ANS: D
Controlling Information Systems: Business Process Controls 197

COMPLETION

1. Specifying ___________________ is the first step in building a control matrix.


ANS: control goals

2. In the control matrix the P stands for __________ controls.


ANS: present

3. A _______________ is a tool that assists in evaluating the control goals and recommended control
plans of an information system.
ANS: control matrix

4. Control ________________ addresses whether the control goals are being achieved.
ANS: effectiveness

5. Control ______________ addresses how well individual control plans achieve multiple control goals.
ANS: efficiency

6. The purpose of __________ controls is to ensure that entity resources are protected from loss,
destruction, disclosure, copying, sale, or other misuse.

ANS: security

7. The following symbol represents a(n) ______________.

ANS: manual process

8. The following symbol represents a(n) ______________.

ANS: computer process

9. The following symbol represents ______________.

ANS: manual keying


Controlling Information Systems: Business Process Controls 198

10. Control _________________ addresses whether multiple control plans are directed toward the same
control goal.

ANS: redundancy

11. The purpose of input goals is to ensure input validity, input ___________, and input _________.

ANS: completeness, accuracy

12. The use of the letter M in a control matrix represents a(n) ____________________.

ANS: missing control or missing control plan

13. The most error prone and inefficient steps in an operations or information process is (are)
____________.

ANS: data entry or when humans enter data into the system

14. A control plan that makes it easier to prepare the document initially and later to input data from the
document is called ____________________.

ANS: document design

15. ____________________ takes the form of a signature or initials on a document to indicate that the
proper person has authorized the event.

ANS: Written approval

16. ____________________ help guide the online entry of data by defining the acceptable length of each
data field and often dictating the acceptable format of certain fields.

ANS: Preformatted screens

17. ____________________ describes a computer system's asking the user for input or asking questions
that the user must answer.

ANS: Online prompting

18. ____________________ are edits automatically performed by data entry programs upon entry of the
input data.

ANS: Programmed edit checks

19. Another name for a(n) ____________________ check is a limit check.

ANS: reasonableness

20. ____________________ represent a summarization of any numeric data field within the input
document or record.

ANS: Hash totals


Controlling Information Systems: Business Process Controls 199

21. The edit that compares calculations performed manually with those performed by the computer to
determine if a document has been entered correctly is referred to as ____________________.

ANS: mathematical accuracy checks

22. A(n) ____________________ digit is an extra digit that is added to an identification number to help
control the accuracy with which the number is entered into a computer system.

ANS: check

23. ____________________ help ensure input completeness by informing the user that the input has been
accepted and recorded.

ANS: Interactive feedback checks

24. The control plan called ____________________ is designed to reduce the possibility that one person
will misread or miskey data.

ANS: key verification

25. A(n) ____________________ employs data encryption--specifically public-key cryptography--to


authenticate a system user's identity and to verify the integrity of a message transmitted by that user.

ANS: digital signature

26. A(n) _____________ and ______________ report is a computer-generated report that reflects the
events--either in detail, summary total, or both--that were accepted by the system and rejected by the
system.

ANS: exception and summary

27. ____________________ regulate transaction processing by calculating control totals at various points
in a processing run and subsequently comparing those totals.

ANS: Batch control plans

28. ____________________ are simple counts of the number of documents entered.

ANS: Document/record counts

29. A count of the number of invoices being paid by all of the customer remittances is a type of batch
control total called a(n) ____________________.

ANS: line or item count

30. The total dollar value of all invoice totals in a batch of sales invoices is called a(n)
____________________.

ANS: dollar total


Controlling Information Systems: Business Process Controls 200

31. A(n) ____________________ is the general term to describe the summation of data that would not
normally be totaled except for control purposes.

ANS: hash total

32. A(n) ____________________ is a document that is printed as an output of one computer process and
is used to capture and input a subsequent transaction.

ANS: turnaround document

33. In the control matrix for data entry with batches, the control plan “compare picking tickets and packing
slips” helps to ensure the control goals of effectiveness of operations and ensure ________________.

ANS: security of resources

34. In order to implement either a batch sequence check or cumulative sequence check, transactions must
be captured on ____________________ documents.

ANS: prenumbered

35. _______________ are a summarization of the dollar value of items in the batch.

ANS: Dollar totals

36. In a(n) ____________________ a computer program sorts the transactions into numerical order,
checks the documents against the sequence number range, and reports missing, duplicate, and out-of-
range event data.

ANS: batch sequence check

37. The ____________________ provides input control in those situations in which the serial numbers are
assigned within the organization but later are not entered in perfect serial number sequence.

ANS: cumulative sequence check

38. ____________________ is a process that employs mathematical algorithms and keys to encode data
so that it is unintelligible to the human eye.

ANS: Data encryption


Controlling Information Systems: Business Process Controls 201

PROBLEM

1. The workings of the control plan computer agreement of batch totals are described in Chapter 9 as
follows (paraphrased):

• First, one or more of the batch totals discussed in Chapter 9 are established manually
(assume this is done in the billing department).
• Then, the manually prepared total must be entered into the computer and is written to
a computer batch control totals file (assume that the keying is done in a data entry
unit of the data center).
• As individual transactions are entered, a computer program accumulates independent
batch totals and compares these totals with the ones prepared manually and entered
at the start of the processing.
• The computer then prepares an "Error and Summary Report," which usually contains
details of each batch, together with an indication of whether the totals agreed or
disagreed.

Required:

Prepare a system flowchart to diagram the above process. Assume that batches of transactions are
input through a network computer device located in the billing department; the network computer is
wired directly to a centralized mainframe computer.

ANS:
Controlling Information Systems: Business Process Controls 202

2. The workings of the control plan batch sequence check are described in Chapter 9 as follows
(paraphrased):

• First, the range of serial numbers composing a batch of documents is entered


(assume that key entry is done in a data entry unit of the data center).
• Then, data from each individual, serially prenumbered document is entered.
• Finally, the computer program sorts the event data into numerical order, checks the
document numbers against the sequence number range, and prints a "Report of
Missing, Duplicate, and Out-of-Range Numbers."

Required:

Prepare a system flowchart to diagram the above process. Assume that batches of documents are input
through a network computer (NC) device located in the billing department; the NC is connected
directly to a centralized mainframe computer.
Controlling Information Systems: Business Process Controls 203

ANS:
Data center

Data entry Computer

Prenumbered
source
documents

Record
Key serial Number Number
number range Change table

Prenumbered
source
documents
Check documents
against sequence
number range &
print report of
Record event
missing, duplicate,
Key individual data
and out of range
events numbers

Report of
missing,
duplicate, or
out of range
Event data numbers

Sort events into


numerical
order

Sorted
event data

3. Figure TB-9.3 shows eight flowchart segments taken from the Chapter 9 flowcharts. The segments--
identified A through I--have been stripped of almost all labels.
Controlling Information Systems: Business Process Controls 204

Segment D Segment G
Segment A

Segment B Segment E Segment H

Segment I
Segment C Segment F

Required:

On the blank line to the left of each numbered description that follows, place the capital letter of the
flowchart segment from Figure TB-9.4 that best matches that description. Since there are ten
descriptions, one answer space will be left blank.

FLOWCHART DESCRIPTION
Answers

_____ 1. After resolving discrepancies, a data entry clerk keys corrections. The
computer processes the corrections and a screen message confirms that the
corrections were accepted.

_____ 2. The computer edits/validates input by reference to data residing in a master


data, records event data and prints a single error and summary report.

_____ 3. The user resolves discrepancies displayed by the computer system and keys in
any corrections that are necessary.
Controlling Information Systems: Business Process Controls 205

_____ 4. The computer records events in event data, updates the master data, and a
screen message confirms that the input has been accepted.

_____ 5. An employee in a user department assembles source documents into batches


and prepares batch totals.

_____ 6. At a remote location, a user enters data into a central computer system. The
system edits the input and displays a message on screen informing the user of
any errors.

_____ 7. A data entry clerk enters batch totals and the data from source documents.
The master data is updated and a screen message is displayed.

_____ 8. A data entry clerk enters data on a source documents. The computer edits the
input and a screen message is displayed for any input errors.

_____ 9. A user compares output totals shown on an error and summary report with
input totals shown on a batch control tape.

ANS:

Description Flowchart
Number Segment
1. F
2. C
3. G
4. A
5. B
6. H
7. I
8. E
9. D

4. The following is a list of 14 control plans.

Control Plans
A. Enter data close to the originating source
B. Preformatted screens
C. Interactive feedback checks
D. Programmed edit checks
E. Document design
F. Key verification
G. Written approvals
H. Digital signatures
I. Rejection procedures
Controlling Information Systems: Business Process Controls 206

Required:

Listed below are eight system failures that have control implications. On the blank line to the left of
each number, insert the capital letter from the list above of the best control plan to prevent the system
failure from occurring. (If you can't find a control that will prevent the failure, then choose a detective
plan or, as a last resort, a corrective control plan). A letter should be used only once.

SYSTEM FAILURES
Answers

_____ 1. A clerk logged on to an online cash receipts system by entering the date of
April 38, 20XX, instead of the correct date of April 28, 20XX. As a result, all
cash receipts recorded that day were posted under an incorrect date.

_____ 2. Wabash Company enters shipping notices in batches. Upon entry, the
computer performs certain edits to eliminate those notices that have errors. As
a result, many actual shipments never get recorded.

_____ 3. At Nouveau Boutique, several different sales clerks prepare sales slips during
the day. The sales slips are then keyed into the computer at Nouveau
Boutique at the end of the day. However, numerous errors occur because the
layout of the sales slips is difficult for the data entry clerk to follow.

_____ 4. Pitney Co. recently converted to an online order entry system. Clerks key in
customer order data at one of several PCs. In the first week of operations,
every sales order produced by the system was missing the data for the
customer's "ship to" address.

_____ 5. A computer hacker gained access to the computer system of East Suburban
Bank and entered a transaction to transfer funds to her bank account in the
British West Indies.

_____ 6. Data entry clerks at the Videotron Company use key-to-disk units to prepare a
variety of inputs for entry into the computer and the computer performs an
agreement of batch totals. Recently, a number of errors have been found in
key numeric fields. The supervisor would like to implement a control to
reduce the transcription errors being made by the clerks.

_____ 7. At Cosmo Co., field salespersons call on customers and take customer orders
by recording them on sales order forms. The forms are mailed by each
salesperson each night to Cosmo's central data center for processing. The
company has been besieged by customer complaints about how long it takes
to receive their orders and about being shipped incorrect goods.

_____ 8. Ajax, Inc., recently installed a new cash receipts system. A clerk keys in
remittance data through a terminal located in the accounts receivable
department. On the first day of operations, because of a program bug, all
remittances entered failed to get posted to the accounts receivable master file.
Although the computer performs an agreement of batch totals, the clerk had
no idea that the system did not perform the master data update process.
Controlling Information Systems: Business Process Controls 207

_____ 9. At Infotech Inc., data entry clerks receive a variety of inputs from many
departments throughout the company. In some cases, unauthorized inputs are
keyed and entered into the computer.

ANS:

System
Failure Answer
1. D
2. I
3. E
4. B
5. H
6. F
7. A
8. C
9. G

5. The following is a list of 8 control plans:

Control Plans

A. Populate inputs with master data E. Document design


B. Cumulative sequence check F. Preformatted screens
C. Turnaround documents G. Dependency check
D. Document/record counts H. Hash total

Required:

Listed below are eight statements describing either the achievement of a control goal (i.e., a system
success) or a system deficiency. On the blank line to the left of each number, insert the capital letter
from the list above of the best control plan to achieve the described goal or to address the system
deficiency. A letter should be used only once, with four letters left over.

CONTROL GOALS OR SYSTEM DEFICIENCIES


Answers

_____ 1. Helps to achieve the information systems control goal of input accuracy by
ensuring that dates are properly entered as MM/DD/YY.

_____ 2. According the control matrix for data entry with batches, by using a pre-
recorded bar code to trigger an event, this control plan ensures effectiveness
of operations and improves efficiency by reducing the amount of data that
must be input and by improving the speed and productivity of data entry. In
addition, this control plan improves input validity, and improves input
accuracy.

_____ 3. This control plan could help prevent the entry of inconsistent data elements,
such as entering a tax code for a customer to whom sales should be
nontaxable.
Controlling Information Systems: Business Process Controls 208

_____ 4. According to the control matrix for data entry with master data, when the
order entry clerk types in the customer number, the system automatically
retrieves the customer's name, address, and other standing data from the
customer master data. In this way, resources are used more efficiently.

_____ 5. This control plan should prevent a field salesperson from omitting data
elements when filling in the sales order form on his/her notebook computer.

_____ 6. In entering a batch of remittance advices into the computer, an operator


made several errors in keying the customer identification numbers.
However, the errors were detected when the total of the customer ID
numbers that were input did not agree with the corresponding total
calculated from the source documents.

_____ 7. This control plan helps to identify duplicate, missing, and out-of-range
document numbers by comparing input numbers with a previously stored
number range.

_____ 8. This batch control total does not help to ensure input accuracy, nor would it
detect the fact that one record in a batch was removed and substituted with
another.

ANS:

Control Control
Goal/ Goal/
System System
Deficiency Answer Deficiency Answer
1. F 5. E
2. C 6. H
3. G 7. B
4. A 8. D

6. The following is a systems flowchart for data entry with master data available. Create a control
matrix based on this flowchart.
Controlling Information Systems: Business Process Controls 209

Use the following columns for your control matrix from left to right:

1. Recommended control plans

Control Goals for the Operations Process


2. Ensure effectiveness of operations
3. Ensure efficient employment of resources
4. Ensure security of resources

Control Goals for the Information Process


5. For the (blank) inputs, ensure:
Divide this column up into IV, IC, IA columns
6. For the (blank) master data, ensure:
Divide this column up into UC, UA columns

Use a legend:
IV = Input Validity
IC = Input completeness
IA = Input accuracy
UC = Update completeness
UA = Update accuracy

ANS:
Controlling Information Systems: Business Process Controls 210
Controlling Information Systems: Business Process Controls 211

Chapter 10—The Order Entry/Sales (OE/S) Process

TRUE/FALSE

1. The order entry/sales (OE/S) process includes the first four steps in the order to cash process.
ANS: T

2. The first step in the order-cash process is sales order processing.


ANS: F

3. Customers expect convenient and timely access to information about their order from order initiation
to product delivery.
ANS: T

4. The OE/S process helps support the decision needs of the accounting department.

ANS: F

5. One of the primary functions of the OE/S is to create information flows which support the repetitive
work routines of the sales order, shipping, and credit departments.

ANS: T

6. The flow of information from OE/S to marketing managers is an example of horizontal information
flows.
ANS: F

7. The flow of information from OE/S to the credit department is an example of vertical information
flows.
ANS: F

8. For companies using enterprise systems CRM systems often share the same underlying database and
gather data about the firm’s customer population.

ANS: T

9. A sales order form is a business document that captures vital customer and order data and facilitates
the credit-granting and shipment functions of the order entry/sales (OE/S) process.

ANS: T

10. Data base management systems are designed to provide detailed data for a specific set of users while
avoiding the costly development and extensive time delays that come from the development of a
comprehensive data warehouse.
Controlling Information Systems: Business Process Controls 212

ANS: F

11. A CRM system is designed to manage all the data related to customers, such as marketing, field
service, and contact management data.

ANS: T

12. Sell-side systems use the Internet to automate and manage corporate vendors and purchases.

ANS: F

13. Buy-side systems are designed to allow a company to market sell deliver and service goods and
services to customers throughout the world via the Internet.

ANS: F

14. XML is a generalized system for the customized tagging of data to enable the definition, transmission,
and interpretation of data exchanged by systems over the Internet.

ANS: T

15. The buzzword in CRM which means the grouping of customers into categories based on key
characteristics is itemization.

ANS: F

16. In the OE/S process context diagram, the one input that creates the seven outputs of inventory sales
update, shipping’s billing notification, sales order notification, bill of lading, packing slip, payroll data
for commissions, and customer acknowledgement is the customer order.

ANS: T

17. When a source document provides authority for a business activity to occur, the source document is
said to trigger the activity.

ANS: T

18. If a check of the customer master data shows that the goods requested on a customer order are not in
stock, an exception routine called a back order is initiated.

ANS: F

19. A packing slip authorizes the warehouse to remove goods from the warehouse and send them to the
shipping department.

ANS: F

20. A picking ticket is affixed to the inventory package sent to the customer and identifies the customer
and the contents of the package.
Controlling Information Systems: Business Process Controls 213

ANS: F

21. Vendor acknowledgements are sent to vendors to notify them that their orders have been accepted and
to inform them of the expected delivery date.

ANS: F

22. A bill of lading is the document representing the contract between the shipping company and the
common carrier.

ANS: T

23. In the OE/S process level 0 diagram, the sales order notification is sent to billing/AR/CR from the
bubble for validate sales order.

ANS: T

24. If a customer refuses to accept a back order, then the sales order is terminated as shown by the accept
data flow.

ANS: F

25. A customer acknowledgement is sent to the customer to notify him or her of the order’s acceptance
and the expected shipping date.

ANS: T

26. A customer acknowledgement is sent to the billing department to notify them of a pending shipment.

ANS: F

27. In the E-R diagram for OE/S, SALES_ORDERS activates the STOCK_PICK.

ANS: T

28. In the E-R diagram for OE/S, STOCK_PICK triggers the SALES_INVOICES.

ANS: F

29. In the E-R diagram for OE/S, SHIPMENTS generate the SALES_INVOICES.

ANS: T

30. The marketing data is a repository of a variety of sales-oriented data, some of which results from
recording sales events and some of which does not produce event data, such as a customer inquiry.

ANS: T

31. The inventory master data normally contains standing data about each customer, such as name, billing
and ship-to addresses, and telephone number.
Controlling Information Systems: Business Process Controls 214

ANS: F

32. The customer master data is a data store that contains data identifying the particular characteristics of
each customer.

ANS: T

33. The completed picking ticket file provides an audit trail of authorized inventory transfers made
between the warehouse and the shipping department.

ANS: T

34. Records in the sales order master data are created upon the completion of a sales order and are closed
out once the order has been shipped.

ANS: T

35. OCR devices that use light reflection to read differences in code patterns in order to identify a labeled
item.

ANS: F

36. Bar code readers are used to recognize patterns of handwritten or printed characters.

ANS: F

37. Output devices that capture printed images or documents and convert them into electronic digital
signals that can be stored in computer media are called scanners.

ANS: F

38. When a customer service representative enters data into the OE/S system, the first screen prompt is
usually for the customer number.

ANS: T

39. A tickler file is one that is reviewed on a current and regular basis for the purpose of taking action to
clear the items from that file.

ANS: T

40. Preformatted screens in the order entry/sales process is a control plan that involves the detailed
comparison of the individual elements appearing on two source documents.

ANS: F

41. One-for-one checking in the order entry/sales process is a control plan that simplifies the data entry
process, and may prevent the customer service representative from omitting data, to fill in certain
fields, and reject incorrectly formatted fields to reduce input errors.

ANS: F
Controlling Information Systems: Business Process Controls 215

42. Online prompting in the order entry/sales process is a control plan that advises the customer service
representative to check their data entries before moving on.

ANS: T

43. Interactive feedback checks in the order entry/sales process is a control plan that tells the customer
service representative that the order and shipments have been accepted.

ANS: T

44. Customer credit check is a control plan that ensures that the organization protects its resources by
dealing only with customers who have demonstrated an ability to satisfy their liabilities.

ANS: T

MULTIPLE CHOICE

1. The order entry/sales (OE/S) process is part of the __________ cycle.


a. revenue
b. expenditure
c. conversion
d. general ledger/financial reporting
ANS: A

2. The order entry/sales (OE/S) process handles the processing and shipment of a customer order while
another process actually bills the customer. With such a configuration, you would not expect the OE/S
system to interface directly with the __________.
a. billing/accounts receivable/cash receipts process
b. inventory process
c. general ledger process
d. human resource process
ANS: D

3. The OE/S process includes the first four steps in the order to sales process. The order of these four
steps is
a. pre-sales activities, sales order processing, picking and packing, shipping
b. pre-sales activities, picking and packing, sales order processing, shipping
c. pre-sales activities, picking and packing , shipping, sales order processing
d. none of the above
ANS: A

4. The primary function of the order entry/sales (OE/S) process includes:


a. identifying decisions made by marketing personnel
b. highlighting the key organizational features of the marketing function
c. producing financial statements
d. meeting the decision needs of those who manage various sales and marketing functions
Controlling Information Systems: Business Process Controls 216

ANS: D

5. In addition to the warehousing function, the three primary departments that you would expect to be
part of a typical order entry/sales (OE/S) process are:
a. sales order, shipping, and credit
b. sales order, shipping, and accounts receivable
c. sales order, credit, and accounts receivable
d. credit, shipping, and accounts receivable
ANS: A

6. The ultimate goal of the OE/S process is


a. to ensure accuracy of order entry and sales events
b. to ensure increasing sales volume through the OE/S process
c. to provide value to the customer
d. none of the above
ANS: C

7. From the standpoint of good internal control, which of the following managers should not report
(either directly or through an intermediate supervisor) to the vice president of marketing?
a. manager--new product development
b. manager--customer sales and service
c. manager--credit department
d. manager--sales order department
ANS: C

8. When the sales order department acknowledges a customer order, it is an example of a:


a. vertical information flow
b. horizontal information flow
c. both vertical and horizontal information flow
d. neither vertical nor horizontal information flow
ANS: B

9. When the sales-related data are captured in the sales order department and then the information flows
to the managers housed in the marketing department, it is an example of a:
a. vertical information flow
b. horizontal information flow
c. both vertical and horizontal information flow
d. neither vertical nor horizontal information flow
ANS: A

10. Which of the following is a horizontal information flow?


a. sales order department requests credit approval from credit department
b. sales order department acknowledges the order to the customer
c. warehousing sends completed picking ticket to shipping
d. all of the above are horizontal information flows
ANS: D
Controlling Information Systems: Business Process Controls 217

11. With companies facing global competition, firms are recognizing that their most important asset is?
a. inventory
b. machinery and equipment
c. cash
d. a happy customer
ANS: D

12. The OE/S process addresses the decision needs of managers of various sales and marketing functions
through the use of:
a. vertical information flows
b. horizontal information flows
c. both vertical and horizontal information flows
d. neither vertical nor horizontal information flows
ANS: C

13. When the sales manager uses ZIP code data taken from customer order forms to plan an advertising
campaign, she is using ____________ that might be associated with the OE/S process.
a. horizontal information flows
b. vertical information flows
c. both vertical and horizontal information flows
d. neither vertical nor horizontal information flows
ANS: B

14. Which of the following statements related to ERP support for horizontal information flows in the OE/S
process is false?
a. Once the sales order department releases the order to credit approval, the document would be
automatically routed electronically to the credit department and queued for their approval.
b. Once the shipping department releases the shipment, the information would be entered into
the ERP system at the shipping location to record the order as shipped.
c. An ERP system requires the business to change the information flows of the business
process.
d. The sales order department’s response to the customer would be automatically triggered by
the ERP system.
ANS: C

15. Which of the following statements identifies a recent trend in today's business environment?
a. Establishing an E-Business web site provides the business with a competitive advantage.
b. The most important asset of a business today is its IT infrastructure.
c. IT managers must increase their annual expenditures for hardware, software, and
telecommunication technology.
d. The quality of customer service influences the ability of a business to compete in a global
marketplace.
ANS: D
Controlling Information Systems: Business Process Controls 218

16. Which is an example of vertical reporting by the order entry/sales (OE/S) process?
a. The credit manager notifies sales order processing that a customer's credit has been
approved.
b. Sales by geographical region are reported to the manager of customer sales and service.
c. The shipping department notifies sales order processing of all shipments made for a
particular period of time.
d. The sales order department acknowledges a customer order.
ANS: B

17. ______________ applications in organizations are usually viewed as being focused on either
operational or analytical applications.
a. data mining
b. data warehousing
c. data entry
d. market segmentation
ANS: B

18. ______________ is intended to allow the use of sophisticated statistical and other analytical software
to help an organizations’s members develop insights about customers, processes and markets..
a. data mining
b. data entry
c. e-commerce module
d. market segmentation
ANS: A

19. For a company using an ERP system, what is the most effective tool to assist marketing managers in
identify smaller portions of the customer population?
a. e-commerce module
b. data entry
c. data mart
d. market segmentation
ANS: C

20. ___________ systems use the Internet to automate and manage vendors and purchases with the
predominate technology being electronic data interchange (EDI).
a. Customer relationship management
b. Buy side
c. Sell side
d. none of the above
ANS: B

21. ___________ applications can handle both B2B and B2C transactions.
a. Customer relationship management
b. Buy side
c. Sell side
d. none of the above
ANS: C
Controlling Information Systems: Business Process Controls 219

22. The grouping of customers into categories based on key characteristics is called
a. customer relationship management
b. segmentation
c. XML
d. web services
ANS: B

23. In the context diagram for an order entry/sales (OE/S) process the OE/S process has 6 outputs which
include all of the following except
a. the billing/accounts receivable/cash receipts process
b. the carrier
c. the general ledger process
d. the marketing process
ANS: D

24. A data flow or event that causes a process to begin is called a:


a. tickler
b. trigger
c. document
d. validity check
ANS: B

25. A process for out-of-the-ordinary or erroneous events is called:


a. exception routine
b. summary report
c. corrective routine
d. normal routine
ANS: A

26. An example of a "rejection procedure" is a(n):


a. back order process
b. inventory subroutine
c. customer acknowledgment process
d. sales order processing process
ANS: A

27. In a logical DFD for the order entry/sales (OE/S) process, which of the following data stores would
you expect to be updated by the process complete sales order?
a. customer master data
b. accounts receivable master data
c. marketing data
d. inventory master data
ANS: D
Controlling Information Systems: Business Process Controls 220

28. In a logical DFD for the order entry/sales (OE/S) process, which of the following data stores is least
likely to interact with the process validate sales order?
a. general ledger
b. accounts receivable master data
c. marketing data
d. inventory master data
ANS: A
29. In a typical order entry/sales (OE/S) process, validating a sales order likely would involve all of the
following processes except:
a. checking the customer's credit
b. verifying inventory availability
c. completing the sales order
d. completing the picking ticket
ANS: D
30. Before a shipping notice is prepared by shipping personnel, they should match the details of which of
the following pairs of data flows?
a. The picking ticket and a copy of the sales order earlier sent to shipping from the order entry
department.
b. The completed picking ticket and a copy of the sales order earlier sent to shipping from the order
entry department.
c. A copy of the sales order earlier sent to shipping from the order entry department and the bill of
lading.
d. The completed picking ticket and the bill of lading.
ANS: B
31. According to the logical flow diagrams of the OE/S system, which of the following data stores
provides data to the system but is not updated by it?
a. shipping notice data
b. sales order master data
c. marketing data
d. customer master data
ANS: D
32. For a typical order entry/sales (OE/S) process to check a customer's credit, all of the following data
stores likely would be consulted except the:
a. inventory master data
b. customer master data
c. accounts receivable master data
d. sales order master data
ANS: A
33. A document that is used when filling a sales order to authorize the movement of goods from a
warehouse to shipping is called a:
a. shipping order
b. packing slip
c. picking ticket
d. blind authorization
ANS: C
Controlling Information Systems: Business Process Controls 221

34. In an order entry/sales (OE/S) process, you could expect that a sales order notification would be sent to
a. the billing/accounts receivable/cash receipts process
b. the customer
c. the general ledger process
d. the warehouse
ANS: A

35. At the time that the shipping notice is prepared and disseminated, two data stores within the order
entry/sales (OE/S) process normally are updated. Those two data stores are the:
a. customer and accounts receivable master data
b. accounts receivable and sales order master data
c. accounts receivable master and shipping notice data
d. sales order master and inventory master data
ANS: D

36. Which of the following documents represents a formal "contract" between two parties?
a. shipping's inventory notification
b. packing slip
c. customer acknowledgment
d. bill of lading
ANS: D

37. Which of the following data stores is designed primarily to serve the vertical information needs of the
organization rather than the horizontal information flows?
a. inventory master data
b. marketing data
c. shipping notice data
d. customer master data
ANS: B

38. Which of the following data is least likely to be stored in the customer master data?
a. customer number
b. billing address
c. ship-to address
d. open invoices
ANS: D

39. Which document may show a number of items which are different from the number of items actually
shipped to a customer?
a. completed picking ticket
b. bill of lading
c. sales order
d. packing slip
ANS: C
Controlling Information Systems: Business Process Controls 222

40. In an entity-relationship (E-R) diagram for the order entry/sales (OE/S) process, you would expect that
the word trigger would appear in the diamond showing the relationship between which of the
following pairs of entities?
a. CUSTOMER and SALES ORDER
b. CUSTOMER and SHIPMENT
c. STOCK PICK and SHIPMENT
d. SALES INVOICE and SHIPMENT
ANS: C

41. Which of the following attributes would not be contained in the related relational table?
a. customer_street attribute in the Customers relation
b. quantity_on_hand in the Inventory relation
c. shipping_company in the Sales Order relation
d. invoice_total in the Sales Order relation
ANS: D

42. In a database containing (among others) four relations--CUSTOMERS, SALES ORDERS,


SALES_ORDER Line item INVENTORY, and SHIPMENTS--you would expect that a combination
of the SO_No and Item_No attributes would be the primary key for the __________ relation.
a. CUSTOMERS
b. SALES ORDERS
c. SALES_ORDER Line item INVENTORY
d. SHIPMENTS
ANS: C

43. Which of the following goals is not an example of a process goal of the typical order entry/sales
(OE/S) process?
a. to provide timely responses to customer inquiries
b. to provide timely acknowledgments of customer orders
c. to provide timely updates to general ledger accounts
d. to provide timely shipments of goods to customers
ANS: C

44. In constructing a control matrix for an order entry/sales (OE/S) process, the principal data input(s) to
the information system likely would be:
a. customer inquiries and customer order inputs
b. customer inquiries and shipping notice inputs
c. customer order and shipping notice inputs
d. customer order
ANS: C

45. The file most important for ensuring validity of inputs is the:
a. customer master data
b. accounts receivable master data
c. marketing data
d. completed picking ticket data
ANS: A
Controlling Information Systems: Business Process Controls 223

46. The primary reason that direct entry of sales order data by sales personnel enhances efficiency is
because:
a. it increases the likelihood of erroneous data being input
b. sales personnel can enter data faster than data entry clerks
c. fewer data items need to be entered by sales personnel
d. the need for data entry clerks is eliminated
ANS: D

47. The control plan preformatted screens is directed primarily toward achieving the information process
control goal of ensuring:
a. sales order input validity
b. sales order input accuracy
c. sales order input completeness
d. sales order update completeness
ANS: B

48. The control plan interactive feedback check helps to achieve the sales order input control goal of:
a. sales order input validity
b. sales order input accuracy
c. sales order input completeness
d. shipping notice input accuracy
ANS: C

49. In the OE/S process, the document that represents an independent authorization to ship goods to the
customer is the:
a. bill of lading
b. sales order
c. customer acknowledgment
d. none of the above
ANS: B

50. In the control matrix of the OE/S process, regarding shipping notice inputs, which of the following
control goals is ensured by the control plan “compare input data with master data”?
a. input completeness and input accuracy
b. input completeness and input validity
c. input validity and input accuracy
d. none of the above
ANS: C

COMPLETION

1. The order entry/sales (OE/S) process includes the first four steps in the ________________ process.

ANS: order-cash

2. The first step in the order-cash process is ______________.

ANS: pre-sales activities


Controlling Information Systems: Business Process Controls 224

3. _______________ expect convenient and timely access to information about their order from order
initiation to product delivery.

ANS: Customers

4. The OE/S process helps support the decision needs of the _____________ department.

ANS: marketing

5. One of the primary functions of the ____________________ is to create information flows which
support the repetitive work routines of the sales order, shipping, and credit departments.

ANS: order entry/sales (OE/S) process

6. The flow of information from OE/S to marketing managers is an example of _______________


information flows.

ANS: vertical

7. The flow of information from OE/S to the credit department is an example of _______________
information flows.

ANS: horizontal

8. For companies using enterprise systems, _____________________ systems often share the same
underlying database and gather data about the firms customer population.

ANS: CRM

9. A(n) ____________________ form is a business document that captures vital customer and order data
and facilitates the credit-granting and shipment functions of the order entry/sales (OE/S) process.

ANS: sales order

10. ____________________ are designed to provide detailed data for a specific set of users while
avoiding the costly development and extensive time delays that come from the development of a
comprehensive data warehouse.

ANS: Data marts

11. A __________________________________ is designed to manage all the data related to customers,


such as marketing, field service, and contact management data.

ANS: customer relationship management system

12. _____________ systems use the Internet to automate and manage corporate vendors and purchases.

ANS: Buy-side
Controlling Information Systems: Business Process Controls 225

13. _____________ systems are designed to allow a company to market, sell, deliver, and service goods
and services to customers throughout the world via the Internet.

ANS: Sell-side

14. _______________ is a generalized system for the customized tagging of data to enable the definition,
transmission, and interpretation of data exchanged by systems over the Internet.

ANS: XML

15. The buzzword in CRM which means the grouping of customers into categories based on key
characteristics is ____________________.

ANS: segmentation

16. In the OE/S process context diagram, the one input that creates the six outputs of inventory sales
update, sales order notification, bill of lading, packing slip, payroll data for commissions, and
customer acknowledgement is the ______________.

ANS: customer order

17. When a source document provides authority for a business activity to occur, the source document is
said to ____________ the activity.

ANS: trigger

18. If a check of the inventory master data shows that the goods requested on a customer order are not in
stock, an exception routine called a(n) ____________________ process is initiated.

ANS: back order

19. A(n) ____________________ authorizes the warehouse to remove goods from the warehouse and
send them to the shipping department.

ANS: picking ticket

20. A(n) ____________________ is affixed to the inventory package sent to the customer and identifies
the customer and the contents of the package.

ANS: packing slip

21. ____________________ are sent to customers to notify them that their orders have been accepted and
to inform them of the expected shipping date.

ANS: Customer acknowledgments

22. A(n) ____________________ is the document representing the contract between the shipping
company and the common carrier.

ANS: bill of lading


Controlling Information Systems: Business Process Controls 226

23. In the OE/S process level 0 diagram, the ____________ notification is sent to billing/AR/CR from the
bubble for validate sales order.

ANS: sales order

24. If a customer refuses to accept a back order, then the sales order is terminated as shown by the
__________ data flow.

ANS: reject

25. In the ER diagram for OE/S, SALES_ORDERS activates the __________________.

ANS: STOCK_PICK

26. In the ER diagram for OE/S, STOCK_PICK triggers the __________________.

ANS: SHIPMENTS

27. In the ER diagram for OE/S, SHIPMENTS generate the __________________.

ANS: SALES_INVOICES

28. The ____________________ data is a repository of a variety of sales-oriented data, some of which
results from sales order events, and some of which does not produce event data, such as a customer
inquiry.

ANS: marketing

29. The ____________________ data normally contains standing data about each customer, such as name,
billing and ship-to addresses, and telephone number.

ANS: customer master

30. The ____________________ file provides an audit trail of authorized inventory transfers made
between the warehouse and the shipping department.

ANS: completed picking ticket

31. Records in the ____________________ master data are created upon the completion of a sales order
and are closed out once the order has been shipped.

ANS: sales order

32. _________________ are devices that use light reflection to read differences in code patterns in order
to identify a labeled item.

ANS: Bar code readers

33. _________________ is used to recognize patterns of handwritten or printed characters.

ANS: Optical character recognition


Controlling Information Systems: Business Process Controls 227

34. Input devices that capture printed images or documents and convert them into electronic digital signals
that can be stored in computer media are called ____________.

ANS: scanners

35. When a customer service representative enters data into the OE/S system, the first screen prompt is
usually for the ________________.

ANS:
customer number
alternatively the answer could be customer name

36. A(n) ____________________ file is one that is reviewed on a current and regular basis for the purpose
of taking action to clear the items from that file.

ANS: tickler

37. ____________________ is a control plan that involves the detailed comparison of the individual
elements appearing on two source documents.

ANS: One-for-one checking

38. ____________________ is a control plan that simplifies the data entry process, and may prevent the
customer service representative from omitting data, to fill in certain fields, and reject incorrectly
formatted fields to reduce input errors.

ANS: Preformatted screens

39. ____________________ is a control plan that advises the customer service representative to check
their data entries before moving on.

ANS: Online prompting

40. ____________________ is a control plan that tells the customer service representative that the order
and shipments have been accepted.

ANS: Interactive feedback checks

41. ____________________ is a control plan that ensures that the organization protects its resources by
dealing only with customers who have demonstrated an ability to satisfy their liabilities.

ANS: Customer credit check


Controlling Information Systems: Business Process Controls 228

PROBLEM

1. The Figure below shows a portion of the horizontal perspective of an OE/S process. The following
functional titles, data flow descriptions, and external entities have been omitted.

Functional Titles
A. Credit department
B. Sales order department
C. Shipping department
D. V.P. finance
E. V.P. logistics

Data Flow Descriptions


F. Customer places order.
G. Sales order department requests credit approval from credit department.
H. Credit department informs sales order department of disposition of credit request.
I. Sales order department acknowledges order to the customer.
J. Sales order department notifies shipping department of sales order.
K. Sales order department notifies warehouse and B/AR/CR process of shipment.
L. Warehouse sends completed picking ticket to shipping.
M. Shipping department informs sales order department of shipment.
N. Shipping department informs carrier, B/AR/CR process, and general ledger process
of shipment.

External Entities
O. B/AR/CR Process
P. B/AR/CR Process
Q. Carrier
R. Customer
S. Customer
T. General Ledger Process

Required:

Complete Figure TB-10.1 by inserting the letter corresponding to the:


(a) functional titles into the boxes,
(b) data flows descriptions in the circles next to each data flow, and
(c) external entities in the circles within the box representing the relevant environment.
Controlling Information Systems: Business Process Controls 229

VP
Marketing

Ware-
house

Entities in the
relevant
environment of
the OE/S
Process
Controlling Information Systems: Business Process Controls 230

ANS:

2. The figure below is an order entry/sales (OE/S) process level 0 DFD. A narrative of the process
follows.

Narrative Description

How does the OE/S process then validate a customer order? First, it verifies the availability of
requested inventory by consulting the inventory master data. If a sufficient level of inventory is on
hand to satisfy the request, the order is forwarded for further processing, and produces the data flow
“Inventory available order.” Conversely, if a customer orders goods that are not in stock, the process
runs a special back order routine. If the customer refuses to accept a back order, then the sales event is
terminated and the order is rejected, producing the “Reject” data flow. Information from the order
(e.g., sale region, customer demographics, and order characteristics that reflect buying habits) that has
potential value to marketing would be recorded in the marketing data.
Controlling Information Systems: Business Process Controls 231

After assuring inventory availability, the next process establishes the customer’s existence and then
approves credit. The system uses the customer master data and accounts receivable master data to
determine where the customer is located and from what parts of the organization they make purchases.
This allows an organization to readily determine the amount of credit available to that customer
worldwide. If the customer has exceeded their credit limit, the order is rejected and produces a
“Reject” data flow.

How does the process complete the sales order? The next process receives an accepted order. It then
completes the order by adding price information, which is ascertained from the inventory master data.
Then, the process performs the following activities simultaneously:
1. Updates the inventory master data to allocate the quantity ordered to the sales order
2. Updates the sales order master data to indicate that a completed sales order has been created
Then the system disseminates the sales order. This includes the following data flows:
1. A picking ticket authorizes the warehouse to “pick” the goods from the shelf and send them to
shipping. The picking ticket identifies the goods to be picked and usually indicates the warehouse
location.
2. A customer acknowledgment is sent to the customer to notify him or her of the order’s acceptance
and the expected shipment date.
3. A sales order notification is sent to the billing department to notify them of a pending shipment

Required:

From the DFD in the figure below and the narrative description above, explode bubble 1.0 into a
lower-level diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 232
Controlling Information Systems: Business Process Controls 233

ANS:

3. The narrative that follows is of process 3.0 in the level 0 DFD shown in the figure below.

Narrative Description

This narrative describes activities that normally take place in a shipping department. The process first
receives two data flows; namely, the completed picking ticket, and data retrieved from the sales order
master data table. The shipping clerk matches the quantity of the goods with the quantity on the
picking ticket, and the quantity stored in the sales order data store. If the details agree, the matched
sales order is forwarded to the next process. If the details of the data flows do not agree, the process
rejects the order and initiates procedures for resolving any discrepancies.

When the next process receives the matched sales order and it produces and disseminates notices of
the shipment and updates the sales order and inventory master data tables. The sales order master data
is updated to reflect that the goods have been picked, packed, and shipped. The inventory master data
is updated to change the quantity allocated for the sales order to an actual shipment, thus reducing the
quantity of inventory on hand. We generally expect the dissemination of notices will include the
following data flows:
Controlling Information Systems: Business Process Controls 234

Shipping’s billing notification (to notify billing to begin the billing process).
Bill of lading, a contract between the shipper and the carrier in which the carrier agrees to
transport the goods to the shipper’s customer. The carrier’s signature on the bill of lading,
and/or the customer’s signature on some other form of receipt, substantiates the shipment.
A packing slip is attached to the outside of a package and identifies the customer and the
contents of the package.
General ledger inventory sales update to notify the general ledger process that inventory has
been sold and the cost of goods sold has increased.

Required:
From the DFD in the figure below and the narrative description above, explode bubble 3.0 into a
lower-level diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 235

ANS:
Controlling Information Systems: Business Process Controls 236

4. The entity-relationship (E-R) diagram in Figure TB-10.6 represents an order entry/sales process, but
with the names of certain entities and relationships removed from the boxes and diamonds,
respectively. The names omitted are:

Entities Relationships
• CUSTOMER • ACTIVATE
• INVENTORY • BILLED TO
• SHIPMENTS • GENERATE
• SALES RELATIONS
• TRIGGER

Required:

Complete the figure below by:


a. Inserting the names from the above lists into the boxes or diamonds, respectively, where
they belong
b. Inserting a 1 or an N where necessary next to the connecting lines
Controlling Information Systems: Business Process Controls 237

? ?

Rec’d
? From

SALES-
ORDERS

STOCK
PICK

Made
? to

Sales
Invoices
?
Controlling Information Systems: Business Process Controls 238

ANS:
Controlling Information Systems: Business Process Controls 239

5. The following exhibit shows part of the OE/S Process Flowchart

Computer Shipping Department

Enter customer
order and record P-5 ?
sales order P-6
P-7

M-1
? P-9
?
P-6 P-10
P-11
? Sales order

M-2

?
P-12

Record shipment,
print packing slip and
bill of lading, and ? P-4
display shipment
accepted

Shipment
accepted

?
?

Carrier
Controlling Information Systems: Business Process Controls 240

Required:

Based on the flowchart above

a. Complete the flowchart by filling in the 8 blank items, which are indicated by a question mark (?).
The 8 missing items are listed next in alphabetical order:
1. Bill of Lading
2. Compare order number and quantities
3. Completed picking ticket with bar codes
4. Display sales order
5. Enterprise database
6. Interactive feedback check
7. Packing Slip
8. Scan bar codes on picking ticket

b. Identify all the present control plans and missing control plans identified with the letters P and M in
the flowchart

ANS:

a.

b. See Figure 10-13 Control Matrix for the OE/S Business Process
P-4 Interactive feedback check
P-5 Customer credit check
Controlling Information Systems: Business Process Controls 241

P-6 Populate inputs with master data


P-7 Programmed edit checks
P-9 Receive and input picking ticket
P-10 Independent shipping authorization
P-11Compare input with master data
P-12 One-for-one checking of goods, picking ticket, sales order
M-1 Independent customer master data maintenance
M-2 review open sales orders (tickler file)

6. The following is a list of 8 control plans.

Control Plans

A. Enter data close to where customer order is received


B. Online prompting
C. Independent shipping authorization
D. Programmed edit checks
E. Preformatted screens
F. Credit check
G. One-for-one checking of goods, picking ticket, sales order
H. Populate inputs with master data

Required:

Listed below are eight system failures that have control implications. On the answer line to the left of
each system failure, insert the capital letter from the list above of the best control plan to prevent the
system failure from occurring. A letter should be used only once.

SYSTEM FAILURES
Answers

_____ 1. The sales personnel can approve all customer orders.

_____ 2. Any editing and correcting entries from the customer service representative is
done at a later time rather than as the data is input into the system.

3. The finished goods warehouse delivers goods to the shipping department,


accompanied by the picking ticket. After checking the goods against the
picking ticket, the shipping employee signs the picking ticket and gives it to
the warehouse employee. Then the shipping department prepares a three-part
shipping notice, one copy of which serves as the packing slip. A recent audit
discovered that a dishonest warehouse employee had been forging picking
ticket documents, thereby having goods shipped to an accomplice.

_____ 4. Customer service representatives record customer orders on prenumbered


order forms, and then forward the forms to the corporate office in Orlando for
processing. J.B. Wrigley, one of Mandates top salesmen, had a very good
week; he mailed 55 customer orders to the corporate office on Friday
afternoon. Unfortunately, they were misplaced in the mail and did not reach
Orlando until three weeks later. Needless to say, those 55 customers were
more than a little displeased at the amount of time that Mandate took to fill
Controlling Information Systems: Business Process Controls 242

their orders.

_____ 5. Customer service representative can manually key in order data at one of many
PCs. In the first two weeks of operation, every sales order produced by the
computer was missing a "ship-to" address..

6. The customer service representative can enter a customer code with no


matching customer master data and no authorized customer. Therefore, it is
possible to make invalid entries into the system.

_____ 7. Proper comparisons are not made to ensure that the shipping notice inputs are
represented by an actual shipment of goods.

_____ 8. The OE/S system does not advise the customer service representative to check
the data entries before moving on to the next entry.

ANS:
1. F
2. D
3. C
4. A
5. E
6. H
7. G
8. B
Controlling Information Systems: Business Process Controls 243

Chapter 11—The Billing/Accounts Receivable/ Cash Receipts (B/AR/CR) Process

TRUE/FALSE

1. The B/AR/CR process completes the order to cash process by accomplishing the activities of billing
customers, managing customer accounts, and securing payment for goods and services.

ANS: T

2. Recording billing/accounts receivable/cash receipts event data is generally the responsibility of the
treasury department, which typically reports to the controller function.

ANS: F

3. In the organization structure shown in the text, although both report to the VP of Finance, the treasurer
and controller functions should be segregated..

ANS: T

4. There sales department should be responsible for credit approval so sales personnel can immediately
increase sales volume.

ANS: F

5. The objective of cash management is to free up funds so that they can either be invested to earn
interest, or used to reduced debt, thus reducing interest charges.

ANS: T

6. Float, when applied to cash receipts, is the time between customer payment and the availability of
funds on deposit and available.

ANS: T

7. Funds on deposit and available are known as good funds.

ANS: T

8. The AR master file address is a postal address, maintained by the firm’s bank, which is used solely for
the purpose of collecting checks.

ANS: F

9. With electronic cash, a financial institution issues cash to an individual, which is placed into an
electronic wallet.

ANS: T
Controlling Information Systems: Business Process Controls 244

10. Database systems are Internet based systems for sending bills/invoices to customers and receiving the
customer payment electronically.

ANS: F

11. An invoice is a business document used by a vendor to notify the customer of an obligation to pay the
seller for merchandise which was ordered and shipped.

ANS: T

12. A purchasing statement is a business document designed to inform the payee of the invoices or other
items covered by the check amount.

ANS: F

13. The accounts receivable master file is a repository of all unpaid invoices issued by an organization and
awaiting final disposition.

ANS: T

14. The logical data dictionary definition of the sales event data file would comprise one or more invoice
records.

ANS: T

15. Accepted sales requests are later processed through a separate exception routine.

ANS: F

16. The three types of accounts receivable systems discussed in the text are the lockbox, balance forward,
and open item systems.

ANS: F

17. In a balance forward accounts receivable system, the details of open invoices for prior periods do not
appear on the current-period customer statement.

ANS: T

18. In an open item accounts receivable system, the details of open invoices for both the current and prior
periods appear on the current-period customer statement.

ANS: T

19. In a prebilling billing system, invoices are prepared after the goods have been shipped and the sales
order notification has been matched to the shipping's billing notification.

ANS: F
Controlling Information Systems: Business Process Controls 245

20. In a post billing system, invoices are prepared upon acceptance of the customer order, and there is no
separate sales order document as such.

ANS: F

21. Digital image processing systems are computerized systems for capture, storage, and retrieval of real
or simulated objects, such as live scenes and photographs.

ANS: T

22. A bar code reader is used to translate an object's image into electronic digital signals.

ANS: F

23. The acronym MICR stands for magnetic information character recognition.

ANS: F

24. The acronym EFT stands for electronic funds transfer.

ANS: T

25. The acronym ACH stands for automated clearing house.

ANS: T

26. A credit card system is better at reducing float time than a debit card system.

ANS: F

27. In an open item system accounts receivable records consist of a customer's current balance due, past-
due balance, and the finance charges and payments related to the account.

ANS: F

28. The B/AR/CR system supports the repetitive work routines of the credit department, the cashier, and
the accounts receivable department.

ANS: T

29. A debit card is a method of payment whereby a third party, for a fee, removes from the collector the
risk of noncollection of the account receivable.

ANS: F

30. A credit card is a form of payment authorizing the collector to transfer funds electronically from the
payer's to the collector's balance.

ANS: F
Controlling Information Systems: Business Process Controls 246

31. An electronic check closely resembles a paper check with the inclusion of the customer's name, the
seller's name, the customer's financial institution, the check amount, and a digital signature.

ANS: T

32. Lapping is a fraud resulting from the improper segregation of duties between the functions of handling
cash and recording cash receipt events.

ANS: T

33. The ACH network electronically transfers funds by which the collector's bank account is credited and
the payer's account is debited for the amount of a payment.

ANS: T

34. The inventory payment data contains the details of each payment received.

ANS: F

35. The stub attached to the customer statement is also known as a turnaround document.

ANS: T

36. The accounts receivable master data is created as sales returns, bad debt write-offs, estimated doubtful
accounts, or similar adjustments are processed.

ANS: F

37. Electronic cash is an electronic bank note issued by a financial institution to an individual who, in turn,
can transfer the electronic note to make purchases or other payments.

ANS: T

38. An electronic lockbox is a banking service in which the bank keys the remittance advice details into its
computer system from the customer's remittance advice and then transfers the remittance advice data
electronically from the bank's computer to the collector's accounts receivable computer system.

ANS: T

39. A customer relationship management system is an information systems extension that allows a
customer to complete an inquiry or perform a task within an organization's business process without
the aid of the organization's employees.

ANS: F

40. In the control matrix for the cash receipts function the first present control plan should be to
immediately endorse checks.

ANS: T
Controlling Information Systems: Business Process Controls 247

MULTIPLE CHOICE
1. As discussed in the text, the functions of the billing/accounts receivable/cash receipts process:
a. is identical to those of the order entry/sales process
b. support decision making by managers in the order entry/sales process
c. incomes collections of receivables
d. is unrelated to the functions of the order entry/sales process
ANS: C
2. According to the concept of segregation of duties, which of the following managers should report to
the controller rather than to the treasurer?
a. credit department manager
b. accounts receivable department manager
c. cashier
d. investments manager
ANS: B
3. In an organization in which the order entry/sales (OE/S) and billing/accounts receivable/cash receipts
(B/AR/CR) processes are separate processes, the B/AR/CR process usually accomplishes all of the
following activities except:
a. shipping goods to customers
b. billing customers
c. managing customer accounts
d. securing payment of customer accounts
ANS: A
4. Which of the following pairs of functions would you expect might report directly to the vice president
of finance?
a. credit department and controller
b. shipping department and controller
c. accounts receivable department and treasurer
d. treasurer and controller
ANS: D

5. For a charge sale event, the cashier is to the cash custodial function as the __________ is to the
recording function.
a. shipping department
b. credit department
c. accounts receivable department
d. none of the above
ANS: C
6. For a charge sale event, the cashier is to the cash custodial function as the __________ is to the
authorization function.
a. shipping department
b. credit department
c. accounts receivable department
d. warehouse
ANS: B
Controlling Information Systems: Business Process Controls 248

7. In the context diagram for a billing/accounts receivable/cash receipts process, which of the following
is least likely to be an external entity?
a. the bank
b. the customer
c. the general ledger
d. the cashier
ANS: D

8. Which of the following process bubbles would you not expect to see in the logical DFD for a
billing/accounts receivable/cash receipts process?
a. perform billing
b. requisition inventory
c. receive customer payment
d. manage customer accounts
ANS: B

9. Which of the following normally would trigger the billing process in a billing/accounts receivable/cash
receipts process?
a. a copy of the sales order
b. a shipping notice
c. a picking ticket
d. a customer acknowledgment
ANS: B

10. Which of the following normally would trigger the billing/accounts receivable/cash receipts process to
record a customer payment?
a. invoice
b. remittance advice
c. deposit slip
d. a notification to the general ledger to record a cash receipts update
ANS: B

11. The principal master data that you would expect to see in a billing/accounts receivable/cash receipts
process is the:
a. sales order data
b. shipping notifications data
c. sales journal
d. accounts receivable master data
ANS: D

12. In a logical DFD for a billing/accounts receivable/cash receipts process, which of the following data
stores is least likely to interact with a process called "perform billing"?
a. inventory master data
b. customer master data
c. accounts receivable master data
d. sales event data
ANS: A
Controlling Information Systems: Business Process Controls 249

13. In a logical DFD for a billing/accounts receivable/cash receipts process, which of the following data
stores would you expect to interact with a process called "manage customer accounts"?
a. inventory master data
b. accounts receivable master data
c. sales event data
d. cash receipts event data
ANS: B

14. In a logical DFD for billing/accounts receivable/cash receipts process, you would expect that a credit
memo would be sent by the B/AR/CR process to the customer from which of the following processes?
a. perform billing
b. manage customer accounts
c. receive payment
d. validate sales order
ANS: B

15. Inputs to the billing/accounts receivable/cash receipts process normally could include all of the
following except:
a. a copy of the sales order sent by the sales order function to the billing function
b. a shipping notice sent by the shipping function to the billing function
c. deposit slip
d. remittance advice
ANS: C

16. In an organization in which the order entry/sales (OE/S) and billing/accounts receivable/cash receipts
(B/AR/CR) processes are separate processes, outputs of the B/AR/CR process normally could include
all of the following except:
a. invoice
b. deposit slip
c. credit memo
d. shipping notice
ANS: D

17. In general, adjustments to customer balances in the accounts receivable master data will be necessary
for all of the following except:
a. sales returns and allowances
b. reversals of mispostings and other errors
c. bad debt write-offs
d. estimates of uncollectible accounts
ANS: D

18. The data dictionary definition of an invoice usually contains all of the following elements except:
a. the customer's credit limit
b. an invoice header
c. an invoice line(s)
d. all of the above
ANS: D
Controlling Information Systems: Business Process Controls 250

19. In an entity-relationship (E-R) diagram for the billing/accounts receivable/cash receipts (B/AR/CR)
process, you would expect that the word trigger would appear between the boxes for ?
a. CUSTOMER and SHIPMENT
b. CUSTOMER and SALES INVOICE
c. STOCK PICK and SHIPMENTS
d. SALES INVOICE and SHIPMENT
ANS: C

20. A company using a database approach to data management might not maintain a relational table for
ACCOUNTS RECEIVABLE. Rather, accounts receivable balances at any point in time could be
computed as the difference between the relations for which of the following continuous events?
a. SHIPMENTS and SALES INVOICES
b. SALES INVOICES and CASH RECEIPTS
c. SHIPMENTS and CASH RECEIPTS
d. CUSTOMER and SALES INVOICES
ANS: B

21. In a database containing (among others) five relations--CUSTOMERS, SHIPMENTS, SALES


INVOICES, CASH RECEIPTS, and SALES-RELATIONS--you would expect that the Remit_No
(Remittance number) would be the primary key for the __________ relation.
a. CUSTOMERS
b. SHIPMENTS
c. SALES INVOICES
d. CASH RECEIPTS
ANS: D

22. All of the following are types of accounts receivable systems except:
a. debit card system
b. balance-only system
c. balance-forward system
d. open-item system
ANS: A

23. The following is a list of three types of accounts receivable systems and two organizations/systems:

I. Open item
II. Balance forward
III. Balance only
IV. Public utilities
V Credit card companies (i.e., VISA)

Which of the following pairs normally are correct?


a. I and IV, II and V
b. I and V, II and IV
c. II and IV, III and V
d. II and V, III and IV
ANS: D
Controlling Information Systems: Business Process Controls 251

24. In a prebilling system, invoices are prepared


a. immediately upon acceptance of a customer order
b. when there is to be a delay between the time that the order is accepted and the time it is
shipped
c. where inventory balances can be determined only through physical count
d. to improve customer relations
ANS: A

25. In a fraud scheme known as __________, the perpetrator attempts to cover the theft of cash received
from customer A by applying cash collected from customer B to A's account, then applying a receipt
from C to B's account, and so forth.
a. kiting
b. lapping
c. schmoozing
d. hacking
ANS: B

26. Deposit slips are usually generated by the billing/accounts receivable/cash receipts process:
a. at the time invoices are prepared
b. by manual procedures
c. to satisfy particular control goals
d. as part of processing cash receipts
ANS: D

27. Typically, the operations process goals of the billing/accounts receivable/cash receipts process:
a. vary, depending on whether we are dealing with the functions of billing, accounts
receivable, or cash receipts
b. remain the same when dealing with the functions of billing, accounts receivable, or cash
receipts
c. vary inversely with the information process goals
d. are the same as the information process goals
ANS: A

28. In the control matrix for a cash receipts process, the first present control is:
a. receive turnaround documents
b. endorse incoming checks
c. edit cash receipts for accuracy
d. procedure for rejecting inputs
ANS: B

29. Which of the following is most likely to appear in the UC and UA columns of a control matrix for the
billing process?
a. immediately endorse incoming checks
b. receive turnaround documents
c. manual agreement of batch totals
d. one for one checking of deposit slip and checks
ANS: C
Controlling Information Systems: Business Process Controls 252

30. For the cash receipts process, the control plan receive turnaround documents helps to achieve which of
the following pairs of information process control goals?
a. input validity and input completeness
b. input validity and input accuracy
c. input accuracy and input completeness
d. input accuracy and update accuracy
ANS: B

31. For the cash receipts process, which of the following control plans addresses the information process
control goal of master data update accuracy?
a. immediately endorse incoming checks
b. compare input data with master data
c. receive turnaround documents
d. enter cash receipts close to where cash is received
ANS: B

32. In the cash receipts process, the control plan of immediately endorsing incoming checks is designed to
achieve the control goal of:
a. assuring the timely deposit of cash receipts
b. ensuring security of the cash asset
c. ensuring cash receipts input accuracy
d. ensuring cash receipts input completeness
ANS: B

33. In the billing process, the control plan of review shipped not billed sales orders (tickler file) helps to
ensure:
a. effectiveness of operations
b. efficient employment of resources
c. security of resources
d. none of the above
ANS: A

34. The billing/accounts receivable/cash receipts process comprises three different but related process--
namely, B, AR, and CR. Which of the following would not be an operations process goal?
a. ensure effectiveness of operations
b. ensure AR master data update accuracy
c. ensure effectiveness of operations
d. ensure security of resources
ANS: B

35. The __________ normally would comprise one or more invoice records, but each record would not
contain all of the detail reflected on the invoice itself.
a. invoice data
b. sales event data
c. accounts receivable adjustments data
d. cash receipts data
ANS: B
Controlling Information Systems: Business Process Controls 253

36. A remittance advice generally would be recorded in which of the following pairs of data stores?
a. customer master data and accounts receivable master data
b. sales event data and accounts receivable master data
c. accounts receivable adjustments data and accounts receivable master data
d. cash receipts data and accounts receivable master data
ANS: D

37. Digital images


a. help reduce paper in the B/AR/CR system
b. are stored in electronic folders
c. may be scanned or created via software
d. all of the above
ANS: D

38. In addition to storing an image of the document itself, the typical electronic-based image processing
system accompanies the document image with:
a. a paper file of the documents
b. an index used to retrieve the document image
c. the MICR code contained on each document
d. a "jukebox"
ANS: B

39. Which of the following statements is false?


a. The typical billing/accounts receivable/cash receipts system assists in preparing internal
and external reports, including GAAP-based financial statements.
b. Separating the credit function from the sales function is often defended on the grounds that
if they were not separated, credit might be extended to high-risk customers, simply to
achieve sales targets.
c. The two types of adjustments that commonly result from a periodic review of the aging
details of customer account balances are a recurring entry for estimated bad debts and a
bad debt write-off.
d. The logical data dictionary definition of the cash receipts events data would comprise one
or more invoice records.
ANS: D

40. Which of the following statements is true?


a. In a prebilling system, invoices are prepared after the goods have been shipped and the
sales order notification has been matched to the shipping's billing notification.
b. In a postbilling system, invoices are prepared upon acceptance of the customer order, and
there is no separate sales order document as such.
c. Of the two types of billing systems discussed in the text, the prebilling system requires the
more accurate inventory records.
d. Of the two types of billing systems discussed in the text, the prebilling system is
appropriate in situations where there is a significant delay between acceptance of the
customer's order and its shipment.
ANS: C
Controlling Information Systems: Business Process Controls 254

41. Which of the following statements is false?


a. The check and remittance advice trigger the receive payment process.
b. A bank lockbox provides more protection for cash than a system where cash receipts are
mailed to the payee company and then deposited.
c. The hardware, software, maintenance, and communications costs associated with operating a
credit card system are lower than for a debit card system.
d. From the standpoint of reducing the collector's float, a customer check is a better payment
method than a debit card.
ANS: D

42. The billing/accounts receivable/cash receipts process completes the:


a. billing process
b. production process
c. order to cash process
d. inventory process
ANS: C

43. An example of the vertical information flows supported by the B/AR/CR process is a(n):
a. accounts receivable aging report
b. customer invoice
c. remittance advice
d. general ledger accounts receivable notification
ANS: A

44. Which of the following is most commonly associated with the treasury function?
a. recording of event data
b. security of funds
c. reporting of results of business events
d. maintaining accounting records
ANS: B

45. Segregation of duties is most clearly accomplished in most organizations by separating:


a. billing and accounts receivable
b. treasury and controllership
c. sales and accounts receivable
d. order entry and cash receipts
ANS: B

46. Which of the following is not an external entity for the B/AR/CR process?
a. order entry/sales process
b. general ledger
c. customer
d. inventory process
ANS: D
Controlling Information Systems: Business Process Controls 255

47. Which of the following is part of the header section of the invoice?
a. seller identification
b. invoice lines
c. invoice total
d. item description
ANS: A
48. Which of the following is a ratio used to monitor the investment in accounts receivable?
a. accounts receivable aging report
b. days' sales outstanding
c. sales turnover
d. inventory turnover
ANS: B
49. A customer statement serves a control purpose by:
a. notifying that payment is due
b. triggering the receive payment process
c. confirming with the customer the amount still owed
d. updating the accounts receivable master file
ANS: C
50. The accounts receivable system in which all the outstanding invoices are listed is called the:
a. balance-only system
b. open-item system
c. balance-forward system
d. postbilling system
ANS: B
51. The accounts receivable system typically used by credit card companies is the:
a. balance-only system
b. open-item system
c. balance-forward system
d. postbilling system
ANS: C

52. Quantities of items shipped to a customer would typically be found in the relational table for:
a. CUSTOMERS
b. SALES_RELATIONS
c. BANKS
d. DEPOSITS
ANS: B
53. The billing system in which the invoice is prepared immediately on acceptance of a customer order is
called a:
a. postbilling system
b. balance-only system
c. prebilling system
d. balance-forward system
ANS: C
Controlling Information Systems: Business Process Controls 256

54. A billing system that is used when there is little or no delay between the receipt of the customer order
and the shipment of the goods is a:
a. postbilling system
b. balance-only system
c. balance-forward system
d. prebilling system
ANS: D

55. The technology that allows information on documents to be converted into machine-readable data
through a scanner is called a(n):
a. OCR
b. MICR
c. Bar code reader
d. digitizer
ANS: A

56. An overall management objective is to:


a. minimize the number of sales transactions
b. minimize the total amount of accounts receivable
c. minimize the time from the beginning of the selling process to the end of cash collections
d. maximize the amount of float
ANS: C

57. Which of the following is most effective in reducing the amount of float?
a. credit cards
b. debit cards
c. MICRs
d. charge cards
ANS: B

58. Which of the following implies computer-to-computer interchange of data?


a. CIP
b. lockbox
c. EDI
d. MICR
ANS: C

59. A form of fraud in which the payments made by one customer are systematically applied to the
account of another is called:
a. lapping
b. malfeasance
c. ACH
d. aged trial balance
ANS: A
Controlling Information Systems: Business Process Controls 257

60. In the billing function described in the text, the control goal that contributes to effective operations is:
a. edit the shipping notification for accuracy
b. independent billing authorization
c. calculate batch totals
d. review shipped not billed sales orders (tickler file)
ANS: D

61. Which control is most effective in contributing to the goal of input completeness in the billing
function?
a. one-to-one checking of sales orders to invoices
b. batch sequence checks
c. key verification
d. none of the above
ANS: A

62. Which control plan for the cash receipts function has as its primary control goal to ensure security of
resources?
a. Reconcile bank account regularly.
b. Enter cash receipts close to where cash is received.
c. Immediately endorse incoming checks.
d. One-to-one checking of deposit slips and checks.
ANS: C

63. The cashier deposits checks in the bank for XYZ Corp. Who should reconcile the bank statement on a
regular basis for operational purposes?
a. the treasurer
b. internal auditor
c. the cashier
d. an external auditor
ANS: B

64. Which of the following is not an example of a customer self-service system?


a. pay-at-the-pump gasoline station
b. drive-thru lanes at a bank
c. web-based courier tracking system
d. telephone access to credit card balances
ANS: B

65. A customer is instructed to send his remittance advice and check to a bank's postal address. This
method for collecting customer cash receipts is called:
a. electronic cash
b. automated clearing house
c. electronic lockbox
d. lockbox
ANS: D
Controlling Information Systems: Business Process Controls 258

66. To reduce the cost of collecting its accounts receivable, a company sells its accounts receivable to a
financial organization. The service is called:
a. a collection agency
b. automated clearing house
c. factoring
d. funding
ANS: C

COMPLETION

1. The B/AR/CR process completes the order to cash process by accomplishing the activities of billing
customers, managing customer accounts, and ___________________.

ANS:
securing payment for goods or services
or
collection

2. Recording billing/accounts receivable/cash receipts event data is generally the responsibility of the
accounts receivable department, which typically reports to the ____________________ function.

ANS: controller

3. In the organization structure shown in the text, although both report to the VP of Finance, the
____________________ and ____________________ functions should be segregated..

ANS:
treasurer
controller

4. There should be a segregation of duties between the sales department and the ___________
department.

ANS: credit

5. The objective of ____________________ is to free up funds so that they can either be invested to earn
interest, or used to reduced debt, thus reducing interest charges.

ANS: cash management

6. __________, when applied to cash receipts, is the time between customer payment and the availability
of funds on deposit and available.

ANS: Float

7. Funds on deposit and available are known as ________ funds.

ANS: good
Controlling Information Systems: Business Process Controls 259

8. A __________ is a postal address, maintained by the firm’s bank, which is used solely for the purpose
of collecting checks.

ANS: lockbox

9. With _______________, a financial institution issues an individual cash that is placed into an
electronic wallet.

ANS: electronic cash

10. ___________ systems are Internet based systems for sending bills/invoices to customers and receiving
the customer payment electronically.

ANS:
EBPP
or electronic bill presentment and payment

11. A(n) ____________________ is a business document used by a vendor to notify the customer of an
obligation to pay the seller for merchandise which was ordered and shipped.

ANS: invoice

12. A(n) ____________________ is a business document designed to inform the payee of the invoices or
other items covered by the check amount.

ANS: remittance advice

13. The ____________________ file is a repository of all unpaid invoices issued by an organization and
awaiting final disposition.

ANS: accounts receivable master

14. The logical data dictionary definition of the ____________________ event data file would comprise
one or more invoice records.

ANS: sales

15. Rejected sales requests are later processed through a separate _____________.

ANS: exception routine

16. The two types of accounts receivable systems discussed in the text are the balance only and
____________________ systems.

ANS: open-item

17. In a(n) ____________________ accounts receivable system, the details of open invoices for prior
periods do not appear on the current-period customer statement.

ANS: balance-only
Controlling Information Systems: Business Process Controls 260

18. In a(n) ____________________ accounts receivable system, the details of open invoices for both the
current and prior periods appear on the current-period customer statement.

ANS: open-item

19. In a(n) ____________________ billing system, invoices are prepared after the goods have been
shipped and the sales order notification has been matched to the shipping's billing notification.

ANS: postbilling

20. In a(n) ____________________ billing system, invoices are prepared upon acceptance of the customer
order, and there is no separate sales order document as such.

ANS: prebilling

21. ____________________ processing systems are computerized systems for capture, storage, and
retrieval of real or simulated objects, such as live scenes and photographs.

ANS: Digital image (or image)

22. A(n) ____________________ or image processing camera is used to translate an object's image into
electronic digital signals.

ANS: optical scanner

23. The acronym MICR stands for ____________________.

ANS: magnetic ink character recognition

24. The acronym ACH stands for ____________________.

ANS: automated clearinghouse

25. The acronym EFT stands for ____________________.

ANS: electronic funds transfer

26. A(n) ____________________ card system has the advantage of eliminating float.

ANS: debit

27. The ____________________ supports the repetitive work routines of the credit department, the
cashier, and the accounts receivable department.

ANS: billing/accounts receivable/cash receipts (B/AR/CR)

28. In a(n) ____________________, accounts receivable records consist of a customer's current balance
due, past-due balance, and the finance charges and payments related to the account.

ANS: balance-only system


Controlling Information Systems: Business Process Controls 261

29. A(n) ____________________ is a method of payment whereby a third party, for a fee, removes from
the collector the risk of noncollection of the account receivable.

ANS: bank credit card

30. A(n) ____________________ is a form of payment authorizing the collector to transfer funds
electronically from the payer's to the collector's balance.

ANS: debit card

31. A(n) ____________________ closely resembles a paper check with the inclusion of the customer's
name, the seller's name, the customer's financial institution, the check amount, and a digital signature.

ANS: electronic check

32. ____________________ is a fraud resulting from the improper segregation of duties between the
functions of handling cash and recording cash receipt events.

ANS: Lapping

33. The ____________________ is created as sales returns, bad debt write-offs, estimated doubtful
accounts, or similar adjustments are processed.

ANS: accounts receivable adjustments data

34. The ____________________ network electronically transfers funds by which the collector's bank
account is credited and the payer's account is debited for the amount of a payment.

ANS: automated clearing house (ACH)

35. The ____________________ contains the details of each payment received.

ANS: cash receipts event data

36. Often times a stub is attached to the customer statement. This stub is also known as a ___________
document.

ANS: turnaround

37. ____________________ is an electronic bank note issued by a financial institution to an individual


who, in turn, can transfer the electronic note to make purchases or other payments.

ANS: Electronic cash

38. A(n) ____________________ is a banking service in which the bank keys the remittance advice
details into its computer system from the customer's remittance advice and then transfers the
remittance advice data electronically from the bank's computer to the collector's accounts receivable
computer system.

ANS: electronic lockbox


Controlling Information Systems: Business Process Controls 262

39. A(n) ______________________ is an information systems extension that allows a customer to


complete an inquiry or perform a task within an organization's business process without the aid of the
organization's employees.

ANS: customer self-service system

40. In the control matrix for the cash receipts function the first present control plan should be to
_________________________.

ANS: immediately endorse checks

PROBLEM

1. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in
Chapter 11. The narrative that follows describes process 1.0 in the diagram.

Narrative Description

When the OE/S process produces a sales order, it notifies the B/AR/CR process to that effect. When
triggered by the data flow “Shipping’s billing notification,” the process validates the sale by
comparing the details on the sales order notification to those shown on shipping’s billing notification.
If discrepancies are noted, the request is rejected, as shown by the reject stub. Rejected requests later
would be processed through a separate exception routine.

If the data flows match, a validated shipping notification is sent to the next process. This process
performs the following actions simultaneously:
Obtains from the customer master data certain standing data needed to produce the invoice.
Creates the invoice and sends it to the customer.
Updates the accounts receivable master data.
Adds an invoice to the sales event data.
Notifies the general ledger process that a sale has occurred (GL invoice update).

Required:

From the DFD figure below and the narrative description above, explode bubble 2.0 into a lower-level
diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 263

ANS:
Controlling Information Systems: Business Process Controls 264

2. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in
Chapter 11. The narrative that follows describes process 2.0 in the diagram, manage customer
accounts.

Narrative Description
The sales return notification is sent to the first process by the receiving department where it is either
validated or rejected. If the sales return is not valid, it will be rejected and run through a separate error
routine. If the sales return is valid, it is sent to both of the next two processes, where a credit memo is
prepared and a journal voucher is prepared.

Upon preparation of the credit memo, the AR master data is updated, notice of the credit memo may
be sent to the receiving department, and the credit memo is sent to the customer.

Upon preparation of the journal voucher, the voucher is sent to the general ledger for the sales return
update and to the AR adjustments event data.

By using the updated information in the AR master data, customer statements are prepared and sent
out to customers. Preparing customer statements recurs at specified intervals, often on a monthly basis.
Details of unpaid invoices are extracted from the accounts receivable master data and are summarized
in a statement of account that is mailed to customers. The statement both confirms with the customer
the balance still owing and reminds the customer that payment is due.

The process of preparing a bad debts journal voucher, is triggered by the periodic review of aging
details obtained from the accounts receivable master data. One of two types of adjustments might
result from this review:
1. The recurring adjusting entry for estimated bad debts.
2. The periodic write-off of definitely worthless customer accounts.

Note that, regardless of type, adjustments are recorded in the AR adjustments event data, updated to
customer balances in the accounts receivable master data, and summarized and posted to the general
ledger master data by the general ledger process.

Required:

From the DFD below and the narrative description above, explode bubble 2.0 into a lower-level
diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 265
Controlling Information Systems: Business Process Controls 266

ANS:

3. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in
Chapter 11. The narrative that follows describes process 3.0 in the diagram, manage customer
accounts.

Narrative Description
In receiving a cash payment, the check and remittance advice trigger the receive payment process. A
remittance advice (RA) is a business document used by the payer to notify the payee of the items being
paid. The B/AR/CR process uses the RA to initiate the recording of a cash receipt. Upon receipt of the
check and remittance advice from a customer, the first process validates the remittance by comparing
the check to the RA. Mismatches are rejected for later processing. If the check and RA agree, the
validated remittance is sent to the next process, which endorses the check and separates it from the
RA.

The endorsed checks are accumulated and a deposit is prepared. The deposit is sent to the bank with
the deposit slip and the endorsed checks.and the deposit is recorded with the cash receipts events data.
Proof of the amount of the cash deposited.is sent on to the GL cash receipts for an update of the
general ledger. While the bank deposit is prepared, the RA is used to record the customer payment
and update the accounts receivable master data to reflect the customers payment and then files the RA
in the remittance advice file.
Controlling Information Systems: Business Process Controls 267

Required:

From the DFD below and the narrative description above, explode bubble 2.0 into a lower-level
diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 268

ANS:

4. The figure below is the control matrix for the billing business process presented in Chapter 11, but
with certain items omitted. In the matrix, each omission is indicated by a box. Jumbled lists of the
omitted items are as follows:

Omitted from Control Goals Columns


1. Accounts receivable master data
2. Ensure efficient employment of resources
3. For completed shipping notice inputs, ensure:
4. Ensure security of resources
5. Accounts receivable master data
6. Ensure effectiveness of operations

Omitted Control Plans


7. Review shipped not billed sales orders
8. Edit the shipping notification for accuracy (programmed edits)
9. Employ a prebilling system
10. Confirm customer accounts regularly
11. Independent billing authorization
12. Check for authorized prices, terms, freight, and discounts
Controlling Information Systems: Business Process Controls 269

Required:

Complete the matrix by placing one of the numbers, 1 through 12, from the above lists into each box
showing a missing item. HINT: Complete the goal column headings first, and then use the cell entries
as a guide in deciding which number (7 through 12 above) belongs in each box in the recommended
control plans column.

Control Goals of the Operations Control Goals of the


Process Information Process
For the
For

Present
Controls A B C IV IC IA UC UA

P-1 P-1

P-2 P-2

P-3

P-4 P-4

P-5: Independent P-5 P-5 P-5


pricing data
P-6: Calculate P-6 P-6
batch totals
P-7: Interactive P-7 P-7
feedback
P-8: Record input P-8 P-8 P-8 P-8 P-8 P-8
P-9: Reconcile P-9 P-9 P-9 P-9 P-9
input and output
batch totals
P-10: Procedures P- P-10
for rejected inputs 10
Missing
Controls
M-1 M-1 M-1

M-2 M-2 M-2 M-2

M-3: Computer M-3 M-3 M-3 M-3 M-3 M-3


agreement of
batch totals
Controlling Information Systems: Business Process Controls 270

ANS:
Control Goals of the
Control Goals of the Operations Information Process
Process
6 2 4 For the
For 3 5 or 1
Present 1 or 5
Controls A B C IV IC IA UC UA
7
P-1 P-1
8
P-2 P-2
11
P-3
12
P-4 P-4
P-5: Independent P-5 P-5 P-5
pricing data
P-6: Calculate P-6 P-6
batch totals
P-7: Interactive P-7 P-7
feedback
P-8: Record input P-8 P-8 P-8 P-8 P-8 P-8
P-9: Reconcile P-9 P-9 P-9 P-9 P-9
input and output
batch totals
P-10: Procedures P-10 P-10
for rejected inputs
Missing
Controls
9 M-1 M-1 M-1

10 M-2 M-2 M-2 M-2

M-3: Computer M-3 M-3 M-3 M-3 M-3 M-3


agreement of
batch totals
Controlling Information Systems: Business Process Controls 271

5. Below is a systems flowchart for the billing process with certain items omitted.
From the list of the following 15 items, fill in the missing items in the flowchart.

1. "Billing completed," changes to AR and related balances


2. "Shipments not yet billed"
3. BT
4. Compare batch totals with changes to AR and related balances
5. Create and print invoice, update AR and GL data, send "Billing completed" notice with
amounts posted to AR and related accounts
6. Customer
7. End
8. Enter selected shipments and prepare batch total
9. Enterprise database
10. Error routine not shown
11. Invoice
12. Prepare and display "Shipments not yet billed"
13. Request shipments to be billed
14. Select shipments and execute billing program
15. Start
AR Billing Computer
Controlling Information Systems: Business Process Controls 272

ANS:

6. The E-R diagram in Figure TB-11.15 represents a B/AR/CR process. However, the names of certain
entities and relationships removed from the boxes and diamonds, respectively. In alphabetic order, the
names omitted are:

BANKS
CASH_RECEIPTS
CUSTOMERS
DEPOSITS
Inventory
SALES_INVOICES
SALES_ORDERS
SHIPMENTS
Controlling Information Systems: Business Process Controls 273

Required:

Complete The ER Diagram by:


a. Inserting the numbers from the above lists into the boxes or diamonds, respectively,
where they belong.
b. Inserting a 1 or an M or an N into each blank circle to show whether each
relationship is one-to-one (1:1), one-to-many (1:M), or many-to-many (M:N).

received_
SALES_ from
RELATIONS

activate

STOCK_PICK

trigger

made_to

generate

billed_to

produce

yield

go_to Prepared
_by

EMPLOYEES
Controlling Information Systems: Business Process Controls 274

ANS:
For the answer, refer to figure 11.9 in the text. The image is also reproduced below.
Controlling Information Systems: Business Process Controls 275

The following is a list of thirteen control plans:


7.

A. Independent billing authorization E. Manual agreement of batch totals


B. Shipped but not billed sales order tickler F. Immediately endorse incoming checks
file in billing
C. One-for-one checking of deposit slip and G. Document design
checks
and invoice H. Prenumbered documents
D. Programmed edits of shipping I. Turnaround documents
notification J. Edit cash receipts for accuracy

Required:
Listed below are ten statements describing either the achievement of a control goal (i.e., a system
success) or a system deficiency (i.e., a system failure). On the answer line to the left of each
description, insert the capital letter from the list above of the best control plan to achieve the desired
goal or to address the system deficiency described. A letter should be used only once.

CONTROL GOALS OR SYSTEM DEFICIENCIES


Answers

_____ 1. Helps to ensure that all shipments are billed in a timely manner.

_____ 2. By preventing duplicate document numbers from entering the system, helps to ensure
input validity.

_____ 3. Helps to ensure the validity of shipping notifications.

_____ 4. Ensures efficient employment of resources and ensures input accuracy of remittance
advice inputs (cash receipts)

_____ 5. Provides for update completeness and accuracy of the accounts receivable master file
data

_____ 6. Helps to ensure the security of resources (cash, AR master data)

_____ 7. Provides for input validity, completeness, and accuracy of the dollar amount of deposited
checks

_____ 8. Provides a preventive control to help ensure the accuracy of items shipped

_____ 9. Should have precluded a field salesman from omitting the sales terms from the sales
order, thereby causing the order to be rejected by the computer data entry personnel.

_____ 10. Meets the operations system control goal of efficiency of resources use by reducing the
number of data elements to be entered from source documents.
ANS:
1. B 6. F
2. H 7. C
3. A 8. D
4. M 9. G
5. E 10. I
Controlling Information Systems: Business Process Controls 276

Chapter 12
PROBLEM

1. Figure TB12-4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The
narrative that follows is paraphrased from the Chapter 12 description of process 1.0 in the diagram.

Narrative Description

Inventory purchase requisitions and purchase requisitions for supplies and services are requested from
various departments and are accumulated and are held in the purchase requisition data. In this way an
organization can consolidate requests, submit larger orders to vendors, and presumably receive
concessions in price and payment terms for these larger purchases.

At predetermined intervals, the accumulated requests held in the purchase requisition data is combined
with the inventory master data to calculate requirements and determine what purchases need to be
made. This results in the calculated purchase requirements that will later be used to order goods and
services.

Required:

From the DFD in Figure TB12.4 provided, and from the narrative description above, explode bubble
1.0 into a lower-level diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 277

ANS:

2. Figure TB12-4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The
narrative that follows is paraphrased from the Chapter 12 description of process 2.0 in the diagram.

Narrative Description

Process 2.0 in Figure 12.4 , provides a look at the logical functions involved in ordering goods and
services. The first process involves vendor selection. A buyer generally consults the vendor master
data to identify potential suppliers and then evaluates each prospective vendor.

After the vendor has been selected the buyer prepares a purchase order. The purchase order contains
data regarding the needed quantities, expected unit prices, requested delivery date, terms, and other
conditions from the purchase requisition. In preparing the purchase order, the buyer first checks the
inventory master data to obtain additional information with which to prepare the purchase order. The
purchase order is sent to the vendor. At the same time, the inventory master data is updated to reflect
the goods on order. The purchase order information is distributed to several departments including the
requesting department, inventory, accounts payable, and receiving. The purchase order master data is
also updated at this point.

The purchase order master data is updated again when the vendor sends an acknowledgement that
the order has been received.

Required:

From the DFD in Figure 12.4 provided, and from the narrative description above, explode bubble 2.0
into a lower-level diagram showing the details of that process.

ANS:
Controlling Information Systems: Business Process Controls 278

3. Figure TB 12.4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The
narrative that follows is paraphrased from the Chapter 12 description of process 3.0 in the diagram for
the purchase of inventory.

Narrative Description
When inventory purchased is received, the vendor packing slip, accompanies the purchased inventory
from the vendor and identifies the shipment, triggers the receiving process. Goods arriving at the
receiving department are inspected and counted. Nonconforming goods are denoted by a reject stub.
Notation of rejected goods is added to the vendor service record in the vendor master data. After the
goods are inspected, counted, and the condition of the goods has been approved, an approved
purchase order receiving notification is produced.

Next, the receiving report is completed by noting the quantity received on the approved PO receiving
notification. Once annotated with the quantity received, the PO receiving notification becomes a
receiving report, which is the form used to record merchandise receipts.

In the next process the receiving report is compared to the information stored in the purchase order
master data. This process is often completed automatically by the information system and includes
the following activities:

Data about vendor compliance with the order terms (product quality, meeting promised
delivery dates, etc.) is added to the vendor master data.
The inventory master data are updated to reflect the additional inventory on hand.
The accounts payable process can access the receiving report data by accessing the
receiving report.
The warehouse can access the receiving report data through a stock notice.
Data reflecting the receipt is stored in the purchase receipts data.
The cost of the inventory received is relayed to the general ledger process
Finally, the purchase order master data are updated to reflect the receipt of the goods.

Required:
From the DFD in Figure 12.4 provided, and from the narrative description above, explode bubble 3.0
into a lower-level diagram showing the details of that process.
Controlling Information Systems: Business Process Controls 279

ANS:

4. The figure below is the control matrix for the purchasing process presented in Chapter 12, but with
certain items omitted. In the matrix, each omission is indicated by a square. Jumbled lists of the
omitted items are as follows:

Omitted from Control Goals Columns


1. Inventory, purchase order master data
2. Ensure security of resources
3. Vendor packing slip inputs
4. Purchase order master data
5. Purchase requisition inputs
6. Ensure effectiveness of operations
7. Ensure efficient employment of resources
8. Master data

Omitted Control Plans


9. Approve vendor selection
10. Authorize vendor data
11. Compare vendors for prices, terms, quality and product availability
12. Digital signatures
13. Enter receipt data in receiving department
14. Preformatted screens

Control Goals of the Control Goals of the


Operations Process Information Process
For For For For PO,

Present
Controls ensure ensure ensure ensure
Controlling Information Systems: Business Process Controls 280

A B C IV IC IA UC UA IV IC IA UC UA
P-1: P-1 P-1

P-2: P-2 P-2 P-2


Programmed
edit checks
P-3: Written P-3
approvals
P-4: P-4 P-4
Requisition
audit data
P-5: P-5 P-5 P-5 P-5

P-6: P-6

P-7: P-7 P-7 P-7

P-8: P-8 P-8


Requisition
confirmation
to originating
department
P-9: P-9 P-9 P-9

P-10: P10 P10 P10 P10 P10 P10 P10 P10

P-11: P11 P11 P11 P11


Compare
inputs with
master data
P-12: Create P12 P12 P12 P12 P12
audit trail for
receipts
Missing
Controls
None Noted

\
Required:

Complete the matrix in parts 1 and 2 of Figure TB-12.8 by replacing one of the numbers, 1 through 14
from the above lists, for each square showing a missing item.

ANS:
Control Goals of the
Control Goals of the Information Process
Operations Process
Controlling Information Systems: Business Process Controls 281

6 7 2 For 4, For 3, ensure For


1 For 5, ensure ensure purchase
order 8,
Present ensure
Controls A B C IV IC IA UC UA IV IC IA UC UA
P-1: 14 P-1 P-1
P-2: P-2 P-2 P-2
Programmed
edit checks
P-3: Written P-3
approvals
P-4: P-4 P-4
Requisition
audit data
P-5: 10 P-5 P-5 P-5 P-5

P-6: 11 P-6

P-7: 9 P-7 P-7 P-7

P-8: P-8 P-8


Requisition
confirmation
to originating
department
P-9: 12 P-9 P-9 P-9

P-10: 13 P10 P10 P10 P10 P10 P10 P10 P10

P-11: P11 P11 P11 P11


Compare
inputs with
master data
P-12: Create P12 P12 P12 P12 P12
audit trail for
receipts
Missing
Controls
None Noted

5. The following is a list of 12 control plans.

Control Plans

A. Preformatted screens G. Approve vendor selection


B. Programmed edit checks H. Requisition confirm to originating
department
C. Written approvals I. Digital signatures
D. Requisition audit data J. Enter receipt data in receiving
department
E. Authorized vendor data K. Compare inputs with master data
F. Compare vendors for prices, terms, quality, L. Create audit trail for receipts
and product availability

Required:
Controlling Information Systems: Business Process Controls 282

Listed below are 12 system failures that indicate weaknesses in control. On the answer line to the left
of each description, insert the capital letter (from the list above) of the best control plan to address the
system deficiency described. A letter should be used only once.

SYSTEM FAILURES

_____ 1. Vendors are not screened before being added to the authorized vendor data
to help ensure selection of a vendor that will provide the best quality at the
lowest price by the promised delivery date.
_____ 2. Data on the RFID chips is not compared to the open purchase order to ensure
that we have received the goods that we ordered.
_____ 3. Purchase requisitions are not required to be signed by authorized personnel.
_____ 4. The computer does not automatically identify erroneous or suspect data to
reduce input errors.
_____ 5. Not all documents have been properly examined to ensure that the correct
goods have been received, recorded and sent to the warehouse.
_____ 6. The company has used a single vendor for the past three years.
_____ 7. Data fields are not automatically populated to prevent errors.
_____ 8. The vendor has no way of knowing if the electronic purchase order was sent
by authorized personnel of the buyer.
_____ 9. The purchasing manager has not informed the requisitioning department in a
timely manner to let them know that their requests were processed.
_____ 10. A copy of the requisition data is not automatically added to the audit data to
ensure that a complete record is maintained for all requisition activity.
_____ 11. Receipts are captured in the purchasing department.
_____ 12. Certain vendors have been favored in the selection process.

ANS:

System
Failure Answer
1. E
2. K
3. C
4. B
5. L
6. F
7. A
8. I
9. H
10. D
11. J
12. G

6. The following is a partial flowchart for the purchasing process. There are selected symbols that must
be filled in to complete the flowchart. Fill in the items with missing labels using a letter from A to J.
A. Approve PO
B. Enterprise database
C. Enter requisition data
D. Exception routine not shown
E. Requisition approval screen
Controlling Information Systems: Business Process Controls 283

F. Approve requisition
G. PO Input screen
H. Requisition screen with vendor candidates
I. Edit and record PO
J. Edit input and record requisition

Requisition Department Computer Purchasing Department


Controlling Information Systems: Business Process Controls 284

ANS:
Controlling Information Systems: Business Process Controls 285

Chapter 13
PROBLEM

1. Figure TB-13.1 shows a portion of the horizontal perspective of a purchasing process. The following
functional titles, data flows, and external entities have been omitted.

Functional Titles
A. Accounts payable department
B. Cashier
C. Controller
D. Treasurer
E. VP Finance

Data Flow Descriptions


F. Accounts payable notification sent to the general ledger process
G. Approved voucher sent to cashier
H. Check sent to vendor by cashier
I. Invoice recorded from vendor
J. Notification of the cash disbursement sent from the cashier to the general ledger
process
K. Paid voucher returned to the accounts payable department

External Entities
L. General ledger process
M. General ledger process
N. Vendors
O. Vendors

Required:

Complete the figure below by inserting the letter corresponding to the:


(a) functional titles into the boxes in the triangle
(b) data flow descriptions to the squares numbered
(c) internal entities in the circles within the box representing the relevant environment.

Do not add any flow lines; this is a partial view of the purchasing process only.
Controlling Information Systems: Business Process Controls 286

Entities in the relevant environment of


the purchasing process
Controlling Information Systems: Business Process Controls 287

ANS:

D C
Entities in the relevant environment of
the purchasing process

B G A

I
K N or O

F
L or M

H
O or N

J
M or L

TB 13.1
Controlling Information Systems: Business Process Controls 288

Figure TB 13.2 AP/CD Process

2. Figure TB-13.2 is the AP/CD process level 0 DFD shown in Chapter 13. The narrative that follows is
paraphrased from the Chapter 13 description of process 3.0 in the 1.0 diagram.

Narrative Description

The first step in establishing the payable involves validating the vendor invoice. This process is
triggered by receipt of the vendor invoice, a business document that notifies the purchaser of an
obligation to pay the vendor for goods or services that were ordered by and shipped to the purchaser.
The first process comprises a number of steps. First, the vendor invoice is compared against purchase
order data (PO accounts payable notification) to make sure that (1) the purchase has been authorized
and (2) invoiced quantities, prices, and terms conform to the purchase order agreement. Next, the
invoice is matched against the receiving report data to determine that the goods or services actually
have been received. Finally, the invoice is checked for accuracy of computed discounts, extensions,
and total amount due. Note that the vendor master data is also updated at this point to reflect purchase
history data. If the data items do not agree, the invoice is rejected (reject stub) and follow-up
procedures are initiated.

If the data items agree, the validated invoice is sent on to the next step to be used to record the payable.
The inventory master data and the AP master data are updated. The general ledger is also updated for
the payable.

Required:

From the DFD in Figure TB-13.2 and the narrative description above, explode bubble 1.0 into a lower-
level diagram showing the details of that process.

ANS:
Controlling Information Systems: Business Process Controls 289

TB Figure 13.3

3. Figure TB-13.2 is the purchasing/accounts payable/cash disbursements process level 0 DFD shown in
Chapter 13. The narrative that follows describes process 2.0 in the diagram.

Narrative Description

We remind you that the payment process is triggered by payment due-date information residing on the
accounts payable master data (i.e., a temporal event). The payment process begins with the
preparation of a check equal to the amount of the invoice, less any discount taken. The check is then
recorded in the next process by marking the invoice as paid and making an entry in the cash
disbursements event data store. The AP master data is also updated at this point. Finally, the recorded
check is issued and the vendor is paid in the next process. The general ledger process is notified of
the payment.

Required:

From the DFD in Figure TB-13.2 and the narrative description above, explode bubble 2.0 into a lower-
level diagram showing the details of that process.

ANS:

Figure
TB 13.4

4. In the figure below is the control matrix for the accounts payable/cash disbursements process
presented in Chapter 13, but with certain items omitted. In the matrix, each omission is indicated by a
box. Jumbled lists of the omitted items are as follows:

Omitted from Control Goals Columns


Controlling Information Systems: Business Process Controls 290

1. Cash, Accounts payable master data


2. Ensure security of resources
3. Payment voucher inputs
4. Accounts payable master data
5. Vendor invoice inputs
6. Ensure effectiveness of operations
7. Ensure efficient employment of resources
8. Accounts payable master data

Omitted Control Plans


9. Record disbursements
10. Independent authorization to make payment
11. Preformatted screens
12. Digital signatures
13. Independent validation of vendor invoices
14. Calculate batch totals

Control Goals of the


Control Goals of the Information Process
Operations Process
For For For For
purchase

Present order
ensure ensure ensure
Controls
ensure
A B IV IC IA UC UA IV IC IA UC UA
P-1: P-1 P-1 P-1

P-2: Vendor P=2


invoice
mathematical
accuracy
check
P-3 P-3 P-3

P-4: P-4 P-4


Computer
generated list
of vouchers
due
P-5: P-5 P-5

P-6: P-6 P-6

P-7: P-7

P-8: P-8 P-8 P-8 P-8 P-8 P-8


Reconcile
input output
batch totals
Controlling Information Systems: Business Process Controls 291

P-9: P-9 P-9 P-9 P-9 P-9 P-9

Missing
Controls
P-1 Cash M-1
Planning
Report

Required:

Complete the matrix in parts 1 and 2 of the Figure below by placing one of the numbers, 1 through 13
from the above lists, to replace the empty boxes showing a missing item.

ANS:

Control Goals of the


Control Goals of the Information Process
Operations Process
6 7 2 For 4, For 3, ensure For 8,
For 5, ensure ensure ensure
1
Present
Controls A B IV IC IA UC UA IV IC IA UC UA
P-1: 13 P-1 P-1 P-1
P-2: P=2
Programmed
edit checks
P-3: 10 P-3 P-3

P-4: P-4 P-4


Requisition
audit data
P-5: 14 P-5 P-5
P-6: 11 P-6 P-6

P-7: 9 P-7

P-8: P-8 P-8 P-8 P-8 P-8 P-8


Requisition
confirmation
to originating
department
P-9: 12 P-9 P-9 P-9 P-9 P-9 P-9
Missing
Controls
M-1: Cash M-1
planning
report

5. In the flowchart below for the accounts payable/cash disbursements process presented in Chapter 13,
but with certain items omitted. In the flowchart, each omission is indicated by a question mark.
Jumbled lists of the omitted items are as follows:

1. Compare incoming invoices to PO and receiving report data and record AP and GL
data
2. Display of vouchers due
Controlling Information Systems: Business Process Controls 292

3. Enterprise database
4. Exception routine not shown
5. Payment totals
6. Prepare payment order and RA, update AP and GL data for payment, display
payment totals
7. Select vouchers for payment, calculate batch totals
8. Translate from EDI and record incoming invoices
9. VAN

Required:

Complete the flowchart in the figure below by placing one of the numbers, 1 through 9 from the above
lists, to replace the question mark showing a missing item.

Each Day
VAN

? Display ?
vouchers due
?

? BT
?

Enter payments
data
?

AP clerk
?
could
handle and
extra
exceptions

Translate
payment order
and RA to EDI ?
format

?
Controlling Information Systems: Business Process Controls 293

ANS:

Each Day
VAN

8 Display 2
vouchers due
3

7 BT
1

Enter payments
data
6

AP clerk
5
could
handle and
extra
exceptions

Translate
payment order
and RA to EDI 4
format

9
Controlling Information Systems: Business Process Controls 294

6. The following is a list of 12 control plans.

Control Plans

A. Independent validation of vendor invoices G. Reconcile input-output batch totals


B. Computer generated list of vouchers due,
chronologically sorted by date
C. Preformatted screens H. Digital signatures
I. Independent authorization to
D. Record disbursements electronically make payment
E. Calculate batch totals
F. Vendor invoice mathematical
accuracy check

Required:

Listed below are nine system failures that indicate weaknesses in control. On the answer line to the left
of each description, insert the capital letter (from the list above) of the best control plan to address the
system deficiency described. A letter should be used only once.

SYSTEM FAILURES

_____ 1. There is no automatic count of the number of lines of data.


_____ 2. Disbursements must be manually recorded instead of automatic recording of
disbursements data.
_____ 3. Data fields must be manually entered and users can customize the input
fields as needed.
_____ 4. Payables are not tracked by due date and discounts are often missed.
_____ 5. The VAN does not know that the sender of a message has the authority to
send it.
_____ 6. The total shown on a vendor's invoice was greater than the sum of the
invoice details, resulting in an overpayment to the vendor.
_____ 7. Disbursement checks can be generated with only a valid purchase order.
_____ 8. The vendor shipped goods that were never ordered. The invoice for those
goods was paid.
_____ 9. The totals calculated for payments before the input does not match those
produced after the update
ANS:

System
Failure Answer
1. E
2. D
3. C
4. B
5. H
6. F
7. A
8. I
9. G
Controlling Information Systems: Business Process Controls 295

Chapter 14
PROBLEM

1. Figure TB-14.1 is a level 0 DFD of a payroll process, but several labels have been omitted from the
figure (indicated by small boxes in the figure). Listed below is a numbered, alphabetical list of the
omitted items.

Omitted Labels
1. Accrue employer taxes
2. Attendance time records
3. Distribute labor costs
4. Employee/payroll master data
5. General ledger process
6. GL employer tax accrual update
7. GL tax deposit update
8. Government agencies
9. Job time records
10. Pay employees
11. Payroll transfer check
12. Tax deposit

Required:

Match the list of labels above to the spots in Figure TB-14.1 where they belong by placing one of the
numbers (1 through 12) from the above list in the appropriate box in the figure.
Controlling Information Systems: Business Process Controls 296

Current tax
rates ?
Gov’t
Agencies
5.0 ?
1.0
Perform
data mainte-
nance

?
Accrual
Tax rates data notification
Bank

6.0 ?
Prepare Tax
Deposit

Dept
Managers & 2.0
supervisors Reconcile
Hours Payment
Worked contribution
notice

Insurance
companies etc

7.0
Prepare
payroll
reports
Employee/payroll
master data Payroll tax
Validate reports
job time
records

Validated
?
attendance
3.0 time records

4.0

W-2 Benefits
Forms reports
GL labor Employee
distribution GL disbursement ? paychecks
update voucher update

Employees
General
Ledger Bank
Process

Figure TB 14.1

ANS:
Controlling Information Systems: Business Process Controls 297

Current tax
rates 5
Gov’t
Agencies
5.0 6
1.0
Perform
1
data mainte-
nance

7
Accrual
Tax rates data notification
Bank

2 or 9 6.0 12
Prepare Tax
Deposit

Dept
Managers & 2.0
supervisors Reconcile
Hours Payment
Worked contribution
notice

Insurance
9 or 2 companies etc

7.0
4 Prepare
payroll
reports
Employee/payroll
master data Payroll tax
Validate reports
job time
records

Validated
8
attendance
3.0 time records
3 4.0
10

W-2 Benefits
Forms reports
GL labor Employee
distribution GL disbursement 11 paychecks
update voucher update

Employees
General
Ledger Bank
Process

Figure TB 14.2
Controlling Information Systems: Business Process Controls 298

Validated
attendance time Tax rates data Employee/ payroll
records master data

4.0
Pay
Employees

GL Employee
disbursements Paychecks
Payroll
voucher update
transfer check

General Bank Employees


Ledger

2. Figure TB 14.3 is a part of the payroll process level 0 DFD shown in the text. The narrative that
follows is paraphrased from the text description of process 4.0 in the diagram.

Narrative Description
Validated attendance time records initiate the payment to workers in process 4.0.
Controlling Information Systems: Business Process Controls 299

This process begins with the validated attendance time records. In calculating employees gross and
net pay, the first process retrieves data from both the employee/payroll master data and the tax rates
data. This process accumulates current, quarter-to-date, and year-to-date totals for each employee and
reports this information via the data flow Payroll register. This information also is used to update the
employee/payroll master data. Finally, this first process prints and distributes paychecks to employees
as reflected in the represented by an employee paychecks data flow.

The data flow “payroll register” triggers the next process where the disbursement voucher is prepared.
This will result in a data flow for the GL disbursement voucher update, and a data flow for the
disbursement voucher.

Finally, the payroll transfer check is prepared in the next process and sends it to the bank to cover the
organizations periodic net payroll.

Required:

From the DFD in the figure below and the narrative description above, explode bubble 4.0 into a lower
level diagram showing the details of that process.

ANS:

Figure TB 14.4

3. Assume that you are working with a payroll application that produces weekly paychecks, including
paystubs. Listed below are 20 data elements that appear on the paycheck/paystub.

Data Elements

Number Description
1. Employee identification number
2. Social security number
3. Employee name
4. Employee address
5. Regular hours worked
Controlling Information Systems: Business Process Controls 300

6. Overtime hours worked


7. Pay rate classification
8. Hourly pay rate
9. Regular earnings
10. Overtime earnings
11. Total earnings
12. Deduction for federal income tax
13. Deduction for state income tax
14. Deduction for FICA tax
15. Union dues withheld (flat amount based on length of service)
16. Net pay
17. Check number (same number is also preprinted on each check form)
18. Year-to-date amounts for items 11 through 14 preceding
19. Pay-period end date
20. Date of check (employees are paid on Wednesday for the week ended the
previous Friday)

Required:

For each numbered item, indicate the immediate (versus ultimate) source of the item. For instance, the
immediate source of the number of exemptions for an employee would be the employee master file as
opposed to the ultimate source which is the W-4 form filed by the employee. Some items may have
more than one source, as in the case of item 1. You have the following choices:

E = Employee master file


T = Time clock cards (these are in machine-readable form and show for each
employee for each day the time punched in the morning, out at lunch,
in after lunch, and out in the evening)
H = "Table" file of hourly wage rates (i.e., wage rate "class" and hourly rate for each
class)
W = "Table" file of state and federal income tax withholding amounts plus FICA tax rate
and annual "cutoff" amount for FICA wages.
CG = Computer generated (such as a date or time of day supplied by the system)
CC = Computer calculated
CO = Console operator (such as batch totals or a date to be used)

Arrange your answer as follows:

Item Source
1 T, E
2 ?
etc.

ANS:
Solution:
Item No. Description Source

1. Employee identification number T, E


2. Social security number E
3. Employee name T, E
4. Employee address E
Controlling Information Systems: Business Process Controls 301

5. Regular hours worked T, CC


6. Overtime hours worked T, CC
7. Pay rate classification E
8. Hourly pay rate H
9. Regular earnings CC
10. Overtime earnings CC
11. Total earnings CC
12. Deduction for Federal Income Tax W, CC
13. Deduction for State Income Tax W, CC
14. Deduction for FICA tax W, CC
15. Union dues withheld (flat amount based on E, CC
length of service)
16. Net pay CC
17. Check number (same number is also preprinted CG, CO
on each check form)
18. Year-to-date amounts for items 11 through 14 E, CC
above
19. Pay period ending CG, CO
20. Date of check (employees are paid on CC, CO
Wednesday for the week ended the previous
Friday)
Controlling Information Systems: Business Process Controls 302

Chapter 15
PROBLEM

1.
NARRATIVE
In Figure 15.1 Bubble 1.0, consistent with the value chain concept, the IPP begins with the design of
the product and production processes. Activity based costing can be used to develop estimates of the
future cost of producing new products as well as potential cost changes from product or design
changes. The entire design process is automated through the use of computer-aided design and
computer-aided engineering. The use of the CAD/CAE becomes the basis of developing detailed
production schedules as well detailed control of production machines. The CAD/CAE process results
in several data stores of information which are:
Bill of materials: The bill of materials provides the basis for later orders of raw materials (bubble 3 in
Figure 15.1) when finished goods is to be produced.

Parts master: The parts master or raw materials inventory master lists the detailed specifications of
each raw materials item. An engineer must specify the information for the new material in the parts
master when a new part is used in product design. Often, existing parts will be used in new products
to reduce needed ordering and carrying costs for the inventory.

Routing master: The routing master specifies the operations necessary to complete a subassembly or
finished good, and the sequence of these operations. The routing master also includes the machining
tolerances; the tools, jigs, and fixtures required and the time allowed for each operation. The routing
master is vital to developing detailed production instructions (bubble 4.0 in Figure 15.1). Computer
aided process planning (CAPP), is often used in developing the routing master for developing new
products. CAPP is an automated decision support system that generates manufacturing operations
instructions and routings based on information about machinery requirements and capabilities.

Work center master: The work center master describes each work center available for producing
products. A work station is the assigned location where a worker performs their job. A group of
similar work stations constitutes a work center. When new products require new machines or
production activities, a new record in the work center master must be created.

Refer to the following figure below. Prepare a level 1 data flow diagram for the product and
production process design process only.

ANS:
See text solutions manual for problem 15-1
Controlling Information Systems: Business Process Controls 303

2.
NARRATIVE
Once the master production schedule is determined, an important step in completing the production in
a timely manner is identifying, ordering, and receiving materials. Materials requirements planning is a
process that uses bills of material, raw material and WIP inventory status data, open order data, and the
master production schedule to calculate a time phased order requirements schedule for materials and
sub assemblies. The schedule shows the time period when a manufacturing order or purchase order
should be released so that the subassemblies and raw materials will be available when needed. The
process involves working backward from the date of production to determine the timing for
manufacturing subassemblies and then moving back further to determine the date that orders for
materials must be issued into the purchasing process. In an enterprise system, this process is
performed automatically, using a variety of data from the enterprise database including:
Bills of materials, showing the items and quantities required as developed by engineering.
Parts master data, which contains information about part number, description, unit of measure, where
used, order policy, lead time, and safety stock.
Raw materials and WIP inventory status data showing the current quantities on hand, and quantities
already reserved for production for the materials and subassemblies.
Open purchase order data showing the existing orders for materials.
Controlling Information Systems: Business Process Controls 304

The process begins by exploding the bill of materials to determine the total of each component
required to manufacture a given quantity of an upper level assembly or a subassembly specified in the
master production schedule. Based on lead time data for producing and ordering materials and
subassembly requirements are output in a time-phased order requirements schedule. Based on this
schedule, and open purchase order data, purchase requisitions are generated and sent to purchasing.

Required:
Refer to the level 0 data flow diagram in Figure 15.1. Prepare a level 1 data flow diagram for the
materials requirements planning process only.

ANS:
See text solutions manual solution to Problem 15-2
Controlling Information Systems: Business Process Controls 305

Chapter 16

PROBLEM

1. The level zero DFD for the GL/BR process is provided above.

Required:
Explode bubble 3.0, for the “Record Adjustments” process into a level 1DFD

ANS:
Refer to solutions manual for P16-2 part a.

2. The level zero DFD for the GL/BR process is provided above.

Required:
Controlling Information Systems: Business Process Controls 306

Explode bubble 4.0, for the “Prepare Business Reports” process into a level 1DFD

ANS:
Refer to solutions manual for P16-2 part b.

3. Below is an alphabetical list of twelve control plans discussed in Chapter 16. The second list describes
eight system failures that have control implications.

Required:

On the blank line to the left of each numbered description in the second list, place the capital letter of
the control plan that would best prevent the system failure from occurring or would mitigate the
resulting exposure. If in doubt between two options, one preventive and one detective/corrective, opt
for the preventive. Do not use a letter more than once. You should have no letters unused.

Control Category
A. Call-back procedures
B. Backup facilities
C. Diskless workstations or network computers
D. Encryption
E. File and record locking
F. Password protection at the field and record level
G. Standardized policies and procedures for hardware/software acquisition
H. System access logs

SITUATIONS
Answers

_____ 1. An employee in the treasurer's department is in the process of entering a


journal voucher when the power supply is disrupted. When power is
eventually restored, all of the data entered by the employee was lost.

_____ 2. Unknown to the organization, hackers are attempting to gain remote access in
its computer network. In an attempt to avoid detection, the hackers make
only a few attempts each night. As a result, IT personnel are not aware of this
activity.

_____ 3. Sue, the trust department manager at Central Savings and Loan, purchased a
Maxwell personal computer for her department when it was on sale at the
local computer store. Once the PC was operational, Sue discovered that it was
incompatible with the personal computers in all of the other bank
departments.

_____ 4. Receiving department personnel are currently able to access all the fields
related to a purchasing event. If they want to steal an inventory item
received, they simply change the quantity ordered amount.

_____ 5. Edmond Fletcher, a 14-year-old computer wiz, was visiting a friend's house.
While there, he copied the telephone number and ID number that he noticed
pasted to the PC belonging to the friend's father, an applications programmer
at a major bank. When he got home, Nosey dialed the number through the
Controlling Information Systems: Business Process Controls 307

modem in his personal computer, entered the ID number, used a random


number generator to get past the security module's password protection, and
planted a computer virus in the bank's programs.

_____ 6. Alfie, the managerial accountant at F & M Enterprises, sent a an email


message with confidential information attached. The message was
intercepted by a third party and the confidential information was then read
and examined by the third party.

_____ 7. Sarah, the credit manager at Belle Co., accessed the company's LAN so that
she could do a credit review of Ozmond Company's delinquent account.
Sarah was unaware that a clerk in accounts receivable, another user on the
network, was at that very moment processing customer billings. As a result,
Ozmond Company's balance did not reflect $10,000 of billings made to it that
day.

_____ 8. Ursula, a network user at Billings Co., accessed the company's customer
master data from the enterprise database while at her job. Then she copied
the data to several diskettes, which she sold to one of Billing's competitors.

ANS:

Control
Situation
Number Answer
1. B
2. H
3. G
4. F
5. A
6. D
7. E
8. C

ESSAY

1. Discuss the following components of the balanced scorecard:


(1) financial
(2) internal business processes
(3) customers
(4) innovation and improvement activities

ANS:
Balanced scorecard is a methodology for assessing an organizations business performance
Controlling Information Systems: Business Process Controls 308

via four components: (1) financial, (2) internal business processes, (3) customers, and (4) innovation
and improvement activities. The financial aspect focuses on more traditional measures of business
performance related to how shareholders view the organizations performance. The internal business
processes relate to the organizations ability to identify its core competencies and to assess how well it
performs in these identified areas of competency. The customer component focuses on identifying how
customers perceive the organization in terms of the value that it is creating for them. Innovation and
improvement activities are monitored to assess how the organization is continuing to improve and how
it is creating additional value.

2. The important information services functions of the GL/BR process emphasized in chapter 16 included
two categories: (1) general ledger activities and (2) other business reporting.
Breifly discuss what comprises the general ledger (GL) process comprises and what comprises the
business reporting process.

ANS:
The general ledger process comprises accumulating data, classifying data by general ledger accounts,
and recording data in those accounts. Fueling the financial reporting, business reporting, and other
reporting subsystems by providing the information needed to prepare external and internal reports. In
servicing the information needs of managerial reporting, the GL interacts with the budgeting modules.

The business reporting process is concerned with the following: Preparing general purpose, external
financial statements (e.g., the conventional four that you have studied in other accounting courses: the
balance sheet, income statement, statement of owner equity changes, and cash flow statement).
Ensuring that the external financial statements conform to GAAP; therefore, among other things, the
statements must contain appropriate footnote disclosures. Generating Web-based forms of key
financial statement and related business reporting information for dissemination via the Internet.
Supporting the generation of both ad hoc and predetermined business reports that support operational
and strategic decision making.

Você também pode gostar