HA2042 Accounting Information Systems Tutorial Questions Assignment 2 Answer
HA2042 Accounting Information Systems
Question 1: Control weaknesses and recommendations:
The control weaknesses at Crimson Electricals:
In the case of Crimson Electricals, there are many control weaknesses in the accounting system:
- The main control weakness is with Albert who handles all-cash sales receipts, prepares deposits, deposit cheques, record receivables, and issue bills for credit sales. Albert handles a major part of the business and also not hand over his work to any other employee for more than 1 day that is very suspicious and there are huge chances of fraud by Albert.
- There is no monitoring of the work of any employee and work allotted in such a manner that no cross-checking is possible in the accounting system of any employee.
- The owner is having a full focus on serving the customers and no overvalue of work of employees.
- There is no interchange in the work responsibility of employees that result in the manipulation of financial information (Bakarich, & Baranek, 2020).
- As per work allocation, one employee has full control of inventory, another has full control of payment and Albert has full control of receipt of Crimson Electricals. There is control weakness due to the centralization of powers in the hand of employees.
The recommendations to remedy the control weaknesses:
In the case of Crimson Electricals, the following steps should be taken to increase control in the accounting system:
- The first step is to interchange the work allocation of employees in such a way that the work of one employee is automatically checked by other employees during the work process.
- Provide leave to Albert and do proper checking of accounts handled by Albert.
- Surprise checking should be done by the owner to check the accuracy of accounts and financial information.
- Work distributed in the employee by decentralizing the power of employees. For example, one employee prepares a sale bill of credit and cash, another receives cash and cheques for deposit and Albert prepares a record of receivables and daily deposits.
Question 2: Internal control weaknesses:
The internal control weaknesses in the purchase system:
In the given case, the following are the internal control weaknesses in the purchase system of wholesaler:
- The purchasing clerk checks inventory quantity status with inventory subsidiary ledger in place of physical check and provides order according to it.
- No dual authorization on the purchase order sent to the purchasing department and supplier.
- The clerk selects suppliers for the supply of inventory from supplier files, no monitoring on the work of the purchasing clerk.
- The receiving clerk inspects goods alone, there are chances of omission or error on the hand of the clerk. Also no monitoring on the working of the clerk.
- The warehouse clerk is responsible for physical goods to the warehouses and record of inventory in a subsidiary ledger which results in weak control on the maintenance of inventory.
The associated risk with internal control weaknesses:
In the above-mentioned weaknesses, the following risks are associated with the current purchase system of the wholesaler (Lenard, et al. 2016).
- The risk of difference in data of inventory subsidiary ledger and physical inventory status. Due to this excess order may be placed by the purchasing clerk.
- The risk of fraud in the case of purchase order and selection of suppliers as per the personal benefits of a clerk.
- The risk of theft of inventory at the time of receiving goods as a warehouse clerk in maintaining physical goods as well as a record of inventory subsidiary ledger.
- Inventory is a major asset of the business entity, there is a requirement of dual authorization or monitoring of transaction to restrict fraud in inventories.
Question 3: Payroll system and uncontrolled risk:
The uncontrolled risk associated with the payroll system:
In the given case, the company providing salary to employees as per the time on the job, and to record the time, employees use a time clock in an unsupervised area. The supervisor has appointed to check the working hours of employees but due to heavy workload, he is unable to monitor the recording process. Based on time cards submitted by the employees, the salary is prepared by the payroll clerk and accounting done by an accounting clerk. There are many uncontrolled risks in the payroll system of the company (Janvrin, et al. 2012).
- The main risk under the payroll system is employees of the company use a time clock in an unsupervised area that results in manipulation of time clock by any employee that results in wrong reporting of working time under time card.
- The supervisor is remaining distracted due to other duties; due to this, he is not able to correctly monitor the recording process. Employees can manipulate the time of time card as per their benefits (Donelson, D. C., Ege, M. S., & McInnis, J. M. (2017)
- As per the control system, there should be two authorization is needed in the time card. In the given case supervisor alone is the reviewer and checker of the time card that is the risk of non-monitoring of supervisor.
- The payroll clerk is prepared payroll register as per time card and he uses a stand-alone workstation. There is a risk of difference in payroll register and in time card due to fraud or error.
- The accounting clerk only receives the payroll register and based on it he posts the transaction in the accounting system. The major risk is that at each level of payroll system there is no dual authorization. The information can easily be manipulated by a responsible person and there are chances of fraud and errors in the calculation of working time and payroll of employees.
Question 4: Information system terms:
Eavesdropping refers to unauthorized interception by the third person in the private communication of two persons without their knowledge. Under the information technology, it is an electronic attack for theft the information that is transmitted through a network by computer, smartphones, or other digital modes.
b) Identity theft:
The theft of personal information of individuals such as name, address, sign, and date of birth, bank information, etc. by someone for gaining any financial profit is known as identity theft. Under the identity theft personal information of an individual is used by another person without his knowledge or authorization.
c) Salami technique:
Salami technique or salami attack is a form of a cyber attack that is conducted for financial gain in a small amount multiple times which results in a huge amount of loss. For example, a small amount is charged from bank account multiple times which is not noticeable by individuals but these multiple transactions of small amounts cause huge loss to the bank account holder (Coso, 2014).
Scavenging is the search of system and network to get information for which the attacker is unauthorized and the information is very sensitive. For scavenging, attack attackers use multiple networks or a combination of network-based utilities and search sensitive and confidential information about the targeted company.
Unauthorized attacks on the personal computer system or private network of users for some benefits are known as hacking. Hacking is done for legal as well as illegal benefits such as ethical hacking for identifying loopholes of system, cracking for unauthorized access for personal gain, grey hat hacking under which unauthorized access of system is done to identify the weakness, and later it is informed to the owner of the system.
Skimming is the process used by the attacker to retrieve personal information of the cardholder. The attacker used the device of skimming named skimmer that is installed at ATMs or card machines to get information on a debit card or credit cards for the personal information of the cardholder. It is an illegal activity that is used by an attacker for personal benefits.
g) Social engineering:
A non-technical strategy used by the attacker in which the user relies based on human communication and interaction and provides personal information that is used by attackers for their benefits.
h) Trojan horse:
When viruses or malware are hiding in a legitimate software or legal information and attackers gain access to personal computers or network when user click on this software or information. This term is the drive from an ancient Greek story of Trojan horse.
Worm refers to malware or computer virus that creates a copy of itself from one system to another system. This malware is used to attack the complete networking system of any business organization as the computer worm spread from one computer to another computer and collapsed whole networking (Committee of Sponsoring Organizations National Commission on Fraudulent Financial Reporting. (2014).
Vishing is a fishing attack used by the attacker through phone calls and messages such as emotional appeals, messages for job interviews, call for updated card information, etc. The attackers used fake caller id and manipulate networking system to show as local area calling.
Question 5: Steps of the financial reporting process:
The business entities are required to prepare financial statements and record all financial transactions which are done in particular steps to avoid error and omission in financial reporting.
The steps of financial reports in the proper order are:
1. Capture the transactions
2. Record transactions in special journals
3. Post to the general ledger
4. Post to the subsidiary ledger
5. Prepare the unadjusted trial balance
6. Making adjusting entries
7. Journalise and post adjusting entries
8. Prepare the adjusted trial balance
9. Journalise and post-closing entries
10. Prepare the financial statements