Chapter 1 Problem # 1 a. The purpose of transaction authorization is to ensure that all material transactions processed by the information system are valid and in accordance with management’s objectives. No transaction shall occur unless it is authorized. Authorizations may be general or specific. General authority is granted to operations personnel to perform day-to-day activities. It rules specified in advance. Specific Authorizations deal with case by case decisions associated with nonroutine transactions.
However, in IT environment authorization may be imbedded in the coded program logic in a module and take place without visibility. Unauthorized transactions may not be noticed until well after the fact. b. In segregation of duties, authorization must be separated from transaction processing. Some certain duties that are deemed incompatible in a manual system may be combined in an IT environment. Due to automation, incompatible “duties” may all reside in a single computer program or application. Computer has no motivation to circumvent controls and does not make mistakes due to human weaknesses.
Need essay sample on Paper About Accounting ?We will write a custom essay sample specifically for you for only $12.90/pageorder now
Humans do the circumventing and make the mistakes. In IT environment, must “separate” humans that create programs which do authorizing from humans that run the programs that do processing. c. In accounting records, the source documents, journals, and ledgers that capture the economic essence of transactions and provide audit trail of economic events. Organizations must maintain audit trails for two reasons. First, this information is needed for conducting day to day operations. Second, the audit trail plays an essential role in the financial audit of the firm.
Allow auditors to trace transactions from original sources to financial statements. In IT environment, no physical source documents – data in digital form. Audit trail consists of pointers, hashing, indexes, embedded keys, etc. in database tables. Logs recording processing are essential. d. In IT environment, records concentrated in mass storage devices that increase risks of computer fraud and disasters. Computer fraud is that person gains access to system and to all records relating to transactions and assets. Disasters – all the eggs in one basket.
Access to computer programs allows introduction of logic errors or intentional irregularities or fraud. e. In IT environment about the independent verification, computers perform routine tasks but do not have human weaknesses. However, they can “glitch” or do something a weak human told them to do. Check programs run that verify integrity, completeness, accuracy of input data and processing– program logic performs verifications. IT auditors independently verify integrity of program development, operations, and maintenance. f.
In IT environment supervision of a different nature and more elaborate than in a manual system. Employee competence – skill sets, turnover, changes in technology. Some IT employees must be in positions that permit unrestricted access to programs and data. Inability to observe IT personnel performing tasks – geographically separated. In IT, supervisory controls must be designed into the system because what is being done cannot be observed. g. In IT environment, due to automation, incompatible “duties” may all reside in a single computer program or application.
Computer has no motivation to circumvent controls and does not make mistakes due to human weaknesses. Humans do the circumventing and make the mistakes. In IT environment, must “separate” humans that create programs which do authorizing from humans that run the programs that do processing. Chapter 1 Problem # 2 a. The task should be separated to achieve adequate internal control. Because in this task, approval of bad debt write-offs and the reconciliation of the accounts payable subsidiary ledger and the general ledger control account have different functions.
It needs to make sure there are different people to handle these two issues. b. The tasks should be separated to achieve adequate internal control. Distribution of payroll checks to employees and approval of employee time cards can’t be the same one person. Fraud will be happened in this task. In order to avoid fraud, the person who is in position to approve sales returns for credit is not the same one who distributes payroll check to employees. c. The tasks should be separated to achieve adequate internal control.
Cash receipts journal and the cash disbursements journal function should be separated from record keeping function. d. The tasks should not be separated to achieve adequate internal control. Distribution of payroll checks to employees and recording cash receipts in the journal should be processed by the same person. e. The tasks should be separated to achieve adequate internal control. Recording cash receipts in the journal should be a different person than the person who prepares the bank reconciliation. The bank reconciliation requires to be completed by an independent person to prepare it.