Cis

1. Audit Committee CMA 6898 3-3 Micro Dynamics, a developer of database software packages, is a pblicly !eld company w!ose stock is traded over t!e conter" #!e company recently received an enforcement release proceeding t!rog! an $%C administrative law  &dge t!at cited cited t!e company for for inade'ate inade'ate internal controls" controls" (n response, response, Micro Dynamics !as agreed to establis! an internal adit fnction and strengt!en its adit committee" A manager of t!e internal adit department !as been !ired as a reslt of t!e $%C enforcement action to establis! an internal adit fnction" (n addition, t!e composition of t!e adit committee !as been c!anged to inclde all otside directors" Micro Dynamics !as !eld its initial planning meeting to discss t!e roles of  t!e varios participants in t!e internal control and )nancial reporting process" *articipants *articipants at t!e meeting inclded t!e company president, t!e c!ief )nancial o+cer, a member of t!e adit committee, a partner from Micro Dynamics eternal adit )rm, and t!e newly appointed manager of t!e internal adit department" Comments by t!e varios meeting participants are presented below"

President . /0e want to ensre t!at Micro Dynamics complies wit! t!e $%Cs enforcement release and t!at we dont )nd orselves in t!is position again" #!e internal adit department s!old !elp to strengt!en or internal control system by correcting t!e problems" ( wold like yor t!og!ts on t!e proper reporting relations!ip relations!ip for t!e manager of t!e internal internal adit department"1 CFO. /( t!ink t!e manager of t!e internal adit department s!old report to me since mc! of t!e departments work is related to )nancial isses" #!e adit committee s!old !ave oversig!t responsibilities"1 responsibilities"1 Audit committee member . /( believe we s!old t!ink t!rog! or roles more careflly" #!e #readway Commission !as recommended t!at t!e adit committee play a more important role in t!e )nancial reporting process2 t!e dties of todays adit committee !ave epanded beyond mere rbber-stamp approval" 0e need to !ave greater assrance t!at controls are in place and being followed"1 External audit frm partner . /0e need a close working relations!ip among all of or roles" #!e internal adit department can play a signi)cant role in monitoring t!e control systems on a contining basis and s!old !ave strong ties to yor eternal adit )rm"1 Internal audit department manager. /#!e internal adit department s!old be more involved in operational aditing, bt it also s!old play a signi)cant monitoring role in t!e )nancial reporting area"1 e'ired. a" Describe t!e role of eac! of t!e following in t!e establis!ment, maintenance, and evalation of Micro Dynamics system of internal control"

i" Management ii" Adit committee iii" %ternal aditor iv" (nternal adit department b" Describe t!e responsibilities t!at Micro Dynamics adit committee !as in t!e )nancial reporting process"

2. Role o Internal Auditor CMA 459 7-8 eig! (ndstries !as an internal adit department consisting of a director and for sta: aditors" #!e director of internal adit, Diane ;aer, reports to t!e corporate controller, w!o receives copies of all internal adit reports" (n addition, copies of all internal adit reports are sent to t!e adit committee of t!e board of directors and t!e individal responsible for t!e area of activity being adited" (n t!e past, t!e companys eternal aditors !ave relied on t!e work of t!e internal adit department to a sbstantial degree" ?ne of t!e internal aditors assisted in t!e preparation of policy statements on internal control"  #!ese statements inclded sc! t!ings as policies regarding sensitive payments and t!e safegarding of assets" > econciling t!e bank statements of t!e corporation eac! mont! is a reglar assignment of one of t!e internal aditors" #!e corporate controller believes t!is strengt!ens t!e internal control fnction becase t!e internal aditor is not involved in eit!er t!e receipt or t!e disbrsement of cas!" > #!e internal aditors are asked to review t!e annal bdget eac! year for relevance and reasonableness before t!e bdget is approved" At t!e end of eac! mont!, t!e corporate controllers sta: analy@es t!e variances from bdget and prepares eplanations of t!ese variances" #!ese variances and eplanations are t!en reviewed by t!e internal adit sta:" > ?ne of t!e internal aditors !as been involved in t!e design, installation, and initial operation of a new compteri@ed inventory system" #!e aditor was primarily

concerned wit! t!e design and implementation of internal acconting controls and condcted t!e evalation of t!ese controls dring t!e test rns" > #!e internal aditors are sometimes asked to make t!e acconting entries for comple transactions as t!e employees in t!e acconting department are not ade'ately trained to !andle sc! transactions" #!e corporate controller believes t!is gives an added measre of assrance to t!e accrate recording of t!ese transactions" e'ired. a" De)ne ob&ectivity as it relates to t!e internal adit fnction" b" or eac! of t!e )ve nonadit activities presented, eplain w!et!er t!e ob&ectivity of eig! (ndstries internal adit department !as been materially impaired" Consider eac! sitation independently" c" #!e director of internal adit reports directly to t!e corporate controller" Does t!is reporting relations!ip a:ect t!e ob&ectivity of t!e internal adit departmentB %plain yor answer" d" 0old yor evalation of t!e )ve sitations in estion b c!ange if t!e director of internal adit reported to t!e adit committee of t!e board of directorsB %plain yor answer"

. P!"sical #ecurit" Avatar inancials, (nc", located on Madison Avene, ew ork City, is a company t!at provides )nancial advice to individals and small to mid-si@ed bsinesses" (ts primary operations are in wealt! management and )nancial advice" %ac! client !as an accont w!ere basic personal information is stored on a server wit!in t!e main o+ce in ew ork City" #!e company also keeps t!e information abot t!e amont of investment of eac! client on a separate server at its data center in ;et!le!em, *ennsylvania" #!is information incldes t!e total vale of t!e portfolio, type of investments made, t!e income strctre of eac! client, and associated ta liabilities" (n t!e last few years, larger commercial banks !ave started providing sc! services and are competing for t!e same set of cstomers" Avatar, w!ic! prides itself in personal consmer relations, is now trying to set p additional services to keep its crrent cstomers" (t !as recently pgraded its 0eb site, w!ic! formerly only allowed clients to pdate t!eir personal information" ow clients can access information abot t!eir investments, income, and ta liabilities t!at is stored at t!e data center in *ennsylvania" As a reslt of previos dealings, Avatar !as been given free access to se t!e compter room of an older prodction plant" #!e company feels believes t!at t!is location is secre enog! and wold keep t!e data intact from p!ysical intrders"  #!e servers are !osed in a room t!at t!e prodction plant sed to !ose its legacy

system" #!e room !as detectors for smoke and associated sprinklers" (t is enclosed, wit! no windows, and !as speciali@ed temperatre-controlled air dcts" Management !as recently started looking at ot!er alternatives to !ose t!e server as t!e plant is going to be s!t down" Management !as ma&or concerns abot t!e secrecy of t!e location and t!e associated measres" (t wants to incorporate newer met!ods of p!ysical data protection" #!e companys aditors !ave also epressed a concern t!at some of t!e measres at t!e crrent location are inade'ate and t!at newer alternatives s!old be fond" e'ired. 4" 0!y are t!e aditors of Avatar stressing t!e need to !ave a better p!ysical environment for t!e serverB (f Avatar !as proper software controls in place, wold t!at not be enog! to secre t!e informationB 5" ame t!e si essential control featres t!at contribte directly to t!e secrity of t!e compter server environment"

$. %isaster Reco&er" Plans  #!e !ead'arters of