ch09-16

Chapter 9—Controlling Information Systems: Business Process Controls TRUE/FALSE 1. Specifying control goals is the first step in building a control matrix. ANS: T 2. In the control matrix the M stands for present controls. ANS: F 3. A control matrix is a tool that assists in evaluating the control goals and recommended control plans of an information system. ANS: T 4. Control efficiency addresses whether the control goals are being achieved. ANS: F 5. Control effectiveness addresses how individual control plans achieve multiple control goals. ANS: F 6. The purpose of security controls is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse. ANS: T 7. The following symbol represents a computer process.

ANS: F 8. The following symbol represents a manual process.

ANS: F

183

Controlling Information Systems: Business Process Controls

184

9. The following symbol represents manual keying.

ANS: T 10. The following symbol represents automated keying.

ANS: F 11. Control redundancy addresses whether multiple control plans are directed toward the same control goal. ANS: T 12. The purpose of input goals is to ensure input validity, input completeness and input accuracy. ANS: T 13. The use of the letter P in a control matrix represents a missing control plan. ANS: F 14. The most error prone and inefficient steps in an operations or information process is master file updates. ANS: F 15. A control plan that makes it easier to prepare the document initially and later to input data from the document is called document design. ANS: T 16. Written approval takes the form of a signature or initials on a document to indicate that the proper person has authorized the event. ANS: T 17. Online prompting helps guide the online entry of data by defining the acceptable length of each data field and often dictating the acceptable format of certain fields. ANS: F

Controlling Information Systems: Business Process Controls

185

18. Preformatted screens describes a computer system's asking the user for input or asking questions that the user must answer. ANS: F 19. Programmed edit checks are edits automatically performed by data entry programs upon entry of the input data. ANS: T 20. Another name for a reasonableness check is a credit limit check. ANS: F 21. Dollar totals represent a summarization of any numeric data field within the input document or record. ANS: F 22. The edit that compares calculations performed manually with those performed by the computer to determine if a document has been entered correctly is referred to as mathematical accuracy checks. ANS: T 23. A check digit is an extra digit that is added to an identification number to help control the accuracy with which the number is entered into a computer system. ANS: T 24. Interactive feedback checks help ensure input completeness by informing the user that the input has been accepted and recorded. ANS: T 25. The control plan called data verification is designed to reduce the possibility that one person will misread or miskey data. ANS: F 26. A dependency check employs data encryption--specifically public-key cryptography--to authenticate a system user's identity and to verify the integrity of a message transmitted by that user. ANS: F 27. A digital signature tests whether the contents of two or more data fields bear the correct logical relationship. ANS: F 28. An exception and summary report reflects the transactions that were accepted by the system and processed and those that were rejected by the system. ANS: T

Controlling Information Systems: Business Process Controls

186

29. Master data control plans regulate transaction processing by calculating control totals at various points in a processing run and subsequently comparing these totals. ANS: F 30. Document/record counts are simple counts of the number of documents entered. ANS: T 31. A count of the number of invoices being paid by all of the customer remittances is a type of batch control total called a line or item count. ANS: T 32. The total dollar value of all invoice totals in a batch of sales invoices is called a hash total. ANS: F 33. A hash total is the general term to describe the summation of data that would not normally be totaled except for control purposes. ANS: T 34. A turnaround document is a document that is printed as an output of multiple computer processes and is used to capture and input a previous transaction. ANS: F 35. Batch control plans regulate information processing by calculating control totals at various points in a processing run and subsequently comparing those totals. ANS: T 36. In order to implement either a batch sequence check or cumulative sequence check, transactions must be captured on prenumbered documents. ANS: T 37. Dollar totals are a summarization of the dollar value of items in the batch. ANS: T 38. In a batch sequence check a computer program sorts the transactions into numerical order, checks the documents against the sequence number range, and reports missing, duplicate, and out-of-range event data. ANS: T 39. The cumulative sequence check provides input control in those situations in which the serial numbers are assigned within the organization but later are not entered in perfect serial number sequence. ANS: T

Controlling Information Systems: Business Process Controls

187

40. Data encryption is a process that employs mathematical algorithms and keys to encode data so that it is unintelligible to the human eye. ANS: T MULTIPLE CHOICE 1. The two primary steps in preparing the control matrix include a. specifying control goals, recommending control plans b. specifying control plans, specifying input goals c. specifying the control environment, identifying information process goals d. specifying control procedures, identifying process goals ANS: A 2. The purpose of __________ control goals is to ensure the successful accomplishment of the goals set forth for the business process under consideration. a. efficiency b. effectiveness c. security d. input ANS: B 3. The purpose of __________ control goals is to ensure that all resources used throughout the business process are being employed in the most productive manner. a. efficiency b. effectiveness c. security d. input ANS: A 4. The purpose of __________ control goals is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse.. a. efficiency b. effectiveness c. security d. input ANS: C 5. Immediately endorsing incoming checks satisfies the control goal of a. ensure effectiveness of operations b. update completeness and accuracy c. input accuracy d. ensure security of resources ANS: D

Controlling Information Systems: Business Process Controls 6. The purpose of input goals is to ensure that a. input validity, completeness, and accuracy b. update completeness and accuracy c. input accuracy d. none of the above ANS: A 7. In a control matrix the coding P-1 means a. process 1 b. process 1 is present c. process 1 is missing d. none of the above ANS: B 8. In a the columns representing control goals in a control matrix, the coding M-1 means a. a major control plan b. a missing control plan c. process 1 is missing d. none of the above ANS: C 9. The most error prone and inefficient steps in an operations or information process is a. report generation b. master data update c. data entry d. none of the above ANS: C 10. The columns in a control matrix contain headings describe the system's: a. control goals b. control plans c. control environment d. control procedures ANS: A 11. In the control matrix, the rows represent: a. control goals of the operations system b. recommended control plans including present and missing controls c. control goals of the information system d. control goals of the management system ANS: B 12. Having too many control plans directed at the same control goal is called: a. control efficiency b. control effectiveness c. control redundancy d. control completeness ANS: C

188

Controlling Information Systems: Business Process Controls

13. Which of the following symbols represents manual keying? a.

b.

c.

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: B 14. Which of the following symbols represents a manual process? a.

b.

c.

189

Controlling Information Systems: Business Process Controls

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: C 15. Which of the following symbols represents a computer process? a.

b.

c.

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: A

190

Controlling Information Systems: Business Process Controls

191

16. As an exception to the general rule, which one of the following is not necessarily included in the systems flowchart? a. control plan for input accuracy b. control plan for ensuring efficient employment of resources c. control plan for ensuring effective employment of resources d. none of the above ANS: B 17. Which of the following control plans does not address the control goal of input accuracy? a. document design b. written approvals c. preformatted screens d. online prompting ANS: B 18. Which of the following is a control plan in which the source document is designed to make it easier to prepare the document for input? a. document design b. written approval c. preformatted screens d. online prompting ANS: A 19. Which of the following is a control plan that takes the form of signatures or initials on a document to indicate that a person has authorized the event? a. document design b. written approval c. preformatted screens d. online prompting ANS: B 20. Which of the following is a control plan that controls the entry of data by defining the acceptable format of each data field? a. document design b. written approval c. preformatted screens d. online prompting ANS: C 21. Which of the following is a control plan that requests user input or asks questions that the user must answer? a. document design b. written approval c. preformatted screens d. online prompting ANS: D

Controlling Information Systems: Business Process Controls

192

22. A user mistakenly enters the data June 31. The programmed edit check that will detect this error is: a. online prompting b. mathematical accuracy check c. preformatted screen d. reasonableness check ANS: D 23. Which of the following reflects a summarization of any numeric data field within the input document or record? a. reasonableness check or limit check b. document/record hash totals c. mathematical accuracy check d. check digit verification ANS: B 24. Which of the following compares manual calculations to computer calculations? a. reasonableness check or limit check b. document/record hash totals c. mathematical accuracy check d. check digit verification ANS: C 25. A control that can be used to ensure that all of the characters of a social security number are entered by a data entry clerk is: a. dependency check b. rejection procedures c. preformatted screens d. turnaround documents ANS: C 26. A written approval in the form of a signature or initials on a document indicating that a person has authorized the event achieves the control goal of: a. input validity b. input completeness c. input accuracy d. update accuracy ANS: A 27. A control that can be used to reduce the likelihood of a transposition occurring when an account number is entered through a remote terminal is: a. check digit verification b. data encryption c. preformatted screens d. reasonableness checks ANS: A

Controlling Information Systems: Business Process Controls

193

28. Which of the following control plans is designed to achieve the goal of input completeness? a. key verification b. interactive feedback check c. programmed edit check d. written approvals ANS: B 29. A control whose primary purpose is to ensure greater input accuracy is: a. tickler file b. preformatted screens c. interactive feedback checks d. procedures for rejected inputs ANS: B 30. Not knowing whether input data has been accepted by the information system, the user enters the data again, resulting in duplicate event data. The control plan that helps to prevent this error is: a. key verification b. interactive feedback check c. check digit verification d. online prompting ANS: B 31. Which of the following control plans is designed to achieve the goal of input accuracy? a. key verification b. interactive feedback check c. batch sequence check d. cumulative sequence check ANS: A 32. A control in which two people key the same inputs into a system where they are automatically compared is called: a. online prompting b. key verification c. computer matching procedures d. a redundancy check ANS: B 33. Which of the following control plans is designed both to authenticate a system user's identity and to verify the integrity of a message transmitted by that user? a. coding schemes b. digital signature c. preformatted screens d. checking of digit verification ANS: B

Controlling Information Systems: Business Process Controls

194

34. A control that is primarily directed at ensuring input validity is: a. digital signature b. preformatted screens c. interactive feedback checks d. online prompting ANS: A 35. In the control matrix for data entry with master data, digital signatures addresses all of the following control goals except: a. ensure security of resources b. input completeness c. input validity d. input accuracy ANS: C 36. A sales representative enters the customer's account number and the system retrieves certain data about the customer from master data. This control plan addresses all of the control goals except: a. ensure efficient employment of resources b. input completeness c. input accuracy d. update completeness ANS: D 37. A digital signature is aimed primarily at ensuring which of the following information system control goals? a. input validity b. input completeness c. input accuracy d. update completeness ANS: A 38. All of the following are types of programmed edit checks except: a. a proximity check b. a document/record hash total c. a mathematical accuracy check d. a reasonableness check ANS: A 39. Which of the following is not a programmed edit check? a. online prompting b. check digit verification c. dependency checks d. limit checks ANS: A

Controlling Information Systems: Business Process Controls

195

40. A control report generated by a system that shows data about transactions that were accepted or rejected during a transaction processing step is called a(n): a. violation report b. exception and summary report c. variance report d. program change log ANS: B 41. Which of the following is a batch control total that represents the minimum level of control for input completeness? a. dollar totals b. record counts c. hash totals d. item counts ANS: B 42. A summation of customer account numbers taken from a batch of sales invoices would be classified as a: a. record count b. line count c. dollar total d. hash total ANS: D 43. Which batch control total generally has no other purpose than control? a. dollar totals b. record counts c. hash totals d. item counts ANS: C 44. Which of the following types of batch totals is likely to be most effective in assuring the control goal of input accuracy? a. line counts b. document/record counts c. item counts d. hash totals ANS: D 45. When they are sent to a customer and returned with the payment, remittance advices are examples of: a. batch control totals b. computer-prepared documents c. written approval controls d. turnaround documents ANS: D

Controlling Information Systems: Business Process Controls

196

46. Which of the following activities is not part of the computer agreement of batch totals: a. A batch total is manually computed prior to data entry. b. Data shown on source documents are key entered or scanned. c. The computer produces a report that includes a batch total. d. A person reconciles the manual and computer batch totals. ANS: D 47. Which of the following controls requires that documents be prenumbered before it can be implemented? a. completeness check b. sequence check c. batch total matching d. key verification ANS: B 48. Inputting a range of numbers comprising a batch and then inputting each serially numbered document is characteristic of the control plan called: a. cumulative sequence check b. batch sequence check c. suspense file of missing numbers d. computer agreement of batch totals ANS: B 49. Which of the following statements related to tickler files is false? a. A tickler file is reviewed on a regular basis for items that do not clear the file on a timely basis. b. A tickler file can consist of documents or computer records. c. A tickler file addresses the control goal of update accuracy. d. A tickler file addresses the control goal of input completeness. ANS: C 50. The process of encoding data so that it may only be read by someone having a key is called: a. a coding scheme b. encryption c. dependency checks d. check digit verification ANS: B 51. Plaintext and ciphertext are terms associated with __________. a. coding schemes b. hash totals c. programmed edit checks d. data encryption ANS: D

Controlling Information Systems: Business Process Controls

197

COMPLETION 1. Specifying ___________________ is the first step in building a control matrix. ANS: control goals 2. In the control matrix the P stands for __________ controls. ANS: present 3. A _______________ is a tool that assists in evaluating the control goals and recommended control plans of an information system. ANS: control matrix 4. Control ________________ addresses whether the control goals are being achieved. ANS: effectiveness 5. Control ______________ addresses how well individual control plans achieve multiple control goals. ANS: efficiency 6. The purpose of __________ controls is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse. ANS: security 7. The following symbol represents a(n) ______________.

ANS: manual process 8. The following symbol represents a(n) ______________.

ANS: computer process 9. The following symbol represents ______________.

ANS: manual keying

Controlling Information Systems: Business Process Controls

198

10. Control _________________ addresses whether multiple control plans are directed toward the same control goal. ANS: redundancy 11. The purpose of input goals is to ensure input validity, input ___________, and input _________. ANS: completeness, accuracy 12. The use of the letter M in a control matrix represents a(n) ____________________. ANS: missing control or missing control plan 13. The most error prone and inefficient steps in an operations or information process is (are) ____________. ANS: data entry or when humans enter data into the system 14. A control plan that makes it easier to prepare the document initially and later to input data from the document is called ____________________. ANS: document design 15. ____________________ takes the form of a signature or initials on a document to indicate that the proper person has authorized the event. ANS: Written approval 16. ____________________ help guide the online entry of data by defining the acceptable length of each data field and often dictating the acceptable format of certain fields. ANS: Preformatted screens 17. ____________________ describes a computer system's asking the user for input or asking questions that the user must answer. ANS: Online prompting 18. ____________________ are edits automatically performed by data entry programs upon entry of the input data. ANS: Programmed edit checks 19. Another name for a(n) ____________________ check is a limit check. ANS: reasonableness 20. ____________________ represent a summarization of any numeric data field within the input document or record. ANS: Hash totals

Controlling Information Systems: Business Process Controls

199

21. The edit that compares calculations performed manually with those performed by the computer to determine if a document has been entered correctly is referred to as ____________________. ANS: mathematical accuracy checks 22. A(n) ____________________ digit is an extra digit that is added to an identification number to help control the accuracy with which the number is entered into a computer system. ANS: check 23. ____________________ help ensure input completeness by informing the user that the input has been accepted and recorded. ANS: Interactive feedback checks 24. The control plan called ____________________ is designed to reduce the possibility that one person will misread or miskey data. ANS: key verification 25. A(n) ____________________ employs data encryption--specifically public-key cryptography--to authenticate a system user's identity and to verify the integrity of a message transmitted by that user. ANS: digital signature 26. A(n) _____________ and ______________ report is a computer-generated report that reflects the events--either in detail, summary total, or both--that were accepted by the system and rejected by the system. ANS: exception and summary 27. ____________________ regulate transaction processing by calculating control totals at various points in a processing run and subsequently comparing those totals. ANS: Batch control plans 28. ____________________ are simple counts of the number of documents entered. ANS: Document/record counts 29. A count of the number of invoices being paid by all of the customer remittances is a type of batch control total called a(n) ____________________. ANS: line or item count 30. The total dollar value of all invoice totals in a batch of sales invoices is called a(n) ____________________. ANS: dollar total

Controlling Information Systems: Business Process Controls

200

31. A(n) ____________________ is the general term to describe the summation of data that would not normally be totaled except for control purposes. ANS: hash total 32. A(n) ____________________ is a document that is printed as an output of one computer process and is used to capture and input a subsequent transaction. ANS: turnaround document 33. In the control matrix for data entry with batches, the control plan “compare picking tickets and packing slips” helps to ensure the control goals of effectiveness of operations and ensure ________________. ANS: security of resources 34. In order to implement either a batch sequence check or cumulative sequence check, transactions must be captured on ____________________ documents. ANS: prenumbered 35. _______________ are a summarization of the dollar value of items in the batch. ANS: Dollar totals 36. In a(n) ____________________ a computer program sorts the transactions into numerical order, checks the documents against the sequence number range, and reports missing, duplicate, and out-ofrange event data. ANS: batch sequence check 37. The ____________________ provides input control in those situations in which the serial numbers are assigned within the organization but later are not entered in perfect serial number sequence. ANS: cumulative sequence check 38. ____________________ is a process that employs mathematical algorithms and keys to encode data so that it is unintelligible to the human eye. ANS: Data encryption

Controlling Information Systems: Business Process Controls

201

PROBLEM 1. The workings of the control plan computer agreement of batch totals are described in Chapter 9 as follows (paraphrased): • •

•

•

First, one or more of the batch totals discussed in Chapter 9 are established manually (assume this is done in the billing department). Then, the manually prepared total must be entered into the computer and is written to a computer batch control totals file (assume that the keying is done in a data entry unit of the data center). As individual transactions are entered, a computer program accumulates independent batch totals and compares these totals with the ones prepared manually and entered at the start of the processing. The computer then prepares an "Error and Summary Report," which usually contains details of each batch, together with an indication of whether the totals agreed or disagreed.

Required: Prepare a system flowchart to diagram the above process. Assume that batches of transactions are input through a network computer device located in the billing department; the network computer is wired directly to a centralized mainframe computer. ANS:

Controlling Information Systems: Business Process Controls

202

2. The workings of the control plan batch sequence check are described in Chapter 9 as follows (paraphrased): • • •

First, the range of serial numbers composing a batch of documents is entered (assume that key entry is done in a data entry unit of the data center). Then, data from each individual, serially prenumbered document is entered. Finally, the computer program sorts the event data into numerical order, checks the document numbers against the sequence number range, and prints a "Report of Missing, Duplicate, and Out-of-Range Numbers."

Required: Prepare a system flowchart to diagram the above process. Assume that batches of documents are input through a network computer (NC) device located in the billing department; the NC is connected directly to a centralized mainframe computer.

Controlling Information Systems: Business Process Controls

203

ANS: Data center

Data entry

Computer

Prenumbered source documents

Key serial number range

Record Number Change

Number table

Prenumbered source documents

Key individual events

Record event data

Event data

Check documents against sequence number range & print report of missing, duplicate, and out of range numbers

Report of missing, duplicate, or out of range numbers

Sort events into numerical order

Sorted event data

3. Figure TB-9.3 shows eight flowchart segments taken from the Chapter 9 flowcharts. The segments-identified A through I--have been stripped of almost all labels.

Controlling Information Systems: Business Process Controls Segment D

204

Segment G

Segment A

Segment B

Segment E

Segment H

Segment I Segment C

Segment F

Required: On the blank line to the left of each numbered description that follows, place the capital letter of the flowchart segment from Figure TB-9.4 that best matches that description. Since there are ten descriptions, one answer space will be left blank. FLOWCHART DESCRIPTION Answers _____

1. After resolving discrepancies, a data entry clerk keys corrections. The computer processes the corrections and a screen message confirms that the corrections were accepted.

_____

2. The computer edits/validates input by reference to data residing in a master data, records event data and prints a single error and summary report.

_____

3. The user resolves discrepancies displayed by the computer system and keys in any corrections that are necessary.

Controlling Information Systems: Business Process Controls

_____

4. The computer records events in event data, updates the master data, and a screen message confirms that the input has been accepted.

_____

5. An employee in a user department assembles source documents into batches and prepares batch totals.

_____

6. At a remote location, a user enters data into a central computer system. The system edits the input and displays a message on screen informing the user of any errors.

_____

7. A data entry clerk enters batch totals and the data from source documents. The master data is updated and a screen message is displayed.

_____

8. A data entry clerk enters data on a source documents. The computer edits the input and a screen message is displayed for any input errors.

_____

9. A user compares output totals shown on an error and summary report with input totals shown on a batch control tape.

ANS: Description Number 1. 2. 3. 4. 5. 6. 7. 8. 9.

Flowchart Segment F C G A B H I E D

4. The following is a list of 14 control plans.

A. B. C. D. E. F. G. H. I.

Control Plans Enter data close to the originating source Preformatted screens Interactive feedback checks Programmed edit checks Document design Key verification Written approvals Digital signatures Rejection procedures

205

Controlling Information Systems: Business Process Controls

206

Required: Listed below are eight system failures that have control implications. On the blank line to the left of each number, insert the capital letter from the list above of the best control plan to prevent the system failure from occurring. (If you can't find a control that will prevent the failure, then choose a detective plan or, as a last resort, a corrective control plan). A letter should be used only once. SYSTEM FAILURES Answers _____

1.

A clerk logged on to an online cash receipts system by entering the date of April 38, 20XX, instead of the correct date of April 28, 20XX. As a result, all cash receipts recorded that day were posted under an incorrect date.

_____

2.

Wabash Company enters shipping notices in batches. Upon entry, the computer performs certain edits to eliminate those notices that have errors. As a result, many actual shipments never get recorded.

_____

3.

At Nouveau Boutique, several different sales clerks prepare sales slips during the day. The sales slips are then keyed into the computer at Nouveau Boutique at the end of the day. However, numerous errors occur because the layout of the sales slips is difficult for the data entry clerk to follow.

_____

4.

Pitney Co. recently converted to an online order entry system. Clerks key in customer order data at one of several PCs. In the first week of operations, every sales order produced by the system was missing the data for the customer's "ship to" address.

_____

5.

A computer hacker gained access to the computer system of East Suburban Bank and entered a transaction to transfer funds to her bank account in the British West Indies.

_____

6.

Data entry clerks at the Videotron Company use key-to-disk units to prepare a variety of inputs for entry into the computer and the computer performs an agreement of batch totals. Recently, a number of errors have been found in key numeric fields. The supervisor would like to implement a control to reduce the transcription errors being made by the clerks.

_____

7.

At Cosmo Co., field salespersons call on customers and take customer orders by recording them on sales order forms. The forms are mailed by each salesperson each night to Cosmo's central data center for processing. The company has been besieged by customer complaints about how long it takes to receive their orders and about being shipped incorrect goods.

_____

8.

Ajax, Inc., recently installed a new cash receipts system. A clerk keys in remittance data through a terminal located in the accounts receivable department. On the first day of operations, because of a program bug, all remittances entered failed to get posted to the accounts receivable master file. Although the computer performs an agreement of batch totals, the clerk had no idea that the system did not perform the master data update process.

Controlling Information Systems: Business Process Controls _____

9.

207

At Infotech Inc., data entry clerks receive a variety of inputs from many departments throughout the company. In some cases, unauthorized inputs are keyed and entered into the computer.

ANS: System Failure 1. 2. 3. 4. 5. 6. 7. 8. 9.

Answer D I E B H F A C G

5. The following is a list of 8 control plans: Control Plans A. Populate inputs with master data B. Cumulative sequence check C. Turnaround documents D. Document/record counts

E. Document design F. Preformatted screens G. Dependency check H. Hash total

Required: Listed below are eight statements describing either the achievement of a control goal (i.e., a system success) or a system deficiency. On the blank line to the left of each number, insert the capital letter from the list above of the best control plan to achieve the described goal or to address the system deficiency. A letter should be used only once, with four letters left over. CONTROL GOALS OR SYSTEM DEFICIENCIES Answers _____

1.

Helps to achieve the information systems control goal of input accuracy by ensuring that dates are properly entered as MM/DD/YY.

_____

2.

According the control matrix for data entry with batches, by using a prerecorded bar code to trigger an event, this control plan ensures effectiveness of operations and improves efficiency by reducing the amount of data that must be input and by improving the speed and productivity of data entry. In addition, this control plan improves input validity, and improves input accuracy.

_____

3.

This control plan could help prevent the entry of inconsistent data elements, such as entering a tax code for a customer to whom sales should be nontaxable.

Controlling Information Systems: Business Process Controls _____

4.

According to the control matrix for data entry with master data, when the order entry clerk types in the customer number, the system automatically retrieves the customer's name, address, and other standing data from the customer master data. In this way, resources are used more efficiently.

_____

5.

This control plan should prevent a field salesperson from omitting data elements when filling in the sales order form on his/her notebook computer.

_____

6.

In entering a batch of remittance advices into the computer, an operator made several errors in keying the customer identification numbers. However, the errors were detected when the total of the customer ID numbers that were input did not agree with the corresponding total calculated from the source documents.

_____

7.

This control plan helps to identify duplicate, missing, and out-of-range document numbers by comparing input numbers with a previously stored number range.

_____

8.

This batch control total does not help to ensure input accuracy, nor would it detect the fact that one record in a batch was removed and substituted with another.

ANS: Control Goal/ System Deficiency 1. 2. 3. 4.

Answer F C G A

Control Goal/ System Deficiency 5. 6. 7. 8.

Answer E H B D

6. The following is a systems flowchart for data entry with master data available. Create a control matrix based on this flowchart.

208

Controlling Information Systems: Business Process Controls

Use the following columns for your control matrix from left to right: 1. Recommended control plans Control Goals for the Operations Process 2. Ensure effectiveness of operations 3. Ensure efficient employment of resources 4. Ensure security of resources Control Goals for the Information Process 5. For the (blank) inputs, ensure: Divide this column up into IV, IC, IA columns 6. For the (blank) master data, ensure: Divide this column up into UC, UA columns Use a legend: IV = Input Validity IC = Input completeness IA = Input accuracy UC = Update completeness UA = Update accuracy ANS:

209

Controlling Information Systems: Business Process Controls

210

Controlling Information Systems: Business Process Controls

211

Chapter 10—The Order Entry/Sales (OE/S) Process TRUE/FALSE 1. The order entry/sales (OE/S) process includes the first four steps in the order to cash process. ANS: T 2. The first step in the order-cash process is sales order processing. ANS: F 3. Customers expect convenient and timely access to information about their order from order initiation to product delivery. ANS: T 4. The OE/S process helps support the decision needs of the accounting department. ANS: F 5. One of the primary functions of the OE/S is to create information flows which support the repetitive work routines of the sales order, shipping, and credit departments. ANS: T 6. The flow of information from OE/S to marketing managers is an example of horizontal information flows. ANS: F 7. The flow of information from OE/S to the credit department is an example of vertical information flows. ANS: F 8. For companies using enterprise systems CRM systems often share the same underlying database and gather data about the firm’s customer population. ANS: T 9. A sales order form is a business document that captures vital customer and order data and facilitates the credit-granting and shipment functions of the order entry/sales (OE/S) process. ANS: T 10. Data base management systems are designed to provide detailed data for a specific set of users while avoiding the costly development and extensive time delays that come from the development of a comprehensive data warehouse.

Controlling Information Systems: Business Process Controls

212

ANS: F 11. A CRM system is designed to manage all the data related to customers, such as marketing, field service, and contact management data. ANS: T 12. Sell-side systems use the Internet to automate and manage corporate vendors and purchases. ANS: F 13. Buy-side systems are designed to allow a company to market sell deliver and service goods and services to customers throughout the world via the Internet. ANS: F 14. XML is a generalized system for the customized tagging of data to enable the definition, transmission, and interpretation of data exchanged by systems over the Internet. ANS: T 15. The buzzword in CRM which means the grouping of customers into categories based on key characteristics is itemization. ANS: F 16. In the OE/S process context diagram, the one input that creates the seven outputs of inventory sales update, shipping’s billing notification, sales order notification, bill of lading, packing slip, payroll data for commissions, and customer acknowledgement is the customer order. ANS: T 17. When a source document provides authority for a business activity to occur, the source document is said to trigger the activity. ANS: T 18. If a check of the customer master data shows that the goods requested on a customer order are not in stock, an exception routine called a back order is initiated. ANS: F 19. A packing slip authorizes the warehouse to remove goods from the warehouse and send them to the shipping department. ANS: F 20. A picking ticket is affixed to the inventory package sent to the customer and identifies the customer and the contents of the package.

Controlling Information Systems: Business Process Controls

213

ANS: F 21. Vendor acknowledgements are sent to vendors to notify them that their orders have been accepted and to inform them of the expected delivery date. ANS: F 22. A bill of lading is the document representing the contract between the shipping company and the common carrier. ANS: T 23. In the OE/S process level 0 diagram, the sales order notification is sent to billing/AR/CR from the bubble for validate sales order. ANS: T 24. If a customer refuses to accept a back order, then the sales order is terminated as shown by the accept data flow. ANS: F 25. A customer acknowledgement is sent to the customer to notify him or her of the order’s acceptance and the expected shipping date. ANS: T 26. A customer acknowledgement is sent to the billing department to notify them of a pending shipment. ANS: F 27. In the E-R diagram for OE/S, SALES_ORDERS activates the STOCK_PICK. ANS: T 28. In the E-R diagram for OE/S, STOCK_PICK triggers the SALES_INVOICES. ANS: F 29. In the E-R diagram for OE/S, SHIPMENTS generate the SALES_INVOICES. ANS: T 30. The marketing data is a repository of a variety of sales-oriented data, some of which results from recording sales events and some of which does not produce event data, such as a customer inquiry. ANS: T 31. The inventory master data normally contains standing data about each customer, such as name, billing and ship-to addresses, and telephone number.

Controlling Information Systems: Business Process Controls

214

ANS: F 32. The customer master data is a data store that contains data identifying the particular characteristics of each customer. ANS: T 33. The completed picking ticket file provides an audit trail of authorized inventory transfers made between the warehouse and the shipping department. ANS: T 34. Records in the sales order master data are created upon the completion of a sales order and are closed out once the order has been shipped. ANS: T 35. OCR devices that use light reflection to read differences in code patterns in order to identify a labeled item. ANS: F 36. Bar code readers are used to recognize patterns of handwritten or printed characters. ANS: F 37. Output devices that capture printed images or documents and convert them into electronic digital signals that can be stored in computer media are called scanners. ANS: F 38. When a customer service representative enters data into the OE/S system, the first screen prompt is usually for the customer number. ANS: T 39. A tickler file is one that is reviewed on a current and regular basis for the purpose of taking action to clear the items from that file. ANS: T 40. Preformatted screens in the order entry/sales process is a control plan that involves the detailed comparison of the individual elements appearing on two source documents. ANS: F 41. One-for-one checking in the order entry/sales process is a control plan that simplifies the data entry process, and may prevent the customer service representative from omitting data, to fill in certain fields, and reject incorrectly formatted fields to reduce input errors. ANS: F

Controlling Information Systems: Business Process Controls

215

42. Online prompting in the order entry/sales process is a control plan that advises the customer service representative to check their data entries before moving on. ANS: T 43. Interactive feedback checks in the order entry/sales process is a control plan that tells the customer service representative that the order and shipments have been accepted. ANS: T 44. Customer credit check is a control plan that ensures that the organization protects its resources by dealing only with customers who have demonstrated an ability to satisfy their liabilities. ANS: T MULTIPLE CHOICE 1. The order entry/sales (OE/S) process is part of the __________ cycle. a. revenue b. expenditure c. conversion d. general ledger/financial reporting ANS: A 2. The order entry/sales (OE/S) process handles the processing and shipment of a customer order while another process actually bills the customer. With such a configuration, you would not expect the OE/S system to interface directly with the __________. a. billing/accounts receivable/cash receipts process b. inventory process c. general ledger process d. human resource process ANS: D 3. The OE/S process includes the first four steps in the order to sales process. The order of these four steps is a. pre-sales activities, sales order processing, picking and packing, shipping b. pre-sales activities, picking and packing, sales order processing, shipping c. pre-sales activities, picking and packing , shipping, sales order processing d. none of the above ANS: A 4. The primary function of the order entry/sales (OE/S) process includes: a. identifying decisions made by marketing personnel b. highlighting the key organizational features of the marketing function c. producing financial statements d. meeting the decision needs of those who manage various sales and marketing functions

Controlling Information Systems: Business Process Controls

216

ANS: D 5. In addition to the warehousing function, the three primary departments that you would expect to be part of a typical order entry/sales (OE/S) process are: a. sales order, shipping, and credit b. sales order, shipping, and accounts receivable c. sales order, credit, and accounts receivable d. credit, shipping, and accounts receivable ANS: A 6. The ultimate goal of the OE/S process is a. to ensure accuracy of order entry and sales events b. to ensure increasing sales volume through the OE/S process c. to provide value to the customer d. none of the above ANS: C 7. From the standpoint of good internal control, which of the following managers should not report (either directly or through an intermediate supervisor) to the vice president of marketing? a. manager--new product development b. manager--customer sales and service c. manager--credit department d. manager--sales order department ANS: C 8. When the sales order department acknowledges a customer order, it is an example of a: a. vertical information flow b. horizontal information flow c. both vertical and horizontal information flow d. neither vertical nor horizontal information flow ANS: B 9. When the sales-related data are captured in the sales order department and then the information flows to the managers housed in the marketing department, it is an example of a: a. vertical information flow b. horizontal information flow c. both vertical and horizontal information flow d. neither vertical nor horizontal information flow ANS: A 10. Which of the following is a horizontal information flow? a. sales order department requests credit approval from credit department b. sales order department acknowledges the order to the customer c. warehousing sends completed picking ticket to shipping d. all of the above are horizontal information flows ANS: D

Controlling Information Systems: Business Process Controls 11.

217

With companies facing global competition, firms are recognizing that their most important asset is? a. inventory b. machinery and equipment c. cash d. a happy customer ANS: D

12. The OE/S process addresses the decision needs of managers of various sales and marketing functions through the use of: a. vertical information flows b. horizontal information flows c. both vertical and horizontal information flows d. neither vertical nor horizontal information flows ANS: C 13. When the sales manager uses ZIP code data taken from customer order forms to plan an advertising campaign, she is using ____________ that might be associated with the OE/S process. a. horizontal information flows b. vertical information flows c. both vertical and horizontal information flows d. neither vertical nor horizontal information flows ANS: B 14. Which of the following statements related to ERP support for horizontal information flows in the OE/S process is false? a. Once the sales order department releases the order to credit approval, the document would be automatically routed electronically to the credit department and queued for their approval. b. Once the shipping department releases the shipment, the information would be entered into the ERP system at the shipping location to record the order as shipped. c. An ERP system requires the business to change the information flows of the business process. d. The sales order department’s response to the customer would be automatically triggered by the ERP system. ANS: C 15. Which of the following statements identifies a recent trend in today's business environment? a. Establishing an E-Business web site provides the business with a competitive advantage. b. The most important asset of a business today is its IT infrastructure. c. IT managers must increase their annual expenditures for hardware, software, and telecommunication technology. d. The quality of customer service influences the ability of a business to compete in a global marketplace. ANS: D

Controlling Information Systems: Business Process Controls

218

16. Which is an example of vertical reporting by the order entry/sales (OE/S) process? a. The credit manager notifies sales order processing that a customer's credit has been approved. b. Sales by geographical region are reported to the manager of customer sales and service. c. The shipping department notifies sales order processing of all shipments made for a particular period of time. d. The sales order department acknowledges a customer order. ANS: B 17. ______________ applications in organizations are usually viewed as being focused on either operational or analytical applications. a. data mining b. data warehousing c. data entry d. market segmentation ANS: B 18. ______________ is intended to allow the use of sophisticated statistical and other analytical software to help an organizations’s members develop insights about customers, processes and markets.. a. data mining b. data entry c. e-commerce module d. market segmentation ANS: A 19. For a company using an ERP system, what is the most effective tool to assist marketing managers in identify smaller portions of the customer population? a. e-commerce module b. data entry c. data mart d. market segmentation ANS: C 20. ___________ systems use the Internet to automate and manage vendors and purchases with the predominate technology being electronic data interchange (EDI). a. Customer relationship management b. Buy side c. Sell side d. none of the above ANS: B 21. ___________ applications can handle both B2B and B2C transactions. a. Customer relationship management b. Buy side c. Sell side d. none of the above ANS: C

Controlling Information Systems: Business Process Controls

219

22. The grouping of customers into categories based on key characteristics is called a. customer relationship management b. segmentation c. XML d. web services ANS: B 23. In the context diagram for an order entry/sales (OE/S) process the OE/S process has 6 outputs which include all of the following except a. the billing/accounts receivable/cash receipts process b. the carrier c. the general ledger process d. the marketing process ANS: D 24. A data flow or event that causes a process to begin is called a: a. tickler b. trigger c. document d. validity check ANS: B 25. A process for out-of-the-ordinary or erroneous events is called: a. exception routine b. summary report c. corrective routine d. normal routine ANS: A 26. An example of a "rejection procedure" is a(n): a. back order process b. inventory subroutine c. customer acknowledgment process d. sales order processing process ANS: A 27. In a logical DFD for the order entry/sales (OE/S) process, which of the following data stores would you expect to be updated by the process complete sales order? a. customer master data b. accounts receivable master data c. marketing data d. inventory master data ANS: D

Controlling Information Systems: Business Process Controls

220

28. In a logical DFD for the order entry/sales (OE/S) process, which of the following data stores is least likely to interact with the process validate sales order? a. general ledger b. accounts receivable master data c. marketing data d. inventory master data ANS: A 29. In a typical order entry/sales (OE/S) process, validating a sales order likely would involve all of the following processes except: a. checking the customer's credit b. verifying inventory availability c. completing the sales order d. completing the picking ticket ANS: D 30. Before a shipping notice is prepared by shipping personnel, they should match the details of which of the following pairs of data flows? a. The picking ticket and a copy of the sales order earlier sent to shipping from the order entry department. b. The completed picking ticket and a copy of the sales order earlier sent to shipping from the order entry department. c. A copy of the sales order earlier sent to shipping from the order entry department and the bill of lading. d. The completed picking ticket and the bill of lading. ANS: B 31. According to the logical flow diagrams of the OE/S system, which of the following data stores provides data to the system but is not updated by it? a. shipping notice data b. sales order master data c. marketing data d. customer master data ANS: D 32. For a typical order entry/sales (OE/S) process to check a customer's credit, all of the following data stores likely would be consulted except the: a. inventory master data b. customer master data c. accounts receivable master data d. sales order master data ANS: A 33. A document that is used when filling a sales order to authorize the movement of goods from a warehouse to shipping is called a: a. shipping order b. packing slip c. picking ticket d. blind authorization ANS: C

Controlling Information Systems: Business Process Controls

221

34. In an order entry/sales (OE/S) process, you could expect that a sales order notification would be sent to a. the billing/accounts receivable/cash receipts process b. the customer c. the general ledger process d. the warehouse ANS: A 35. At the time that the shipping notice is prepared and disseminated, two data stores within the order entry/sales (OE/S) process normally are updated. Those two data stores are the: a. customer and accounts receivable master data b. accounts receivable and sales order master data c. accounts receivable master and shipping notice data d. sales order master and inventory master data ANS: D 36. Which of the following documents represents a formal "contract" between two parties? a. shipping's inventory notification b. packing slip c. customer acknowledgment d. bill of lading ANS: D 37. Which of the following data stores is designed primarily to serve the vertical information needs of the organization rather than the horizontal information flows? a. inventory master data b. marketing data c. shipping notice data d. customer master data ANS: B 38. Which of the following data is least likely to be stored in the customer master data? a. customer number b. billing address c. ship-to address d. open invoices ANS: D 39. Which document may show a number of items which are different from the number of items actually shipped to a customer? a. completed picking ticket b. bill of lading c. sales order d. packing slip ANS: C

Controlling Information Systems: Business Process Controls

222

40. In an entity-relationship (E-R) diagram for the order entry/sales (OE/S) process, you would expect that the word trigger would appear in the diamond showing the relationship between which of the following pairs of entities? a. CUSTOMER and SALES ORDER b. CUSTOMER and SHIPMENT c. STOCK PICK and SHIPMENT d. SALES INVOICE and SHIPMENT ANS: C 41. Which of the following attributes would not be contained in the related relational table? a. customer_street attribute in the Customers relation b. quantity_on_hand in the Inventory relation c. shipping_company in the Sales Order relation d. invoice_total in the Sales Order relation ANS: D 42. In a database containing (among others) four relations--CUSTOMERS, SALES ORDERS, SALES_ORDER Line item INVENTORY, and SHIPMENTS--you would expect that a combination of the SO_No and Item_No attributes would be the primary key for the __________ relation. a. CUSTOMERS b. SALES ORDERS c. SALES_ORDER Line item INVENTORY d. SHIPMENTS ANS: C 43. Which of the following goals is not an example of a process goal of the typical order entry/sales (OE/S) process? a. to provide timely responses to customer inquiries b. to provide timely acknowledgments of customer orders c. to provide timely updates to general ledger accounts d. to provide timely shipments of goods to customers ANS: C 44. In constructing a control matrix for an order entry/sales (OE/S) process, the principal data input(s) to the information system likely would be: a. customer inquiries and customer order inputs b. customer inquiries and shipping notice inputs c. customer order and shipping notice inputs d. customer order ANS: C 45. The file most important for ensuring validity of inputs is the: a. customer master data b. accounts receivable master data c. marketing data d. completed picking ticket data ANS: A

Controlling Information Systems: Business Process Controls

223

46. The primary reason that direct entry of sales order data by sales personnel enhances efficiency is because: a. it increases the likelihood of erroneous data being input b. sales personnel can enter data faster than data entry clerks c. fewer data items need to be entered by sales personnel d. the need for data entry clerks is eliminated ANS: D 47. The control plan preformatted screens is directed primarily toward achieving the information process control goal of ensuring: a. sales order input validity b. sales order input accuracy c. sales order input completeness d. sales order update completeness ANS: B 48. The control plan interactive feedback check helps to achieve the sales order input control goal of: a. sales order input validity b. sales order input accuracy c. sales order input completeness d. shipping notice input accuracy ANS: C 49. In the OE/S process, the document that represents an independent authorization to ship goods to the customer is the: a. bill of lading b. sales order c. customer acknowledgment d. none of the above ANS: B 50. In the control matrix of the OE/S process, regarding shipping notice inputs, which of the following control goals is ensured by the control plan “compare input data with master data”? a. input completeness and input accuracy b. input completeness and input validity c. input validity and input accuracy d. none of the above ANS: C COMPLETION 1. The order entry/sales (OE/S) process includes the first four steps in the ________________ process. ANS: order-cash 2. The first step in the order-cash process is ______________. ANS: pre-sales activities

Controlling Information Systems: Business Process Controls

224

3. _______________ expect convenient and timely access to information about their order from order initiation to product delivery. ANS: Customers 4. The OE/S process helps support the decision needs of the _____________ department. ANS: marketing 5. One of the primary functions of the ____________________ is to create information flows which support the repetitive work routines of the sales order, shipping, and credit departments. ANS: order entry/sales (OE/S) process 6. The flow of information from OE/S to marketing managers is an example of _______________ information flows. ANS: vertical 7. The flow of information from OE/S to the credit department is an example of _______________ information flows. ANS: horizontal 8. For companies using enterprise systems, _____________________ systems often share the same underlying database and gather data about the firms customer population. ANS: CRM 9. A(n) ____________________ form is a business document that captures vital customer and order data and facilitates the credit-granting and shipment functions of the order entry/sales (OE/S) process. ANS: sales order 10. ____________________ are designed to provide detailed data for a specific set of users while avoiding the costly development and extensive time delays that come from the development of a comprehensive data warehouse. ANS: Data marts 11. A __________________________________ is designed to manage all the data related to customers, such as marketing, field service, and contact management data. ANS: customer relationship management system 12. _____________ systems use the Internet to automate and manage corporate vendors and purchases. ANS: Buy-side

Controlling Information Systems: Business Process Controls

225

13. _____________ systems are designed to allow a company to market, sell, deliver, and service goods and services to customers throughout the world via the Internet. ANS: Sell-side 14. _______________ is a generalized system for the customized tagging of data to enable the definition, transmission, and interpretation of data exchanged by systems over the Internet. ANS: XML 15. The buzzword in CRM which means the grouping of customers into categories based on key characteristics is ____________________. ANS: segmentation 16. In the OE/S process context diagram, the one input that creates the six outputs of inventory sales update, sales order notification, bill of lading, packing slip, payroll data for commissions, and customer acknowledgement is the ______________. ANS: customer order 17. When a source document provides authority for a business activity to occur, the source document is said to ____________ the activity. ANS: trigger 18. If a check of the inventory master data shows that the goods requested on a customer order are not in stock, an exception routine called a(n) ____________________ process is initiated. ANS: back order 19. A(n) ____________________ authorizes the warehouse to remove goods from the warehouse and send them to the shipping department. ANS: picking ticket 20. A(n) ____________________ is affixed to the inventory package sent to the customer and identifies the customer and the contents of the package. ANS: packing slip 21. ____________________ are sent to customers to notify them that their orders have been accepted and to inform them of the expected shipping date. ANS: Customer acknowledgments 22. A(n) ____________________ is the document representing the contract between the shipping company and the common carrier. ANS: bill of lading

Controlling Information Systems: Business Process Controls

226

23. In the OE/S process level 0 diagram, the ____________ notification is sent to billing/AR/CR from the bubble for validate sales order. ANS: sales order 24. If a customer refuses to accept a back order, then the sales order is terminated as shown by the __________ data flow. ANS: reject 25. In the ER diagram for OE/S, SALES_ORDERS activates the __________________. ANS: STOCK_PICK 26. In the ER diagram for OE/S, STOCK_PICK triggers the __________________. ANS: SHIPMENTS 27. In the ER diagram for OE/S, SHIPMENTS generate the __________________. ANS: SALES_INVOICES 28. The ____________________ data is a repository of a variety of sales-oriented data, some of which results from sales order events, and some of which does not produce event data, such as a customer inquiry. ANS: marketing 29. The ____________________ data normally contains standing data about each customer, such as name, billing and ship-to addresses, and telephone number. ANS: customer master 30. The ____________________ file provides an audit trail of authorized inventory transfers made between the warehouse and the shipping department. ANS: completed picking ticket 31. Records in the ____________________ master data are created upon the completion of a sales order and are closed out once the order has been shipped. ANS: sales order 32. _________________ are devices that use light reflection to read differences in code patterns in order to identify a labeled item. ANS: Bar code readers 33. _________________ is used to recognize patterns of handwritten or printed characters. ANS: Optical character recognition

Controlling Information Systems: Business Process Controls

227

34. Input devices that capture printed images or documents and convert them into electronic digital signals that can be stored in computer media are called ____________. ANS: scanners 35. When a customer service representative enters data into the OE/S system, the first screen prompt is usually for the ________________. ANS: customer number alternatively the answer could be customer name 36. A(n) ____________________ file is one that is reviewed on a current and regular basis for the purpose of taking action to clear the items from that file. ANS: tickler 37. ____________________ is a control plan that involves the detailed comparison of the individual elements appearing on two source documents. ANS: One-for-one checking 38. ____________________ is a control plan that simplifies the data entry process, and may prevent the customer service representative from omitting data, to fill in certain fields, and reject incorrectly formatted fields to reduce input errors. ANS: Preformatted screens 39. ____________________ is a control plan that advises the customer service representative to check their data entries before moving on. ANS: Online prompting 40. ____________________ is a control plan that tells the customer service representative that the order and shipments have been accepted. ANS: Interactive feedback checks 41. ____________________ is a control plan that ensures that the organization protects its resources by dealing only with customers who have demonstrated an ability to satisfy their liabilities. ANS: Customer credit check

Controlling Information Systems: Business Process Controls

228

PROBLEM 1. The Figure below shows a portion of the horizontal perspective of an OE/S process. The following functional titles, data flow descriptions, and external entities have been omitted. Functional Titles A. Credit department B. Sales order department C. Shipping department D. V.P. finance E. V.P. logistics

Data Flow Descriptions F. Customer places order. G. Sales order department requests credit approval from credit department. H. Credit department informs sales order department of disposition of credit request. I. Sales order department acknowledges order to the customer. J. Sales order department notifies shipping department of sales order. K. Sales order department notifies warehouse and B/AR/CR process of shipment. L. Warehouse sends completed picking ticket to shipping. M. Shipping department informs sales order department of shipment. N. Shipping department informs carrier, B/AR/CR process, and general ledger process of shipment. External Entities O. B/AR/CR Process P. B/AR/CR Process Q. Carrier R. Customer S. Customer T. General Ledger Process Required: Complete Figure TB-10.1 by inserting the letter corresponding to the: (a) functional titles into the boxes, (b) data flows descriptions in the circles next to each data flow, and (c) external entities in the circles within the box representing the relevant environment.

Controlling Information Systems: Business Process Controls

229

VP Marketing

Warehouse

Entities in the relevant environment of the OE/S Process

Controlling Information Systems: Business Process Controls

230

ANS:

2. The figure below is an order entry/sales (OE/S) process level 0 DFD. A narrative of the process follows. Narrative Description How does the OE/S process then validate a customer order? First, it verifies the availability of requested inventory by consulting the inventory master data. If a sufficient level of inventory is on hand to satisfy the request, the order is forwarded for further processing, and produces the data flow “Inventory available order.” Conversely, if a customer orders goods that are not in stock, the process runs a special back order routine. If the customer refuses to accept a back order, then the sales event is terminated and the order is rejected, producing the “Reject” data flow. Information from the order (e.g., sale region, customer demographics, and order characteristics that reflect buying habits) that has potential value to marketing would be recorded in the marketing data.

Controlling Information Systems: Business Process Controls

231

After assuring inventory availability, the next process establishes the customer’s existence and then approves credit. The system uses the customer master data and accounts receivable master data to determine where the customer is located and from what parts of the organization they make purchases. This allows an organization to readily determine the amount of credit available to that customer worldwide. If the customer has exceeded their credit limit, the order is rejected and produces a “Reject” data flow. How does the process complete the sales order? The next process receives an accepted order. It then completes the order by adding price information, which is ascertained from the inventory master data. Then, the process performs the following activities simultaneously: 1. Updates the inventory master data to allocate the quantity ordered to the sales order 2. Updates the sales order master data to indicate that a completed sales order has been created Then the system disseminates the sales order. This includes the following data flows: 1. A picking ticket authorizes the warehouse to “pick” the goods from the shelf and send them to shipping. The picking ticket identifies the goods to be picked and usually indicates the warehouse location. 2. A customer acknowledgment is sent to the customer to notify him or her of the order’s acceptance and the expected shipment date. 3. A sales order notification is sent to the billing department to notify them of a pending shipment Required: From the DFD in the figure below and the narrative description above, explode bubble 1.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

232

Controlling Information Systems: Business Process Controls

233

ANS:

3. The narrative that follows is of process 3.0 in the level 0 DFD shown in the figure below. Narrative Description This narrative describes activities that normally take place in a shipping department. The process first receives two data flows; namely, the completed picking ticket, and data retrieved from the sales order master data table. The shipping clerk matches the quantity of the goods with the quantity on the picking ticket, and the quantity stored in the sales order data store. If the details agree, the matched sales order is forwarded to the next process. If the details of the data flows do not agree, the process rejects the order and initiates procedures for resolving any discrepancies. When the next process receives the matched sales order and it produces and disseminates notices of the shipment and updates the sales order and inventory master data tables. The sales order master data is updated to reflect that the goods have been picked, packed, and shipped. The inventory master data is updated to change the quantity allocated for the sales order to an actual shipment, thus reducing the quantity of inventory on hand. We generally expect the dissemination of notices will include the following data flows:

Controlling Information Systems: Business Process Controls

234

Shipping’s billing notification (to notify billing to begin the billing process). Bill of lading, a contract between the shipper and the carrier in which the carrier agrees to transport the goods to the shipper’s customer. The carrier’s signature on the bill of lading, and/or the customer’s signature on some other form of receipt, substantiates the shipment. A packing slip is attached to the outside of a package and identifies the customer and the contents of the package. General ledger inventory sales update to notify the general ledger process that inventory has been sold and the cost of goods sold has increased. Required: From the DFD in the figure below and the narrative description above, explode bubble 3.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

ANS:

235

Controlling Information Systems: Business Process Controls

236

4. The entity-relationship (E-R) diagram in Figure TB-10.6 represents an order entry/sales process, but with the names of certain entities and relationships removed from the boxes and diamonds, respectively. The names omitted are:

• • •

Entities CUSTOMER INVENTORY SHIPMENTS

• • • • •

Relationships ACTIVATE BILLED TO GENERATE SALES RELATIONS TRIGGER

Required: Complete the figure below by: a. Inserting the names from the above lists into the boxes or diamonds, respectively, where they belong b. Inserting a 1 or an N where necessary next to the connecting lines

Controlling Information Systems: Business Process Controls

?

?

Rec’d From

?

SALESORDERS

?

STOCK PICK

?

?

Made to

?

Sales Invoices

?

237

Controlling Information Systems: Business Process Controls

ANS:

238

Controlling Information Systems: Business Process Controls

5. The following exhibit shows part of the OE/S Process Flowchart

Computer

Shipping Department

Enter customer order and record sales order

P-5 P-6 P-7

?

M-1

?

?

P-9

P-6 P-10 P-11 Sales order

? M-2

? P-12 Record shipment, print packing slip and bill of lading, and display shipment accepted

?

Shipment accepted

? ?

Carrier

P-4

239

Controlling Information Systems: Business Process Controls

240

Required: Based on the flowchart above a. Complete the flowchart by filling in the 8 blank items, which are indicated by a question mark (?). The 8 missing items are listed next in alphabetical order: 1. Bill of Lading 2. Compare order number and quantities 3. Completed picking ticket with bar codes 4. Display sales order 5. Enterprise database 6. Interactive feedback check 7. Packing Slip 8. Scan bar codes on picking ticket

b. Identify all the present control plans and missing control plans identified with the letters P and M in the flowchart ANS:

a.

b. See Figure 10-13 Control Matrix for the OE/S Business Process P-4 Interactive feedback check P-5 Customer credit check

Controlling Information Systems: Business Process Controls

241

P-6 Populate inputs with master data P-7 Programmed edit checks P-9 Receive and input picking ticket P-10 Independent shipping authorization P-11Compare input with master data P-12 One-for-one checking of goods, picking ticket, sales order M-1 Independent customer master data maintenance M-2 review open sales orders (tickler file) 6. The following is a list of 8 control plans. Control Plans A. B. C. D. E. F. G. H.

Enter data close to where customer order is received Online prompting Independent shipping authorization Programmed edit checks Preformatted screens Credit check One-for-one checking of goods, picking ticket, sales order Populate inputs with master data

Required: Listed below are eight system failures that have control implications. On the answer line to the left of each system failure, insert the capital letter from the list above of the best control plan to prevent the system failure from occurring. A letter should be used only once. SYSTEM FAILURES Answers _____

1.

The sales personnel can approve all customer orders.

_____

2.

Any editing and correcting entries from the customer service representative is done at a later time rather than as the data is input into the system.

3.

The finished goods warehouse delivers goods to the shipping department, accompanied by the picking ticket. After checking the goods against the picking ticket, the shipping employee signs the picking ticket and gives it to the warehouse employee. Then the shipping department prepares a three-part shipping notice, one copy of which serves as the packing slip. A recent audit discovered that a dishonest warehouse employee had been forging picking ticket documents, thereby having goods shipped to an accomplice.

4.

Customer service representatives record customer orders on prenumbered order forms, and then forward the forms to the corporate office in Orlando for processing. J.B. Wrigley, one of Mandates top salesmen, had a very good week; he mailed 55 customer orders to the corporate office on Friday afternoon. Unfortunately, they were misplaced in the mail and did not reach Orlando until three weeks later. Needless to say, those 55 customers were more than a little displeased at the amount of time that Mandate took to fill

_____

Controlling Information Systems: Business Process Controls their orders. _____

5.

Customer service representative can manually key in order data at one of many PCs. In the first two weeks of operation, every sales order produced by the computer was missing a "ship-to" address..

6.

The customer service representative can enter a customer code with no matching customer master data and no authorized customer. Therefore, it is possible to make invalid entries into the system.

_____

7.

Proper comparisons are not made to ensure that the shipping notice inputs are represented by an actual shipment of goods.

_____

8.

The OE/S system does not advise the customer service representative to check the data entries before moving on to the next entry.

ANS: 1. F 2. D 3. C 4. A 5. E 6. H 7. G 8. B

242

Controlling Information Systems: Business Process Controls

243

Chapter 11—The Billing/Accounts Receivable/ Cash Receipts (B/AR/CR) Process TRUE/FALSE 1. The B/AR/CR process completes the order to cash process by accomplishing the activities of billing customers, managing customer accounts, and securing payment for goods and services. ANS: T 2. Recording billing/accounts receivable/cash receipts event data is generally the responsibility of the treasury department, which typically reports to the controller function. ANS: F 3. In the organization structure shown in the text, although both report to the VP of Finance, the treasurer and controller functions should be segregated.. ANS: T 4. There sales department should be responsible for credit approval so sales personnel can immediately increase sales volume. ANS: F 5. The objective of cash management is to free up funds so that they can either be invested to earn interest, or used to reduced debt, thus reducing interest charges. ANS: T 6. Float, when applied to cash receipts, is the time between customer payment and the availability of funds on deposit and available. ANS: T 7. Funds on deposit and available are known as good funds. ANS: T 8. The AR master file address is a postal address, maintained by the firm’s bank, which is used solely for the purpose of collecting checks. ANS: F 9. With electronic cash, a financial institution issues cash to an individual, which is placed into an electronic wallet. ANS: T

Controlling Information Systems: Business Process Controls

244

10. Database systems are Internet based systems for sending bills/invoices to customers and receiving the customer payment electronically. ANS: F 11. An invoice is a business document used by a vendor to notify the customer of an obligation to pay the seller for merchandise which was ordered and shipped. ANS: T 12. A purchasing statement is a business document designed to inform the payee of the invoices or other items covered by the check amount. ANS: F 13. The accounts receivable master file is a repository of all unpaid invoices issued by an organization and awaiting final disposition. ANS: T 14. The logical data dictionary definition of the sales event data file would comprise one or more invoice records. ANS: T 15. Accepted sales requests are later processed through a separate exception routine. ANS: F 16. The three types of accounts receivable systems discussed in the text are the lockbox, balance forward, and open item systems. ANS: F 17. In a balance forward accounts receivable system, the details of open invoices for prior periods do not appear on the current-period customer statement. ANS: T 18. In an open item accounts receivable system, the details of open invoices for both the current and prior periods appear on the current-period customer statement. ANS: T 19. In a prebilling billing system, invoices are prepared after the goods have been shipped and the sales order notification has been matched to the shipping's billing notification. ANS: F

Controlling Information Systems: Business Process Controls

245

20. In a post billing system, invoices are prepared upon acceptance of the customer order, and there is no separate sales order document as such. ANS: F 21. Digital image processing systems are computerized systems for capture, storage, and retrieval of real or simulated objects, such as live scenes and photographs. ANS: T 22. A bar code reader is used to translate an object's image into electronic digital signals. ANS: F 23. The acronym MICR stands for magnetic information character recognition. ANS: F 24. The acronym EFT stands for electronic funds transfer. ANS: T 25. The acronym ACH stands for automated clearing house. ANS: T 26. A credit card system is better at reducing float time than a debit card system. ANS: F 27. In an open item system accounts receivable records consist of a customer's current balance due, pastdue balance, and the finance charges and payments related to the account. ANS: F 28. The B/AR/CR system supports the repetitive work routines of the credit department, the cashier, and the accounts receivable department. ANS: T 29. A debit card is a method of payment whereby a third party, for a fee, removes from the collector the risk of noncollection of the account receivable. ANS: F 30. A credit card is a form of payment authorizing the collector to transfer funds electronically from the payer's to the collector's balance. ANS: F

Controlling Information Systems: Business Process Controls

246

31. An electronic check closely resembles a paper check with the inclusion of the customer's name, the seller's name, the customer's financial institution, the check amount, and a digital signature. ANS: T 32. Lapping is a fraud resulting from the improper segregation of duties between the functions of handling cash and recording cash receipt events. ANS: T 33. The ACH network electronically transfers funds by which the collector's bank account is credited and the payer's account is debited for the amount of a payment. ANS: T 34. The inventory payment data contains the details of each payment received. ANS: F 35. The stub attached to the customer statement is also known as a turnaround document. ANS: T 36. The accounts receivable master data is created as sales returns, bad debt write-offs, estimated doubtful accounts, or similar adjustments are processed. ANS: F 37. Electronic cash is an electronic bank note issued by a financial institution to an individual who, in turn, can transfer the electronic note to make purchases or other payments. ANS: T 38. An electronic lockbox is a banking service in which the bank keys the remittance advice details into its computer system from the customer's remittance advice and then transfers the remittance advice data electronically from the bank's computer to the collector's accounts receivable computer system. ANS: T 39. A customer relationship management system is an information systems extension that allows a customer to complete an inquiry or perform a task within an organization's business process without the aid of the organization's employees. ANS: F 40. In the control matrix for the cash receipts function the first present control plan should be to immediately endorse checks. ANS: T

Controlling Information Systems: Business Process Controls

247

MULTIPLE CHOICE 1. As discussed in the text, the functions of the billing/accounts receivable/cash receipts process: a. is identical to those of the order entry/sales process b. support decision making by managers in the order entry/sales process c. incomes collections of receivables d. is unrelated to the functions of the order entry/sales process ANS: C 2. According to the concept of segregation of duties, which of the following managers should report to the controller rather than to the treasurer? a. credit department manager b. accounts receivable department manager c. cashier d. investments manager ANS: B 3. In an organization in which the order entry/sales (OE/S) and billing/accounts receivable/cash receipts (B/AR/CR) processes are separate processes, the B/AR/CR process usually accomplishes all of the following activities except: a. shipping goods to customers b. billing customers c. managing customer accounts d. securing payment of customer accounts ANS: A 4. Which of the following pairs of functions would you expect might report directly to the vice president of finance? a. credit department and controller b. shipping department and controller c. accounts receivable department and treasurer d. treasurer and controller ANS: D 5. For a charge sale event, the cashier is to the cash custodial function as the __________ is to the recording function. a. shipping department b. credit department c. accounts receivable department d. none of the above ANS: C 6. For a charge sale event, the cashier is to the cash custodial function as the __________ is to the authorization function. a. shipping department b. credit department c. accounts receivable department d. warehouse ANS: B

Controlling Information Systems: Business Process Controls

248

7. In the context diagram for a billing/accounts receivable/cash receipts process, which of the following is least likely to be an external entity? a. the bank b. the customer c. the general ledger d. the cashier ANS: D 8. Which of the following process bubbles would you not expect to see in the logical DFD for a billing/accounts receivable/cash receipts process? a. perform billing b. requisition inventory c. receive customer payment d. manage customer accounts ANS: B 9. Which of the following normally would trigger the billing process in a billing/accounts receivable/cash receipts process? a. a copy of the sales order b. a shipping notice c. a picking ticket d. a customer acknowledgment ANS: B 10. Which of the following normally would trigger the billing/accounts receivable/cash receipts process to record a customer payment? a. invoice b. remittance advice c. deposit slip d. a notification to the general ledger to record a cash receipts update ANS: B 11. The principal master data that you would expect to see in a billing/accounts receivable/cash receipts process is the: a. sales order data b. shipping notifications data c. sales journal d. accounts receivable master data ANS: D 12. In a logical DFD for a billing/accounts receivable/cash receipts process, which of the following data stores is least likely to interact with a process called "perform billing"? a. inventory master data b. customer master data c. accounts receivable master data d. sales event data ANS: A

Controlling Information Systems: Business Process Controls

249

13. In a logical DFD for a billing/accounts receivable/cash receipts process, which of the following data stores would you expect to interact with a process called "manage customer accounts"? a. inventory master data b. accounts receivable master data c. sales event data d. cash receipts event data ANS: B 14. In a logical DFD for billing/accounts receivable/cash receipts process, you would expect that a credit memo would be sent by the B/AR/CR process to the customer from which of the following processes? a. perform billing b. manage customer accounts c. receive payment d. validate sales order ANS: B 15. Inputs to the billing/accounts receivable/cash receipts process normally could include all of the following except: a. a copy of the sales order sent by the sales order function to the billing function b. a shipping notice sent by the shipping function to the billing function c. deposit slip d. remittance advice ANS: C 16. In an organization in which the order entry/sales (OE/S) and billing/accounts receivable/cash receipts (B/AR/CR) processes are separate processes, outputs of the B/AR/CR process normally could include all of the following except: a. invoice b. deposit slip c. credit memo d. shipping notice ANS: D 17. In general, adjustments to customer balances in the accounts receivable master data will be necessary for all of the following except: a. sales returns and allowances b. reversals of mispostings and other errors c. bad debt write-offs d. estimates of uncollectible accounts ANS: D 18. The data dictionary definition of an invoice usually contains all of the following elements except: a. the customer's credit limit b. an invoice header c. an invoice line(s) d. all of the above ANS: D

Controlling Information Systems: Business Process Controls

250

19. In an entity-relationship (E-R) diagram for the billing/accounts receivable/cash receipts (B/AR/CR) process, you would expect that the word trigger would appear between the boxes for ? a. CUSTOMER and SHIPMENT b. CUSTOMER and SALES INVOICE c. STOCK PICK and SHIPMENTS d. SALES INVOICE and SHIPMENT ANS: C 20. A company using a database approach to data management might not maintain a relational table for ACCOUNTS RECEIVABLE. Rather, accounts receivable balances at any point in time could be computed as the difference between the relations for which of the following continuous events? a. SHIPMENTS and SALES INVOICES b. SALES INVOICES and CASH RECEIPTS c. SHIPMENTS and CASH RECEIPTS d. CUSTOMER and SALES INVOICES ANS: B 21. In a database containing (among others) five relations--CUSTOMERS, SHIPMENTS, SALES INVOICES, CASH RECEIPTS, and SALES-RELATIONS--you would expect that the Remit_No (Remittance number) would be the primary key for the __________ relation. a. CUSTOMERS b. SHIPMENTS c. SALES INVOICES d. CASH RECEIPTS ANS: D 22. All of the following are types of accounts receivable systems except: a. debit card system b. balance-only system c. balance-forward system d. open-item system ANS: A 23. The following is a list of three types of accounts receivable systems and two organizations/systems: I. II. III. IV. V

Open item Balance forward Balance only Public utilities Credit card companies (i.e., VISA)

Which of the following pairs normally are correct? a. I and IV, II and V b. I and V, II and IV c. II and IV, III and V d. II and V, III and IV ANS: D

Controlling Information Systems: Business Process Controls

251

24. In a prebilling system, invoices are prepared a. immediately upon acceptance of a customer order b. when there is to be a delay between the time that the order is accepted and the time it is shipped c. where inventory balances can be determined only through physical count d. to improve customer relations ANS: A 25. In a fraud scheme known as __________, the perpetrator attempts to cover the theft of cash received from customer A by applying cash collected from customer B to A's account, then applying a receipt from C to B's account, and so forth. a. kiting b. lapping c. schmoozing d. hacking ANS: B 26. Deposit slips are usually generated by the billing/accounts receivable/cash receipts process: a. at the time invoices are prepared b. by manual procedures c. to satisfy particular control goals d. as part of processing cash receipts ANS: D 27. Typically, the operations process goals of the billing/accounts receivable/cash receipts process: a. vary, depending on whether we are dealing with the functions of billing, accounts receivable, or cash receipts b. remain the same when dealing with the functions of billing, accounts receivable, or cash receipts c. vary inversely with the information process goals d. are the same as the information process goals ANS: A 28. In the control matrix for a cash receipts process, the first present control is: a. receive turnaround documents b. endorse incoming checks c. edit cash receipts for accuracy d. procedure for rejecting inputs ANS: B 29. Which of the following is most likely to appear in the UC and UA columns of a control matrix for the billing process? a. immediately endorse incoming checks b. receive turnaround documents c. manual agreement of batch totals d. one for one checking of deposit slip and checks ANS: C

Controlling Information Systems: Business Process Controls

252

30. For the cash receipts process, the control plan receive turnaround documents helps to achieve which of the following pairs of information process control goals? a. input validity and input completeness b. input validity and input accuracy c. input accuracy and input completeness d. input accuracy and update accuracy ANS: B 31. For the cash receipts process, which of the following control plans addresses the information process control goal of master data update accuracy? a. immediately endorse incoming checks b. compare input data with master data c. receive turnaround documents d. enter cash receipts close to where cash is received ANS: B 32. In the cash receipts process, the control plan of immediately endorsing incoming checks is designed to achieve the control goal of: a. assuring the timely deposit of cash receipts b. ensuring security of the cash asset c. ensuring cash receipts input accuracy d. ensuring cash receipts input completeness ANS: B 33. In the billing process, the control plan of review shipped not billed sales orders (tickler file) helps to ensure: a. effectiveness of operations b. efficient employment of resources c. security of resources d. none of the above ANS: A 34. The billing/accounts receivable/cash receipts process comprises three different but related process-namely, B, AR, and CR. Which of the following would not be an operations process goal? a. ensure effectiveness of operations b. ensure AR master data update accuracy c. ensure effectiveness of operations d. ensure security of resources ANS: B 35. The __________ normally would comprise one or more invoice records, but each record would not contain all of the detail reflected on the invoice itself. a. invoice data b. sales event data c. accounts receivable adjustments data d. cash receipts data ANS: B

Controlling Information Systems: Business Process Controls

253

36. A remittance advice generally would be recorded in which of the following pairs of data stores? a. customer master data and accounts receivable master data b. sales event data and accounts receivable master data c. accounts receivable adjustments data and accounts receivable master data d. cash receipts data and accounts receivable master data ANS: D 37. Digital images a. help reduce paper in the B/AR/CR system b. are stored in electronic folders c. may be scanned or created via software d. all of the above ANS: D 38. In addition to storing an image of the document itself, the typical electronic-based image processing system accompanies the document image with: a. a paper file of the documents b. an index used to retrieve the document image c. the MICR code contained on each document d. a "jukebox" ANS: B 39. Which of the following statements is false? a. The typical billing/accounts receivable/cash receipts system assists in preparing internal and external reports, including GAAP-based financial statements. b. Separating the credit function from the sales function is often defended on the grounds that if they were not separated, credit might be extended to high-risk customers, simply to achieve sales targets. c. The two types of adjustments that commonly result from a periodic review of the aging details of customer account balances are a recurring entry for estimated bad debts and a bad debt write-off. d. The logical data dictionary definition of the cash receipts events data would comprise one or more invoice records. ANS: D 40. Which of the following statements is true? a. In a prebilling system, invoices are prepared after the goods have been shipped and the sales order notification has been matched to the shipping's billing notification. b. In a postbilling system, invoices are prepared upon acceptance of the customer order, and there is no separate sales order document as such. c. Of the two types of billing systems discussed in the text, the prebilling system requires the more accurate inventory records. d. Of the two types of billing systems discussed in the text, the prebilling system is appropriate in situations where there is a significant delay between acceptance of the customer's order and its shipment. ANS: C

Controlling Information Systems: Business Process Controls 41. Which of the following statements is false? a. The check and remittance advice trigger the receive payment process. b. A bank lockbox provides more protection for cash than a system where cash receipts are mailed to the payee company and then deposited. c. The hardware, software, maintenance, and communications costs associated with operating a credit card system are lower than for a debit card system. d. From the standpoint of reducing the collector's float, a customer check is a better payment method than a debit card. ANS: D 42. The billing/accounts receivable/cash receipts process completes the: a. billing process b. production process c. order to cash process d. inventory process ANS: C 43. An example of the vertical information flows supported by the B/AR/CR process is a(n): a. accounts receivable aging report b. customer invoice c. remittance advice d. general ledger accounts receivable notification ANS: A 44. Which of the following is most commonly associated with the treasury function? a. recording of event data b. security of funds c. reporting of results of business events d. maintaining accounting records ANS: B 45. Segregation of duties is most clearly accomplished in most organizations by separating: a. billing and accounts receivable b. treasury and controllership c. sales and accounts receivable d. order entry and cash receipts ANS: B 46. Which of the following is not an external entity for the B/AR/CR process? a. order entry/sales process b. general ledger c. customer d. inventory process ANS: D

254

Controlling Information Systems: Business Process Controls

255

47. Which of the following is part of the header section of the invoice? a. seller identification b. invoice lines c. invoice total d. item description ANS: A 48. Which of the following is a ratio used to monitor the investment in accounts receivable? a. accounts receivable aging report b. days' sales outstanding c. sales turnover d. inventory turnover ANS: B 49. A customer statement serves a control purpose by: a. notifying that payment is due b. triggering the receive payment process c. confirming with the customer the amount still owed d. updating the accounts receivable master file ANS: C 50. The accounts receivable system in which all the outstanding invoices are listed is called the: a. balance-only system b. open-item system c. balance-forward system d. postbilling system ANS: B 51. The accounts receivable system typically used by credit card companies is the: a. balance-only system b. open-item system c. balance-forward system d. postbilling system ANS: C 52. Quantities of items shipped to a customer would typically be found in the relational table for: a. CUSTOMERS b. SALES_RELATIONS c. BANKS d. DEPOSITS ANS: B 53. The billing system in which the invoice is prepared immediately on acceptance of a customer order is called a: a. postbilling system b. balance-only system c. prebilling system d. balance-forward system ANS: C

Controlling Information Systems: Business Process Controls

256

54. A billing system that is used when there is little or no delay between the receipt of the customer order and the shipment of the goods is a: a. postbilling system b. balance-only system c. balance-forward system d. prebilling system ANS: D 55. The technology that allows information on documents to be converted into machine-readable data through a scanner is called a(n): a. OCR b. MICR c. Bar code reader d. digitizer ANS: A 56. An overall management objective is to: a. minimize the number of sales transactions b. minimize the total amount of accounts receivable c. minimize the time from the beginning of the selling process to the end of cash collections d. maximize the amount of float ANS: C 57. Which of the following is most effective in reducing the amount of float? a. credit cards b. debit cards c. MICRs d. charge cards ANS: B 58. Which of the following implies computer-to-computer interchange of data? a. CIP b. lockbox c. EDI d. MICR ANS: C 59. A form of fraud in which the payments made by one customer are systematically applied to the account of another is called: a. lapping b. malfeasance c. ACH d. aged trial balance ANS: A

Controlling Information Systems: Business Process Controls

257

60. In the billing function described in the text, the control goal that contributes to effective operations is: a. edit the shipping notification for accuracy b. independent billing authorization c. calculate batch totals d. review shipped not billed sales orders (tickler file) ANS: D 61. Which control is most effective in contributing to the goal of input completeness in the billing function? a. one-to-one checking of sales orders to invoices b. batch sequence checks c. key verification d. none of the above ANS: A 62. Which control plan for the cash receipts function has as its primary control goal to ensure security of resources? a. Reconcile bank account regularly. b. Enter cash receipts close to where cash is received. c. Immediately endorse incoming checks. d. One-to-one checking of deposit slips and checks. ANS: C 63. The cashier deposits checks in the bank for XYZ Corp. Who should reconcile the bank statement on a regular basis for operational purposes? a. the treasurer b. internal auditor c. the cashier d. an external auditor ANS: B 64. Which of the following is not an example of a customer self-service system? a. pay-at-the-pump gasoline station b. drive-thru lanes at a bank c. web-based courier tracking system d. telephone access to credit card balances ANS: B 65. A customer is instructed to send his remittance advice and check to a bank's postal address. This method for collecting customer cash receipts is called: a. electronic cash b. automated clearing house c. electronic lockbox d. lockbox ANS: D

Controlling Information Systems: Business Process Controls

258

66. To reduce the cost of collecting its accounts receivable, a company sells its accounts receivable to a financial organization. The service is called: a. a collection agency b. automated clearing house c. factoring d. funding ANS: C COMPLETION 1. The B/AR/CR process completes the order to cash process by accomplishing the activities of billing customers, managing customer accounts, and ___________________. ANS: securing payment for goods or services or collection 2. Recording billing/accounts receivable/cash receipts event data is generally the responsibility of the accounts receivable department, which typically reports to the ____________________ function. ANS: controller 3. In the organization structure shown in the text, although both report to the VP of Finance, the ____________________ and ____________________ functions should be segregated.. ANS: treasurer controller 4. There should be a segregation of duties between the sales department and the ___________ department. ANS: credit 5. The objective of ____________________ is to free up funds so that they can either be invested to earn interest, or used to reduced debt, thus reducing interest charges. ANS: cash management 6. __________, when applied to cash receipts, is the time between customer payment and the availability of funds on deposit and available. ANS: Float 7. Funds on deposit and available are known as ________ funds. ANS: good

Controlling Information Systems: Business Process Controls

259

8. A __________ is a postal address, maintained by the firm’s bank, which is used solely for the purpose of collecting checks. ANS: lockbox 9. With _______________, a financial institution issues an individual cash that is placed into an electronic wallet. ANS: electronic cash 10. ___________ systems are Internet based systems for sending bills/invoices to customers and receiving the customer payment electronically. ANS: EBPP or electronic bill presentment and payment 11. A(n) ____________________ is a business document used by a vendor to notify the customer of an obligation to pay the seller for merchandise which was ordered and shipped. ANS: invoice 12. A(n) ____________________ is a business document designed to inform the payee of the invoices or other items covered by the check amount. ANS: remittance advice 13. The ____________________ file is a repository of all unpaid invoices issued by an organization and awaiting final disposition. ANS: accounts receivable master 14. The logical data dictionary definition of the ____________________ event data file would comprise one or more invoice records. ANS: sales 15. Rejected sales requests are later processed through a separate _____________. ANS: exception routine 16. The two types of accounts receivable systems discussed in the text are the balance only and ____________________ systems. ANS: open-item 17. In a(n) ____________________ accounts receivable system, the details of open invoices for prior periods do not appear on the current-period customer statement. ANS: balance-only

Controlling Information Systems: Business Process Controls

260

18. In a(n) ____________________ accounts receivable system, the details of open invoices for both the current and prior periods appear on the current-period customer statement. ANS: open-item 19. In a(n) ____________________ billing system, invoices are prepared after the goods have been shipped and the sales order notification has been matched to the shipping's billing notification. ANS: postbilling 20. In a(n) ____________________ billing system, invoices are prepared upon acceptance of the customer order, and there is no separate sales order document as such. ANS: prebilling 21. ____________________ processing systems are computerized systems for capture, storage, and retrieval of real or simulated objects, such as live scenes and photographs. ANS: Digital image (or image) 22. A(n) ____________________ or image processing camera is used to translate an object's image into electronic digital signals. ANS: optical scanner 23. The acronym MICR stands for ____________________. ANS: magnetic ink character recognition 24. The acronym ACH stands for ____________________. ANS: automated clearinghouse 25. The acronym EFT stands for ____________________. ANS: electronic funds transfer 26. A(n) ____________________ card system has the advantage of eliminating float. ANS: debit 27. The ____________________ supports the repetitive work routines of the credit department, the cashier, and the accounts receivable department. ANS: billing/accounts receivable/cash receipts (B/AR/CR) 28. In a(n) ____________________, accounts receivable records consist of a customer's current balance due, past-due balance, and the finance charges and payments related to the account. ANS: balance-only system

Controlling Information Systems: Business Process Controls

261

29. A(n) ____________________ is a method of payment whereby a third party, for a fee, removes from the collector the risk of noncollection of the account receivable. ANS: bank credit card 30. A(n) ____________________ is a form of payment authorizing the collector to transfer funds electronically from the payer's to the collector's balance. ANS: debit card 31. A(n) ____________________ closely resembles a paper check with the inclusion of the customer's name, the seller's name, the customer's financial institution, the check amount, and a digital signature. ANS: electronic check 32. ____________________ is a fraud resulting from the improper segregation of duties between the functions of handling cash and recording cash receipt events. ANS: Lapping 33. The ____________________ is created as sales returns, bad debt write-offs, estimated doubtful accounts, or similar adjustments are processed. ANS: accounts receivable adjustments data 34. The ____________________ network electronically transfers funds by which the collector's bank account is credited and the payer's account is debited for the amount of a payment. ANS: automated clearing house (ACH) 35. The ____________________ contains the details of each payment received. ANS: cash receipts event data 36. Often times a stub is attached to the customer statement. This stub is also known as a ___________ document. ANS: turnaround 37. ____________________ is an electronic bank note issued by a financial institution to an individual who, in turn, can transfer the electronic note to make purchases or other payments. ANS: Electronic cash 38. A(n) ____________________ is a banking service in which the bank keys the remittance advice details into its computer system from the customer's remittance advice and then transfers the remittance advice data electronically from the bank's computer to the collector's accounts receivable computer system. ANS: electronic lockbox

Controlling Information Systems: Business Process Controls

262

39. A(n) ______________________ is an information systems extension that allows a customer to complete an inquiry or perform a task within an organization's business process without the aid of the organization's employees. ANS: customer self-service system 40. In the control matrix for the cash receipts function the first present control plan should be to _________________________. ANS: immediately endorse checks PROBLEM 1. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in Chapter 11. The narrative that follows describes process 1.0 in the diagram. Narrative Description When the OE/S process produces a sales order, it notifies the B/AR/CR process to that effect. When triggered by the data flow “Shipping’s billing notification,” the process validates the sale by comparing the details on the sales order notification to those shown on shipping’s billing notification. If discrepancies are noted, the request is rejected, as shown by the reject stub. Rejected requests later would be processed through a separate exception routine. If the data flows match, a validated shipping notification is sent to the next process. This process performs the following actions simultaneously: Obtains from the customer master data certain standing data needed to produce the invoice. Creates the invoice and sends it to the customer. Updates the accounts receivable master data. Adds an invoice to the sales event data. Notifies the general ledger process that a sale has occurred (GL invoice update). Required: From the DFD figure below and the narrative description above, explode bubble 2.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

ANS:

263

Controlling Information Systems: Business Process Controls

264

2. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in Chapter 11. The narrative that follows describes process 2.0 in the diagram, manage customer accounts.

Narrative Description The sales return notification is sent to the first process by the receiving department where it is either validated or rejected. If the sales return is not valid, it will be rejected and run through a separate error routine. If the sales return is valid, it is sent to both of the next two processes, where a credit memo is prepared and a journal voucher is prepared. Upon preparation of the credit memo, the AR master data is updated, notice of the credit memo may be sent to the receiving department, and the credit memo is sent to the customer. Upon preparation of the journal voucher, the voucher is sent to the general ledger for the sales return update and to the AR adjustments event data. By using the updated information in the AR master data, customer statements are prepared and sent out to customers. Preparing customer statements recurs at specified intervals, often on a monthly basis. Details of unpaid invoices are extracted from the accounts receivable master data and are summarized in a statement of account that is mailed to customers. The statement both confirms with the customer the balance still owing and reminds the customer that payment is due. The process of preparing a bad debts journal voucher, is triggered by the periodic review of aging details obtained from the accounts receivable master data. One of two types of adjustments might result from this review: 1. The recurring adjusting entry for estimated bad debts. 2. The periodic write-off of definitely worthless customer accounts. Note that, regardless of type, adjustments are recorded in the AR adjustments event data, updated to customer balances in the accounts receivable master data, and summarized and posted to the general ledger master data by the general ledger process.

Required: From the DFD below and the narrative description above, explode bubble 2.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

265

Controlling Information Systems: Business Process Controls

266

ANS:

3. The figure below is the billing/accounts receivable/cash receipts process level 0 DFD shown in Chapter 11. The narrative that follows describes process 3.0 in the diagram, manage customer accounts. Narrative Description In receiving a cash payment, the check and remittance advice trigger the receive payment process. A remittance advice (RA) is a business document used by the payer to notify the payee of the items being paid. The B/AR/CR process uses the RA to initiate the recording of a cash receipt. Upon receipt of the check and remittance advice from a customer, the first process validates the remittance by comparing the check to the RA. Mismatches are rejected for later processing. If the check and RA agree, the validated remittance is sent to the next process, which endorses the check and separates it from the RA. The endorsed checks are accumulated and a deposit is prepared. The deposit is sent to the bank with the deposit slip and the endorsed checks.and the deposit is recorded with the cash receipts events data. Proof of the amount of the cash deposited.is sent on to the GL cash receipts for an update of the general ledger. While the bank deposit is prepared, the RA is used to record the customer payment and update the accounts receivable master data to reflect the customers payment and then files the RA in the remittance advice file.

Controlling Information Systems: Business Process Controls

Required: From the DFD below and the narrative description above, explode bubble 2.0 into a lower-level diagram showing the details of that process.

267

Controlling Information Systems: Business Process Controls ANS:

4. The figure below is the control matrix for the billing business process presented in Chapter 11, but with certain items omitted. In the matrix, each omission is indicated by a box. Jumbled lists of the omitted items are as follows:

1. 2. 3. 4. 5. 6.

Omitted from Control Goals Columns Accounts receivable master data Ensure efficient employment of resources For completed shipping notice inputs, ensure: Ensure security of resources Accounts receivable master data Ensure effectiveness of operations

7. 8. 9. 10. 11. 12.

Omitted Control Plans Review shipped not billed sales orders Edit the shipping notification for accuracy (programmed edits) Employ a prebilling system Confirm customer accounts regularly Independent billing authorization Check for authorized prices, terms, freight, and discounts

268

Controlling Information Systems: Business Process Controls

269

Required: Complete the matrix by placing one of the numbers, 1 through 12, from the above lists into each box showing a missing item. HINT: Complete the goal column headings first, and then use the cell entries as a guide in deciding which number (7 through 12 above) belongs in each box in the recommended control plans column. Control Goals of the Operations Process

Present Controls

A

B

C

Control Goals of the Information Process For the For

IV

P-1

IC

IA

UC

UA

P-1 P-2

P-2

P-3

P-4 P-5: Independent pricing data P-6: Calculate batch totals P-7: Interactive feedback P-8: Record input

P-5

P-4

P-5

P-5

P-6

P-6 P-7

P-8

P-8

P-9: Reconcile input and output batch totals P-10: Procedures for rejected inputs

P-9

P-7

P-8

P-8

P-8

P-8

P-9

P-9

P-9

P-9

P10

P-10

Missing Controls M-1

M-1

M-2

M-3: Computer agreement of batch totals

M-1

M-2

M-3

M-3

M-2

M-3

M-3

M-2

M-3

M-3

Controlling Information Systems: Business Process Controls

270

ANS: Control Goals of the Information Process

Control Goals of the Operations Process

6

2

For the

4 For 3

Present Controls

7

5 or 1

1 or 5 A

B

C

IV

P-1

IC

IA

UC

UA

P-1

8

P-2

11

P-2

P-3

12 P-5: Independent pricing data P-6: Calculate batch totals P-7: Interactive feedback P-8: Record input

P-5

P-4 P-5

P-5

P-4

P-6

P-6 P-7

P-8

P-8

P-9: Reconcile input and output batch totals P-10: Procedures for rejected inputs

P-9

P-7

P-8

P-8

P-8

P-8

P-9

P-9

P-9

P-9

P-10

P-10

Missing Controls

9 10 M-3: Computer agreement of batch totals

M-1

M-1 M-2

M-1 M-2

M-3

M-3

M-2 M-3

M-3

M-2 M-3

M-3

Controlling Information Systems: Business Process Controls

271

5. Below is a systems flowchart for the billing process with certain items omitted. From the list of the following 15 items, fill in the missing items in the flowchart.

1. 2. 3. 4. 5.

"Billing completed," changes to AR and related balances "Shipments not yet billed" BT Compare batch totals with changes to AR and related balances Create and print invoice, update AR and GL data, send "Billing completed" notice with amounts posted to AR and related accounts 6. Customer 7. End 8. Enter selected shipments and prepare batch total 9. Enterprise database 10. Error routine not shown 11. Invoice 12. Prepare and display "Shipments not yet billed" 13. Request shipments to be billed 14. Select shipments and execute billing program 15. Start AR Billing

Computer

Controlling Information Systems: Business Process Controls

272

ANS:

6. The E-R diagram in Figure TB-11.15 represents a B/AR/CR process. However, the names of certain entities and relationships removed from the boxes and diamonds, respectively. In alphabetic order, the names omitted are: BANKS CASH_RECEIPTS CUSTOMERS DEPOSITS Inventory SALES_INVOICES SALES_ORDERS SHIPMENTS

Controlling Information Systems: Business Process Controls

Required: Complete The ER Diagram by: a. Inserting the numbers from the above lists into the boxes or diamonds, respectively, where they belong. b. Inserting a 1 or an M or an N into each blank circle to show whether each relationship is one-to-one (1:1), one-to-many (1:M), or many-to-many (M:N).

received_ from

SALES_ RELATIONS

activate

STOCK_PICK

trigger

made_to

generate

billed_to

produce

yield go_to

Prepared _by

EMPLOYEES

273

Controlling Information Systems: Business Process Controls ANS: For the answer, refer to figure 11.9 in the text. The image is also reproduced below.

274

Controlling Information Systems: Business Process Controls

275

The following is a list of thirteen control plans: 7. A. B. C.

D.

Independent billing authorization Shipped but not billed sales order tickler file in billing One-for-one checking of deposit slip and checks and invoice Programmed edits of shipping notification

E. F.

Manual agreement of batch totals Immediately endorse incoming checks

G.

Document design

H. I. J.

Prenumbered documents Turnaround documents Edit cash receipts for accuracy

Required: Listed below are ten statements describing either the achievement of a control goal (i.e., a system success) or a system deficiency (i.e., a system failure). On the answer line to the left of each description, insert the capital letter from the list above of the best control plan to achieve the desired goal or to address the system deficiency described. A letter should be used only once. CONTROL GOALS OR SYSTEM DEFICIENCIES Answers _____

1.

Helps to ensure that all shipments are billed in a timely manner.

_____

2.

By preventing duplicate document numbers from entering the system, helps to ensure input validity.

_____

3.

Helps to ensure the validity of shipping notifications.

_____

4.

Ensures efficient employment of resources and ensures input accuracy of remittance advice inputs (cash receipts)

_____

5.

Provides for update completeness and accuracy of the accounts receivable master file data

_____

6.

Helps to ensure the security of resources (cash, AR master data)

_____

7.

Provides for input validity, completeness, and accuracy of the dollar amount of deposited checks

_____

8.

Provides a preventive control to help ensure the accuracy of items shipped

_____

9.

Should have precluded a field salesman from omitting the sales terms from the sales order, thereby causing the order to be rejected by the computer data entry personnel.

_____

10.

Meets the operations system control goal of efficiency of resources use by reducing the number of data elements to be entered from source documents.

ANS: 1. B 2. H 3. A 4. M 5. E

6. F 7. C 8. D 9. G 10. I

Controlling Information Systems: Business Process Controls

276

Chapter 12 PROBLEM

1. Figure TB12-4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The narrative that follows is paraphrased from the Chapter 12 description of process 1.0 in the diagram. Narrative Description Inventory purchase requisitions and purchase requisitions for supplies and services are requested from various departments and are accumulated and are held in the purchase requisition data. In this way an organization can consolidate requests, submit larger orders to vendors, and presumably receive concessions in price and payment terms for these larger purchases. At predetermined intervals, the accumulated requests held in the purchase requisition data is combined with the inventory master data to calculate requirements and determine what purchases need to be made. This results in the calculated purchase requirements that will later be used to order goods and services. Required: From the DFD in Figure TB12.4 provided, and from the narrative description above, explode bubble 1.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

277

ANS:

2. Figure TB12-4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The narrative that follows is paraphrased from the Chapter 12 description of process 2.0 in the diagram. Narrative Description Process 2.0 in Figure 12.4 , provides a look at the logical functions involved in ordering goods and services. The first process involves vendor selection. A buyer generally consults the vendor master data to identify potential suppliers and then evaluates each prospective vendor. After the vendor has been selected the buyer prepares a purchase order. The purchase order contains data regarding the needed quantities, expected unit prices, requested delivery date, terms, and other conditions from the purchase requisition. In preparing the purchase order, the buyer first checks the inventory master data to obtain additional information with which to prepare the purchase order. The purchase order is sent to the vendor. At the same time, the inventory master data is updated to reflect the goods on order. The purchase order information is distributed to several departments including the requesting department, inventory, accounts payable, and receiving. The purchase order master data is also updated at this point. The purchase order master data is updated again when the vendor sends an acknowledgement that the order has been received.

Required: From the DFD in Figure 12.4 provided, and from the narrative description above, explode bubble 2.0 into a lower-level diagram showing the details of that process. ANS:

Controlling Information Systems: Business Process Controls

278

3. Figure TB 12.4 is the purchasing disbursements process level 0 DFD shown in Chapter 12. The narrative that follows is paraphrased from the Chapter 12 description of process 3.0 in the diagram for the purchase of inventory. Narrative Description When inventory purchased is received, the vendor packing slip, accompanies the purchased inventory from the vendor and identifies the shipment, triggers the receiving process. Goods arriving at the receiving department are inspected and counted. Nonconforming goods are denoted by a reject stub. Notation of rejected goods is added to the vendor service record in the vendor master data. After the goods are inspected, counted, and the condition of the goods has been approved, an approved purchase order receiving notification is produced. Next, the receiving report is completed by noting the quantity received on the approved PO receiving notification. Once annotated with the quantity received, the PO receiving notification becomes a receiving report, which is the form used to record merchandise receipts. In the next process the receiving report is compared to the information stored in the purchase order master data. This process is often completed automatically by the information system and includes the following activities: Data about vendor compliance with the order terms (product quality, meeting promised delivery dates, etc.) is added to the vendor master data. The inventory master data are updated to reflect the additional inventory on hand. The accounts payable process can access the receiving report data by accessing the receiving report. The warehouse can access the receiving report data through a stock notice. Data reflecting the receipt is stored in the purchase receipts data. The cost of the inventory received is relayed to the general ledger process Finally, the purchase order master data are updated to reflect the receipt of the goods. Required: From the DFD in Figure 12.4 provided, and from the narrative description above, explode bubble 3.0 into a lower-level diagram showing the details of that process.

Controlling Information Systems: Business Process Controls

279

ANS:

4. The figure below is the control matrix for the purchasing process presented in Chapter 12, but with certain items omitted. In the matrix, each omission is indicated by a square. Jumbled lists of the omitted items are as follows: Omitted from Control Goals Columns 1. Inventory, purchase order master data 2. Ensure security of resources 3. Vendor packing slip inputs 4. Purchase order master data 5. Purchase requisition inputs 6. Ensure effectiveness of operations 7. Ensure efficient employment of resources 8. Master data Omitted Control Plans 9. Approve vendor selection 10. Authorize vendor data 11. Compare vendors for prices, terms, quality and product availability 12. Digital signatures 13. Enter receipt data in receiving department 14. Preformatted screens

Control Goals of the Operations Process

Present Controls

For

Control Goals of the Information Process For For

For PO,

ensure

ensure

ensure

ensure

Controlling Information Systems: Business Process Controls A

B

C

IV

IC

IA

P-1:

P-1

P-1

P-2: Programmed edit checks P-3: Written approvals P-4: Requisition audit data P-5:

P-2

P-2

P-5

P-6:

P-6

P-7:

P-7

UC

UA

280

IV

IC

IA

UC

UA

P10

P10

P10

P10

P10

P-2

P-3 P-4

P-5

P-5

P-4

P-5

P-7

P-7

P-8

P-8: Requisition confirmation to originating department P-9:

P-9

P-10:

P10

P-11: Compare inputs with master data P-12: Create audit trail for receipts Missing Controls None Noted

P11

P12

P10

P10

P12

P-8

P-9

P-9

P11

P11

P11

P12

P12

P12

\ Required: Complete the matrix in parts 1 and 2 of Figure TB-12.8 by replacing one of the numbers, 1 through 14 from the above lists, for each square showing a missing item. ANS: Control Goals of the Operations Process

Control Goals of the Information Process

Controlling Information Systems: Business Process Controls 6 Present Controls

A

B

7

2 1

C

P-1: 14 P-2: Programmed edit checks P-3: Written approvals P-4: Requisition audit data

For 4, ensure

For 5, ensure

P-1

IV

IC

IA P-1

P-2

P-2

UC

UA

For 3, ensure

For purchase order 8, ensure

IV

IC

IA

UC

UA

P10

P10

P10

P10

P10

P-2

P-3 P-4

P-5: 10

P-5

P-6: 11

P-6

P-7: 9

P-7

P-5

P-5

P-4

P-5

P-7

P-7 P-8

P-8: Requisition confirmation to originating department P-9

P-9: 12 P-10: 13

P10

P-11: Compare inputs with master data P-12: Create audit trail for receipts Missing Controls None Noted

P11

P12

P10

P-8

P-9

P10

P12

P-9

P11

P11

P11

P12

P12

P12

5. The following is a list of 12 control plans. Control Plans A. B.

Preformatted screens Programmed edit checks

G. H.

C. D.

Written approvals Requisition audit data

I. J.

E. F.

Authorized vendor data Compare vendors for prices, terms, quality, and product availability

K. L.

Required:

281

Approve vendor selection Requisition confirm to originating department Digital signatures Enter receipt data in receiving department Compare inputs with master data Create audit trail for receipts

Controlling Information Systems: Business Process Controls

282

Listed below are 12 system failures that indicate weaknesses in control. On the answer line to the left of each description, insert the capital letter (from the list above) of the best control plan to address the system deficiency described. A letter should be used only once. SYSTEM FAILURES _____

1.

_____

2.

_____ _____

3. 4.

_____

5.

_____ _____ _____

6. 7. 8.

_____

9.

_____

10.

_____ _____

11. 12.

Vendors are not screened before being added to the authorized vendor data to help ensure selection of a vendor that will provide the best quality at the lowest price by the promised delivery date. Data on the RFID chips is not compared to the open purchase order to ensure that we have received the goods that we ordered. Purchase requisitions are not required to be signed by authorized personnel. The computer does not automatically identify erroneous or suspect data to reduce input errors. Not all documents have been properly examined to ensure that the correct goods have been received, recorded and sent to the warehouse. The company has used a single vendor for the past three years. Data fields are not automatically populated to prevent errors. The vendor has no way of knowing if the electronic purchase order was sent by authorized personnel of the buyer. The purchasing manager has not informed the requisitioning department in a timely manner to let them know that their requests were processed. A copy of the requisition data is not automatically added to the audit data to ensure that a complete record is maintained for all requisition activity. Receipts are captured in the purchasing department. Certain vendors have been favored in the selection process.

ANS: System Failure 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Answer E K C B L F A I H D J G

6. The following is a partial flowchart for the purchasing process. There are selected symbols that must be filled in to complete the flowchart. Fill in the items with missing labels using a letter from A to J. A. Approve PO B. Enterprise database C. Enter requisition data D. Exception routine not shown E. Requisition approval screen

Controlling Information Systems: Business Process Controls F. Approve requisition G. PO Input screen H. Requisition screen with vendor candidates I. Edit and record PO J. Edit input and record requisition

Requisition Department

Computer

Purchasing Department

283

Controlling Information Systems: Business Process Controls

ANS:

284

Controlling Information Systems: Business Process Controls

285

Chapter 13 PROBLEM 1. Figure TB-13.1 shows a portion of the horizontal perspective of a purchasing process. The following functional titles, data flows, and external entities have been omitted. Functional Titles A. Accounts payable department B. Cashier C. Controller D. Treasurer E. VP Finance Data Flow Descriptions F. Accounts payable notification sent to the general ledger process G. Approved voucher sent to cashier H. Check sent to vendor by cashier I. Invoice recorded from vendor J. Notification of the cash disbursement sent from the cashier to the general ledger process K. Paid voucher returned to the accounts payable department

External Entities L. General ledger process M. General ledger process N. Vendors O. Vendors Required: Complete the figure below by inserting the letter corresponding to the: (a) functional titles into the boxes in the triangle (b) data flow descriptions to the squares numbered (c) internal entities in the circles within the box representing the relevant environment. Do not add any flow lines; this is a partial view of the purchasing process only.

Controlling Information Systems: Business Process Controls

Entities in the relevant environment of the purchasing process

286

Controlling Information Systems: Business Process Controls

ANS:

E

D

C Entities in the relevant environment of the purchasing process

B

G

A

I K

N or O F

L or M H

O or N

J

M or L

TB 13.1

287

Controlling Information Systems: Business Process Controls

288

Figure TB 13.2 AP/CD Process 2. Figure TB-13.2 is the AP/CD process level 0 DFD shown in Chapter 13. The narrative that follows is paraphrased from the Chapter 13 description of process 3.0 in the 1.0 diagram. Narrative Description The first step in establishing the payable involves validating the vendor invoice. This process is triggered by receipt of the vendor invoice, a business document that notifies the purchaser of an obligation to pay the vendor for goods or services that were ordered by and shipped to the purchaser. The first process comprises a number of steps. First, the vendor invoice is compared against purchase order data (PO accounts payable notification) to make sure that (1) the purchase has been authorized and (2) invoiced quantities, prices, and terms conform to the purchase order agreement. Next, the invoice is matched against the receiving report data to determine that the goods or services actually have been received. Finally, the invoice is checked for accuracy of computed discounts, extensions, and total amount due. Note that the vendor master data is also updated at this point to reflect purchase history data. If the data items do not agree, the invoice is rejected (reject stub) and follow-up procedures are initiated. If the data items agree, the validated invoice is sent on to the next step to be used to record the payable. The inventory master data and the AP master data are updated. The general ledger is also updated for the payable. Required: From the DFD in Figure TB-13.2 and the narrative description above, explode bubble 1.0 into a lowerlevel diagram showing the details of that process. ANS:

Controlling Information Systems: Business Process Controls

289

TB Figure 13.3 3. Figure TB-13.2 is the purchasing/accounts payable/cash disbursements process level 0 DFD shown in Chapter 13. The narrative that follows describes process 2.0 in the diagram. Narrative Description We remind you that the payment process is triggered by payment due-date information residing on the accounts payable master data (i.e., a temporal event). The payment process begins with the preparation of a check equal to the amount of the invoice, less any discount taken. The check is then recorded in the next process by marking the invoice as paid and making an entry in the cash disbursements event data store. The AP master data is also updated at this point. Finally, the recorded check is issued and the vendor is paid in the next process. The general ledger process is notified of the payment. Required: From the DFD in Figure TB-13.2 and the narrative description above, explode bubble 2.0 into a lowerlevel diagram showing the details of that process. ANS:

Figure TB 13.4 4. In the figure below is the control matrix for the accounts payable/cash disbursements process presented in Chapter 13, but with certain items omitted. In the matrix, each omission is indicated by a box. Jumbled lists of the omitted items are as follows: Omitted from Control Goals Columns

Controlling Information Systems: Business Process Controls 1. 2. 3. 4. 5. 6. 7. 8.

290

Cash, Accounts payable master data Ensure security of resources Payment voucher inputs Accounts payable master data Vendor invoice inputs Ensure effectiveness of operations Ensure efficient employment of resources Accounts payable master data

Omitted Control Plans 9. Record disbursements 10. Independent authorization to make payment 11. Preformatted screens 12. Digital signatures 13. Independent validation of vendor invoices 14. Calculate batch totals

Control Goals of the Information Process

Control Goals of the Operations Process For

For

For

For purchase order

Present Controls

ensure

ensure

ensure ensure

A

B

P-1:

P-1

IV P-1

IC

IA P-1

UC

UA

IV

IC

IA

UC

UA

P-8

P-8

P=2

P-2: Vendor invoice mathematical accuracy check P-3

P-3

P-3

: P-4: Computer generated list of vouchers due P-5:

P-4

P-4

P-5

P-6:

P-6

P-7:

P-7

P-8: Reconcile input output batch totals

P-5 P-6

P-8

P-8

P-8

P-8

Controlling Information Systems: Business Process Controls P-9:

P-9

Missing Controls P-1 Cash Planning Report

P-9

P-9

P-9

291 P-9

P-9

M-1

Required: Complete the matrix in parts 1 and 2 of the Figure below by placing one of the numbers, 1 through 13 from the above lists, to replace the empty boxes showing a missing item. ANS:

Control Goals of the Information Process

Control Goals of the Operations Process 6 7 2 For 5, ensure

For 4, ensure

For 3, ensure

For 8, ensure

1 Present Controls P-1: 13

A

B P-1

P-3

IA P-1

UC

UA

IV

IC

IA

UC

UA

P-3

P-4

P-4

P-5

P-6: 11

P-6

P-7: 9

P-7

P-8: Requisition confirmation to originating department P-9: 12 Missing Controls M-1: Cash planning report

IC

P=2

P-2: Programmed edit checks P-3: 10 P-4: Requisition audit data P-5: 14

IV P-1

P-5 P-6

P-8

P-8

P-8

P-8

P-8

P-8

P-9

P-9

P-9

P-9

P-9

P-9

M-1

5. In the flowchart below for the accounts payable/cash disbursements process presented in Chapter 13, but with certain items omitted. In the flowchart, each omission is indicated by a question mark. Jumbled lists of the omitted items are as follows: 1. 2.

Compare incoming invoices to PO and receiving report data and record AP and GL data Display of vouchers due

Controlling Information Systems: Business Process Controls 3. 4. 5. 6. 7. 8. 9.

292

Enterprise database Exception routine not shown Payment totals Prepare payment order and RA, update AP and GL data for payment, display payment totals Select vouchers for payment, calculate batch totals Translate from EDI and record incoming invoices VAN

Required: Complete the flowchart in the figure below by placing one of the numbers, 1 through 9 from the above lists, to replace the question mark showing a missing item.

Each Day

VAN

? ?

Display vouchers due

?

BT

?

?

Enter payments data

? ?

AP clerk could handle and extra exceptions

Translate payment order and RA to EDI format

?

?

Controlling Information Systems: Business Process Controls

ANS:

Each Day

VAN

8 3

Display vouchers due

2

BT

7

1

Enter payments data

6 5

AP clerk could handle and extra exceptions

Translate payment order and RA to EDI format

9

4

293

Controlling Information Systems: Business Process Controls 6.

294

The following is a list of 12 control plans. Control Plans A. B. C. D. E. F.

Independent validation of vendor invoices Computer generated list of vouchers due, chronologically sorted by date Preformatted screens Record disbursements electronically Calculate batch totals Vendor invoice mathematical accuracy check

G.

Reconcile input-output batch totals

H. I.

Digital signatures Independent authorization to make payment

Required: Listed below are nine system failures that indicate weaknesses in control. On the answer line to the left of each description, insert the capital letter (from the list above) of the best control plan to address the system deficiency described. A letter should be used only once. SYSTEM FAILURES _____ _____

1. 2.

_____

3.

_____ _____

4. 5.

_____

6.

_____ _____

7. 8.

_____

9.

There is no automatic count of the number of lines of data. Disbursements must be manually recorded instead of automatic recording of disbursements data. Data fields must be manually entered and users can customize the input fields as needed. Payables are not tracked by due date and discounts are often missed. The VAN does not know that the sender of a message has the authority to send it. The total shown on a vendor's invoice was greater than the sum of the invoice details, resulting in an overpayment to the vendor. Disbursement checks can be generated with only a valid purchase order. The vendor shipped goods that were never ordered. The invoice for those goods was paid. The totals calculated for payments before the input does not match those produced after the update

ANS: System Failure 1. 2. 3. 4. 5. 6. 7. 8. 9.

Answer E D C B H F A I G

Controlling Information Systems: Business Process Controls

295

Chapter 14 PROBLEM 1. Figure TB-14.1 is a level 0 DFD of a payroll process, but several labels have been omitted from the figure (indicated by small boxes in the figure). Listed below is a numbered, alphabetical list of the omitted items.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Omitted Labels Accrue employer taxes Attendance time records Distribute labor costs Employee/payroll master data General ledger process GL employer tax accrual update GL tax deposit update Government agencies Job time records Pay employees Payroll transfer check Tax deposit

Required: Match the list of labels above to the spots in Figure TB-14.1 where they belong by placing one of the numbers (1 through 12) from the above list in the appropriate box in the figure.

Controlling Information Systems: Business Process Controls

Current tax rates

?

Gov’t Agencies

5.0

?

1.0 Perform data maintenance

? Tax rates data

Accrual notification Bank 6.0 Prepare Tax Deposit

Dept Managers & supervisors

2.0 Reconcile Hours Worked

?

Payment contribution notice Insurance companies etc 7.0 Prepare payroll reports Employee/payroll master data

Payroll tax reports

Validate job time records

3.0

?

Validated attendance time records 4.0

W-2 Forms GL labor distribution update

GL disbursement voucher update

Employee paychecks

?

Employees General Ledger Process

Figure TB 14.1 ANS:

Bank

Benefits reports

296

Controlling Information Systems: Business Process Controls

Current tax rates

297

5

Gov’t Agencies

5.0 1.0 Perform data maintenance

6

1

7 Tax rates data

Accrual notification Bank 6.0 Prepare Tax Deposit

2 or 9

Dept Managers & supervisors

2.0 Reconcile Hours Worked

12

Payment contribution notice Insurance companies etc

9 or 2 7.0 Prepare payroll reports

4 Employee/payroll master data

Payroll tax reports

Validate job time records

3.0

8

Validated attendance time records

3

4.0

10

W-2 Forms GL labor distribution update

GL disbursement voucher update

11

Employee paychecks

Employees General Ledger Process

Figure TB 14.2

Bank

Benefits reports

Controlling Information Systems: Business Process Controls

Validated attendance time records

Employee/ payroll master data

Tax rates data

4.0 Pay Employees

GL disbursements voucher update

General Ledger

Payroll transfer check

Employee Paychecks

Bank

Employees

2. Figure TB 14.3 is a part of the payroll process level 0 DFD shown in the text. The narrative that follows is paraphrased from the text description of process 4.0 in the diagram. Narrative Description Validated attendance time records initiate the payment to workers in process 4.0.

298

Controlling Information Systems: Business Process Controls

299

This process begins with the validated attendance time records. In calculating employees gross and net pay, the first process retrieves data from both the employee/payroll master data and the tax rates data. This process accumulates current, quarter-to-date, and year-to-date totals for each employee and reports this information via the data flow Payroll register. This information also is used to update the employee/payroll master data. Finally, this first process prints and distributes paychecks to employees as reflected in the represented by an employee paychecks data flow. The data flow “payroll register” triggers the next process where the disbursement voucher is prepared. This will result in a data flow for the GL disbursement voucher update, and a data flow for the disbursement voucher. Finally, the payroll transfer check is prepared in the next process and sends it to the bank to cover the organizations periodic net payroll.

Required: From the DFD in the figure below and the narrative description above, explode bubble 4.0 into a lower level diagram showing the details of that process. ANS:

Figure TB 14.4 3. Assume that you are working with a payroll application that produces weekly paychecks, including paystubs. Listed below are 20 data elements that appear on the paycheck/paystub. Data Elements Number 1. 2. 3. 4. 5.

Description Employee identification number Social security number Employee name Employee address Regular hours worked

Controlling Information Systems: Business Process Controls 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20.

300

Overtime hours worked Pay rate classification Hourly pay rate Regular earnings Overtime earnings Total earnings Deduction for federal income tax Deduction for state income tax Deduction for FICA tax Union dues withheld (flat amount based on length of service) Net pay Check number (same number is also preprinted on each check form) Year-to-date amounts for items 11 through 14 preceding Pay-period end date Date of check (employees are paid on Wednesday for the week ended the previous Friday)

Required: For each numbered item, indicate the immediate (versus ultimate) source of the item. For instance, the immediate source of the number of exemptions for an employee would be the employee master file as opposed to the ultimate source which is the W-4 form filed by the employee. Some items may have more than one source, as in the case of item 1. You have the following choices: E T

= =

H

=

W

=

CG CC CO

= = =

Employee master file Time clock cards (these are in machine-readable form and show for each employee for each day the time punched in the morning, out at lunch, in after lunch, and out in the evening) "Table" file of hourly wage rates (i.e., wage rate "class" and hourly rate for each class) "Table" file of state and federal income tax withholding amounts plus FICA tax rate and annual "cutoff" amount for FICA wages. Computer generated (such as a date or time of day supplied by the system) Computer calculated Console operator (such as batch totals or a date to be used)

Arrange your answer as follows: Item 1 2 etc.

Source T, E ?

ANS: Solution: Item No. 1. 2. 3. 4.

Description Employee identification number Social security number Employee name Employee address

Source T, E E T, E E

Controlling Information Systems: Business Process Controls 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20.

Regular hours worked Overtime hours worked Pay rate classification Hourly pay rate Regular earnings Overtime earnings Total earnings Deduction for Federal Income Tax Deduction for State Income Tax Deduction for FICA tax Union dues withheld (flat amount based on length of service) Net pay Check number (same number is also preprinted on each check form) Year-to-date amounts for items 11 through 14 above Pay period ending Date of check (employees are paid on Wednesday for the week ended the previous Friday)

T, CC T, CC E H CC CC CC W, CC W, CC W, CC E, CC CC CG, CO E, CC CG, CO CC, CO

301

Controlling Information Systems: Business Process Controls

302

Chapter 15 PROBLEM 1. NARRATIVE In Figure 15.1 Bubble 1.0, consistent with the value chain concept, the IPP begins with the design of the product and production processes. Activity based costing can be used to develop estimates of the future cost of producing new products as well as potential cost changes from product or design changes. The entire design process is automated through the use of computer-aided design and computer-aided engineering. The use of the CAD/CAE becomes the basis of developing detailed production schedules as well detailed control of production machines. The CAD/CAE process results in several data stores of information which are: Bill of materials: The bill of materials provides the basis for later orders of raw materials (bubble 3 in Figure 15.1) when finished goods is to be produced. Parts master: The parts master or raw materials inventory master lists the detailed specifications of each raw materials item. An engineer must specify the information for the new material in the parts master when a new part is used in product design. Often, existing parts will be used in new products to reduce needed ordering and carrying costs for the inventory. Routing master: The routing master specifies the operations necessary to complete a subassembly or finished good, and the sequence of these operations. The routing master also includes the machining tolerances; the tools, jigs, and fixtures required and the time allowed for each operation. The routing master is vital to developing detailed production instructions (bubble 4.0 in Figure 15.1). Computer aided process planning (CAPP), is often used in developing the routing master for developing new products. CAPP is an automated decision support system that generates manufacturing operations instructions and routings based on information about machinery requirements and capabilities. Work center master: The work center master describes each work center available for producing products. A work station is the assigned location where a worker performs their job. A group of similar work stations constitutes a work center. When new products require new machines or production activities, a new record in the work center master must be created. Refer to the following figure below. Prepare a level 1 data flow diagram for the product and production process design process only. ANS: See text solutions manual for problem 15-1

Controlling Information Systems: Business Process Controls

303

2. NARRATIVE Once the master production schedule is determined, an important step in completing the production in a timely manner is identifying, ordering, and receiving materials. Materials requirements planning is a process that uses bills of material, raw material and WIP inventory status data, open order data, and the master production schedule to calculate a time phased order requirements schedule for materials and sub assemblies. The schedule shows the time period when a manufacturing order or purchase order should be released so that the subassemblies and raw materials will be available when needed. The process involves working backward from the date of production to determine the timing for manufacturing subassemblies and then moving back further to determine the date that orders for materials must be issued into the purchasing process. In an enterprise system, this process is performed automatically, using a variety of data from the enterprise database including: Bills of materials, showing the items and quantities required as developed by engineering. Parts master data, which contains information about part number, description, unit of measure, where used, order policy, lead time, and safety stock. Raw materials and WIP inventory status data showing the current quantities on hand, and quantities already reserved for production for the materials and subassemblies. Open purchase order data showing the existing orders for materials.

Controlling Information Systems: Business Process Controls

304

The process begins by exploding the bill of materials to determine the total of each component required to manufacture a given quantity of an upper level assembly or a subassembly specified in the master production schedule. Based on lead time data for producing and ordering materials and subassembly requirements are output in a time-phased order requirements schedule. Based on this schedule, and open purchase order data, purchase requisitions are generated and sent to purchasing. Required: Refer to the level 0 data flow diagram in Figure 15.1. Prepare a level 1 data flow diagram for the materials requirements planning process only. ANS: See text solutions manual solution to Problem 15-2

Controlling Information Systems: Business Process Controls

Chapter 16

PROBLEM

1. The level zero DFD for the GL/BR process is provided above. Required: Explode bubble 3.0, for the “Record Adjustments” process into a level 1DFD ANS: Refer to solutions manual for P16-2 part a. 2. The level zero DFD for the GL/BR process is provided above. Required:

305

Controlling Information Systems: Business Process Controls

306

Explode bubble 4.0, for the “Prepare Business Reports” process into a level 1DFD ANS: Refer to solutions manual for P16-2 part b. 3. Below is an alphabetical list of twelve control plans discussed in Chapter 16. The second list describes eight system failures that have control implications. Required: On the blank line to the left of each numbered description in the second list, place the capital letter of the control plan that would best prevent the system failure from occurring or would mitigate the resulting exposure. If in doubt between two options, one preventive and one detective/corrective, opt for the preventive. Do not use a letter more than once. You should have no letters unused.

A. B. C. D. E. F. G. H.

Control Category Call-back procedures Backup facilities Diskless workstations or network computers Encryption File and record locking Password protection at the field and record level Standardized policies and procedures for hardware/software acquisition System access logs SITUATIONS

Answers _____

1. An employee in the treasurer's department is in the process of entering a journal voucher when the power supply is disrupted. When power is eventually restored, all of the data entered by the employee was lost.

_____

2. Unknown to the organization, hackers are attempting to gain remote access in its computer network. In an attempt to avoid detection, the hackers make only a few attempts each night. As a result, IT personnel are not aware of this activity.

_____

3. Sue, the trust department manager at Central Savings and Loan, purchased a Maxwell personal computer for her department when it was on sale at the local computer store. Once the PC was operational, Sue discovered that it was incompatible with the personal computers in all of the other bank departments.

_____

4. Receiving department personnel are currently able to access all the fields related to a purchasing event. If they want to steal an inventory item received, they simply change the quantity ordered amount.

_____

5. Edmond Fletcher, a 14-year-old computer wiz, was visiting a friend's house. While there, he copied the telephone number and ID number that he noticed pasted to the PC belonging to the friend's father, an applications programmer at a major bank. When he got home, Nosey dialed the number through the

Controlling Information Systems: Business Process Controls modem in his personal computer, entered the ID number, used a random number generator to get past the security module's password protection, and planted a computer virus in the bank's programs. _____

6. Alfie, the managerial accountant at F & M Enterprises, sent a an email message with confidential information attached. The message was intercepted by a third party and the confidential information was then read and examined by the third party.

_____

7. Sarah, the credit manager at Belle Co., accessed the company's LAN so that she could do a credit review of Ozmond Company's delinquent account. Sarah was unaware that a clerk in accounts receivable, another user on the network, was at that very moment processing customer billings. As a result, Ozmond Company's balance did not reflect $10,000 of billings made to it that day.

_____

8. Ursula, a network user at Billings Co., accessed the company's customer master data from the enterprise database while at her job. Then she copied the data to several diskettes, which she sold to one of Billing's competitors.

ANS: Control Situation Number 1. 2. 3. 4. 5. 6. 7. 8.

Answer B H G F A D E C

ESSAY 1. Discuss the following components of the balanced scorecard: (1) financial (2) internal business processes (3) customers (4) innovation and improvement activities ANS: Balanced scorecard is a methodology for assessing an organizations business performance

307

Controlling Information Systems: Business Process Controls

308

via four components: (1) financial, (2) internal business processes, (3) customers, and (4) innovation and improvement activities. The financial aspect focuses on more traditional measures of business performance related to how shareholders view the organizations performance. The internal business processes relate to the organizations ability to identify its core competencies and to assess how well it performs in these identified areas of competency. The customer component focuses on identifying how customers perceive the organization in terms of the value that it is creating for them. Innovation and improvement activities are monitored to assess how the organization is continuing to improve and how it is creating additional value. 2. The important information services functions of the GL/BR process emphasized in chapter 16 included two categories: (1) general ledger activities and (2) other business reporting. Breifly discuss what comprises the general ledger (GL) process comprises and what comprises the business reporting process. ANS: The general ledger process comprises accumulating data, classifying data by general ledger accounts, and recording data in those accounts. Fueling the financial reporting, business reporting, and other reporting subsystems by providing the information needed to prepare external and internal reports. In servicing the information needs of managerial reporting, the GL interacts with the budgeting modules. The business reporting process is concerned with the following: Preparing general purpose, external financial statements (e.g., the conventional four that you have studied in other accounting courses: the balance sheet, income statement, statement of owner equity changes, and cash flow statement). Ensuring that the external financial statements conform to GAAP; therefore, among other things, the statements must contain appropriate footnote disclosures. Generating Web-based forms of key financial statement and related business reporting information for dissemination via the Internet. Supporting the generation of both ad hoc and predetermined business reports that support operational and strategic decision making.