{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Solutions-8th-Ch08 - Accounting Information Systems 8e1...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Accounting Information Systems, 8e 1 SOLUTIONS FOR CHAPTER 8 Discussion Questions DQ8-1 “The Enterprise Risk Management (ERM) framework introduced in Chapter 7 can be used by management to make decisions on which controls in this chapter should be implemented.” Do you agree? Discuss fully. ANS. Several issues might be included in an answer to this question. Here are some of those issues: The quote implies that not all controls need to be implemented. Perhaps the costs and benefits of controls should be considered. Using the ERM framework provides an alternative where the benefits, or return on investment, might be difficult to determine. Using the ERM framework will focus attention on management of risk by employing certain control techniques and security measures. Security measures might be implemented on the basis of the probability of loss or disruption (i.e., risk assessment). Security measures should be directed at information assets that must be protected to help achieve objectives (and strategies). Security measures must address business requirements. Information security is a business problem. DQ8-2 “In small companies with few employees, it is virtually impossible to implement the segregation of duties control plan.” Do you agree? Discuss fully. ANS. Obviously, whether one agrees or disagrees with the statement depends on how few “few” employees actually are. (Forty-seven percent of all U.S. employers have fewer than five workers. Source: Jim Hopkins, “How Small Firms Lock Data Down,” USA Today , July 19, 2006, p. 6B.) Ideally, to maximize segregation of duties, the four events-processing functions would reside in four separate individuals. However, the plan can be implemented with as few as three employees, as follows (the employees are called A, B, and C in the following example and a cash payment is used as an illustrative transaction): Function Number Function Description Performed by Employee 1 Authorize the cash payment. A (*) 2 Execute (make) the cash payment. B 3 Record the cash payment. C 4 Safeguard the cash asset (i.e., have custody of blank checks). B (**)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Solutions for Chapter 8 Function Number Function Description Performed by Employee Notes: (*) Employee A might very well be the sole proprietor of the organization or hold an equivalent supervisory position. (**)To compensate for the fact that functions 2 and 4 both reside in employee B, the monthly bank statement is mailed by the bank directly to employee A, who prepares the independent bank reconciliation. In the chapter, we discussed such an alternative under the rubric of compensatory controls . Assuming that employee A is the sole proprietor, we could even collapse the four functions into two employees by having A perform functions 1 and 3 and having B perform functions 2 and 4. But note that if we do that, we are really substituting a personnel control plan (i.e., trust in employee B’s honesty) for a segregation of duties control plan.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}