You are an independent consultant hired by Penmen Groceries, and they are exploring options to modernize their
This milestone will help you with Project One, where you will be required to determine the specific risks and efficiencies of an updated computerized accounting information system.
Directions
In this assignment, you will write a client letter that explains the impact of vulnerabilities on an organization 's AIS and the importance of strong technology controls in the IT environment.
Specifically, you must address the following rubric criteria:
Describe vulnerabilities that can affect an organization's AIS or general business operations.
Explain the impact vulnerabilities can have on an organization's AIS and its financial reporting.
Determine the strategies an organization can use to strengthen its IT environment. Include the following in your response:
The controls organizations can implement to reduce vulnerabilities occurring
Analyze how the identified strategies can benefit the organization's financial reporting efforts
to generate a solution
a solution
- Leonard Moses is planning to grow its customer base and is in the process of creating an online web-based sales ordering system for customers to purchase products using personal credit cards for payment. At a recent meeting with the internal auditors, it was highlighted that there are risk associated with this system. Identify three risks related to an online sales system that management should consider. For each risk, identify an internal control that could be implemented to reduce that risk.arrow_forwardYour company, Tractors, Inc., is employing the SDLC for its new information system. You have been chosen as a member of the development team because of your strong accounting background. This background includes a good understanding of both financial and managerial accounting concepts and required data. You also possess a great understanding of internal control activities. You do not, however, fully understand exactly what the internal auditors will need from the system in order to comply with Section 404 of the Sarbanes-Oxley Act. Lay out the fact-gathering techniques you might employ to increase your understanding of this important component of your new system.arrow_forwardYou are currently working in a mid-tier accounting firm. In an engagement meeting with a client, the management of your client is concerned that the audit tests that you perform will disrupt operations. Your client has recently implemented a data warehouse and the management suggests that you draw the data for analytical reviews and substantive testing from the data warehouse instead of the operational database. The management points out that operational data are copied weekly into the data warehouse and all data you need are contained there. Outline your response to the management’s proposal and mention any concerns you might have. (maximum 300 words)arrow_forward
- You are the CEO of a large organization that implemented a data warehouse for internal analysis of corporate data. The operations manager has written you a memo advocating opening the data warehouse to your suppliers and customers. Explain any merit to this proposal. What are the control issues, if any?arrow_forwardYou overheard a friend at a party say that computers and information technology will greatly decrease the demand for auditors. Do you believe this to be true. How would you respond to this comment?arrow_forwardYour boss knows that you are taking a fraud examina- tion course at a local university. He is interested in learning more about data-driven fraud detection and asks you to prepare a short memo briefly explaining data-driven fraud detection methods and techniques. 1. List three data analysis methods and techniques and briefly explain them.arrow_forward
- You are working for a new company that is primarily an Internet-based seller of goods whose business model is similar to eBay's. The company was founded on principles similar to eBay's and is an online auction business, but has the added benefit of having one common site that deals with customers world- wide. The CEO knows that privacy is very important in the online business and has requested that the internal audit function draft a best practices privacy policy for customers because the motto for the new company is "Your Pri- vacy is Our Policy." The company neither has, nor plans to hire, a privacy or compliance officer. The CEO expects the CAE to lead this effort and ensure the campaign delivers on the company's motto. With the advertising campaign slated to launch in one month, the CEO wants the privacy documentation finalized as soon as possible. A. Identify key sources on privacy that are available for you to reference as you define best practices. B. Determine the consulting…arrow_forwardIT audit and assurance professionals should examine the root cause of risk events that impact the business. Drawing from today's headlines, how can an IT auditor go about examinging the root cause of a risk event?arrow_forwardThe internal auditor of a small company has recommended to the CEO that it invest in a disaster recovery plan (DRP) because of several identified vulnerabilities. Traditional in-house DRP approaches are, however, not a viable option because the company lacks the necessary IT resources to implement and manage these tasks. The auditor has suggested that outsourcing disaster recovery to a cloud-based service provider may be a reasonable alternative. The CEO has no experience with cloud computing and has asked the internal auditor to provide him with more information. Required: Prepare a report outlining cloud computing. Your report should address the following: List the key features of cloud computingarrow_forward
- The internal auditor of a small company has recommended to the CEO that it invest in a disaster recovery plan (DRP) because of several identified vulnerabilities. Traditional in-house DRP approaches are, however, not a viable option because the company lacks the necessary IT resources to implement and manage these tasks. The auditor has suggested that outsourcing disaster recovery to a cloud-based service provider may be a reasonable alternative. The CEO has no experience with cloud computing and has asked the internal auditor to provide him with more information. Required: Prepare a report outlining cloud computing. Your report should address the following: Describe how the services provided under cloud computing relate to disaster recovery planning. Outline the risks associated with this technologyarrow_forwardYou are an audit supervisor assigned to a new client which is listed on a Stock Exchange. You visited the corporate headquarters to become acquainted with key personnel and to conduct a preliminary review of the company’s accounting policies, controls, and systems. During this visit, (h) Some employees complained that some managers occasionally contradict the instructions of other managers regarding proper data security procedures. Identify the problems and explain them in relation to the internal environment.arrow_forwardLamar LLC is in the process of updating its revenues and receivables systems with the implementation of new accounting software. James Loden, Inc. is an independent information technology consultant who is assisting Tamar with the project. James has developed the following checklist containing internal control points that the company should consider in this new implementation: Will customer orders be received via the Internet? Are all collections from customers received in the form of checks? Are product quantities monitored regularly?arrow_forward
- Accounting Information SystemsAccountingISBN:9781337619202Author:Hall, James A.Publisher:Cengage Learning,