Accounting Information Systems
Chapter 7 Solutions
Q7.1 Answer the following questions about the audit of Springer’s Lumber & Supply
a. What deficiencies existed in the internal environment at Springer’s?
The "internal environment" refers to the tone or culture of a company and helps determine how risk consciousness employees are. It is the foundation for all other ERM components, providing discipline and structure. It is essentially the same thing as the control environment in the internal control framework.
The internal environment also refers to management's attitude toward internal control, and to how that attitude is reflected in the organization's control policies and procedures. At Springer's, several deficiencies in the control environment are apparent:
1. Management authority is concentrated in three family members, so there are few, if any,
checks and balances on their behavior. In addition, several other relatives and friends of the
family are on the payroll.
2. Since the company has a "near monopoly" on the business in the Bozeman area, few
competitive constraints restrain prices, wages, and other business practices. 3. Lines of authority and responsibility are loosely defined, which make it difficult to identify
who is responsible for problems or decisions.
4. Management may have engaged in "creative accounting" to make its financial performance
look better, which suggests a management philosophy that could encourage unethical behavior
b. Do you agree with the decision to settle with the Springers rather than to prosecute them for fraud and embezzlement? Why or why not?
Whether or not to settle with the Springers is a matter of opinion, with reasonable arguments on both sides of the issue.
； The reasons for reaching a settlement are clearly stated: the difficulty of obtaining convictions
in court, and the possible adverse effects on the company's market position. ； On the other hand, the evidence of fraud here seems strong. If this kind of behavior is not
penalized, then the perpetrators may be encouraged to do it again, with future adverse
consequences to society.
c. Should the company have told Jason and Maria the results of the high-level audit? Why or why not?
Whether or not Jason and Maria should have been told the results of the high-level audit is also a matter of opinion. The investigative team is apparently trying to keep its agreement to maintain silence by telling as few people as possible what really happened. On the other hand, Jason and Maria were the ones who first recognized the problems; it seems only right that they be told about the outcome.
Accounting Information Systems
Many lessons may be drawn from this story.
1. Auditors should view the condition of an organization's control environment as an important
indicator of potential internal control problems.
2. Fraud is more easily perpetrated and concealed when many perpetrators are involved, and
especially when management is involved.
3. Purchasing and payroll are two areas that are particularly vulnerable to fraud.
4. Determining whether fraud has actually occurred is sometimes quite difficult, and proving that
it has occurred is even more difficult.
5. Frauds do occur, so auditors must always be alert to the possibility of fraud.
6. Auditors should not accept management's explanations for questionable transactions at face
value, but should do additional investigative work to corroborate such explanations.
Q7.2 Effective segregation of duties is sometimes not economically feasible in a small business. What internal control elements do you think can help compensate for this threat?
Small companies can do the following things to compensate for their inability to implement an adequate segregation of duties:
； Effective supervision and independent checks performed by the owner/manager may be the most
important element of control in situations where separation of functions cannot be fully achieved. In
very small businesses, the owner-manager may find it necessary to supervise quite extensively. For
example, the manager could reconcile the bank account, examine invoices, etc. ； Fidelity bonding is a second form of internal control that is critical for persons holding positions of
trust that are not entirely controlled by separation of functions.
； Document design and related procedures are also important to internal control in this situation.
Documents should be required with customer returns to encourage customer audit. ； Document design should include sequential prenumbering to facilitate subsequent review.
； Where appropriate, employees should be required to sign documents to acknowledge responsibility
for transactions or inventories.
； In small organizations, management can use computers to perform some of the control functions that
humans perform in manual systems. For example, the computer can:
; Check all customer numbers to make sure they are valid
; Automatically generate purchase orders and have a member of management or a designated
buyer authorize them.
Q7.3 One function of the AIS is to provide adequate controls to ensure the safety of organizational
assets, including data. However, many people view control procedures as “red tape.” They also believe
that, instead of producing tangible benefits, business controls create resentment and loss of company
morale. Discuss this position.
Well-designed controls should not be viewed as “red tape” because they can actually improve both efficiency and effectiveness. The benefits of business controls are evident if one considers the losses that frequently occur due to the absence of controls.
Accounting Information Systems
Consider a control procedure mandating weekly backup of critical files. Regular performance of this control prevents the need to spend a huge amount of time and money recreating files that are lost when the system crashes, if it is even possible to recreate the files at all. Similarly, control procedures that require workers to design structured spreadsheets can help ensure that the spreadsheet decision aids are auditable and that they are documented well enough so that other workers can use them.
It is probably impossible to eliminate resentment or loss of morale among all employees, but these factors may be minimized if controls are administered fairly and courteously.
Of course, there is a cost-benefit tradeoff in implementing internal controls. If an organization has too many controls, this may justifiably generate resentment and loss of morale among employees. Controls having only marginal economic benefit may be rejected for this reason.
Another factor is the obtrusiveness of the controls. When the user sees no clear need or purpose to a control it can appear to be there only to control them and little more than that. When the user does not understand their purpose, controls can often provoke resentment.
Q7.4 In recent years, Supersmurf’s external auditors have given clean opinions on its financial statements
and favorable evaluations of its internal control systems. Discuss whether it is necessary for this corporation to take any further action to comply with the Sarbanes–Oxley Act.
The Sarbanes-Oxley Act of 2002 (SOX) applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud.
SOX has had a material impact on the way boards of directors, management, and accountants of publicly held companies operate. It has also had a dramatic impact on CPAs of publicly held companies and the audits of those companies.
As a result of SOX, Supersmurf’s management and their audit committee must take a more active role in the financial disclosure process. Some of the more prominent roles include:
； Audit committee members must be on the company’s board of directors and be independent of the
company. One member of the audit committee must be a financial expert.
； Audit committees hire, compensate, and oversee any registered public accounting firm that is
； Auditors report to the audit committee and not management
； Audit committees must pre-approve all audit and non-audit services provided by its auditor
Accounting Information Systems
； The CEO and CFO at companies with more than $1.2 billion in revenue must prepare a statement
certifying that their quarterly and annual financial statements and disclosures are fairly presented,
were reviewed by management, and are not misleading.
； Management must prepare an annual internal control report that states
o Management is responsible for establishing and maintaining an adequate internal control
o Management assessed the company’s internal controls and attests to their accuracy, including
notations of significant defects or material noncompliance found during their internal control
o Auditors were told about all material internal control weaknesses and fraud
o Significant changes to controls after management’s evaluation were disclosed and corrected
； Management must base its evaluation on a recognized control framework, developed using a due-
process procedure that allows for public comment. The report must contain a statement identifying
the framework used by management to evaluate internal control effectiveness. The most likely
framework is one of those formulated by COSO and discussed in the chapter.
； SOX also specifies that a company’s auditor must attest to as well as report on management’s
internal control assessment.
Q7.5 When you go to a movie theater, you buy a prenumbered ticket from the cashier. This ticket is
handed to another person at the entrance to the movie. What kinds of irregularities is the theater trying
to prevent? What controls is it using to prevent these irregularities? What remaining risks or exposures
can you identify?
There are two reasons for using tickets.
1. The theater is trying to prevent cashiers from stealing cash by providing greater control over cash
receipts. You cannot get into the theater without a ticket so you never give cash to a cashier without
insisting on a ticket. That makes it much harder for a cashier to pocket cash.
2. Prenumbered tickets are also used so cashiers cannot give tickets to their friends. The number of
tickets sold at the cashier counter can be reconciled with the number of tickets taken by the usher
letting patrons into the theater.
Reconciling the cash in the register to the tickets sold and then reconciling the number of tickets sold to the number collected by the ticket-taker helps prevent the theft of cash and giving tickets away to friends. Despite these controls, the following risks still exist:
； The ticket-taker can let friends into the theater without tickets.
； The ticket-taker may take money from theater patrons, pocketing the cash and letting them enter
without a ticket.
； The cashier and the ticket-taker may collude in selling admittances without issuing tickets and then
split the proceeds.
Accounting Information Systems
Q7.6 Some restaurants use customer checks with prenumbered sequence codes. Each food server uses these checks to write up customer orders. Food servers are told not to destroy any customer checks; if a mistake is made, they are to void that check and write a new one. All voided checks are to be turned in to the manager daily. How does this policy help the restaurant control cash receipts?
The fact that all documents are prenumbered provides a means for accounting for their use and for detecting unrecorded transactions. Thus, a missing check indicates a meal for which a customer did not pay. Since each server has his or her own set of checks, it is easy to identify which server was responsible for that customer.
This policy may help to deter theft (e.g., serving friends and not requiring them to pay for the meal, or pocketing the customer’s payment and destroying the check) because a reconciliation of all checks will reveal that one or more are missing.
P7.1 The information you have obtained suggests potential problems relating to Go-Go’s internal
environment. Identify the problems, and explain them in relation to the internal environment concepts discussed in this chapter
The underlined items correspond to one of the 7 elements of the internal environment covered in the text.
a. You met with Go-Go’s audit committee, which consists of the corporate controller, treasurer,
financial vice president, and budget director.
PROBLEM: Section 301 of the Sarbanes-Oxley Act of 2002 (SOX) applies to publicly held
companies and their auditors. It requires audit committee members to be on the company’s board
of directors and to be independent of the company. That is not the case at Go-Go Corporation.
SOLUTION: All members of the audit committee should be members of the Board of Directors.
They must also be independent of the company – meaning none of the audit committee can be