Chapter 1

1. Describe how AIS adds value to an organization by providing accurate and

timely information.
1.
2.
3.
4.
5.
6.
7.

A well-designed AIS can do this through the following:

Improving the quality and reducing the costs of products and services
Improving efficiency
Sharing knowledge
Improving the efficiency and effectiveness of the supply chain
Improving the internal control structure
Improving decision making

2. Describe the six components of AIS.

1. The people who operate the system and perform various functions
2. The procedures and instructions, both manual and automated, involved in
collecting, processing and storing data
3. The data about the organization and its business processes
4. The software used to process the organization's data
5. The information technology infrastructure, including computers, peripheral
devices and network communications devices used to collect, store,
process and transmit data and information.
6. The internal controls and security measures that safeguard the data in the
AIS
3. Within the value chain of an organization there are five primary activities and
four support activities. Describe how an accounting information system fits
into the value chain of an organization. Where does it add value?
While some might pigeon-hole the accounting information system as a simple
support activity, its influence on the value of each primary and support activity is
large. The accounting information system adds value to each activity by
improving the quality and reducing the costs of each activity, improving
efficiency, improving decision making, improving the sharing of knowledge. All of
this is accomplished by collecting the proper data, summarizing it appropriately
for each particular user, and delivering the information at the appropriate time.

Chapter 2
Question 1
Transaction data is initially entered through two alternative internal accounting
records. Identify and explain the purpose of these records of original entry.
1. A journal entry is made for each transaction showing the accounts and
amounts to be debited and credited.
2. A "general journal" is used to record infrequent and nonrecurring
transactions.
3. A "specialized journal" is used to simplify the process of recording large
numbers of repetitive transactions. Examples of specialized journals include
sales journals.
------------------------------------------------------------------Question 2
Identify the types of data processing.
1. Creating or adding new data records, such as adding a new employee to the
payroll master file or database after they have been hired.
2. Reading, retrieving or viewing existing data.
3. Updating data previously stored about the activity, the resources affected by
the activity, or the people who performed the activity.
4. Deleting data, such as purging the vendor master file of all vendors that the
company no longer does business with.
------------------------------------------------------------------Question 3
In order to identify the information needs of a company, an information systems
specialist first identifies business activities and then key decisions within each
activity. Once the key decisions have been identified, the specialist determines
what information is needed for each decision. For the "pay vendors" business
activity determine the key decisions that need to be made and the information
needs of each decision.
Whom to pay
Accounts payable subsidiary ledgers
When to pay
Vendor invoices
How much to pay
Cash budget

Chapter 3
Question 1
What is the function of system flowcharts?
Describe the relationship between inputs, processing, and outputs for a system.
System flowcharts depict the relationships among the input, processing, and
output of an AIS. A system flowchart begins by indentifying the inputs that enter
the system and their origins. The input can be new data entering the system,
data stored for future use or both. The input is followed by the processing portion
of the flowchart. The logic the computer uses to perform the processing task is
shown on a program flowchart.
------------------------------------------------------------------Question 2
What is the function of a program flowchart?
Describe the sequence of logical operations performed in a computer program.
A program flowchart illustrates the sequence of logical operations performed by
a computer in executing a program. A program flowchart describes the specific
logic to perform a process shown on a system flowchart.
------------------------------------------------------------------Question 3
Why are document flowcharts sometimes referred to as internal control
flowcharts?
Document flowcharts are particularly useful in analyzing the adequacy of control
procedures in a system, such as internal checks and segregation of functions.
Document flowcharts can reveal weaknesses or inefficiencies in a system, such
as inadequate communication flows, unnecessary complexity in document flows,
or procedures responsible for causing wasteful delays.

Chapter 4
Question 1
What are the benefits of database technology?
Not Scored: Data integration, Data sharing, Reporting flexibility, Minimal data
redundancy and inconsistencies, Data independence, Central management of
data, Cross-functional analysis.
------------------------------------------------------------------Question 2
What are the basic requirements of a relational database?
1. Every column in a row must be single valued.
2. Primary keys cannot be null.
3. Foreign keys, if not null, must have values that correspond to the value of
a primary key in another table.
4. All non-key attributes in a table should describe a characteristic about the
object identified by the primary key.
------------------------------------------------------------------Question 3
Identify the three levels of schema and define each level.
1. The conceptual level schema defines the entire database. It consists of all
data elements and the relationships between them.
2. The external level schema consists of a subset of the entire database
customized to the needs of a particular user. For example, a payroll clerk
would have an external schema that would provide access to all of the
payroll data necessary to accomplish his/her task.
3. The internal level schema describes how the data are stored and accessed.
This would include information about record lengths, field types, access
methods, indexing, pointers, etc.

Chapter 5
Question 1
What are the auditor's responsibilities to detect fraud?
1. They must understand fraud
2. Audit team members should discuss how and where the company's
financial statements might be susceptible to fraud
3. The audit team must gather evidence about the existence of fraud by
looking for fraud risk factors
4. Evaluate the results of audit tests
5. Document and communicate findings to management
6. Incorporate an audit focus
------------------------------------------------------------------Question 2
Describe the industry conditions that can lead to financial statement fraud.
1. Declining industry
2. Industry or technology changes that lead to declining demand or product
obsolescence
3. New regulatory requirements that impair financial stability or profitability
4. Significant competition or market saturation with declining margins
5. Significant tax changes or adjustments
------------------------------------------------------------------Question 3
What is a trap door and does it have any legitimate use?
Trap doors are a way into a system that bypasses normal system controls.
They are legitimately used by programmers during systems development but
are normally removed before the program is put into operation. A trap door
that is not removed can be used by anyone to enter the program or system
and commit a fraud. Programmers may also fraudulently insert a trap door
allowing them later access to the system after their job is complete.

Chapter 6
1
.

What are the control objectives achieved by internal controls?

1. Safeguarding assets, including preventing or detecting, on a timely

basis, the unauthorized acquisition, use or disposition of material
company assets
2. Maintaining records in sufficient detail to accurately and fairly
reflect company assets
3. Provide accurate and reliable information
4. Provide reasonable assurance that financial reporting is prepared in
accordance with GAAP
5. Reporting and improving operational efficiency
6. Encouraging adherence to prescribed managerial policies
7. Complying with applicable laws and regulations

2
.

Describe the important aspects of Sarbanes Oxley

1. SOX created the PCAOB to control the auditing profession

2. Auditors must report specific information to the company's audit
committee, such as critical accounting policies and practices
3. Audit committee members must be on the company's board of
directors and be independent of the company
4. Requires CFO or CEO to certify that financial statements and
disclosures are fairly presented, were reviewed by management,
and are not misleading
5. Section 404 of SOX requires publicly held companies to issue a
report accompanying the financial statements that states
management is responsible for establishing and maintaining an
adequate internal control structure and appropriate control
procedures.

Chapter 7
Question 1
What procedures are used to adequately secure wireless access?
1. -Turn on available security features
2. -Authenticate all devices attempting to establish wireless access to the
network before assigning them an IP address.
3. -Configure all authorized wireless NICs to operate only in infrastructure
mode.
4. -Use non-informative address for the access points address, called a service
set identifier (SSID).
5. -Predefine a list of authorized MAC addresses and configure wireless access
points to only accept connections from those MAC addresses.
6. -Reduce broadcast strength of wireless access points to make unauthorized
reception more difficult off premises.
7. -Locate wireless access points in the interior of the building and use
directional antennae to make unauthorized access and eavesdropping more
difficult.
8. -As with modems, its easy and inexpensive for employees to set up rogue
wireless access points.
------------------------------------------------------------------Question 2
What steps does a computer emergency response team (CERT) take with respect
to an incident?
Not Scored: 1. Recognition that a problem exists
2. Containment of the problem
3. Recovery, Damage caused by an attack must be repaired
4. Follow up, the CERT should lead the analysis of how the incident occurred
------------------------------------------------------------------Question 3
Identify three fundamental information security concepts.
1) Security is a management issue, not a technology issue. This seems to
contradict the fact that security is a technical subject, but it's the people and
management that really contribute to security.
2) The time-based model of security indicates that preventive controls are
important but that detection and correction have an important role, as well.
(3) Defense-in-depth suggests that multiple layers of controls are needed to
avoid having a single point of failure.