Auditing in CIS Environment Final Examination

Instructions:
1. Write the full name and student number of the group members on your answer sheet.

2. Use the following format:

a. Font size: 11
b. Font style: Calibri
c. Font color: Black
d. Spacing: 1.5
e. Paper size: A4
f. Margin: 1” on all sides

3. No need to copy the questions or problems. Write your answers directly. Answers should be limited to a
maximum of five pages.

4. File name should be in this format:

AUD CIS_Schedule_Last Name of Members

Example: AUD CIS_Saturday_Cruz_Ramos_Reyes

5. Email your answers in Word and PDF format to audcis.feu@gmail.com with the subject same as the file
name. Please do not send an empty email. One submission only per group. Multiple submissions will incur
15 points deduction.

6. Submit your answer on or before May 14, 2019 (2PM).

Late submissions (02:01PM and onwards) will incur 20 points deduction.
All submissions will be acknowledged once received.

7. Five points will be deducted for every instruction not followed.

8. If you have any questions or concerns, post them on the comment section of this post. Do not message me
directly.
1.
Juan Cruz is the loading dock supervisor for a dry cement packaging company. His work crew is composed of unskilled
workers who load large transport trucks with bags of cement, gravel, and sand. The work is hard, and the employee
turnover rate is high. Employees record their attendance on separate time cards. Cruz authorizes payroll payments
each week by signing the time cards and submitting them to the payroll department. Payroll then prepares the
paychecks and gives them to Cruz, who distributes them to his work crew.

Required:
a. Prepare a systems flowchart of the procedures described here. (10 points)
b. Identify any control problems in the system. (5 points)
c. What sorts of fraud are possible in the system? (5 points)

2.
a. Should standards be centralized in a distributed data processing environment? Explain. (5 points)

b. How can human behavior be considered one of the biggest potential threats to operating system integrity?
(5 points)

3.
In 2002, Mr. Galvez started MM, Inc., a small, 75-employee firm that produces and sells wireless keyboards and other
devices to vendors through its manufacturing plant in Little Rock, Arkansas. In its first 2 years of business, MM saw a
substantial growth in sales and at current capacity was unable to keep up with demand. To compete, MM enlarged its
manufacturing facilities. The new facility increased to 250 employees. During this period of expansion, MM has paid
little attention to internal control procedures.

Recently, systems problems and hardware failures have caused the operating system to crash. Mr. Galvez was extremely
concerned to discover that confidential company information had been printed out a result of these crashes. Also,
important digital documents were erased from storage media. Malicious programs such as viruses, worms, and Trojan
horses have plagued the company and caused significant data corruption. MM has devoted significant funds and time
trying to fix the damage caused to its operating system. Out of necessity to get the job done, as well as for philosophical
reasons, system administrators and programmers have provided users relatively free access to the operating system.
Restricting access was found to inhibit business and impede recovery from systems failures. From the outset, an open
approach was regarded as an efficient and effective way to ensure that everyone obtained the information they needed
to perform their jobs.

Required:
a. What internal control problems do you find? (5 points)
b. How can MM improve internal controls? (5 points)

4.
a. What are four ways in which database management systems provide a controlled environment to manage user
access and the data resources? (5 points)

b. Explain the relationship between the three levels of the data definition language. As a user, which level would you
be most interested in? (5 points)
5.
a. Explain the role of accountants in the conceptual design stage. (5 points)

b. Explain why the Systems Development Life Cycle is of interest to accountants. What is the accountant’s role in the
Systems Development Life Cycle? (10 points)

6.
a. For each of the following records, indicate the appropriate related file structure: master file, transaction file,
reference file, or archive file. (10 points)
1. customer ledgers
2. purchase orders
3. list of authorized vendors
4. records related to prior pay periods
5. vendor ledgers
6. hours each employee has worked during the current pay period
7. tax tables
8. sales orders that have been processed and recorded

b. Lala, an employee of BM Manufacturing Company, prepares journal vouchers for general ledger entries. Because
of the large number of voided journal vouchers caused by errors, the journal vouchers are not prenumbered by the
printer; rather, Lala numbers them as she prepares each journal voucher. She does, however, keep a log of all
journal vouchers written so that she does not assign the same number to two journal vouchers. Biweekly, Lala posts
the journal vouchers to the general ledger and any necessary subsidiary accounts. Bimonthly, she reconciles the
subsidiary accounts to their control accounts in the general ledger and makes sure the general ledger accounts
balance.

Required:
Discuss any potential control weaknesses and problems in this scenario. (10 points)

7.
Explain the importance of source documents and associated control techniques. (5 points)

8.
Assume that an auditor is reviewing a file containing twenty-five fields of data, only five of which are relevant to the
auditor’s objective. Explain how ACL can help in this situation. (10 points)

9.
Describe the procedures, documents and departments involved when insufficient inventory is available to fill a
customer’s approved order. (5 points)

10.
John worked in the stockyard of a large building supply company. One day he unexpectedly and without notice left and
never to return. His foreman seized the opportunity to continue to submit timecards for John to the payroll department.
Each week, as part of his normal duties, the foreman received the employee paychecks from payroll and distributed
them to the workers on his shift. Because John Smith was not present to collect his paycheck, the foreman forged John’s
name and cashed it.

Required:
Describe two control techniques to prevent or detect this fraud scheme. (10 points)
11.
a. How does a data warehouse help the external auditor perform the audit? (5 points)

b. Why must an organization expect the implementation of an ERP to disrupt operations? (5 points)

12.
a. Explain why collusion between employees and management in the commission of a fraud is difficult to both prevent
and detect. (10 points)

b. The kickback is a form of fraud often associated with purchasing. Most organizations expect their purchasing agents
to select the vendor that provides the best products at the lowest price. To influence the purchasing agent in his or
her decision, vendors may grant the agent financial favors (cash, presents, football tickets, and so on). This activity
can result in orders being placed with vendors that supply inferior products or charge excessive prices.

Required:
Describe the controls that an organization can employ to deal with kickbacks. Classify each control as preventive,
detective, or corrective. (15 points)