CONFIDENTIAL ACIDEC 2015/AIS615 UNIVERSITI TEKNOLOGI MARA FINAL EXAMINATION COURSE : ACCOUNTING INFORMATION SYSTEM ‘COURSE CODE AIS615 EXAMINATION : DECEMBER 2015 TIME : 3 HOURS IC) ATES 1 This question paper consists of two (2) parts: PART A (5 Questions) PART B (1 Question) 2 ‘Answer ALL questions in PART A and PART B in the Answer Booklet. Start each answer on anew page 3 Do not bring any material into the examination room unless permission is given by the invigilator, 4 Please check to make sure that this examination pack consists of i) the Question Paper ii) an Answer Booklet — provided by the Faculty 5. ‘Answer ALL questions in English DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO This examination paper consists of 6 printed pages ‘© Hak Cipta Universiti Teknologi MARA CONFIDENTIALCONFIDENTIAL 2 ACIDEC 2015/A1S615 PARTA QUESTION 1 To improve the risk management process, COSO developed a second control framework called Enterprise Risk Management — Integrated Framework (ERM). a. __ List eight (8) interrelated risk and control components of ERM. (4 marks) b. Discuss briefly any three (3) basic principles behind ERM (6 marks) (Total: 10 marks) QUESTION 2 It is helpful to understand the basic steps criminals use to attack an organization's information system. a. Explain briefly any two (2) basic steps being used by criminals to attack an organization's information system. (5 marks) Internal controls are the processes and procedures implemented to provide reasonable assurance that control objectives are met. b. Explain any two (2) credentials for users’ authentication and give two (2) examples for each credential. (4 marks) ¢. Discuss three (3) important functions that internal controls perform to eliminate ‘system threats and one (1) example for each function. (6 marks) (Total: 15 marks) QUESTION 3 a. Encryption and hashing are two important privacy controls. Explain any two (2) differences between these two controls. (4 marks) b. Explain any three (3) internationally recognized best practices by Generally Accepted Privacy Principles (GAAP) for protecting the privacy of customers’ personal information. (6 marks) (Total: 10 marks) © Hak Cipta Universiti Teknologi MARA CONFIDENTIALCONFIDENTIAL, 3 ACIDEC 2015/AIS615 QUESTION 4 COBIT 5 control processes address the importance of ensuring that systems and information are available for use whenever needed and provides additional control over processing integrity a. Discuss briefly two (2) objectives and one (1) key control of system availability for each objective. (4 marks) b. Discuss any three (3) output controls that can help to provide additional controls over processing integrity. (6 marks) ¢. Given the following threats, you are required to propose one (1) data entry control that would best prevent each of this threat: A clerk entered an invoice received from a vendor who is not on an authorized supplier list A payroll clerk accidently entered an employee's hours worked for the week as 380 instead of 38 After processing sales transactions, the inventory report showed a negative quantity on hand for several items. A customer order for an important part did not include the customer's address. Consequently, the order was not shipped on time and the customer called to complain. A visitor to the company's web site entered 400 characters into the five-digit zip code field, causing the server to crash. (6 marks) (Total: 15 marks) (© Hak Cipta Universiti Teknologi MARA. CONFIDENTIAL,CONFIDENTIAL 4 ACIDEC 2015/A1S615 QUESTION 5 One of the basic activities in the production cycle is planning and scheduling. The objective is to develop a production plan efficient enough to meet existing orders and anticipated short-term demand while minimizing inventories of both raw materials and finished goods. Explain the purpose of each of the following documents used in the planning and scheduling activities: i Materials requisition ji, Move tickets (4 marks) The production cycle is a recurring set of business activities and related information processing operations associated with the manufacture of products. There are four basic activities in the production cycle: product design, planning and scheduling, production operations, and cost accounting. Discuss any three (3) threats in the production operations activities and the corresponding controls for each threat. (6 marks) The human resource management (HRM)/payroll cycle is a recurring set of business activities and related data processing operations associated with effectively managing the employee workforce. Discuss any two (2) internal control procedures for disbursement of payroll to employees in order to prevent theft or fraudulent distribution of paychecks. (5 marks) The following is the procedures on issuance of material of Bidara Klasik Manufacturing, ‘The process in Bidara Klasik Manufacturing begins with the production department requesting raw materials from the storeroom department. The production department sent a copy of material requisition to the storeroom department. The storeroom clerk then releases the materials to the production department and updates the perpetual inventory report. Prepare a document flowchart for the issuance of material of Bidara Klasik Manufacturing (5 marks) (Total: 20 marks) © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL,CONFIDENTIAL 5 ACIDEC 2015/A1S615 PARTB QUESTION 1 Syarikat Mega Sdn Bhd is a distributing company, situated in Kuala Lumpur employs the following purchasing and cash disbursements procedures: 1 The purchasing department prepares a four-part purchase order from a verbal request by the plant superintendent or by one of the foremen. Copies 1 & 2 are sent to the supplier. Copy 4 is sent to the receiving department for use as a receiving report. Copy 3 is filed as a control and follow-up copy for open orders. Goods received are noted on the copy being used as the receiving report. This copy is then sent to the purchasing department, where it is filed with copy 3 of the purchase order and held until the supplier's invoice is received. When the supplier's invoice is received, purchase order copies 3 and 4 are pulled from the file and checked against the invoice. The clerical accuracy (including prices) is checked, and the invoice is assigned a number and recorded in the invoice register. The code for the account(s) to be debited is written on the invoice. Copy 3 of the purchase order is filed numerically. The invoice and copy 4 of the purchase order are sent to the accounts payable. ‘The accounts payable clerk files the invoice and copy 4 of the purchase order by due date. When the invoices are due, the clerk pulls the invoices and purchase orders and prepares checks and checks copies; on the check copies she notes the account distribution, From the checks the clerk prepares an adding machine tape of the cash amounts. She then forwards the invoices, purchase orders, checks, check copies, and tape to the clerk in the general accounting department. The general accounting clerk posts by hand the check copy amounts to the cash disbursements book. The tape forwarded from the accounts payable clerk is ‘compared with the totals in the cash disbursements book; if they agree, the tape is discarded. The clerk then forwards the invoices, purchase orders, checks, and check copies to the treasurer for his signature. The treasurer reviews the support, signs the checks and returns all items to the general accounting clerk. This general accounting clerk “protects” the checks with a protector device, mails the checks to the vendors, files the checks copies by number, stamps the invoices "Paid" and forwards the invoices and attached receiving reports to the purchasing department. The firm's books are not on an accrual basis. The invoice register is used only as a control device. Accounts payable are set up at month's end by a journal entry. The amounts are determined by running a tape of the invoices listed as unpaid in the invoice register. © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL,CONFIDENTIAL, 6 ACIDEC 2015/AIS615 Required: a. Describe briefly five (5) control weaknesses in the purchasing and cash disbursements procedures described above and suggest five (5) recommended improvements that can be implemented in the purchasing and cash disbursements procedures of Syarikat Mega Sdn Bhd. (15 marks) Managing inventory in expenditure cycle is crucial to avoid significant inventory problems such as stock out, over stock or obsolete. Therefore, organization need to practice good inventory management approaches such as economic order quantity (E0Q), materials requirements planning (MRP) and just-in-time (JIT) inventory system. Explain briefly the differences between the three inventory management approaches, (9 marks) Explain the purpose of the following documents: i. Purchase requisition ii, Receiving report il, Debit memo (6 marks) (Total: 30 marks) END OF QUESTION PAPER © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL