Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

Accounting Information Systems 2nd Edition

Richardson

Full download link at:

Solution Manual: https://testbankpack.com/p/solution-manual-for-accounting-

information-systems-2nd-edition-richardson-chang-smith-1260153150-
9781260153156/
Test Bank: https://testbankpack.com/p/test-bank-for-accounting-information-
systems-2nd-edition-richardson-chang-smith-1260153150-9781260153156/

Chapter 13 – Monitoring and Auditing AIS

Multiple Choice Questions

1. a
2. c
3. b
4. a
5. d
6. d
7. d
8. b
9. c
10. b
11. a
12. a
13. c
14. d
15. a

Discussion Questions
1. What are the main reasons for using a VPN? LO 13-1

There are several reasons for an enterprise to use a VPN:

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
1
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

a. The enterprise would like to connect widely dispersed offices without leasing a direct, private line
from its service provider. The use of a VPN allows the company to securely simulate a WAN
environment using the otherwise unsecure internet.
b. The company would like geographically dispersed employees to be able to access the company
network to work remotely. This can be particularly desirable for personnel such as outside sales
representatives who, due to the nature of their jobs, are often on the road away from the secure
corporate LAN.
c. VPNs are cheaper than leased lines.
d. Companies are able to maintain high levels of productivity as would be achieved using a LAN
with a widely dispersed workforce.

2. Consider the computer attacks in the previous chapters. How would a VPN protect a user for one or
more of them? LO 13-1

The VPN encrypts data so that only the VPN can interpret it. So if the data is intercepted by a hacker
it will lack meaning.

3. We often use regression analyses in data mining. Are accountants required to understand data
mining? Why? LO 13-1

Data mining is becoming a requirement for accountants as investors are demanding continuous
auditing. Continuous auditing relies on data mining to see if trends in ratios are shifting indicating
that fraud could be occurring.

4. What is the main purpose of using firewalls? LO 13-1

a. Firewalls are intended to prevent certain types of unwanted data packets from entering the
enterprise’s network. This activity can prevent certain types of network intrusion such as a
message bearing a telnet (an unsecure remote connection protocol) command. They are
generally not sufficient to protect an enterprise network alone, but can be an integral part of a
company’s IT security plan.
b. The main purpose of using a firewall is to prevent rejected data from entering or leaving a
company’s private network. This is done by using accept and reject rules to filter the incoming
or outgoing data. Filtering data in this way “prevents attackers from accessing your servers in
malicious ways.”

https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-
work (accessed 7/7/2016)

5. Firewalls rely on a list of allowed and blocked services and locations. What would happen if a
company's firewall rules were too weak? If the firewall rules were too strict? LO 13-1
a. If a firewall’s rules were too weak, hackers could access the company’s servers, obtain, destroy,
corrupt or take data.

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
2
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

b. If a firewall’s rules were too strict, employees would not be able to efficiently complete their
work, if at all, as their access would be so limited.

6. Are there differences among hubs, switches, and routers? LO 13-1

a. Hubs, switches, and routers connect computers to other computers through ports, or
connectors.
b. Hubs are simple, cheap, and unintelligent. All data that is put in, is sent out to all other
computers. Whatever response is made by the computer is sent back to the hub and
sent to all other computers.
c. Switches learn locations. Each data that enters the switch teaches it where it originated
and is destined. Any response will only be sent to the location of origin. This location will
be remembered for future use. This enhances efficiency.
d. Routers are smart, complicated, and can serve as a firewall. They are programmed to
understand, manipulate as needed, and route data. They learn locations just like
switches. They also perform Dynamic Host Configuration Protocol (DHCP) and Network
Address Translation (NAT). During DHCP routers assign IP addresses externally and
internally. NAT is how the router assigns IP addresses to external computers. It then
only accepts responses from computers to which local computers initiated
communication. This is how they serve as firewalls.

7. Identify a few critical security issues in using a wireless network. LO 13-1

a. Passive Monitoring
b. Unauthorized Access
c. Denial of Service Attacks

8. Using a brute-force attack, hackers can crack the password to a WEP access point in about 5
minutes. WPA2 in about 2 days. What does this tell you about the security of wireless networks? LO
13-1

Wireless networks are only as secure as the complexity of the algorithms that protect their
authentication and encryption.

9. Auditors are constantly developing new CAATs analyses to help them in the assurance process. Use
a search engine to identify some of the techniques that are being used currently. LO 13-2
a. Filter/Display Criteria
b. Aging
c. Expressions/Equations
d. Join/Relate
e. Gaps
f. Trend Analysis
g. Statistical Analysis

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
3
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

h. Regression Analysis
i. Duplicates
j. Parallel Simulation
k. Sort/Index
l. Benford’s Law
m. Summarization
n. Matching
o. Stratification
p. Combination of One or More

https://www.aicpastore.com/Content/media/PRODUCER_CONTENT/Newsletters/
Articles_2010/CPA/Jan/CAATS.jsp (accessed 7/7/2016)

10. When would an auditor prefer to conduct a black-box audit? A white-box audit? LO 13-2
a. Black-box audits are preferential when an auditor is determining how well a network
will hold up to an attack from an external source which knows nothing about the
internal structure of the company.
b. Auditors would prefer a white-box audit if there are suspicions of internal fraud or to
determine weaknesses in the internal control environment.

11. Continuous auditing allows auditors to validate data and monitor transactions in near real-time.
What advantages does this provide to auditors? What are some potential problems with continuous
auditing? LO 13-3
a. Advantages
i. Prevent and catch fraud early
ii. Reduction of errors
iii. Catch breakdown of internal controls and recommend response to management
iv. Increase operational effectiveness
v. Enhance compliance with laws and regulations
vi. Increase management confidence in control effectiveness and financial
information
vii. Monitor transaction data in a timely manner
viii. Understand critical control points, rules, and exceptions,
ix. Performance of control and risk assessments in real or near real time
x. Reduction of routine testing
xi. Increase focus on investigation activities
b. Potential Problems
i. Expensive
ii. Alterations of previously audited data
iii. Collusion of auditor due to regular engagement with client
A breakdown in independence due to formed relationship

iv. Disruptive of business operations

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
4
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

12. Auditing an accounting information system requires knowledge and skills in both accounting and
computers. However, most auditors may not have sufficient expertise in the technical side of
computing and information systems. Given today’s business environment, how much computer- and
information systems-related knowledge and skills must an auditor have to be effective in performing
auditing? LO 13-2, LO 13-3
a. Auditors need to have a working knowledge of the ERP system in which financials are
audited
i. If an auditor does not know the weaknesses of an ERP system, they will not be
able to pin point where fraud may be occurring
ii. Employees who use a specific system will know how to manipulate it well
b. Auditors will need to know how to query and recreate queries of databases
c. Auditors will need to understand strengths and weaknesses of the security of the
information system and what are quality tests
d. Auditors will need to understand how cloud-based technologies alter the workplace
environment and security

Problems
(Note – Problems with “Connect” in parentheses below are available for assignment within
Connect.)

1. (Connect) Match the descriptions with each type of network.

Descriptions Network
a. This computer network covers a broad area (e.g., includes any i. LAN
network whose communications links cross metropolitan,
regional, or national boundaries over a long distance).

b. The Internet is a good example of this type of network. ii. WAN

c. This type of network often uses Layer 2 devices iii. VPN

like switches and bridges and Layer 1 devices like hubs and
repeaters.

d. The purpose of this type of network is mainly for remote iv. Wireless LAN
access.

e. This type of network comprises of two fundamental

architectural components: stations and access points.

f. This type of network has a large geographical range generally

spreading across boundaries and often need leased
telecommunication lines.

Answer:

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
5
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

a. ii
b. ii
c. i
d. iii
e. iv
f. ii

2. (Connect) Match the continuous auditing alarms to flag the fraud schemes.

Fraud Scheme Continuous Auditing Alarms

a. Operating expenses were illegitimately i. Generate an alarm if the
reclassified as capital expenditures, which allowance for doubtful accounts
improved the “expenditure-to-revenue” (E/R) differs significantly from the last
ratio by reducing the amount of expenses months ratio (i.e. to Accounts
recorded in the current fiscal year. Receivable).

b. Book values of acquired entities were ii. Benchmark key ratios (e.g. E/R)
illegitimately reclassified as goodwill on the against industry averages and
books, which improved the E/R ratio by generate an alarm when there is
increasing the effective amortization period of a significant discrepancy between
the amounts in question. the two.

c. Excessively write down the assets included in iii. Create an alarm that identifies
the corporate acquisitions, which gave “the increases in plant, property,
false impression that expenses were declining equipment, and goodwill that
over time in relation to revenue (i.e., reducing differ significantly from historical
the E/R ratio and increasing net income from averages.
operations)”.

d. Allowance for doubtful accounts was iv. Create an alarm that

underestimated (along with the corresponding simultaneously identifies (1)
expense entry, bad debts expense) to falsely reductions in operating expenses
improve the E/R ratio. that exceed the industry average
and (2) increases in capital
expenditures that exceed the
industry average.

Answer:

a. iv
b. iii
c. ii
d. i

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
6
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

3. (CIA adapted) As an internal auditor, you have been assigned to evaluate the controls and operation
of a computer payroll system. To test the computer systems and programs, you submit
independently created test transactions with regular data in a normal production run. Identify
advantages and disadvantages of this technique. LO 13-3

This is not the preferred method of testing the production system. The auditor has disrupted the
integrity of the data system by entering what is essentially false data into the live database. The data
that is entered is now part of the legal records of the company even though it is not real. This could
be construed as fraudulent data entry. If the auditors were concerned about the production
environment, they should have analyzed the real payroll transactions to determine if any of them
would adequately fulfill the test objectives and monitored those real transactions. If tests still need
to be entered, the auditors should utilize the Quality Assurance environment.

4. Describe how an auditor would use each of the following audit techniques: ITF, parallel simulation,
EAM, GAS. LO 13-2
a. Integrated Test Facility: uses auditor live master files which are placed into the live client
system. Test transactions are run so that only the auditor’s files are affected.
b. Parallel simulation: is used to reprocess client data in the auditor’s GAS. The output is
compared to the client’s actual output for verification.
c. Embedded Audit Module: is used to continuously audit a client by embedding a
sequence of code into the client’s system. This code monitors transactions and creates a
log of suspicious items.

https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabl
edocuments/whitepaper_evolution-of-auditing.pdf (accessed 7/8/2016)

d. Generalized Audit Software: is used for statistical analysis of data extracted directly
from the client to identify exceptions for further testing or determine the likelihood of
material misstatement in accounts.

5. Identify the key feature and components of a continuous audit. LO 13-3

a. Components
i. Database Management Systems
ii. Transaction logging and query tools
iii. Data warehouses
iv. Data mining
v. Computer-assisted audit techniques (CAATs)
b. Features
i. Accessing and normalizing data from across the enterprise
ii. Extracting large transactional volumes without negatively impacting system
operations
iii. Testing data and reporting results in a timely manner

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
7
 Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13

6. (CMA adapted) As chief executive auditor, Mallory Williams heads the internal audit group of a
manufacturing company in southern Texas. She would like to purchase a CAAT tool to assist her
group in conducting internal audit functions. She has asked you to prepare a report on the following
tools: ACL, IDEA, Microsoft Visio, Oversight, and Tableau. In your report, identify key features, how
an auditor would incorporate the tool into the audit, and recommend one or two of the tools for
purchase. LO 13-3
a. Tools for audit
1) ACL
i. Manage projects across Audit, Risk, Compliance, Finance & IT; Visualization of
risk and control analysis; Continuously monitor and analyze risks and controls
ii. This would be used to manage the flow of audits as well as see where fraud may
occur and monitor it
2) IDEA
i. Big data analysis software able to analyze 100% of data quickly with integrity
ii. This would be used to analyze the data about accounts
3) Microsoft Visio
i. Flowchart preparation software
ii. This would be used to document business processes to see where internal
controls might breakdown
4) Oversight:
i. A web-based expense analysis software enabling identification of fraud and
waste though expense report, purchase card and account payable review
ii. This would be used to see where expenses are being manipulated
5) Tableau
i. Business intelligence software that helps “people to see and understand data”
ii. This would be used to present concerning data to upper management
b. Tools recommended for purchase
1) ACL would provide the most comprehensive support to the internal audit process
2) Visio would be a good tool for developing flow charts to understand processes and
where internal controls have potential for breakdown

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
8