ASSIGNMENT
You are doing the audit of Phelps College, a private school with approximately 2,500 students. With your firm’s consultation, they have instituted an IT system that separates the responsibilities of the computer operator, systems analyst, librarian, programmer, and data control group by having a different person do each function. Now, a budget reduction is necessary and one of the five people must be laid off. You are requested to give the college advice as to how the five functions could be done with reduced personnel and minimal negative effects on internal control. The amount of time the functions take is not relevant because all five people also do non-accounting functions.
a. Divide the five functions among four people in such a way as to maintain the best
possible control system.
b. Assume that economic times become worse for Phelps College and it must terminate employment of another person. Divide the five functions among three people in such a way as to maintain the best possible internal control. Again, the amount of time each function takes should not be a consideration in your decision.
c. Assume that economic times become so severe for Phelps College that only two people can be employed to do IT functions. Divide the five functions between two people in such a way as to maintain the best possible control system.
d. If the five functions were done by one person, will internal controls be so inadequate that an audit cannot be done? Discuss.
During your audit of Wilcoxon Sports, Inc., a retail chain of stores, you learn that a programmer made an unauthorized change to the sales application pro- gram even though no work on that application had been approved by IT management. In order for the sales application program to work, the programmer had to make modifications to the operating software security features. The unauthorized change forced the sales program to calculate an automatic discount for a customer who happens to be the brother-in-law of the programmer. The customer and programmer split the savings from the unauthorized discount. The programmer modified the program and returned it to the librarian, who placed it into the files for live production use. No other information was forwarded to the librarian.
1. What recommendation do you have for management of Wilcoxon Sports, Inc., to prevent this from recurring?
2. Explain why you believe the suggested internal control improvements will prevent problems in the future.
Your new audit client, Hardwood Lumber Company, has a computerized accounting system for all financial statement cycles. During planning, you visited with the information systems vice president and learned that personnel in information systems are assigned to one of four departments: systems programming, applications programming, operations, or data control. Job tasks are specific to the individual and no responsibilities over-
lap with other departments. Hardwood Lumber relies on the operating system software to
restrict online access to individuals. The operating system allows an employee with “READ”
capabilities to only view the contents of the program or file. “CHANGE” allows the employee
to update the contents of the program or file. “RUN” allows the employee to use a program
to process data. Programmers, both systems and applications, are restricted to a READ-only
access to all live application software program files but have READ and CHANGE capabilities
for test copies of those software program files. Operators have READ and RUN capabilities
for live application programs. Data control clerks have CHANGE access to data files only and no access to software program files. The person in charge of operations maintains access to the operating software security features and is responsible for assigning access rights to individuals. The computer room is locked and requires a card-key to access the room. Only operations staff have a card-key to access the room, and security cameras monitor access. A
TV screen is in the information systems vice president’s office to allow periodic monitoring of access. The TV presents the live picture and no record is maintained. The librarian, who is in the operations department, is responsible for maintaining the library of program files. The librarian has READ and CHANGE access rights to program files. Backup copies of program files are stored on an external drive, and data files are maintained on a backup server. The external drive and backup server are located in a room adjacent to the computer room.
a. Identify the strengths of Hardwood Lumber Company’s computerized accounting
system.
b. What recommendations for change can you suggest to improve Hardwood’s information systems function?