Professional Documents
Culture Documents
Tutorial For Final Term 12.2020
Tutorial For Final Term 12.2020
Tutorial For Final Term 12.2020
1. Topics
- Chapter 2,3,4, 6 Business Process, System documentation
- Chapter 9,10,13, 14: Transaction cycle: the revenue cycle, expenditure cycle,
the GL and FR cycle, System development
- Chapter 7,8: Internal Control
- Chapter 16: Ethics and Computer Crimes
2. Structure of the Exam
This examination consists of TWO (2) sections:
SECTION A (40 marks) – consists of THIRTY – FIFTY (30 – 50) True/False and multiple
choice questions. Answer ALL questions.
SECTION B (60 marks) – consists of TWO - FOUR (2- 4) questions. Answer ALL questions.
Time allowance: 120 minutes
3. Question types
3.1. True/False and MCQ questions
- Similar to test banks
3.2. Exercises on Internal Control
- Sample exercises: 8.8, 8.9; 8.10; 8.13, 8.18(page 382 – 388 in the textbook)
3.3. Essay questions
1. The value of accounting information is dependent upon its reliability. Internal
controls are developed in order to assure that the information provided by the AIS is
reliable. Describe two internal controls that support the internal control objective of
reliable information
Internal Control:
The process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the
achievement of an entity's objective with regard to reliability of financial reporting,
effectiveness and efficiency of operations, safeguarding of assets, and compliance with
applicable laws and regulations.
The two examples of Internal Control policies and procedures that support the internal
control objective of reliable information are:
2. List the functions that should be separated in order to ensure no single employee is
given too much responsibility.
3. List the four basic business activities performed in the revenue cycle. A well-designed
AIS should provide adequate controls over the revenue cycle to ensure what
objectives?
0• Four basic business activities are performed in the revenue cycle:
0– Sales order entry
1– Shipping
2– Billing
3– Cash collection
0• In the revenue cycle (or any cycle), a well-designed AIS should provide adequate
controls to ensure that the following objectives are met:
0– All transactions are properly authorized
1– All recorded transactions are valid
2– All valid and authorized transactions are recorded
3– All transactions are recorded accurately
4– Assets are safeguarded from loss or theft
5– Business activities are performed efficiently and effectively
6– The company is in compliance with all applicable laws and regulations
7– All disclosures are full and fair
4. What are the two major responsibilities of the receiving department? ist the three
possible exceptions to the receiving process
The two major responsibilities of the receiving department are deciding whether to
accept delivery (based on whether there is a valid purchase order) and verifying the
quantity and quality of delivered goods. Verifying the quantity of delivered goods is
important so the company pays only for goods received and inventory records are
updated accurately.
A receiving report is not typically used for receipt of services. Receipt of services is
typically documented by supervisory approval of the supplier’s invoice. When goods
arrive, a receiving clerk compares the PO number on the packing slip with the open
PO file to verify the goods were ordered. The receiving clerk counts the goods and
examines them for damage before routing to the warehouse or factory.
Three possible exceptions to this process are:
1. Receiving a quantity of goods different from the amount ordered
2. Receiving damaged goods
3. Receiving goods of inferior quality that fail inspection
In all three cases, the purchasing department must resolve the situation with the
supplier. In the case of damaged or poor quality goods, a debit memo is prepared
after the supplier agrees to take back the goods or grant a price reduction.
5. What are the methods and reports that can be used to reconcile the general
ledger? List the four basic activities performed in the general ledger and reporting
system.
List the four basic activities performed in the general ledger and reporting system.
COSO’s internal control framework has too narrow of a focus and has an inherent
bias toward focusing on past problems and concerns. The ERM framework takes a
risk-based, rather than controls-based, approach to the organization, oriented toward
future and constant change. It incorporates rather than replaces COSO’s internal
control framework and contains three additional elements.
Where as COSO intenral control framework had 5 components to monitor
organization but in ERM framework COSO committee developed a graphical method
that consist of 4 columns and 8 rows which represent objectives and control
components respectively.
Coso:
ERM
(a) Entering negative values for order quantity can unreconciled the sales order total
balance with general ledger. This mismatch will result in understatement of sales which
will affect profit for the year. To correct this, the Company might add on automated
control in the system which restricts negative value while entering. Whenever the user
enters negative value, system should give a pop up that this is not allowed. Thus this
control will mitigate the above risk mentioned.
(b) Selling to a customer with an already overdue account can decrease the profit for the
Company and increase the default risk. To mitigate this, the Company must have a
control to check credit worthiness of the customer before making the sales. This control
should also include existing customer who has overdue accounts.
(c) Ordering from a non-existent supplier will lead to financial losses for the Company.
The Company's prospects will give me significantly hampered by entering into
transactions with bogus suppliers. Before on-boarding any vendor the Company must
collect relevant documents and perform due diligence process. After that if vendor is
genuine then only the Company should order goods.
(d) Advance payment blocks the working capital of the capital. However in certain cases
it is very much necessary for the Company for receiving the goods. As a control advance
payments before receiving the goods must be approved by finance controller in the
organization.
(e) Entering alphanumeric customer id is against the policy of the Company. As a good
corporate governance process, the Company must adheres to their own policies and
procedures. Automated control should be introduced in the Company which should
restrict entry of alphanumeric characters.
(f) Misappropriation of goods will lead to financial loss to the Company. As a control the
Company should segregate the duties and inventory records should be maintained by
another person.
(g) Ordering too much of a product will lead to obsolete inventory and also blockage of
working capital. Purchase manager should approve every requisition raised by the
production department. This will result in optimum level of purchases to be made for the
Company.
8.13
The computer system requires all users to log on with a user identification (their first initial and the
first six letters of their surname), and a password that is assigned to users when they join the firm
(that is unable to be changed).
The users have access to the internet and several have installed Windows Live Messenger and other
chat programs on their machines.
The main task of John, one of the staff members, is to perform data entry. Each day he receives a
bundle of orders from the customer assistant, with John’s job being to enter the details into the
system.
John first enters the customer name, address and contact number then clicks on the ‘Next’ button to
enter the items and quantities ordered by the customer.
If the customer name is not provided the computer will prompt John to go back and fill in the details
before proceeding to the next screen. In addition, the computer will only accept numeric values for
the quantities ordered.
Once all orders are entered John clicks the ‘Done’ button and the computer displays the number of
orders entered on the screen.
John usually ignores this, because by the time orders have been entered it is usually lunch time.
Required
(b) Suggest an internal control for each risk (the control may be mentioned in the case or missing
and you think it should be applied).
Answer:
Control Use of sophisticated passwords that cannot be easily guessed right to log into the
systems
Present The control is the present; the staff use a complex password to log on the user
identification
Gen/App General: it concerns the security of the entire information system and is applicable
when accessing all applications.
Man/Comp Computerised
Control Installation a whitelisting application to allow the use of trusted applications only.
Mitigating the risk of malware from live chat applications.
Present No control has been place to cover the risk of malware from random downloaded
internet applications.
Man/Comp Computerised
Control Controls set to detect accuracy of data keyed into the machines
Present This control is present in the case for when John fails to enter the name of the
client the computer gives an order to correct the mistake
Man/Comp Computerised
Control Counter-checking the stability of the power source and capable data backup plans.
Present The organisation has not developed a control to mitigate this risk, from the case
John does not countercheck the final number of orders and if the data was
accurately saved and backed up.
Gen/App General; involved with the environment in which the computer applications are
used.
Man/Comp Manual
8.10
1. Control Environment
2. Risk Assessment
3. Control Activities are actions—established through enterprise policies and
procedure that help ensure that management's directives to mitigate risks to
the achievement of objectives are carried out.
b.
These components work to establish the foundation for sound internal control within the
company through directed leadership, shared values and a culture that emphasizes
accountability for control. The various risks facing the company are identified and
assessed routinely at all levels and within all functions in the organization.
Control activities and other mechanisms are proactively designed to address and
mitigate the significant risks. Information critical to identifying risks and meeting business
objectives is communicated through established channels across the company. The
entire system of internal control is monitored continuously, and problems are addressed
timely.
8.18
CPA Australia's advisory guide on employee traud identifies some typical ways that
fraus carried out. These included:
(a) creating ghost' employees or not deleting ex-employee records and having the
salary these ghost employees paid into the fraudster's bank account
(b) creating bogus suppliers, with payment being made to the fraudster's bark
accaunt
(c) creeting bogus purchase orders of a bona fide supplier and substituting the
supcier bank account details with fraudster's bank account detals (d) obtaining
kickbacks or bribes from suppliers or contractors (as an inducement to puk from
them)
(e) associates of the staff providing services to the business at infiated prices (0
personal use of business resources ) intiated/bogus reimbursement claims th)
manipulation of financial data to receive performance-based bonuses
(j) faking time sheets O private purchases through business accounts/business credit
cards
(K) providing discounted (or free) goods or services to friends and associates.
Required
For each of the above:
(i) Suggest a possible application control that could deal with the fraud.
(ii) Classity the control as preventive, detective or corrective and justify your
classification
. (iii) Explain how the control addresses the fraudulent activity
Answer:
How control
Control Description Control Type addresses
Problem
fraud
This control
ensures that
employee
Employee record record is
creatin shall be reviewed for
approved by reviewer ghost
Preventive
and mandatory records employees and
like DOB, PAN is system
required prevents bogus
employees by
requiring
certain details.
Supplier record
requires compulsory
bank details being
recorded in system
This control
and reviewer
ensures that
(b) creating bogus approves the
payment and
suppliers, with supplier record
supplier details
(b) payment being made creating with Preventive
are reviewed
to the fraudster's bark documents and
and approved.
accaunt cancelled checks.
Also, edit is
Further, supplier
prevented
record cannot be
edited without
approval of Purchase
department head
System
Purchase orders are approver
approved by the ensures that a
Preventive
Purchase department bogus PO
head record cannot
be created
This ensures
associates of the staff Calling for multiple
that company
providing services to purchase quotations
(e) Preventive orders cheap
the business at infiated before order is
and best
prices placed
product
manipulation of Ensures no
Financial data cannot
financial data to manipulation of
(h) be edited/ altered by Preventive
receive performance- record at any
anyone
based bonuses level
Attendance to be
mapped by installing
Ensures no
a finger thumb
absentee able
(i) faking time sheets register which Preventive
to mark
automatically
timesheets
registers the entry
and exit time
Ensures that
private purchases
Review of bank genuine
through business
(o) statement and Detective business
accounts/business
requiring explanation purchases are
credit cards
paid