Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
1K views10 pages

Solutions: Universiti Teknologi Mara Final Examination

The document discusses exam questions and solutions related to accounting information systems. It covers topics like enterprise risk management, information security attacks, hashing vs encryption, privacy best practices, and system availability controls. The exam contains multiple choice and essay questions testing students' understanding of these concepts.

Uploaded by

anis izzati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
1K views10 pages

Solutions: Universiti Teknologi Mara Final Examination

The document discusses exam questions and solutions related to accounting information systems. It covers topics like enterprise risk management, information security attacks, hashing vs encryption, privacy best practices, and system availability controls. The exam contains multiple choice and essay questions testing students' understanding of these concepts.

Uploaded by

anis izzati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 10

CONFIDENTIAL 1 AC/DEC 2015/AIS615

UNIVERSITI TEKNOLOGI MARA


FINAL EXAMINATION

COURSE : ACCOUNTING INFORMATION SYSTEM


COURSE CODE : AIS 615
EXAMINATION : DEC 2015
TIME : 3 HOURS

SOLUTIONS

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 2 AC/DEC 2015/AIS615

SOLUTIONS

PART A

QUESTION 1

a. List eight (8) interrelated risk and control components of ERM.

Internal environment /
Objective setting /
Event identification /
Risk assessment /
Risk response /
Control activities /
Information and communication /
Monitoring /
(8/ x ½ mark = 4 marks)

b. Discuss briefly any three (3) basic principles behind ERM.

 Companies are formed to create value for their owners.


 Management must decide how much uncertainty it will accepts it creates
value.
 Uncertainty results in risk, which is the possibility that something negatively
affects the company’s ability to create or preserve value.
 Uncertainty results in opportunity, which is the possibility that something
positively affects the company’s ability to create or preserve value.
 The ERM framework can manage uncertainty as well as create and preserve
value.
(any 3 points with explanation x 2 marks = 6 marks)
(Total: 10 marks)

QUESTION 2

a. Basic steps being used by criminals to attack an organization’s information system.

1. Conduct reconnaissance / – they first study their target’s physical layout to


learn about the controls it has in place (alarms, guards, placement of
cameras, etc.). /

2. Attempt social engineering / – attackers will often try to use the information
obtained during their initial reconnaissance to ‘trick’ an unsuspecting
employee into granting them access. /

3. Scan and map the target / – if social engineering failed, the next step is to
conduct more detailed reconnaissance to identify potential points of remote
entry. /

4. Research / – conduct research to find known vulnerabilities for those


programs being used by the target. /

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 3 AC/DEC 2015/AIS615

5. Execute the attack / – the criminal takes advantage of a vulnerability to


obtain unauthorized access to the target’s information system. /

6. Cover tracks / – after penetrating the victim’s information system, most


attackers attempt to cover their tracks and create ‘back doors’ that they can
use to obtain access if their initial attack is discovered. /
(any 2 points with explanation x 2.5 marks = 5 marks)

b. Ways users can be authenticated and example:

Credentials Examples
Something they know Password
Personal identification number (PIN)
Something they have Smart card
ID badges
Some physical or Fingerprints
behavioural characteristics Typing patterns
(2 credentials x 1 mark = 2 marks)
(2 examples x 1 mark = 2 marks)

c. Internal control functions and examples:

1. Preventive controls deter problems before they arise.


Examples: hiring qualified personnel, segregating employee duties, and
controlling physical access to assets and information.

2. Detective controls discover problems that are not prevented.


Examples: duplicate checking of calculations, preparing bank reconciliations
and monthly trial balances.

3. Corrective controls identify and correct problems as well as correct and


recover from the resulting errors.
Examples: maintaining backup copies of files, correcting data entry errors,
and resubmitting transactions for subsequent processing.

(1/2 mark x 3 control = 1.5 marks)


(1/2 mark x 3 explanations = 1.5 marks)
(1 mark x any 3 examples = 3 marks)
(Total: 15 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 4 AC/DEC 2015/AIS615

QUESTION 3

a.
Hashing Encryption
 A process that takes plaintext of  The process of transforming normal content,
any length and creates a short called plaintext, into unreadable gibberish,
code called a hash. / called ciphertext. Decryption reverses this
process, transforming ciphertext back into
plaintext. /

 One-way function (cannot  Reversible (can decrypt ciphertext back to


reverse, or ‘unhash’ to recover plaintext). /
original document). /

 Any size input yields same fixed-  Output sizes approximately the same as
size output. / input size. /

(2 points each x 2 marks = 4 marks)

b. Explain any three (3) best practices for protecting customers’ privacy.

• Management: need to establish a set of procedures and policies for protecting the
privacy of personal information they collect from customers, as well as information
about their customers obtained from third parties.

• Notice: an organization should provide notice about its privacy policies and practices
at or before the time it collects personal information from customers.

• Choice and consent: organizations should explain the choices available to


individuals and obtain their consent prior to the collection and use of their personal
information.

• Collection: collect only the information needed to fulfil the purposes stated in privacy
policies.

• Use and retention: should use customers’ personal information only in the manner
described in their stated privacy policies, and retain that information only as long as it
is needed.

• Access: should provide individuals with the ability to access, review, correct, and
delete the personal information stored about them.

• Disclosure to third parties: organizations should disclose their customers’ personal


information to third parties only in the situations and manners described in the
privacy policies.

• Security: organization must take reasonable steps to protect its customers’ personal
information from loss or unauthorized disclosure.

• Quality: organization should maintain the integrity of their customers’ information


and employ procedures to ensure that it is reasonably accurate.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 5 AC/DEC 2015/AIS615

• Monitoring and enforcement: organization should assign one or more employees


to be responsible for ensuring compliance with its stated privacy policies.
(any 3 points x 2 marks = 6 marks)
(Total: 10 marks)

QUESTION 4

a. Discuss the objectives and key controls of system availability.

Objective 1: To minimize risk of system downtime


- Preventive maintenance
- Fault tolerance
- Data center location design
- Training
- Patch management and antivirus software

Objective 2: Quick and complete recovery and resumption of normal operations


- Backup procedures
- Disaster recovery plan (DRP)
- Business continuity plan (BCP)
(2 objectives x 1 mark = 2 marks)
(any 2 key controls x 1 mark = 2 marks)

b. Discuss three (3) output controls that can help to provide additional controls over
processing integrity.

User review output /


- Users should carefully examine system output to verify that it is reasonable,
complete, and they are the intended recipients. /

Reconciliation procedures /
- All transactions and other system updates should be reconciled periodically to control
reports, file status/update reports, or other control mechanisms. /

External data reconciliation /


- Database totals should periodically be reconciled with data maintained outside the
system. /

Data transmission controls


- Organizations also need to implement controls designed to minimize the risk of data
transmission errors.

Checksums
- When data are transmitted, the sending device can calculate a hash of the file, called
a checksum. The receiving device performs the same calculation and sends the
result to the sending device. The two hashes must agree; otherwise the file will be
resent.

Parity bits
- Extra digit added to the beginning of every character that can be used to check
transmission accuracy.
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 6 AC/DEC 2015/AIS615

(any 3 points with explanation X 2 marks = 6 marks)


c. i. A clerk entered an invoice received from a vendor who is not on an
authorized supplier list.
Validity check /

ii. A payroll clerk accidently entered an employee's hours worked for the week
as 380 instead of 38.
Limit check/Reasonableness test /

iii. After processing sales transactions, the inventory report showed a negative
quantity on hand for several items.
Sign check /

iv. A customer order for an important part did not include the customer’s
address. Consequently, the order was not shipped on time and the customer called
to complain.
Completeness check /

v. A visitor to the company’s Web site entered 400 characters into the five-digit
Zip code field, causing the server to crash.
Sign cheque /
(5/ x 1 mark = 5 marks)
(Total: 15 marks)

QUESTION 5

a. Explain the purpose of following documents:

Materials requisition Authorize the removal of the necessary quantity of the raw
materials from the storeroom to the factory location where they
will be used. (//)
Move tickets Documents that identify the internal transfer of parts, the location
to which they are transferred, and the time of transfer. (//)
(2 points x 2 = 4 marks)

b. Explain three (3) threats in production operations activities.

THREAT CONTROLS
1. Theft of inventory  Physical access controls
 Documentation of all inventory movements
 Segregation of duties – custody of assets from recording and
authorization of removal
 Restriction of access to inventory master data
 Periodic physical counts of inventory and reconciliation of
those counts to recorded quantities.
2. Theft of fixed assets  Physical inventory of all fixed assets
 Restriction of physical access to fixed assets
 Maintaining detailed records of fixed assets, including disposal.
3. Poor performance  Training
 Performance reports
4. Suboptimal investment  Proper approval of fixed-asset acquisitions, including use of
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 7 AC/DEC 2015/AIS615

in fixed assets requests for proposals to solicit multiple competitive bids.


5. Loss of inventory or  Physical safeguards (eg. Fire sprinklers)
fixed assets due to fire  insurance
or other disasters
6. Disruption of  Backup and disaster recovery plan
operations
(any 3 threats x 1 mark = 3 marks)
(any 1 control for each threat = 3 marks)

c. Discuss any two (2) internal control procedures for disbursement of payroll to
employees.

i. Restriction of physical access to blank payroll checks and the check signature
machine.
ii. Restriction to access to the EFT system
iii. Pre-numbering and periodically accounting for all payroll checks and review of all
EFT direct deposit transactions
iv. Require proper supporting documentation for all paychecks
v. Use of a separate checking account for payroll, maintained as an imprest fund.
vi. Segregation of duties
vii. Restriction of access to payroll master database
viii. Verification of identity of all employees receiving paychecks
ix. Re-depositing unclaimed paychecks and investigating cause.
(any 2 points with explanations x 2.5 marks = 5 marks)

d. Document flowchart:

Storeroom department /

Production /

Material
requisition /

Release
Release the
the
product
product &&
update
update
perpetual
/
perpetual
record
record
release
release &
&
packing
packing slip
slip

Updated
Perpetual
record
/

(5 / x 1 mark = 5 marks)
(Total: 20 marks)
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 8 AC/DEC 2015/AIS615

PART B
QUESTION 1

a.
(a) Weaknesses (b) Recommendations
1. The plant superintendent or one of the  Require each request for the purchase of
foremen verbally authorise the purchase goods to be written on a prenumbered
of goods. purchase requisition form and authorised
by the signature of a manager who has
been formally assigned that responsibility

 Besides, the request should be initiated


by the inventory control clerk within the
accounting department

2. The purchase order is not prepared with  Provide added copies of each purchase
sufficient copies or adequate controls. order to the accounts payable clerk (as
notification) and to the inventory control
department (as an acknowledgement and
as a medium for posting the ordered
items to the inventory records)

 Blank out the "quantity" column on the


copy provided to the receiving
department

 Use prenumbered purchase order sets,


and file the open order copy numerically
in the purchasing department

3. A copy of purchase order, used as a  Initiate a prenumbered receiving report.


receiving report, is forwarded to the
purchasing department; no copy  Prepare copies for the purchasing
therefore accompanies the received department, accounts payable clerk and
goods to the storeroom nor is a copy inventory control clerk, and file a copy
retained in the receiving department to numerically within the receiving
provide a complete reference to received department
goods and a basis for preparing
summaries of received goods.

4. The purchasing department is assigned  Purchasing department is to verify that


too many responsibilities; including the each supplier's invoice is supported by a
maintenance of the invoice register and valid purchase order and that the prices
the approval of each supplier's invoice for are reasonable.
payment
 Assign the accounts payable clerk the
responsibilities of entering each supplier
invoice in the invoice register, checking
the invoice for clerical accuracy,
comparing invoice to supporting
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 9 AC/DEC 2015/AIS615

documents and etc.

 The use of cash disbursement vouchers


and a voucher register should also be
considered.

5. The check preparation procedure and  Assign the preparation of checks to a


responsibilities are not appropriately person other than the accounts payable
accomplished. clerk (e.g. general accounting clerk)

 Employ prenumbered check sets and


instruct the person who prepares the
checks to "protect" the checks prior to the
time that they are signed, to enter the
checks in the cash disbursements
journal.

6. The check signing and distribution  Specify that another manager in the firm
procedure is not well controlled; e.g. to countersign all checks above certain
signed checks are returned to the amount, and have the treasurer forward
accounting clerk who has access to the all signed checks to this individual.
records.
 Sent the signed checks directly to the
mailroom for distribution to recipients.

 Return the check copies and supporting


documents to the account payable clerk
who maintains the accounting payable
ledger.

7. The filing of documents does not provide  Maintain numerical files for all
adequate means of reference nor the prenumbered documents and file copies
basis for ascertaining whether or not any in the departments where initiated e.g.
purchase requisition in the inventory
control department.

8. Control over the accuracy of processing  Assign one clerk to post obligations and
should be maintained by someone rather disbursements to the general ledger.
than the clerks (i.e. accounts payable and
general accounting clerks)

(Any 5 weaknesses x 2 marks = 10 marks)


(5 related recommendations x 1 mark = 5 marks)
Or any relevant answers are accepted

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 10 AC/DEC 2015/AIS615

b. Briefly explain the difference between the three inventory management approaches.

EOQ
The optimal order size / to minimize the sum of ordering, carrying and stockout cost /.
This is to maintain sufficient stock / so that production can continue without
interruption.
(3 / x 1 mark = 3 marks)

MRP
An approach to inventory management that seeks to reduce required inventory levels
/ by improving the accuracy of forecasting techniques / to better schedule purchases
to satisfy production needs /.
(3 / x 1 mark = 3 marks)

JIT
A system that minimizes or virtually eliminates inventories / by purchasing and
producing goods / only in response to actual, rather than forecasted, sales /.
(3 / x 1 mark = 3 marks)

c. Explain the purpose of the following documents:-

i. Purchase requisition
A document or electronic form that identifies the requisitioner /; specifies the
delivery location and date needed; identifies the item numbers, descriptions,
quantity and price of each item requested’ and may suggest a supplier /.
(2 / x 1 mark = 2 marks)
ii. Receiving report
A document that records details about each delivery /, including the date
received, shipper, supplier, quantity received /.
(2 / x 1 mark = 2 marks)
iii. Debit memo
A document used to record a reduction to the balance due to a supplier.
(2 / x 1 mark = 2 marks)
(Total: 30 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

You might also like