Professional Documents
Culture Documents
AAIS Tutor Classmates Answer
AAIS Tutor Classmates Answer
AAIS Tutor Classmates Answer
Session 2021/22
List of Questions for Discussion (Part 1)
A database environment is a collective system of components that comprise and regulates the
group of data, management, and use of data.
a) the users
2) What flat-file data management problems are solved as a result using the database concept?
A. No data redundancy. Each data element is stored only once, thereby eliminating data redundancy and
reducing storage costs.
B. Single update. Because each data element exists only in one place, it requires only a single update
procedure. This reduces the time and cost of keeping the database current.
C. Current values. A change any user makes to the database yields current data values for all other users.
For example, when User 1 records a customer address change, User 3 has immediate access to this current
information.
D. Task-data independence. Users have access to the full domain of data available to the firm. As users’
information needs expand beyond their immediate domain, the new needs can be more easily satisfied
than under the flat-file approach. Only the limitations of the data available to the firm (the entire
database), and the legitimacy of their need to access it, constrain users.
3) Explain the relationship between the three levels of the data definition language. As a user,
which level would you be most interested in?
The three levels of the data definition language are internal view, conceptual view and user view.
The first level is the conceptual view (schema) which describes the entire database and
represents the database logically. The second level is internal which represents the physical
arrangement of the records which are being described and linkage between files are shown. The
final level is the user view (subschema) which is a set of data that is accessed by a specific user to
achieve his or her tasks. As a user, I would find the user view as the most interesting level which
provides an external view of the database to obtain information.
4) Discuss the potential aggravations you might face as a student because of your university’s
use of a flat-file data management environment.
In the perspective of a student, many issues could arise as a result of the use of flat-file data
management by the university. This includes:
a. The overwhelming number of forms to fill in. Practice of the flat-file data would mean that
different departments within the university (e.g. bursary, registrar) is constrained by the data
that the particular department controls and owns, and not of other department’s. As a result,
students would be required to make sure every department obtain their own copy of the forms,
creating a lot more paperwork for all parties involved and a more lengthy process of getting
things registered and done.
b. Inconsistency in student’s data information. As updates in flat-file data management would
have to be made separately for each users (i.e. students), failure of updates for all users affected
by a change would create inconsistency and confusion between students, as numerous versions
of data are obtained. This can be evidenced in a situation whereby a lecturer has made an update
to their assignment requirement, but the update failed to be made to all students consistently,
which as a result, some students would carry out their assignment as per the older version of
their assignment requirement.
c. A lengthy process to get information changed. For instance, should a student have to make
changes to their home address, the students would again be required to make sure all
departments relevant to the information have to be notified of such change. This would make it
a lengthy process to make sure all departments have the current values of their information.
5) Discuss why control procedures over access to the data resource become more crucial under
the database approach than in the flat-file environment.
As in a flat-file environment, all users have their own database and in the database approach all
data and information are stored in the same database and all of the users are sharing the same
database. Hence control procedures are needed to make sure that the users can only access
information which they are authorised of.
DBMS’s role is to provide control access for the database. It provides a controlled environment
by maintaining all the information of the database usage so that users can effectively manage the
database and the resources. It is programmed to know which data elements each user is
authorized to access. It is done by using different techniques which include data manipulation
language, query language and data definition language. Besides, DBMS has the copy of the
database when any conflicts occur for the database, so it can act as a backup.
8th November 2021 (Groups C & D)
· Discuss and give an example of the following types of associations: (1:0,1), (1:M), and (M:M)
(1:1) - One-to-one relationship : relationship of one entity to only one other entity, and vice versa.
Example: Only one person can sit in one seat at each performance; the relationship between members
of the audience and a seat is therefore one-to-one. Each seat in the concert hall can be sold to one
person only for a particular performance; the relationship between the seat and the member of the
audience with a ticket for that seat is also one-to-one.
Example: A student can enroll in many classes; a class can have many enrolled students.
· What are the four characteristics of properly designed relational database tables?
Third normal form (3NF) is the normalization that occurs by dividing an unnormalized
database into smaller tables until all attributes in the resulting tables are uniquely and wholly
dependent on (explained by) the primary key.
A relation will be in 3NF if it is in 2NF and does not contain any transitive partial dependency.
3NF is used to reduce data duplication. It is also used to achieve data integrity. If there is no
transitive dependency for non-prime attributes, then the relation must be in third normal form
· As an accountant, why would you need to be familiar with data normalization techniques?
Data normalization techniques is a technique for organising data in a database. A database must
be normalised in order to reduce redundancy (duplicate data) and ensure that only related data is
stored in each table. It also prevents any problems caused by database changes like insertions,
deletions, and updates. The update anomaly, for example, can result in contradictory and obsolete
data values where the insertion anomaly can result in unrecorded transactions and incomplete audit
trails and the deletion anomaly can result in the loss of accounting records and the destruction of
audit trails. In order to gain a better understanding of the structure of the database system, as an
accountant we should be familiar with the idea of data normalization techniques. This is because
normalization issues which irregularities can jeopardize the quality of an organization's financial
reports and they must know whether a table is properly normalized or not.
· Discuss the accounting implications of the update, insertion, and deletion anomalies associated
with improperly normalized tables.
Anomalie: The problems that occur due to poor planning and from the databases which are not in
the normalized tables. It weakens the reliability of data due to uneven changes in the data
The accounting implications in performing the operations of insertion, updating and deleting
anomalies in an improperly normalized table are as follow:
Update anomaly: The update anomaly takes place when existing records are to be updated and
results in redundant data creation every time. Thus repetition of data occurs every time.
Insertion anomaly: This takes place when new data is to be inserted to update the database but
cannot be done as the primary key chosen for the table does not allow the new insertion to take
place.
Deletion anomaly: Deletion anomaly occurs when data gets deleted without notice or accidentally
without knowledge,
The insertion and update anomalies would create record-keeping and operational problems for the
firm. However, a flawed database design that prevents the insertion of records, or requires the user
to perform excessive updates, would attract attention quickly.
The presence of the deletion anomaly is less conspicuous, but potentially more serious from an
accounting perspective. Because the deletion anomaly may go undetected, the user may be unaware
of the loss of important data until it is too late. This anomaly can result in the unintentional loss of
critical accounting records and the destruction of the audit trail.
• Discuss and give an example of the following types of associations: (1:0,1), (1:M),
and (M:M).
1:1 - zero or one instance of entity A can be associated with zero or one instance of entity B,
and zero or one instance of entity B can be associated with zero or one instance of entity A.
1:M - for one instance of entity A, there exists zero, one, or many instances of entity B; but
for one instance of entity B, there exists zero or one instance of entity A.
Example -> one customer might have more than one order
M:M - for one instance of entity A, there exists zero, one, or many instances of entity B; and
for one instance of entity B, there exists zero, one, or many instances of entity A.
Example -> one order might consist of many types of products, one product might appear in
many orders
• What are the four characteristics of properly designed relational database tables?
1. All attribute values in any column must be of the same class.
2. Each column in a given table must be uniquely named.
3. Tables must conform to the rules of normalization.
4. The value of at least one attribute in each occurrence (row) must be unique. This
attribute is the primary key. The values of the other (non key) attributes in the row need
not be unique.
Normalization: https://opentextbc.ca/dbdesign01/chapter/chapter-12-normalization/
Third normal form: https://www.studytonight.com/dbms/third-normal-form.php
What is an attribute: https://afteracademy.com/blog/what-is-an-attribute
Redundancy is a concern for databases since it makes it difficult to maintain data consistency.
In the insertion and update anomalies, the accounting implications would be the record keeping.
This is due to an action of inserting inconsistent information and partially updating information
into a table. It can also cause problems in the operation of the firm.
The deletion anomaly might cause major consequences because it is less obvious. Due to the
trickiness to detect the deletion anomaly, it may cause a company to lose important data.
REA diagram is a documentation technique and a unique version of entity relationship diagram
(ER diagram) consist of three entity types resource, events and agents and set of association
which link them with each other
REA model can be represented with relational or object oriented databases but mostly with
relational because it is a more common business application. REA allows both accounting and
non-accounting data to be stored in the database.
Duality is an economic exchange represented by a give event and corresponding receive event.
Economic events have dual nature - duality, because it always involves give and receive.
Up-Flow is associated with give event. Whereas in-flow is associated with receive events
the specific example of give events are pay cash, includes the purchasing inventory, obtaining
employee time such as paying the salary for the employee or buying plant and equipment.
the receive events are receive the inventory, the employee time, the working hours of the
employee as well as the plant and equipment that we have purchased.
the give event of the exchange decreases the economic resource, eg cash decreases. And
the receive event of the exchange increases the economic resources are represented by
an inflow association. (inventory increases).
Example: In an economic event - sales transaction where it has dual nature, ie duality,
the customers (external agent) buying products from the company and paying with cash:
It is an economic event as it causes the resources to change where the inventory decreases when
the customers buy it, cash increases when the staff receives the cash from the customers.
The decrease in inventory represent the give event where the increase in cash represent the
receive event
On the other hand, A pays money to B. This time the event is cash receipt, B a the internal agent
participating in the event by accepting cash and A an external agent participating in the event by
paying the money. B will then deposit it to the bank. Cash in bank accounts are resource that
increases due to cash receipt event.
2. Distinguish between economic events and support events, with examples of each.
Economic events are phenomena that affect changes; it could be increases or decreases
in resources as represented by the stock flow relation.
Whereas support events include control planning, and management activities that are
related to the economy event, but they do not directly affect a change in resources.
Some examples of support events include determining inventory availability for a customer
prior to making a sale, verifying supporting information prior to disbursing cash to a vendor
or checking customer credit before processing a sale.
Additional Example:
verify availability - once we ensure or confirm product is available, then only we take
orders. After we take orders we ship the product. Once we ship the product that we will
receive cash for the product
The Verify availability is a support event because it does not directly increase or decrease
resources. It is just like a checking process.
take order could be either economic or support event because taking an order typically
involves only a commitment on the part of the seller to sell goods to the customer, it may
even adjusting something like decreasing the inventory available for sale to prevent it from
being sold or promised to other customer; means to reserve, once you have taken the
order, you will reserve this particular item for the customer.
Ship product is an economic event because it is the give event of the economic exchange
where it reduces the inventory resource directly. already shipped Product A means
Product A is no longer in my inventory.
receiving cash is an economic event. This is the receive event of the exchange that
increases cash results. So when we receive the cash, it increases our resource which is
cash.
Verifying availability does not change the inventory resources, it is just a support event.
4. Explain how REA databases can support financial statement reporting when they do
not employ journals and ledgers.
Journals, ledgers, and double-entry bookkeeping are the traditional mechanisms for formatting
and transmitting accounting data, but they are not essential elements of an accounting database.
REA systems capture the essence of what accountants account for by modeling the underlying
economic phenomena directly. Organizations employing REA can thus produce financial
statements, journals, ledgers, and double-entry accounting reports directly from event database
tables via user views.
Example: If an REA database was used in a previous merchandising company I used to work at,
data for the financial statements would be extracted from the REA tables. For instance, the total
sales would be calculated from the sum of the invoice amount attribute in the ship product table
for all the items that were shipped before the end of the year. All the data necessary for the
financial statements would be extracted and calculated from the REA tables that are compiled
from the entire event data entered in the system.
5. Describe the minimum number and type of events that an REA (Resources, Entities,
and Agents) diagram must include.
An REA model must, as a minimum, include the two economic events that constitute the give
and receive activities that reduce and increase economic resources in the exchange.
Can also include support event which may not change the resources
Example of give activities- Ship Product is an economic event. This is the give half of an
economic exchange and reduces the inventory resource directly.
Example of receive activities- Receive Cash event is an economic event. This is the receive half
of the exchange that increases the cash resource
2. Distinguish between economic events and support events, with examples of each.
Ans: Economic events are occurrences that affect resource changes (increase or
decrease). OR
Something that’s going to have an immediate effect on financial statements.
Example: Sales of items to customers, receipt of cash from customers, and purchases of
raw materials from vendors.
It is a critical information element of the accounting system and must be captured in as
disaggregated (highly detailed) form as possible to provide a rich database.
Support events include control, planning, and management actions that are related to
economic events but do not directly affect a change in resources.
Example:
1) identifying product availability for a customer prior to sale
2) confirming supporting information (doing a three-way-match) prior to disbursing cash to
a vendor
3) evaluating customer credit before processing a sale.
Ans:
Association simply describes the connection between entities, the nature of relationship that
exists between two entities. It describes how different entities are related to each other and
how they interact with each other. It is represented by lines drawn between different entities
involved in the relation.
Cardinality indicates the number of possible occurrences that one entity has relative to
another/ associated with a single occurrence in a related entity. You define the cardinality for
each association link between the association and the entity.
1. Zero or One
3. Zero or Many
4. One or Many
The relationship between cardinality and association can be explained as association linking
the entities and representing the connection between entities while cardinality shows the
number of possible occurrences that are associated with the related entities.
4. Explain how REA databases can support financial statement reporting when they do not
employ journals and ledgers.
Ans:
Journals, ledgers, and double-entry bookkeeping are the traditional mechanisms for
formatting and transmitting accounting data, but they are not essential elements of an
accounting database.
The REA system is a system that is able to support all information needed by all users by
modeling an organization’s critical resources, events and agents, as well as the
relationship between them. Therefore, for accounting purposes, REA systems capture the
essence of what accountants account for by modeling the underlying economic
phenomena directly and thus produce financial statements, journals, ledgers, and
double-entry accounting reports directly from event database tables via user views.
5. Describe the minimum number and type of events that an REA diagram must include.
Ans:
At the minimum, an REA diagram must include 2 types of economic events, which are
“give” economic events and “receive” economic events. In addition, REA diagrams may
also include support events which do not directly change the resources.
A give event is an economic event mirrored by another event in the opposite direction,
which involves the outflow of economic resources, while a receive event involves the
inflow of economic resources to external or internal agents.
For example, paying cash for raw material inventory. Paying cash is a type of give event,
while purchasing raw material inventory is a type of receive event. Let’s look into another
example, we use the raw material inventory purchased to produce finished products, using
raw material inventory is a give event, while producing finished products is a receive event.
These dual events constitute the give and receive event of an economic exchange.
While for support events, it does not involve any inflow or outflow of economic
resources, such as confirming the availability of goods, taking orders etc.
Additional material:
Steps to Create an Individual REA Diagram
Step 1: Identify the event entities
Step 2: Identify the resource entities (Each events will be associated to inflow and outflow of
economic resources
Step 3: Identify the agent entities (Each economic event entity is associated with at least 2 agent
entities - internal -> employees, or external -> can be customers or vendors)
Step 4: Determine associations and cardinalities between entities
*Associations -> Relationship among all record types
*Cardinalities -> Numerical mapping between entity instances
Verifiability -> Take order -> Ship products -> Receive cash
● What are the five stages of the system development life cycle (SDLC) and the role of
accountants in it?
SDLC aims to produce a high quality system that meets or exceeds customer expectations,
works
effectively and efficiently in the current and planned information technology
infrastructure, and is inexpensive to maintain and cost effective to enhance.
The SDLC has five phases: planning, analysis, design, implementation, maintenance
Planning: Obtain approval for project, Initiate, Assess feasibility, plan, schedule
System Design
● Includes the design of application, network, databases, user interfaces, and system
interfaces.
● Transform the SRS document into logical structure, which contains detailed and
complete set of specifications that can be implemented in a programming language.
● Create a contingency, training, maintenance, and operation plan.
● Review the proposed design. Ensure that the final design must meet the requirements
stated in SRS document.
● Finally, prepare a design document which will be used during next phases.
Implementation: Construct, test, train users, install new system
system
Implementation
Maintenance/Support
● Include all the activities such as phone support or physical on-site support for users that
is required once the system is installing.
● Implement the changes that software might undergo over a period of time, or implement
any new requirements after the software is deployed at the customer location.
● It also includes handling the residual errors and resolve any issues that may exist in the
system even after the testing phase.
● Maintenance and support may be needed for a longer time for large systems and for a
short time for smaller systems.
Accountant is responsible for every output of software development lifecycle process.
Economy of an organization is based on the accountant. Accountant is proficient in budget
assessment and analysis. Accountant is a good designer and expert in data processing.
They are also involved in a system development as auditor to examine the development
process in a continual interval.
● Discuss the various feasibility measures that should be considered with example for
each. Who should be included in the group of evaluators?
A feasibility analysis
- assesses the project’s likelihood of success; hence, perceived objectivity is a significant aspect
of the study’s credibility for possible investors and financing institutions
- assess the viability of a project, such as ensuring a project is legally and technically feasible
as well as economically reasonable.
- informs us if a project is worth the effort, in some case scenarios, a project may not be doable.
Technical Feasibility
- The analyst must find out whether current technical resources can be upgraded or added to in a
manner that fulfills the request under consideration
The essential questions that help in testing the operational feasibility of a system:
∙ Is the project feasible within the limits of current technology?
∙ Does the technology exist at all?
∙ Is it available within given resource constraints?
∙ Is it a practical proposition?
∙ Manpower- programmers, testers & debuggers
∙ Software and hardware
∙ Are the current technical resources sufficient for the new system?
∙ Can they be upgraded to provide to provide the level of technology necessary for the
new system?
∙ Do we possess the necessary technical expertise, and is the schedule reasonable?
∙ Can the technology be easily applied to current problems?
∙ Does the technology have the capacity to handle the solution?
∙ Do we currently possess the necessary technology?
Economic Feasibility
- This evaluation often includes a cost/benefit analysis of the project, which assists
businesses in determining the viability, cost, and advantages of a project before
allocating financial resources.
- Determine the benefits and savings that are expected from a candidate system and
compare them with costs. If benefits outweigh costs, then the decision is made to design
and implement the system. An entrepreneur must accurately weigh the cost versus
benefits before taking an action.
Operational Feasibility
- look at how a project plan meets the criteria specified during the system
development requirements analysis phase.
- Operational feasibility is a measure of how well a proposed system solves the problems,
and takes advantage of the opportunities identified during scope definition and how it
satisfies the requirements identified in the requirements analysis phase of system
development.
Legal Feasibility
- Looks at if any component of the planned project violates any regulations, such as
zoning regulations, data protection legislation, or social media legislation.
- A feasibility study may discover that the desired site for the company is not
designated for that sort of business. That organization has just saved a lot of time
and effort by discovering that their project was not possible from the start.
- Does this system comply with the current law & regulations?
- Is there any possible legal impacts of this implementation would cause?
Scheduling Feasibility
- It is the most critical assessment for project success; after all, a project will fail if it
is not completed on time.
- When all of these areas have been thoroughly investigated, the feasibility study may
assist identify any obstacles that the proposed project may encounter, such as:
● Internal Project Constraints: Technical, technological, financial, and resource
constraints, among others.
● Financial, marketing, export, and other internal corporate constraints
● External limitations include logistics, the environment, laws and regulations, and so
on.
● Do you think that communication skills, both oral and written, are crucial for
proper execution of the SDLC?
Yes.
To develop a project or System, the following needs are to be found out.
• What is the requirement of an organization?
• What would be the output of System?
• How much fund is invested for the System?
Accountants are responsible for finding these things. After getting the basic ideas the
accountants should communicate with the developers who develop the project.
They communicate both orally and in written about the development of the project. So that if
the developer needs any resource for developing the system then that can be provided and can
check whether proper infrastructure is there to create a project or not. So before creating any
project communication between the accountant with team member is must.
Hence there is need for incorporating communication skills for proper SDLC execution.
You might have seen this getting circulated for a long time now in the IT industry. This looks
funny but there is a lot in it if you analyze it properly.
- Relay Communication:
- For example, Project Managers talks to the Customer and understands the
requirements and “relay” his analysis and decisions to the Tech Lead/Design Lead,
who will do the same “relay”, passes to his Module Leads and so on. With each
“relay” pass, there is a high possibility that some of the requirements are
misunderstood, some of the requirements are dropped out and not to forget some
new requirements (which the customer never really needed) gets added to.
- While SPOCs are held responsible for different activities like planning, estimation
and execution for their assigned roles, contribution from other peers should be
encouraged as a practice for the project execution to produce desired results.
Transparent Communication comes of a greater importance here. And with the
same rule, a SPOC can be a very active contributor in other activities for which he
is not the owner.
Delay in communication:
- “Communicate the right thing at right time” – This is something that the
stakeholders at all levels need to understand and stick to.
- Don’t keep your questions or suggestions to yourself waiting for the next formal
meeting to happen. If you smell something is seriously wrong, raise the alarm now.
If you find something more interesting and benefit the team or the customer, ring
the bell now.
In summary, Communication plays a key role attributing to the Quality of the Software. Both
formal and informal communications have to be weighed equally. Most of the times, informal
communication (fights at the desk, discussions over a coffee ) would produce more
benefits than the formal communication means and sometimes these informal
communications help you catch those missing requirements too – be it business or technical.
● Discuss the independence issue when audit firms also provide consulting input
into the development and selection of new systems.
The ones consulting must have vested interest e.g. consultant, internal auditors
Audit firms cannot because they does not act in the interest of the organisation. There
will be self-interest & self-review threat if audit firms were to provide consulting input in
the development and selections of new systems.
Self-review – reviewing their own work or work done by others in the firm after
consulting the clients , esp in development phase
Self- interest – Recommend or implement solutions that affect the financial controls or
accounting processes or recommending any product or service that the audit firm will
receive a commission or referral fee. There might be a conflict of interest
The audit firms should act independently and do not represent the interest of the client.
The results of the study show that the chief audit executives do not perceive
independence as a critical objective for systems development audits, while they do
believe that internal auditor should act as consultants. Such findings are consistent with
the Institute of Internal Auditor‟s standards regarding consulting services but are
inconsistent with the independence standards. Except for testing the accuracy of the
systems, the respondents‟ perceptions of the of the role of internal audit is either
moderate or indifferent regarding the planning, design, development, and
implementation phases of systems development projects. Chief audit executives clearly
believe that internal audit should not be involved with the maintenance phase. The
findings show that actual involvement in systems development projects parallel the
perception findings with one exception. While the respondents don’t believe internal
audit should be involved in the development phase of a systems development project,
the findings suggest that internal audit departments are actually involved (moderate to
little) in such projects.
Q1.
2. The five aspects are briefly explained with an example as follows :
(a)Technical feasibility : The firms decide whether the system development can be performed
with the existing technology or if new technology is required. It is the willingness of the firm to
adopt to available technology that are advanced than the existing technology on which the firm
runs its systems.
(b)Economic feasibility : Under this study, a review of the management's available funds that
can be allocated towards the proposed system development project is studied. Further the
funds available have a direct impact on the scope and operational nature of the business.
(c)Legal feasibility : Here compliances with various laws such as SOX, regulations related to
invasion of privacy and laws on confidentiality of store information have to be considered before
identifying the right system.
(d)Operational feasibility : Here the skill set and available resources have to be considered
and checked if these can be revamped to accommodate the new system.
(e)Schedule feasibility : the time frame involved in implementing the system is analyzed.
3.
-communication is needed to find out the requirements of the organization, the output of the
system and how much funds are invested for the system as there is the important part to
develop a system.
- accountants should communicate with the developers who develop the project or system.
-The communication both orally and in written about the development of the project is important
as if the developer needs any resource for developing the system then that can be provided and
can check whether proper infrastructure is there to create a project or not.
- Therefore, before creating any project communication between accountants with team
members is a must to prevent any mistakes due to lack of communication such as coding
mistakes.
- Hence, there is a need for incorporating communication skills for proper SDLC execution.
4.
The issue of independence can be discussed as:
- The accounting information system must have the feature of being audible. Several
techniques and features must be designed into the system. Audit firms are part of the
system development team along with system professional end users and skateholders.
- Audit firms are the stakeholders as they are not the end users but are interested in the
formation of the organization. The auditors must involve in early phases of design
because they have stake in the system
- If the audit firm also provides consulting input into the development and selection of new
systems, it is a violation of the Sarbanes-Oxley Act. Having a system audited by the
consulting firm that initially proposed it may produce a bias on the consulting firm’s part
to view the system in a positive light.
5.
● The main reason for the underestimation of the cost and time requirements of SDLC is
because of the hurry in selection and implementation of the project and therefore important
facts are ignored or not analysed completely. The unchecked areas may create a
bottleneck in SDLC and increase the costs and time.
● To improve this,
○ Perform a Detailed Feasibility Study
■ Technical feasibility is the determination of whether the system can be
developed under existing technology or if new technology is required.
■ Economic feasibility pertains to the availability of funds to complete the
project.
■ Legal feasibility ensures that the proposed system is not in conflict with the
company’s ability to discharge its legal responsibilities.
○ Perform a Cost-Benefit Analysis
■ Identify cost
■ Identify benefits: Tangible benefits fall into two categories: those that
increase revenue and those that reduce costs. Intangible benefits improve
customer satisfaction. They cannot be easily measured and quantified.
GROUP I
QUESTION 1 - Discuss briefly the six systems development controls and two
systems maintenance controls.
ANSWER:
1. System analysis
a. Determine the problem and the achievable solution for the problem
2. System design
a. Overall plan about the system to meet the entire requirement needed.
3. Programming
4. Testing
a. Ensuring that the system that had been produced is the right one.
5. Conversion
a. Changes the old system to the new system to ensure that the system
had achieved the requirement.
a. Production is the effect after the system has been applied. Meanwhile,
if there is any change in the system, it can be called maintenance.
6 systems development controls
● System authorization activities- this process need to be done to avoid any
unauthorised access to the system data
● User specification activities- this system must ensure that users must actively
take part in order to describe their needs
● Technical design activities/ conceptual design- the needs specified by the
users are translated into technical design in order to meet them. The conceptual
design objective is to produce several alternative conceptual systems that satisfy
the system requirements identified during system analysis.
● Involvement of internal audit- internal audit must take part to examine the
needs of the users and control required.
● Program testing- it is a necessary process to compare the outcomes with
predefined standards. Programmer will prepare a test transaction, test master
files and expected results.
● User test and acceptance process- Necessary to formally document and
analyse the result of the test. The test will help in deciding whether to implement
the program or not
1. Corrective Maintenance
2. Adaptive Maintenance
ANSWER:
ANSWER:
Type of output that can be considered extremely sensitive in a university setting is the
data of the students and the lecturer and also the staff.
Three examples are personal details of the students, lecturer and staff. Besides that,
financial data of students, lecturers and staff are also extremely sensitive data. Lastly, a
student's university record is important in a university setting.
This information is important because it will give advantages to others if they got the
data. It can harm the users because with the information, many things can be obtained
such as money and bank details.
Only the authorized person like the relevant administrative department in the university
can access the data of the lecturers, students and staff. This is because these people
had been appointed by the management of the university to keep this information
private and confidential.
QUESTION 4 - Why is computer waste disposal a potential internal control issue?
How to remedy this issue?
ANSWER:
Computer waste disposal may lead to breach of security of confidential data of the
entity. Even if data is deleted from the system it can be retrieved by the experts and
hence lead to huge security breaches.
In order to remedy this issue, the government needs to do recycling towards this
computer waste disposal. This can be achieved by informing and teaching all the people
about how important it is to waste the computer efficiently to get rid of the internal
control issues.
QUESTION 5 - Why are auditors responsible for evaluating the controls in the
SDLC’s process? Do you think the current auditors are able to do so?
ANSWER:
Software Development Life Cycle (SDLC) is a process used by the software industry to
design, develop and test high quality software.
Auditors responsible for evaluating the controls in the SDLC’s process because to
ensure the controls are implemented to mitigate the risks of developing application
systems throughout the SDLC.
Current auditors are able to do so because current auditors are responsible to express
an opinion on the financial statement when they are auditing the financial statement.
Auditors also will identify the risk that may occur. This can help to reduce the risk if the
current auditor auditing the SDLC.
29th November 2021 (Groups I & J)
1. Discuss briefly the six systems development controls and two systems maintenance controls.
6 systems development controls
● System authorization activities- this process need to be done to avoid any unauthorised
access to the system data
● User specification activities- this system must ensure that users must actively take part in
order to describe their needs
● Technical design activities/ conceptual design- the needs specified by the users are
translated into technical design in order to meet them. The conceptual design objective is
to produce several alternative conceptual systems that satisfy the system requirements
identified during system analysis.
● Involvement of internal audit- internal audit must take part to examine the needs of the users
and control required.
● Program testing- it is a necessary process to compare the outcomes with predefined
standards. Programmer will prepare a test transaction, test master files and expected
results.
● User test and acceptance process- Necessary to formally document and analyse the result
of the test. The test will help in deciding whether to implement the program or not
You all can read this website to explore more about the maintenance control
(http://www.engineering-bachelors-degree.com/business-information-
management/uncategorized/systems-developmentprogram-changes-and-application-
controlssystems-development-controls/ )
2. Distinguish auditing around the computer and auditing through the computer?
Auditing Around the Computer Auditing Through the Computer Commented [1]: 1) processing done by the computer
system needs not to be audited as auditor expects that
Traditional method Modern method sufficient appropriate audit evidence can be obtained by
reconciling inputs with outputs. In simple words
evidence is drawn and conclusions are reached without
Auditors randomly select source documents Various steps taken by auditors to evaluate considering how inputs are being processed to provide
that have been input into the system and client’s software and hardware to determine the outputs.
manually summarise them to see if they match reliability of operations that are hard for
with output of computer processing. human eyes to view and also test the
operating effectiveness of related computer
controls, e.g., access control.
Assume the percentages of accurate output Check the controls like processing controls,
data verify the proper processing operation of output controls, input controls, separation of
the company.. Review of computer programs controls, etc. Able to know the effectiveness
or operations are unnecessary. Pay no and reasonableness of the client’s internal
attention to control procedure within IT control
environment
Give 3 examples and explain why the information would be considered sensitive. Discuss who
should and should have access to each type of information.
Examples sensitive Who should have access Who should not have
information to information access to information
Rather than choosing to place end-of-life devices in storage, creating an electronic waste
disposal plan may be a better choice. The plan should ensure that storage time is minimal
or completely eliminated, thereby decreasing the risk of theft, loss or inadvertent exposure
of sensitive information.
SDLC is a framework defining tasks performed at each step in the software development process.
ISO/IEC 12207 is an international standard for software life-cycle processes. It aims to be the
standard that defines all the tasks required for developing and maintaining software.
SDLC is a process followed for a software project, within a software organization. It consists of a
detailed plan describing how to develop, maintain, replace and alter or enhance specific software.
The life cycle defines a methodology for improving the quality of software and the overall
development process.
7 Stages of SDLC
A typical Software Development Life Cycle consists of the following stages −
System planning, system analysis, conceptual design, evaluation & selection, cost-benefits
analysis, detailed design, implementation and system maintenance.
(can refer to the slides to each stages)
Reason 1
The need to ensure that SDLC processes and deliverables are aligned with best practices
based on global standards (GAAP, SEC regulations etc.). There is not an overarching
procedures document which explains the SDLC process and the related documents. In addition,
the basic elements of SDLC are not identified in SDLC processes and deliverables, and therefore
may not be consistent among projects. Also, there are not links to templates for the activities related
to integration, including the system test plan, which is stated to address integration testing.
Management has stated that SDLC processes and deliverable templates, including those related
to integration, will be reviewed and revised to ensure that they are complete and effective. In
addition, an overarching document which explains the SDLC process and the related documents
will be created and published.
Reason 2
The need to ensure that SDLC is applied to projects which meet the SDLC criteria. In
assessing the application of the SDLC process, we noted that it was not consistently applied to all
relevant development initiatives. As a result, these projects did not conform to organizational
defined development requirements which include standard deliverables that should be considered.
Management has stated that the project intake process was changed effective January 1, 2016 to
ensure all new projects are brought to the IT Governance Committee (ITGC) to determine the need
for SDLC Compliance. This process improvement will ensure that all projects are assessed with
regards to the need to comply with SDLC. A report that shows the status of SDLC compliance on
projects will be produced and reviewed at the ITGC meetings.
Reason 3
The need to ensure that SDLC checklists are properly prepared and kept updated as
activities are completed. Our assessment of projects that followed the defined SDLC process
revealed that the SDLC checklist which is used to ensure that the process is followed, was not
consistently created or maintained and supporting deliverables were not linked to the projects. As
a result, these projects were not in compliance with the company policy and could have been at
risk of requiring additional re-work subsequent to project completion. Management has stated that
a quality assurance process will be developed to ensure that SDLC checklists are updated as
activities are completed, including links to supporting documents.
- To check whether that developing a new system is the best way to handle to current
problem.
- Cost-benefits analysis, develop by ourselves or outsourcing OR do we really need the
system?
- In this situation, auditors are able to give advice to the management
- Communicate with the users (survey)
- Get enough inputs from users, look at/ analysis their responses
- Receive proper approval from management
- Formal testing and user acceptance considered by many auditors to be the most important
control over the SDLC.
- SDLC activities are applied consistently and in accordance with management’s policies.
- Original system free from material errors and fraud.
- System was judged necessary and justified.
- Documentation is adequate and complete.
3. What type of output would be considered extremely sensitive in a university setting? (faris)
Data that relates with the student data and information related to transactions, staff data,
university personal information.
Give 3 examples and explain why the information would be considered sensitive. Discuss who
should and should have access to each type of information.
Examples sensitive Who should have access to Who should not have
information information access to information