Accounting Process Management 1b FEM1102110

Assignment 5
Team 6

PATRICK MOS 312726 LUUK DE JONG 313230 FRANK DE HOON 311368 THEODORAKOPOULOS KONSTANTINOS 345699

Chapter 8

Problem 3a: 1. Define Responsibility Accounting: Responsibility accounting is the collection, summarization, and reporting of financial information about various decision centers throughout an organization. It tracks costs, revenues, or profits to the individual managers who are responsible for making the decisions (about costs, revenues, or profits) and taking action about them. Responsibility managers are accountable only for the items (cost/revenue/ investments) that they control. 2. Discuss the benefits that accrue to a company using responsibility accounting: The benefits that accrue to a company using responsibility accounting are: a. Motivation benefits: Managers are more motivated to perform their actions well and have a good result as they are responsible for their actions. b. Planning and decision making: responsibility accounting does not only help in management control but also in planning and decision making processes. c. Delegation and Control: the twin objectives of management are delegating responsibility while retaining control is achieved by the adoption of responsibility accounting system. Both are combined when organizations use responsibility accounting. d. Ready-hand Information: relevant and up to the minutes information is made available which can be used to estimate future costs and or revenues and to fix up standards for departmental budgets. e. Data Availability: A mechanism for presenting performance data is provided. A framework of managerial performance appraisal system can be established on that basis, besides motivating managers, to act in the best interests of the enterprise. f. Easy identification: It enables the identification of individual managers responsible for satisfactory or unsatisfactory performance. 3. Describe the advantages of responsibility accounting for the managers of a firm: The advantages of responsibility accounting for the managers of a firm are: a. Top level managers are (almost) relieved of making routine decisions because this is shifted to lower management levels. b. Higher moral/motivation because managers performance is personalized and managers are responsible for their own actions and decisions. c. Training: Managers are trained in order to operate a specific task in the firm. This means that training helps managers perform their tasks with accuracy. d. Decisions are made where the action is taking place. Managers are no longer frustrated because of the decisions from top level managers. e. It enables the identification of individual managers responsible for satisfactory or unsatisfactory performance and therefore improves performance evaluation. f. Improves productivity: Since performance evaluation is improved and managers are responsible for specific tasks, then productivity will be improved also. g. Allows upper-level management to concentrate on strategic decisions

b. What features of the budget presentation shown are likely to make the budget attractive to managers? 1. Attractive to managers is everything that gives them specific goals. The Family Resorts company uses responsibility accounting, which means that each manager is responsible for his own region. This is the reason why the operational budget is divided by reporting units. The budget does not use a performance measure that could harm the company and confuse the managers for what they have to do because every managers objectives are specified. For managers it is attractive that expenses are divided into controllable expenses by the managers and expenses controlled by others. They are only accountable for expenses they can control. This presentation of the budget is also attractive to managers because they examine and estimate each regional budget more effectively. Moreover, managers can be evaluated exactly for the region that they are in charge according to their controllability (the degree of influence that a specific manager has over costs, revenues, or other items in question). 2. The budget preparers have to make sure that the budget helps the decision making of the company. Usually the decision making is implemented by the upper- level managers so the budget preparers should avoid information overload and be aware of the managers organizational level and span of control. Also, we see that when major changes need to be made to the budgets that managers submitted, all affected parties are consulted before the changes are incorporated. Considering the fact that the company uses responsibility accounting, it is not conscious to waste time asking all the managers about a specific change because each of those is responsible for different region.

Problem 9a: 1. Describe the advantages and disadvantages of the structure: Roland Ford, the chief financial officer proposed a narrow span of control. The advantage of a narrow span of control is that is provides better communication between managers and their employees and gives managers better and tighter control over their specific subordinates and closer supervision. Supervising fewer employees generally requires less managerial skill. On the other hand, narrow span of control is more expensive as compared to wide span of control as there are more superiors/employees and therefore there are greater communication problems between various levels of management. When supervision is very close, the narrow span means that there are many levels of management, resulting in a possibly excessive distance between the top and the bottom of an organization. 2. Impact of the resulting span of control: The impact of the narrow span of control in Arbeck Inc results in higher expenses because there are more people working at the firm. The managers are closely involved with the details of the operation and with specific decisions and require detailed reports. The managers are involved in the work their subordinates do and are closely involved with the details of the operation and with specific decisions. 3. Effect on employee behaviour: Employees in a narrow span of control are closely supervised. There is no room left for autonomy in decision making and everything should go as the manager wants it to go. Employees will behave as the manager expects the employees to behave and this will lead to an distance between the subordinates and the managers. Employees do not have often contact with the manager because an assistant is between them. Because the employees do not have responsibility they do not come with own ideas or innovations. Because there is a clear structure with authority there is no room for personal relationships. b. 1. Advantages and disadvantages of that structure: A wide span is less expensive because an organization needs less managers to supervise the employees. With only one manager the other employees are all on the same level and can work with each other with clear delegation of duties. Also there are less employees needed. There are less layers of management to pass a message through, so the message reaches more employees faster. Another advantage is that employees appreciate less supervision and control and more trust and freedom. This will create a better team moral. The disadvantages of the structure is that managers are forced to delegate work and tasks among employees. There is less close supervision/control and possible problems with the overloading of work may occur. 2. Impact of the resulting span of control: The implementation of a wide span will lead to a reduction in the amount of managers needed to supervise the employees. Also, less employees are necessary in this structure. An important impact when the wide span is implemented, is that employees will get more autonomy in decision making. The subordinates of a manager should make more decisions themselves.

3. Effect on employee behavior: Employees in wide spans are more happy with less supervision and control. The join more trust and freedom and this will create a better team moral. The employees will be more productive because they are directly involved in the decision making process. The join more freedom and are less influenced by the manager because there is less supervision and control. Employees in wide spans are more involved in the operations and there is room for feedback from other employees. The subordinates of the manager are all equal and there is more interaction between them. This will lead to a more personal relationship. c. Discuss the factors that Ford and Sanderson should consider when determining the appropriate span of control: In order to determine the appropriate span of control for Arbeck Inc, Roland Ford, the chief financial officer of Arbeck, and Martha Sanderson, the President of Relco, have to consider some very critical factors described below: 1. The nature of task: the more routine and structured the task, the more subordinates one manager can control. Therefore, routine tasks can be associated with broad span of control. Less structured or highly technical tasks often require good deal of management participation and reduces the managers span of control. 2. Employees skills and abilities 3. Willingness and dedication of the workers (dedicated workers might not need much supervision) Chapter 15 Problem 12: 1. Why are the auditors of Avatar stressing the need to have better physical environment for the server? If Avatar has proper software controls in place would that not be enough to secure the information? There are many factors that can cause serious problems in the computer environment and in the firm. For example fires, floods, eartquakes, unauthorized access in the computer room, and power outages. If there is not a safe environment and a disaster occurs data will be destroyed amd make the company lose the ability to do business. So computer controls are of major importance as they can protect the company from a disaster. In our problem Avatar Financial Inc. has been given free access to use the computer room of an older production plant. This is the reason why the managers of the company have major concern. The computer controls must be updated and modern. Although that room has some proper controls e.g. detectors of smoke, no windows etc. we do not know if these controls are updated and tested to the needs of the Avatar system and not of an older system. Moreover in our problem there is nothing
stated about the security of the computer room and the security of the network hardware. For servers that must maintain high availability, physical access should be restricted for all and only designated workers should have access to the room. Another problem is that we do not know if there

are fault tolerance controls. If a part of the system fails then the system will stop operating. For example there are no uninteraptible power supplies for the occassion of power supply failure or additional hard disks which will take place when one brakes down. Avatar Company as it has become evident needs more than just a software control in the system. Imagine a proper software control that prevents unauthorized entrances but an improper physical environment that is not safe for the computer system. For example not having proper security of the computer room, not proper temperature and humidity controls. Imagine fire or floods destroying the data because there were no preventing measures for the location that the system is placed. So a well controlled physical environment is a prime factor in order to keep safe a computer system. 2. Name the six control features that contribute to the security of the computer server environment. The six controls are: . Physical location: The computer center should be located away from human-made and natural hazards. b. Construction: The computer center should be located in a building with solid construction and controled access. c. Temperature and humidity: Computers perform best at approximately 70 degrees Fahrenheit and 50% of humidity. This means that temperature and humidity should be stable by using a good airconditioning system. d. Access: Access to the computer center should be limited to the employees and operators who work there. e. Fire suppresion: There must be an effective fire detection and extinguish system for the likelihood of fire. f. Fault tolerance: It is the ability of the system to continue operating when a part of it fails of hardware failure, application error, or operator error. This means implementing redundant arrays of independent disks, and uninterruptible power supplies.

Chapter 16 Problem 5 A) The sprinklers where on for three minutes and could have destroy the mainframes, printers and tapes. This can be a great disaster for a company because the operating system can crash after the mainframes where exposed to the water. An organization can prevent this disaster to store the mainframes and tapes in an other room than the computing room. Also their should be a backup on another location away from the disaster area. To prevent that the mainframes and tapes are exposed to water another mechanism can be used to prevent it against fire. Their should be a room where in case of fire all oxygen is removed. In that case there is no change that the room will be destroyed in case of fire. B) With an error in a program, the operating system can crash. The information that is dumped to disk and printers can lead to disclosure of confidential information of the organisation. This has negative consequences because the information is confidential and should not be accessible to all people. To prevent that a system programmer can place an error into a program we must look at operating system security. The central system administrator should determine who is granted access to specific resources. Individuals are not granted privileges that are incompatible with their duties. There should be an access control list that defines the access privileges for all valid users of resources. The system programmer has unlimited access to the operating system. In this case he abused his authority. To prevent the system-programmer to make undesired changes in programs of the operating system, entity-wide procedures for making changes should be implemented. In this case there is more control about the changes made by system programmers. A mechanism should be implemented to authorize the changes made in the system. A system programmer should only perform changes with the authorization of the central system administrator. To minimize the negative consequences when the operating system crashes, backups of the entire system are important. A recovery module uses logs and backup files of an organization to restart the system after a crash or failure. C) With the virus Jane copied onto the network servers, data and applications programs had been destroyed. This can result in the lost of quality of the operating system because applications are missing. The data that is destroyed could be very important and without a good backup plan they are lost forever. This can result in negative financial consequences because the information could be important for the performance of a company. Jane had only a secretarial job and should not have access to the network of the organization. To prevent this kind of intentional threats their should be proper control on Access Privileges. The privileges should determine the access to files and other resources that people or groups have. Also they should determine the types of actions that can be taken. In this case Jane had only a secretarial job and her privileges where incompatible with her job. But beside the access Jane had and therefore was able to insert the virus the company should not suffer if they have good antiviral software. With good antiviral software, applications and operating system programs are scanned to detect viruses and are able remove the virus from the affected program. Maintaining a current version of the antiviral software is necessary to protect an organization against the negative results of a virus attack.

D) The virus can cause the operating system to failure and can lead to the lost of applications and data. Losses are measured in the terms of data corruption, destruction, reduce in computer performance, violations of privacy and personnel time needed to repair the damage. To prevent the operating system against viruses an organization needs a combination of technology controls and administrative procedures. An organization should only purchase software from reliable vendors and should not use illegal copies. Also they should upgrade the software for viruses frequently after implementing the software. All public-domain software should be inspected for virus infection before using. Robert did not inspect the public domain program before using it and placing it on his personal computer at work. The organization should prohibit employees to install programs on their work-computers themselves and denies the ability to write directly to mainframe and server directories. E) Murray had both access to the computer control list and user passwords. After leaving the firm he used the user passwords to browse through documents of his old employer, and passed this to his new employer. For the old organization this can lead to the lost of confidential information. Especially the information about bids on jobs is very confidential. When a competitor knows what another company bids on a job, he can offer a lower bid to perform the job. This can lead to a decrease of the profit of a company because they get less jobs to perform. But also price lists and costumer lists are confident. After Murray had left the organization all users should have changed their passwords to avoid this kind of threat. If a company wants to be sure that all employees change passwords frequently they should implement one-time passwords or implement password control procedures to ensure that employees change passwords frequently. Also weak passwords should be denied and password files should be encrypted. Also the company should implement a firewall that can be used to authenticate an outside user of the network and verify the level of access authority.

Chapter 17 Problem 7: a. Discuss the major internal control issues in Avatars systems development approach: System Authorization Activities The projects and systems should be authorized by users and computer services management. So the board of Avatar Financials and the computer services management should authorize the purchase of new software because 1. There is no official form to state who made the decision to buy the software and for what reason. 2. There is no analysis to state the actual gain from the new software. User Specification Activities There are no user specification activities.The system should be created with the right specifications for the user. This means that the users should be asked about what specifically would help them in their everyday work and in this way the company will be able to know what wants from the software and choose the best one, instead of buying Siman, which we do not know if it fullfils the necessary requirements.. Technical Design Activities Thereafter the user specifications should be translated to detailed technical specifications. So that they can create a system with the needs of the user. This should be done with system analysis, feasibility analyses and detailed systems design. In this problem V-Dot Solutions sends six systems analysts to Avatar to do these analyses and eventually add additional hardware. Internal Audit Participation There is no internal auditor in the company who will get involved in the whole process, make sure that V-Dot solutions during the implementation met the user needs. Also he will keep the controls and observe the regulations that the company has to deal with. The two people from Avatar that are trained from V-Dot are not qualified because their training involves minor issues and because they are trained by the party that is installing the software and they may not be given material information. Program Testing Its also important to test the program modules before the are implemented. In our problem we do not know that the software that is going to be bought is fundamentally compatible with the one that is already in place. The same applies for the extra hardware that is going to be installed in order to run the simulation analytics on Siman. User Test and Acceptance Procedures Testing should exist also before and after the installation of the software. The program modules have to be tested individually and also a whole. The test team should exist of systems professionals, internal auditors and user personnel. The testing period at Avatar is readjusted to enable the two employees to test the system. So there isnt said anything about whether the systems professionals are also involved in the testing phase and whether the internal auditors are involved in the whole process. Also the

tests should be done against predetermined goals in order to make sure that V-Dot has done a complete job Internal Control issues in Avatars program changes: 1. It uses data from another program to the current program, incresing the chances of mistake. 2. It gives access to company employees to change the program giving them the opportunity to commit fraud. 3. The employees that are used do not have sufficient understanding of the program, making them prone to errors. 4. The company has strict time schedule for the completion of the job, increasing the chances of errors. 5.During the process the two employees are not monitored for their work. 6. It reviews the documentation only after the system is running making it too costly for any corrective controls. b. Comment on the duties of the two programmers of Avatar performs. Are systems maintenance and program development extensions of the same responsibility? The two programmers will implement the changes that allow Siman-II to use the new data feed. But previously they were working on the analytics department and after the implementation they are expected to go back to the maintenance operations. So the two programmers are doing both the developing and the maintenance of the system. Although maintenance activities should be given essentially the same treatment as new development, it must not be under the duty of the same person that is in charge of the development because in that way they can change the programme to their own benefit. So there are in the auditing SPL Software System two different categories of programmers: The systems development programmers and the systems maintenance programmers. For the former the user department authorizes and requests new applications and for the latter authorizes and requests program changes. So the system maintenance and the program development are not extensions of the same responsibility. c. Identify pottential issues that might arise due to weak internal controls. Fraud errors and mistakes are issues that can derive from weak internal controls. One fact that leads to errors and mistakes is that the two programmers do not have the same knowledge about major problems and issues like an analyst of V-Dot. Also mistakes can occur after the sending of the two programmers to the basic maintenance operations as there will be less control of the new system. If the company does not follow a proper authorization, development and implementation department for the new systems then the system will not have an effective development process. The same happens with the maintenance of the system, because if there is no proper maintenance there will be high risk that logic will be corrupted either by accident or intent to defraud. To be more specific 1. Siman could be bought in order someone could make profit while there is other more efficient software. 2. It can be a more expensive choice than other better software. 3. It may be difficult to use from the everyday users 4. As there is no internal control, incompatible issues may be difficult to discover from the two employees of Avatar. 5. Malicious software could be inserted from V-Dot Company. 6. Siman can have malfunctions due to data provided by the other company.