1.

To address the ethical dilemma Madison faces, we can apply the framework for ethical
decision making as outlined on page 54 of the textbook. Here are the steps in the framework:

Step 1: Identify the Issue

Madison has identified an ethical issue regarding Kerry’s approach to the audit process. Kerry’s
actions—reusing last year’s audit plans and checklists without proper updates and overlooking
internal control weaknesses—pose potential risks to audit quality and integrity.

Step 2: Determine the Affected Parties

The affected parties include:

 Madison: Her professional integrity and future as a CPA are at stake.

 Kerry: Her reputation and potential promotion could be impacted.
 Posh & Associates: The firm's reputation and the quality of its audits could suffer.
 Zilla Ltd.: They might face undetected errors and internal control weaknesses.
 Clients and Stakeholders: They rely on accurate and reliable financial statements.

Step 3: Consider Ethical Principles

Several ethical principles are relevant:

 Integrity: Madison needs to act with honesty and forthrightness.

 Objectivity: Madison must avoid conflicts of interest and maintain impartiality.
 Professional Competence and Due Care: Ensuring audit work is thorough and accurate.
 Confidentiality: Maintaining confidentiality while reporting concerns.
 Professional Behavior: Complying with relevant laws and regulations and avoiding
actions that discredit the profession.

Step 4: Identify Alternatives

Madison has several alternatives:

1. Remain Silent: Do nothing and continue working under Kerry’s supervision.

2. Confront Kerry Directly: Discuss concerns with Kerry and suggest changes.
3. Report to Management: Inform management or a higher authority about the issues.
4. Seek External Advice: Consult with a trusted mentor or an external advisor for
guidance.

Step 5: Evaluate Alternatives

1. Remain Silent:
o Pros: Avoids immediate conflict; ensures personal job security.
o Cons: Compromises professional integrity; risks audit quality and potential future
repercussions if issues are discovered.
 2. Confront Kerry Directly:
o Pros: Addresses the issue at its source; can lead to immediate corrective actions.
o Cons: Potential for personal conflict; risk if Kerry dismisses concerns.
3. Report to Management:
o Pros: Escalates the issue to a higher authority for proper resolution; aligns with
ethical principles.
o Cons: Risks personal backlash from Kerry or others; could impact career
progression in the short term.
4. Seek External Advice:
o Pros: Gathers additional perspective; prepares for informed decision-making.
o Cons: Delay in taking action; potential breach of confidentiality.

Step 6: Make a Decision

Based on the evaluation, the most ethical course of action appears to be reporting to
management. This aligns with the principles of integrity, objectivity, professional competence,
and due care. Madison should document her findings thoroughly and present them to a trusted
manager or partner within the firm, explaining the potential risks and the need for proper audit
procedures.

Step 7: Implement the Decision

Madison should:

1. Prepare detailed documentation of the issues encountered.

2. Request a confidential meeting with a manager or partner.
3. Present the documented findings and express her concerns clearly and professionally.
4. Suggest possible corrective actions, such as a review of the audit files and updated
procedures for future audits.

Step 8: Monitor and Evaluate the Outcome

Madison should:

 Follow up on the actions taken by management.

 Ensure that proper audit procedures are being implemented in future assignments.
 Seek feedback and continue to uphold ethical standards in her professional conduct.

Conclusion

Madison should report the issues to management. This decision is supported by the need to
uphold the integrity of the audit process, protect the interests of all affected parties, and ensure
compliance with ethical and professional standards. While there may be personal risks involved,
maintaining professional integrity and the quality of the audit work is paramount.
2. For question 2, see attached PPT document

3. To: Audit Partner

From: Ali Mehrassa, Auditor
Date: June 2024
Subject: Application Controls and Access Controls in Decora Inc.'s Purchase System

Application Controls and Control Objectives

1. Purchase Requisition and Purchase Order Creation

 Control Objective: Ensure that all purchases are properly authorized before being made.
 Application Controls:
o Purchase requisitions should be reviewed and approved by a designated authority
within the user department.
o The purchasing department should verify that requisitions are properly authorized
before issuing purchase orders.
o The system should log all purchase requisitions and orders with unique
identification numbers and timestamps.

2. Receipt of Goods and Receiving Reports

 Control Objective: Confirm that the goods received match the purchase orders.
 Application Controls:
o Receiving departments should check goods against the purchase orders and
document any discrepancies.
o Receiving reports should be generated and entered into the system promptly.
o The system should match receiving report details with the corresponding purchase
order.

3. Authorization and Entry of Purchase Invoices

 Control Objective: Ensure that only valid and authorized invoices are recorded and paid.
 Application Controls:
o Invoices received by the financial accounting department should be forwarded to
the user department for authorization.
o Authorized invoices should be returned to the financial accounting department for
entry into the system.
o The system should verify that the invoice details match the purchase order and
receiving report before posting to the purchase ledger.
o Any discrepancies should be flagged for review and resolution.

4. Payment Processing
  Control Objective: Ensure that payments are made only for authorized and verified
invoices.
 Application Controls:
o The system should allow payment of invoices only if the details match the
purchase order and receiving report.
o Cheques and remittance notices should be automatically produced by the system
on the due date.
o Payments should be reviewed and approved by authorized personnel before being
finalized.

Controls Over System Access

1. User Authentication and Authorization

 Control Objective: Prevent unauthorized access to the system.

 Controls:
o Implement strong password policies requiring complex passwords that are
regularly updated.
o Use multi-factor authentication for an added layer of security.
o Assign user roles and permissions based on job responsibilities to ensure users
only access necessary system functions.

2. Access Controls at Corporate Head Office and Shops

 Control Objective: Ensure secure and appropriate access to the system from various
locations.
 Controls:
o Each user should have a unique login ID and password.
o Access levels should be defined and limited based on user roles (e.g., shop staff,
warehouse staff, financial accounting personnel).
o Regular audits of user access logs should be conducted to detect and investigate
any unauthorized access attempts.
o Remote access should be secured through VPNs or other secure connections to
protect data transmitted over the internet.

3. Monitoring and Review

 Control Objective: Detect and respond to unauthorized access or system misuse.

 Controls:
o Implement logging and monitoring tools to track user activities and access
attempts.
o Set up alerts for suspicious activities, such as multiple failed login attempts or
access outside of normal business hours.
 o Conduct regular reviews of access logs and user activities to identify and address
potential security issues.

By implementing these application controls and access controls, Decora Inc. can enhance the
security and integrity of its purchasing system, ensuring that purchases are properly authorized,
received goods are accurately recorded, and payments are made only for valid and authorized
invoices.

Please let me know if further details or clarifications are required.

Best regards,
Ali Mehrassa
Auditor