Professional Documents
Culture Documents
Accounting Information Systems 2nd Edition Richardson Solutions Manual Download
Accounting Information Systems 2nd Edition Richardson Solutions Manual Download
1. a
2. c
3. b
4. a
5. d
6. d
7. d
8. b
9. c
10. b
11. a
12. a
13. c
14. d
15. a
Discussion Questions
1. What are the main reasons for using a VPN? LO 13-1
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
1
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
a. The enterprise would like to connect widely dispersed offices without leasing a direct, private line
from its service provider. The use of a VPN allows the company to securely simulate a WAN
environment using the otherwise unsecure internet.
b. The company would like geographically dispersed employees to be able to access the company
network to work remotely. This can be particularly desirable for personnel such as outside sales
representatives who, due to the nature of their jobs, are often on the road away from the secure
corporate LAN.
c. VPNs are cheaper than leased lines.
d. Companies are able to maintain high levels of productivity as would be achieved using a LAN
with a widely dispersed workforce.
2. Consider the computer attacks in the previous chapters. How would a VPN protect a user for one or
more of them? LO 13-1
The VPN encrypts data so that only the VPN can interpret it. So if the data is intercepted by a hacker
it will lack meaning.
3. We often use regression analyses in data mining. Are accountants required to understand data
mining? Why? LO 13-1
Data mining is becoming a requirement for accountants as investors are demanding continuous
auditing. Continuous auditing relies on data mining to see if trends in ratios are shifting indicating
that fraud could be occurring.
https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-
work (accessed 7/7/2016)
5. Firewalls rely on a list of allowed and blocked services and locations. What would happen if a
company's firewall rules were too weak? If the firewall rules were too strict? LO 13-1
a. If a firewall’s rules were too weak, hackers could access the company’s servers, obtain, destroy,
corrupt or take data.
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
2
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
b. If a firewall’s rules were too strict, employees would not be able to efficiently complete their
work, if at all, as their access would be so limited.
8. Using a brute-force attack, hackers can crack the password to a WEP access point in about 5
minutes. WPA2 in about 2 days. What does this tell you about the security of wireless networks? LO
13-1
Wireless networks are only as secure as the complexity of the algorithms that protect their
authentication and encryption.
9. Auditors are constantly developing new CAATs analyses to help them in the assurance process. Use
a search engine to identify some of the techniques that are being used currently. LO 13-2
a. Filter/Display Criteria
b. Aging
c. Expressions/Equations
d. Join/Relate
e. Gaps
f. Trend Analysis
g. Statistical Analysis
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
3
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
h. Regression Analysis
i. Duplicates
j. Parallel Simulation
k. Sort/Index
l. Benford’s Law
m. Summarization
n. Matching
o. Stratification
p. Combination of One or More
https://www.aicpastore.com/Content/media/PRODUCER_CONTENT/Newsletters/
Articles_2010/CPA/Jan/CAATS.jsp (accessed 7/7/2016)
10. When would an auditor prefer to conduct a black-box audit? A white-box audit? LO 13-2
a. Black-box audits are preferential when an auditor is determining how well a network
will hold up to an attack from an external source which knows nothing about the
internal structure of the company.
b. Auditors would prefer a white-box audit if there are suspicions of internal fraud or to
determine weaknesses in the internal control environment.
11. Continuous auditing allows auditors to validate data and monitor transactions in near real-time.
What advantages does this provide to auditors? What are some potential problems with continuous
auditing? LO 13-3
a. Advantages
i. Prevent and catch fraud early
ii. Reduction of errors
iii. Catch breakdown of internal controls and recommend response to management
iv. Increase operational effectiveness
v. Enhance compliance with laws and regulations
vi. Increase management confidence in control effectiveness and financial
information
vii. Monitor transaction data in a timely manner
viii. Understand critical control points, rules, and exceptions,
ix. Performance of control and risk assessments in real or near real time
x. Reduction of routine testing
xi. Increase focus on investigation activities
b. Potential Problems
i. Expensive
ii. Alterations of previously audited data
iii. Collusion of auditor due to regular engagement with client
A breakdown in independence due to formed relationship
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
4
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
12. Auditing an accounting information system requires knowledge and skills in both accounting and
computers. However, most auditors may not have sufficient expertise in the technical side of
computing and information systems. Given today’s business environment, how much computer- and
information systems-related knowledge and skills must an auditor have to be effective in performing
auditing? LO 13-2, LO 13-3
a. Auditors need to have a working knowledge of the ERP system in which financials are
audited
i. If an auditor does not know the weaknesses of an ERP system, they will not be
able to pin point where fraud may be occurring
ii. Employees who use a specific system will know how to manipulate it well
b. Auditors will need to know how to query and recreate queries of databases
c. Auditors will need to understand strengths and weaknesses of the security of the
information system and what are quality tests
d. Auditors will need to understand how cloud-based technologies alter the workplace
environment and security
Problems
(Note – Problems with “Connect” in parentheses below are available for assignment within
Connect.)
Descriptions Network
a. This computer network covers a broad area (e.g., includes any i. LAN
network whose communications links cross metropolitan,
regional, or national boundaries over a long distance).
d. The purpose of this type of network is mainly for remote iv. Wireless LAN
access.
Answer:
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
5
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
a. ii
b. ii
c. i
d. iii
e. iv
f. ii
2. (Connect) Match the continuous auditing alarms to flag the fraud schemes.
b. Book values of acquired entities were ii. Benchmark key ratios (e.g. E/R)
illegitimately reclassified as goodwill on the against industry averages and
books, which improved the E/R ratio by generate an alarm when there is
increasing the effective amortization period of a significant discrepancy between
the amounts in question. the two.
c. Excessively write down the assets included in iii. Create an alarm that identifies
the corporate acquisitions, which gave “the increases in plant, property,
false impression that expenses were declining equipment, and goodwill that
over time in relation to revenue (i.e., reducing differ significantly from historical
the E/R ratio and increasing net income from averages.
operations)”.
Answer:
a. iv
b. iii
c. ii
d. i
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
6
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
3. (CIA adapted) As an internal auditor, you have been assigned to evaluate the controls and operation
of a computer payroll system. To test the computer systems and programs, you submit
independently created test transactions with regular data in a normal production run. Identify
advantages and disadvantages of this technique. LO 13-3
This is not the preferred method of testing the production system. The auditor has disrupted the
integrity of the data system by entering what is essentially false data into the live database. The data
that is entered is now part of the legal records of the company even though it is not real. This could
be construed as fraudulent data entry. If the auditors were concerned about the production
environment, they should have analyzed the real payroll transactions to determine if any of them
would adequately fulfill the test objectives and monitored those real transactions. If tests still need
to be entered, the auditors should utilize the Quality Assurance environment.
4. Describe how an auditor would use each of the following audit techniques: ITF, parallel simulation,
EAM, GAS. LO 13-2
a. Integrated Test Facility: uses auditor live master files which are placed into the live client
system. Test transactions are run so that only the auditor’s files are affected.
b. Parallel simulation: is used to reprocess client data in the auditor’s GAS. The output is
compared to the client’s actual output for verification.
c. Embedded Audit Module: is used to continuously audit a client by embedding a
sequence of code into the client’s system. This code monitors transactions and creates a
log of suspicious items.
https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabl
edocuments/whitepaper_evolution-of-auditing.pdf (accessed 7/8/2016)
d. Generalized Audit Software: is used for statistical analysis of data extracted directly
from the client to identify exceptions for further testing or determine the likelihood of
material misstatement in accounts.
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
7
Richardson, Chang, Smith – Accounting Information Systems, 2nd Edition – Chapter 13
6. (CMA adapted) As chief executive auditor, Mallory Williams heads the internal audit group of a
manufacturing company in southern Texas. She would like to purchase a CAAT tool to assist her
group in conducting internal audit functions. She has asked you to prepare a report on the following
tools: ACL, IDEA, Microsoft Visio, Oversight, and Tableau. In your report, identify key features, how
an auditor would incorporate the tool into the audit, and recommend one or two of the tools for
purchase. LO 13-3
a. Tools for audit
1) ACL
i. Manage projects across Audit, Risk, Compliance, Finance & IT; Visualization of
risk and control analysis; Continuously monitor and analyze risks and controls
ii. This would be used to manage the flow of audits as well as see where fraud may
occur and monitor it
2) IDEA
i. Big data analysis software able to analyze 100% of data quickly with integrity
ii. This would be used to analyze the data about accounts
3) Microsoft Visio
i. Flowchart preparation software
ii. This would be used to document business processes to see where internal
controls might breakdown
4) Oversight:
i. A web-based expense analysis software enabling identification of fraud and
waste though expense report, purchase card and account payable review
ii. This would be used to see where expenses are being manipulated
5) Tableau
i. Business intelligence software that helps “people to see and understand data”
ii. This would be used to present concerning data to upper management
b. Tools recommended for purchase
1) ACL would provide the most comprehensive support to the internal audit process
2) Visio would be a good tool for developing flow charts to understand processes and
where internal controls have potential for breakdown
Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill
Education.
8