This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Accounting Information Systems, 8e 1 SOLUTIONS FOR CHAPTER 8 Discussion Questions DQ8-1 “The Enterprise Risk Management (ERM) framework introduced in Chapter 7 can be used by management to make decisions on which controls in this chapter should be implemented.” Do you agree? Discuss fully. ANS. Several issues might be included in an answer to this question. Here are some of those issues: • The quote implies that not all controls need to be implemented. Perhaps the costs and benefits of controls should be considered. • Using the ERM framework provides an alternative where the benefits, or return on investment, might be difficult to determine. Using the ERM framework will focus attention on management of risk by employing certain control techniques and security measures. • Security measures might be implemented on the basis of the probability of loss or disruption (i.e., risk assessment). • Security measures should be directed at information assets that must be protected to help achieve objectives (and strategies). • Security measures must address business requirements. Information security is a business problem. DQ8-2 “In small companies with few employees, it is virtually impossible to implement the segregation of duties control plan.” Do you agree? Discuss fully. ANS. Obviously, whether one agrees or disagrees with the statement depends on how few “few” employees actually are. (Forty-seven percent of all U.S. employers have fewer than five workers. Source: Jim Hopkins, “How Small Firms Lock Data Down,” USA Today , July 19, 2006, p. 6B.) Ideally, to maximize segregation of duties, the four events-processing functions would reside in four separate individuals. However, the plan can be implemented with as few as three employees, as follows (the employees are called A, B, and C in the following example and a cash payment is used as an illustrative transaction): Function Number Function Description Performed by Employee 1 Authorize the cash payment. A (*) 2 Execute (make) the cash payment. B 3 Record the cash payment. C 2 Solutions for Chapter 8 Function Number Function Description Performed by Employee 4 Safeguard the cash asset (i.e., have custody of blank checks). B (**) Notes: (*) Employee A might very well be the sole proprietor of the organization or hold an equivalent supervisory position. (**)To compensate for the fact that functions 2 and 4 both reside in employee B, the monthly bank statement is mailed by the bank directly to employee A, who prepares the independent bank reconciliation. In the chapter, we discussed such an alternative under the rubric of compensatory controls . Assuming that employee A is the sole proprietor, we could even collapse the four functions into two employees by having A perform functions 1 and 3 and having B perform functions 2 and 4. But note that if we do that, we are really substituting a personnel control plan (i.e., trust in employee B’s honesty) for a segregation of duties control plan.duties control plan....
View Full Document
This note was uploaded on 11/09/2010 for the course ACCT 326 taught by Professor Alt. during the Spring '10 term at American.
- Spring '10