Question

In: Accounting

1. Assume that, when conducting procedures to obtain an understanding of Benson Seed Company's internal controls,...

1. Assume that, when conducting procedures to obtain an understanding of Benson Seed Company's internal controls, you checked “No” to the following internal control questionnaire items:

• Does access to online files require specific passwords to be entered to identify and validate the terminal user?

• Does the user establish control totals prior to submitting data for processing? (Order entry application subsystem.)

• Are input control totals reconciled to output control totals? (Order entry application subsystem.)

Required: Describe the errors and frauds that could occur because of the weaknesses indicated by the lack of IT controls.

2. The following are brief stories of actual employee thefts and embezzlements perpetrated in an IT environment.

a. An accounts payable terminal operator at a subsidiary entity fabricated false invoices from a fictitious vendor and entered them in the parent entity's central accounts payable/cash disbursement system. Five checks totaling $155,000 were issued to the “vendor.”

b. A bank provided custodial and record-keeping services for several mutual funds. A proof-and-control department employee substituted his own name and account number for those of the actual purchasers of some shares. He used the accounting information system to conceal and shift balances from his name and account to names and accounts of the actual investors when he needed to avoid detection because of missing amounts in the investors' accounts.

c. The university's accounting information system was illegally hacked. Vandals changed many students' first names to Susan, student telephone numbers were changed to the number of the university president, grade point averages were modified, and some academic files were completely deleted.

d. A computer operator at a state-run horse race betting agency set the computer clock back three minutes. After the race was completed, he quickly telephoned bets to his girlfriend, an input clerk at the agency, gave her the winning horse and the bet amount, and won every time!

Required: What type of control procedure that might have prevented or detected the fraud was missing or inoperative?

Solutions

Expert Solution

Question 1:

Does access to online files require specific passwords to be entered to identify and validate the terminal user? Unauthorized access may be obtained to programs or data resulting in the loss of assets or other entity resources through theft or fraud.

Does the user establish control totals prior to submitting data for processing? Sales transactions may be lost in data conversion or processing or errors made in data conversion or processing.

Are input totals reconciled to output control totals? Control totals are not useful unless they are reconciled to equivalent totals determined following processing. As a result, audit teams would fail to detect errors made in the input or processing of data.

Question 2:

a.         Identify the type of input controls that should exist in this environment.

·Authorization and data entry (record-keeping) functions appropriately separated.

.Receipt (receiving report) matched or independently coded.

·There is an approved master file of authorized vendors for matching payees to authorized vendors.

·There are range checks or limit or reasonableness tests if the check amounts were large (average of $31,000 in the entity).

b.         In developing test data to evaluate the operating effectiveness of the client’s automated controls, the auditor should have incorporated these error conditions into the test data:

·Separation of employee accounts from investors’ accounts for control group review of activity.

·Failure to log employee investor transfer transactions that would detect this type of manipulation.

c.         In this case, password access controls were not established or operating properly.

d.         In this case, the time in the system was not checked against the actual time.


Related Solutions

Audit procedures may be classified into several categories, including: 1.    Procedures designed to obtain an understanding...
Audit procedures may be classified into several categories, including: 1.    Procedures designed to obtain an understanding 2.    Tests of controls 3.    Analytical procedures 4.    Substantive testing of transactions 5.    Substantive testing of balances. Required (a)   Describe the relationship between the above five categories and how these need to be considered when designing audit strategies. (b)   How would consideration of the audit risk model affect the audit strategy and therefore the extent to which these types of procedures are performed?
Auditors are required to obtain a sufficient understanding of an entity's internal control. This understanding is...
Auditors are required to obtain a sufficient understanding of an entity's internal control. This understanding is required by the performance principle of GAAS. Required: What are some of the goals (purposes) for conducting an evaluation of an entity's internal control?
The main purpose of risk assessment procedures is to Obtain an understanding of the entity and...
The main purpose of risk assessment procedures is to Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatements at the financial statement and assertion levels Test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level Detect material misstatements at the assertion level. All of the given choices are main purposes of risk assessment procedures Inquiries directed towards those charged with governance...
Question Understanding internal control, components, procedures, and laws
Question Understanding internal control, components, procedures, and lawsMatch the following terms with their definitions.1. Internal control2. Control procedures3. Firewalls4. Encryption5. Environment6. Information system7. Separation of duties8. Collusion9. Documents10. Audits11. Operational efficiency12. Risk assessment13. Sarbanes-Oxley Acta. Two or more people working together to overcome internal controls.b. Part of internal control that ensures resources are not wasted.c. Requires companies to review internal control and take responsibility for the accuracy and completeness of their financial reports.d. Should be prenumbered to prevent theft and...
The following internal controls were identified by the auditor while gaining an understanding of internal control...
The following internal controls were identified by the auditor while gaining an understanding of internal control for the sales cycle. Access to the customer master file is restricted to authorized personnel. Customers are added to the master file only after appropriate approval, including adequate background and credit checks. Sales are made only to approved customers. The computer system rejects orders if the customer number is invalid or the order exceeds the customer’s approved credit limit. The computer matches the products...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and corrective controls. What is the difference between prventive controls, detective controls and corrective controls?
1) what comments concerning the company's system of internal controls are included in the annual report...
1) what comments concerning the company's system of internal controls are included in the annual report of a company? 2) What reference is typically made to the Audit Committee on a company's annual report? 3) what types of information about cash and cash equivalents are included n the balance sheet and summary of significant accounting policies? 4) Where cash and cash equivalents are included an annual report. How liquid are these cash equivalent?
Describe internal controls, why we have them and give an example of three internal control procedures.
Describe internal controls, why we have them and give an example of three internal control procedures.
What are the goals of conducting an audit of financial statements and internal controls? Who typically...
What are the goals of conducting an audit of financial statements and internal controls? Who typically conducts such audits, how often, and for whom?
After the auditor has prepared a flowchart of the accounting procedures and internal controls surrounding the...
After the auditor has prepared a flowchart of the accounting procedures and internal controls surrounding the revenue process and has evaluated the design of the system, he or she decides to test controls. The auditor would perform tests of controls on all internal controls: that are most risky and that the auditor plans to rely on. that seem to be functioning. that would assist in preventing fraud. documented in the flowchart.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT