Assignment 3

1) Weakness- Credit approval by bookkeeper A has no effect on shipping

Threat/Problem- Uncollectible sales.
Recommendation- Credit approval must occur prior to shipping
merchandise to customers.
Weakness- Warehouse clerk does not retain copy of the shipping
advice.
Threat/Problem- Cannot easily identify loss if the carrier has
accident.
Recommendation- Use a 4-copy shipping advice and retain one copy
in the warehouse.
Weakness- Collections Clerk does not deliver postdated checks and
checks with errors to an employee independent of the bank deposit for
review and disposition.
Threat/Problem- Possible theft of checks.
Recommendation- Deliver all checks not deposited to another
employee who has no bank deposit/reconciliation duties.
2)
1) Cancellation of the voucher package by the cashier after signing the
check. Purpose- Prevent re submission of invoices for double payment.
ERP System- Control field in supplier invoice record to indicate the
document has been used Control field in purchase order and receiving
report records to indicate the document has been used to support
payment.
2) Separation of duties of approving invoices for payment and signing
checks. Purpose Prevent payment of fictitious invoices. ERP
System- System matches all invoices to corresponding receiving reports
and purchase orders Checks signed by cashier.
3) Pre numbering and periodically accounting for all purchase orders.
Purpose- Prevent unauthorized purchases. ERP System - Sequence check
of all purchase orders.
4) Periodic physical count of inventory. Purpose- Verify the accuracy of
recorded amounts and detect losses. ERP System- Still need to count
physical inventory periodically

5) Requiring two signatures on checks for large amounts. Purpose Prevent large disbursements for questionable reasons. ERP System - Still
need two signatures.
6) Requiring that a copy of the receiving report be routed through the
inventory stores department prior to going to accounts payable. PurposeVerifies that items received were placed in inventory and were not stolen.
ERP System - Receiving clerks enter that goods were transferred to
inventory. Inventory clerks acknowledge receipt of goods via terminals.
System configured so that voucher package requires that the receiving
report include the acknowledgement of receipt by inventory control.
7) Requiring a regular reconciliation of the bank account by someone
other than the person responsible for writing checks. Purpose - Detect
unauthorized disbursements. ERP System - Still required.
8) Maintaining an approved supplier list and checking that all purchase
orders are issued only to suppliers on that list. Purpose- Ensure the
purchase of quality goods and prevent violations of laws or company
policies. ERP System - Validity check of supplier number on all purchase
orders. Restrict access to the supplier master file Verify all changes to the
supplier master file Restrictions on who can make changes to the supplier
master file.

3) One of the threats associated with having employees telecommute is

that they may use company-provided resources (e.g., laptop, printer, etc.)
for a side business. What are some other threats?
1. Not working or working less productively than if the employees were
working onsite.
2. Security risks, such as the employee not proactively maintaining
proper antivirus and patch management practices or not protecting
and/or backing up their data adequately.
3. Inappropriate use of company hardware (e.g., gambling, visiting
pornographic websites, etc.).
4. An increased risk of loss of confidentiality and privacy if sensitive data
is stored on the remote computer. Such remote storage may also violate
privacy regulations, such as HIPAA.
What controls can mitigate the risk of these threats?
The solutions to these potential threats primarily involve monitoring and
the use of security controls discussed in chapter 8. For example, software

exists to enable companies to monitor employees, including what they do

on the Internet.
In addition, a company could require that telecommuting employees login
their companys network and store all work related files on the companys
network and not on their home machines. The VPN connection could be
configured to restrict what employees can do, such as preventing local
storage of sensitive data and mandatory updates of anti-virus and
security software. The VPN software should also be designed to prevent
employees from simultaneously opening a VPN connection to the
corporate network and a second connection to their ISP (i.e., disable splittunneling).

4) Explain the components of an audit trail for verifying changes to

accounts payable. Your answer should specify how those components can
be used to verify the accuracy, completeness, and validity of all
purchases, purchase returns, purchase discounts, debit memos, and cash
disbursements.
The sum of all amounts owed to individual vendors would be computed
and compared to the balance in the general ledger accounts payable
control account.
To verify all transactions, you would follow the audit trail to identify the
voucher numbers, purchase order numbers, and receiving report numbers
for all approved vendor invoices and use that list to select all source
documents.
You could then recalculate the total amount purchased and the total cash
disbursed. You could also recalculate all purchase discounts available and
compare that to the amount taken.
To verify vendor balances, you could re-compute the effects of all
purchases and payments on the beginning balance; this calculated figure
should equal the new ending balance.