BATAAN PENINSULA STATE UNIVERSITY

COLLEGE OF BUSINESS AND ACCOUNTANCY

BSAC 322
ACCOUNTING INFORMATION SYSTEMS

FINAL REQUIREMENTS – CASE ANALYSIS

PROBLEM 1
Decision scope categorizes decisions into three broad areas of managerial decision
making. These three areas are operational control, management control, and strategic
planning. Define operational control, management control, and strategic planning in
relation to managerial decision making. Provide two examples of operational control
management control, and strategic planning decisions that you would make assuming
that you are the manager of the organization.
PROBLEM 2
Shiny Sheena started a business to sell art supplies and related curricula to home school
families. The business grew quickly, with sales doubling three time during a five-year
period. At that point, she sold the business because it had grown too large to manage
from her home. Under the new owners, sales doubled again during the next two years.
Profits, however, did not keep pace with the sales. In addition, the firm had borrowed
heavily to open a warehouse. Inventory costs and operating expenses at the warehouse
were higher than anticipated, and the monthly payments on the loan were proving to be
burdensome. Recently, the number and amount of past due transactions have risen
dramatically. Together, these problems have created a severe cash flow problem. If the
cash flow situation does not improve quickly, the firm may have to declare bankruptcy,
even though sales are continuing to increase.
REQUIRED:
Describe some of the information that a good AIS could have provided for this firm and
that, if provided in a timely manner, could have helped it avoid some of its problem.
PROBLEM 3
The following data elements comprise the conceptual-level schema for a database:
Billing address Invoice number
Cost Item Number
Credit limit Price
Customer name Quantity on hand
Customer number Quantity Sold
Date Shipping Address
Description Terms
REQUIRED:
1. Identify three potential users of the above data elements
2. Create a set of tables for each of the identified users.
3. Enter sample data for each table.
PROBLEM 4
Wreck and Wreck’s policy requires a “sealed bid” to sell motor vehicles that are no longer
efficient. In reviewing the sale of some vehicles that had been declared obsolete, the
auditor found that management had not always complied with the stated policy. Records
indicated that several vehicles on which major repairs had recently been performed were
sold at negotiated prices. Management assured the auditor that by performing limited
repairs and negotiating with knowledgeable buyers, better prices had been obtained for
the salvaged vehicles than had the required sealed-bid procedures been followed. The
auditor suspected that there might be more involved than management indicated. Further
investigation revealed that the vehicles had been sold to employees at negotiated prices
well below the market value. The auditor’s work eventually resulted in three managers
and five other employees pleading guilty to criminal charges and making restitution to the
organization.
REQUIRED:
1. Based on this scenario, outline the symptoms or indications of possible fraud that
would have aroused the auditor’s suspicion.
2. Suggest audit procedures that the auditor could have employed to established the
fact that fraud had in fact occurred.
PROBLEM 5
One Sunday afternoon at a busy hospital, computers started running slower and
documents would not print. By Monday morning, the situation became worse as more
employees returned to work and logged on to their computers. Even stranger things
started happening, such as operating-room doors stopped opening, computers in the ICU
shut down. By 10:00 am all 50 people in the hospital’s information-technology department
were summoned, but their efforts made little difference.
As the hospital’s IT staff discovered, the hospital was under attack by a botnet, a network
of computers infected with malware that was controlled by three hackers. The trio
exploited a flaw in the MS Windows operating systems that let them install pop-ups ads
on the hospital’s computers. They got access to the first computer on Sunday and then
started spreading the infection to other computers through the hospital’s network. As
each computer became infected, it turned into another bot or zombie, which would in turn
scan the hospital’s network looking for hospital’s network looking for new victims to infect.
As a result, the network became clogged with zombie traffic and hospital communications
began to break down. Initially, the hospital’s technology staff tried to halt the attack by
shutting off the hospital from the Internet, but by then it was too late. The bots were inside
the hospital’s computer systems and infecting other computers faster than they could be
cleaned.
By Monday afternoon, the IT department figured out which malware the bots were
installing on computers and wrote a script, which was pushed out hourly, directing the
computers to remove the bad code. The script helped to slow the bots down a bit.
REQUIRED:
1. What could the hospital do to stop the attack and contain the damage?
2. Which computer fraud and abuse technique did the hackers use in their attack on
the hospital?
3. What steps should the hospital have taken to prevent the damage caused by the
attack?

PROBLEM 6
Which preventive, detective, and/or corrective controls would best mitigate the following
threats?
a. An employee’s laptop was stolen at the airport. The laptop contained personally
identifying information about the company’s customers that could potentially be
used to commit identity theft.
b. A salesperson successfully logged into the payroll system by guessing the payroll
supervisor’s password.
c. A criminal remotely accessed a sensitive database using the authentication
credentials (user ID and strong password) of an IT manager. At the time the attack
occurred, the IT manager was logged into the system at his workstation at
company headquarters.
d. An employee received an email purporting to be from her boss informing her of an
important new attendance policy. When she clicked on a link embedded in the
email to view the new policy, she infected her laptop with keystroke logger.
e. The director of Research and Development quit abruptly after an argument with
the CEO. The company cannot access any of the files about several new projects
because the R&D director had encrypted them before leaving.
f. Attackers broke into the company’s information system through a wireless access
point located in one of its retail stores. The wireless access point had been
purchased and installed by the store manager without informing central IT or
security.
g. An employee picked up a USB drive in the parking lot and plugged it into their
laptop to “see what was on it,” which resulted in a keystroke logger being installed
on that laptop.
h. A competitor intercepted the company’s bid for a lucrative contract that was
emailed to the local government’s web site. The competitor used the information
contained in the email to successfully underbid and win the contract.
i. When an earthquake destroyed the company’s main data center, the CIO spent
half a day trying to figure out who in the organization needed to be contacted in
order to implement the company’s cold site agreement.
j. An attacker gained access to the company’s internal network by installing a
wireless access point in a wiring closet located next to the elevators on the fourth
floor of a high-rise office building that the company shared with seven other
companies.