Willie Virgen

Document Sample
Willie Virgen Powered By Docstoc
					                                                                                   Willie Virgen
                                Discussion Questions Set #2

  1. Four data items that could be used by both personnel and payroll functions are employee
     names, Social Security numbers, wage rate, and date hired. Personnel functions can also
     include number of years worked, and spouse’s name. Payroll functions can include wage
     benefits and gross pay to date.

  2. Accounting transactions associated with payroll processing must be repetitive because of
     all of the controls that the AIS must use in order to effectively organize, manage, and
     calculate the employee’s money. Some companies go outside of their businesses to make
     sure that their calculations are correct and so that they are not liable for any mishaps.

  3. When adding new raw inventory materials to a system, an employee must fill out a
     materials requisition form to acquire more. When a worker records time spent on the
     production line, he has to fill out his time card to process when he checked-in and

  4. An important non-financial document of AIS for a manufacturing firm’s production
     process would be the master production schedule. This shows the quantities and the
     timing of goods needed to meet the required quantities for anticipated sales.

  5. Inputs and outputs of a production process for a home-builder and a cement company
     would be relatively identical. The only difference would be the materials of the inputs
     and outputs. A home-builder would need wood, nails, etc., whereas a cement company
     would just need materials for concrete-working.

  6. Three different vertical markets include: Grocery stores, Public Accounting firms, and
     Real Estate. Different influences for these different areas include prices of agriculture
     produce for Grocery stores, time and billing systems for accounting firms, and land prices
     for Real Estate.

  7. To reengineer my business, I Would organize around the outcomes, not the tasks. This
     eliminates more errors and costs, and improves efficiency. Then I would centralize and
     disperse data to further lower costs of inventories and improve service. All in all, I would
     have to keep realistic expectations, meet employee resistance effectively and have the
     support of my top management.


  1. Managers organize and evaluate their corporate governance structure according to the
     1992 COSO Report. It improves the quality of financial reporting through business
     ethics, effective internal controls, and corporate governance. It established a common
     definition of internal control for assessing control systems, as well as determined how to
   improve controls. In 2004, the primary provisions of ERM was to determine if the
   objectives are aligned with the organizational strategy and that goals are consistent with
   the level of risk the organization can take.

2. The primary provisions of CobiT are to research, develop, publicize and promote an
   authoritative, up-to-date international set of generallty accepted information technology
   control objectives for day-to-day use by managers, IT pros, and assurance pros.

3. COSO and CobiT frameworks are so important because managers must first tend to the
   requirements outlined in the COSO report (control environment, risk assessment, control
   activities, info and comm., and monitoring. This determines how IT can best be used to
   support the business processes.

4. A company’s control procedures are classified into three major types: preventive
   controls, detective controls, and corrective controls. The most important of the three in
   my opinion are the preventive control, because if you can prevent an error from
   happening, then you don’t need the other controls.

5. Accountants are paranoid about having an effective and efficient internal control system
   because they want to be able to follow what is happening throughout all phases of
   accounting data processing. They want as few possible errors and irregularities as

6. Preventive controls prevent errors from happening. Detective controls deal with errors
   that have actually already occurred, while Corrective controls correct the errors from
   happening again. An example of a Preventive control is determining the total dollar sales
   from all invoices before sending them to the information processing subsystem. A
   Detective control can be comparing sales invoice amounts to the sales department
   amounts; finally a Corrective control: if there is a problem, investigate the problem and
   fix it.

7. Competent employees are necessary for a firm because the quality directly affects the
   quality of the goods and services provided by the company. They also help create value
   for an organization. Because there are fewer employees then compared to before, today’s
   employees have more responsibility and oversight as well.

8. Separation of Duties reduces the risk of undetected errors and irregularities by using
   more than one person to perform essentially three different tasks: Authorizing,
   Recording, and/or Custody of Assets. If one person does more than one of these actions,
   he/she is more likely to commit an error because of the responsibilities.

9. Firms uses prenumbered checks to maintain accountability for both issued and unissued
   checks for making authorized cash disbursements. This reduces the risk of employee
   misappropriation of cash. They use a voucher system because it reduces the number of
   cash disbursement checks that are written and the disbursement voucher is an internally
   generated document.
  10. Cost-benefit analysis plays the roll that lets the firm know whether or not certain internal
      controls should be implemented. It does this by figuring out expected loss (Exp. Loss =
      Risk * Exposure).


  1. A security policy is a comprehensive plan that helps protect the enterprise from internal
     and external threats. An integrated security system, supported by a comprehensive
     security policy, can significantly reduce the risk of attack because it increases the costs
     and resources needed by an intruder.

  2. The guidance/framework I would use to establish IT governance would be the COSO
     report of 2004. I would use this for every level of management-related IT issues.

  3. WLANs send information wirelessly. Hardwired LANs send information through cables
     and wires. Firms now use biometrics, such as digital fingerprint authentication
     technology and user accounts and passwords for network protection.

  4. Contingency planning includes the development of a formal disaster recovery plan, or a
     business continuity plan. Such a plan is necessary because a variety of unforeseen
     disasters could occur that would cause a data processing center to not be operational.
     They are basically manuals for emergency situations for a firm’s branch.

  5. Backup is the procedure in which a computer network system completes all procedures
     and then makes copies of all the data and other information needed to restart the system.
     This is recorded on a separate disk and is done multiple times per hour. Necessary for
     accounting info systems because computers crash relatively frequently and it is a good
     precaution to have.

  6. Two common risks associated with microcomputers are Hardware and Data Software.
     Hardware is a risk because the computers can be stolen or lost easily because of their
     size. Data Software is a risk because the data can be manipulated by anyone with a
     computer-related background. Three controls that should always be implemented: Have
     the microcomputers locked to the desks or to the walls, secret passwords that are changed
     periodically, and mandatory backup of important data everyday.

  7. Jean & Joan Cosmetics should use input controls such as, the test input data routine that
     tests the validity, accuracy, and completeness as early as possible. Observation control
     procedures assist in collecting data that will be recorded (feedback mechanism). Use of
     UPC codes on items also helps with inventory.

  8. Edit tests examine selected fields of input data and reject those transactions (or other
     types of data input) whose data fields do not meet the preestablished standards of data
     quality. Check-digit procedures duplicate computational procedures at the time of data
     access, and therefore validate the accuracy of the data before the transaction data was
     used to update a master file. Passwords limit access to information. Activity listings
     create good audit trails. Control totals serve as a control on the contents of each bundle .
     It includes different information that may not make sense at all sometimes.

  9. Logical access to a computer is having remote access to a computer from a distant
     location. Physical access is actually being in front of the computer in question and
     touching it. Security is important with both types of access to protect and safeguard

  10. The statement displays an opinion with an interesting argument, however, separation of
      duties should always be implemented amongst the organization of a firm because
      computers often crash and backup is always needed. Therefore, they should have
      checkpoints and procedures in their protocol that reduce the risk of error so that the
      mutil-task function still works properly.

  11. Control totals control the contents of an information bundle. An example includes the
      bundle number, today’s date, and the total dollar amount for the checks themselves. They
      insufficient to guard against data inaccuracies because they need to be checked by
      internal controls to be accurate with internal counts.


  1. The “tip of the iceberg” description for computer crime cases, I believe, is very accurate.
     Even though today’s technology has allowed us to do many great unimaginable things, it
     has also paved the way for e-crime, which when performed accurately and correctly, can
     be untraceable. Also, the cyber-world is unimaginably huge. To this day, we do not know
     the exact size of it.

  2. One explanation for the downplay of computer crimes and abuse is the fact that the
     majority take place in private companies, where it is handled as an internal matter. We
     have no laws that require organizations to report computer offenses. The number one
     reason why it is not reported by managers is because of the negative publicity that might
     impact their stock price and image. Also because of the fear that competitors would use
     the info to their advantage.

  3. Most Computer cases are in fact not reported because of the exponential growth in
     computer resources. More people are also learning how to compromise computer systems
     as well. Many microcomputer users are not aware of, or conscientious about computer
     security. Lastly, many Internet pages now give step-by-step instructions on how to
     perpetrate computer crimes.

  4. A company does not have the right to collect, store, and disseminate information about an
     individual’s purchasing activities without permission. This information is very private
     and contains things like Social Security numbers, addresses, account numbers, etc.
     Breaches like this could ruin a person’s credit score and could lead to identity theft.
  5. The TRW employees were free to do whatever because they didn’t have any
     authorization and validation of credit changes in their AIS system whatsoever. This
     allowed them to enter false information. Had these controls been in place earlier, the
     crime would never have happened.

  6. A hacker is a person who uses computers to gain unauthorized access to important data.
     To combat hacking, the U.S. Patriot Act of 2001 was placed to help discourage computer
     hacking by allowing the Feds to locate and prosecute hackers. Other tactics include user
     education, passwords, and bioauthorizations.

  7. A computer virus is an attachment to other files or programs that affects computer files,
     operating system activities, or software.

  8. Educating employees about computer crime can help stop it because it makes potential
     hackers aware of the ethics of computer usage and the inconvenience, lost time, and costs
     incurred by victim organizations.

  9. Internet crimes are considered to be white-collar crime. This consists of fraud. Assets at
     risk are cash, accounts receivables, inventories, etc. Other examples of crimes include
     thieves supplying fake credit card numbers to buy stuff, copying web pages without
     permission, denying legitimate Internet users access, etc.To stop these kinds of crimes,
     we must have strict agencies that enforce the numerous accounting standards, such as
     FASB and the numerous accounting firms. And we also have to improve our own ethical
     standards that are based on social expectations, culture, etc.

  10. Ethics is a set of moral principles or values. Therefore, ethical nehavior involves making
      choices and judgments that are morally acceptable and then acting accordingly. Types of
      ethical choices involved in AISs include “ignorance of proper conduct,” “misguided
      playfulness,” and even heroism and recognition. Codes of ethics are imposed to aid
      professionals in selecting among alternatives that are not clear-cut. They also provide
      ethics committees to help and remind employees with choices. Remind employees that
      ethics are important, provide real life examples, and teach by example and reward with
      promotions and benefits.

  11. An Internal Services board of the Rivera Regional Bank should first review Mr. Allen.
      There might be a specific reason as to why he has not taken a vacation and willfully
      worked all those late nights.


  1. The Planning part of a systems study involves performing a preliminary investigation of
     the existing system, organizing a systems study team, and developing strategic plans for
     the remainder of the study. The Analysis step involves analyzing the company’s current
     system in order to identify the info needs, strengths, and weaknesses of the existing
     system. The Design step involves an organization’s attempt to design changes that
     eliminate the current system’s weak points while preserving the strengths.
2. A steering committee is an appointed committee that works with each study team as it
   performs its tasks. The committee consists of top management personnel that provide
   continuous interface. The rationale for such involvement is straightforward: top
   management commitment is critical to the ultimate success of a new or revised system.

3. General Systems Goals: Help AIS contribute to an efficient and effective organization.
         • Cost/benefit Analysis
         • Outputs improve decisions
         • Optimal access to info
         • Flexible enough to make new accommodations.

   Top Management Systems Goals:
         • Long-range budget planning for effective strategic decisions
         • Periodic performance reports for vital control info
         • Short-range operating performance knowledge of org’s subsystems

   Operating Management System Goals: Relate to well-defined and narrower
                                            organizational areas.
          • Majority of decisions are for the current business year.
          • Info required for decisions is generated internally as a byproduct.

4. A feasibility evaluation is the first procedure in which the design team determines the
   practicality of alternative proposals. They must examine five areas: (1) technical, (2)
   operational, (3) schedule, (4) legal, and (5) economic feasibility. This should precede the
   preparation of a systems specification report for a computer vendor evaluation so they
   know that the system is capable and feasible.

5. Annual cash benefits for an online ordering system include saving money by using less
   paper to print up accounts receivable or inventory reports. Annual cash costs for this
   same company include expenses for evaluating this same system for updates, strengths,
   and weaknesses.

6. Prototyping means developing a simplified model of a proposed information system, A
   prototype is a scaled-down, experimental version of a nonexistent information system
   that a design team can develop cheaply and quickly for user-evaluation purposes. It is
   useful when end users do not understand their info needs very well, system requirements
   are hard to define, the new system is mission-critical or needed quickly, past interactions
   have resulted in misunderstandings between end users and designers, and/or there are
   high risks associated with developing and implementing the wrong system. It is a bad
   idea when it is being used as systems design approach. And it is also not recommended
   for developing traditional AIS applications where the inputs, processing, and outputs are
   already well known and clearly defined.

7. The System Specifications Report summarizes the findings of the design team for the
   requirements of the new system. The information in this report includes:
           • Historical background information about the company’s operating activities.
           • Detailed information about the problems in the company’s current system.
           • Detailed descriptions of the systems design proposals.
           • Indication of what the vendors should include in their proposals to the company.
           • Time schedule for implementing the new system.

8. The rationale for performing step one before step two is that controls must be first
   established so that the data can be converted into the required file format for the new
   system that is specified. These controls are more inexpensive to imply in the beginning,
   than to go and change later on once all of the system is created.

9. Three conversion types for old-to-new system changes:

           • Direct: Immediately discontinuing use of the old system and letting the new
           system “sink or swim.”
           • Parallel: The organization operates both the new and the old system for some
           period of time.
           • The new system is implemented in stages, one process or module at a time.

10. A Program Evaluation Review Technique (PERT) Chart requires a project leader to
    prepare a list of systems implementation activities, identifies the prerequisite activities
    that must be completed before others can start, and estimates the amount of time required
    to complete each activity. PERT is a useful project management tool because of its ability
    to help managers identify critical paths and areas where slack time occurs. Gantt charts
    are useful for both scheduling and tracking the activities of systems implementation
    projects because actual progress can be indicated directly on the Gantt chart and
    contrasted with the planned progress. Compare estimated completion times against actual
    ones. A disadvantage is that they don’t indicate the precedence relationships among the
    project activities.

11. The purpose of the follow-up and maintenance phase is to monitor the new system and
    make sure that it continues to satisfy the three levels of organizational goals: (1) general
    systems goals, (2) top management systems goals, and (3) operating management
    systems goals. Reevaluate the new system by talking with top management and end
    users, evaluating the control procedures, observing employee work performance, looking
    at the output schedules to see if they are up to par.

12. A company’s software can be purchased by either acquiring prewritten software and
    tailoring it to the needs of the firm, or they can just acquire a complete, ready-to-go

13. KPO (Knowledge Process Outsourcing) is where a business or an individual contracts
   with someone, often in another country, to perform research or other knowledge-related
   work. BPO (Business Process Outsourcing) is outsourcing the actual business process.
Firms outsource their IT because it is cheaper and more cost effective to go outside their

Shared By: