Computer security is of vital importance not only to the accountant in industry but also to the accountant in practice who may be advising his client...

      

Computer security is of vital importance not only to the accountant in industry but also to the
accountant in practice who may be advising his client as to suitable security controls or who
may be auditing a computer system. Security is the means by which losses are controlled and
therefore involves the identification of risks and the institution of measures to either prevent such
risks entirely or to reduce their impact.

a. State four areas of risk which may arise in relation to a computer system and in each
case explain one factor which could lead to the system being exposed to such risk.
b. Describe the different forms of control which should be instituted to safeguard against
computer security risks.

  

Answers


Wilfred
a) Four areas of risk concerning a computer system are as follows.
•• Hardware. The computer hardware may be stolen or damaged, especially the modern
‘desk-top’ type peripherals. A system which does not incorporate physical controls will
be subject to such risk.
•• Unauthorized access. If terminals are not secure it might be possible for unauthorized
users to obtain or corrupt information held on file.
•• System breakdown. If the system does not incorporate retrieval procedures there might
be a loss of data if the system breaks down for any reason such as power failure.
•• Corrupt files. If stringent checks are not carried out on data, input files may be corrupted,
with the consequent fall in the quality of output

b) Forms of control which may be instituted to safeguard against these risks are as follows.
•• Physical controls. All hardware and files should be kept in secure locations with access
only available to authorized personnel. The use of special rooms, storage cupboards
and strict control over keys will assist in establishing secure locations. To protect the
hardware and files from damage they should be located away from possible hazards
such as fire and flood which might arise near a canteen or washroom facilities. The
installation of smoke/heat alarms and other detectors of environmental hazards should
also be carried out.
•• Access controls. This will be partly helped by physical controls such as locked EDP
rooms. In addition to this, terminal keys should be issued to authorized personnel.
These ensure that the terminal will only become live for a valid user. The use of unique
passwords will further improve control because, in the event of a key being stolen, the
system will still be inaccessible without a valid password
Wilfykil answered the question on April 13, 2019 at 06:42


Next: A medium size firm which has been your client for several years has changed from manual accounting system to a computerized one. State and explain the...
Previous: Computer-Assisted Audit Techniques (CAATs) are used to assist an auditor in the collection of audit evidence from computerized systems.

View More CPA Auditing and Assurance Questions and Answers | Return to Questions Index


Exams With Marking Schemes

Related Questions


  • A medium size firm which has been your client for several years has changed from manual accounting system to a computerized one. State and explain the...(Solved)

    A medium size firm which has been your client for several years has changed from manual
    accounting system to a computerized one. State and explain the factors which you will take into
    account when planning the first audit under the new system.

    Date posted: April 13, 2019.  Answers (1)

  • There are a number of different methods of obtaining audit evidence. Methods include:(Solved)

    There are a number of different methods of obtaining audit evidence. Methods include:
    •• Analytical procedures.
    •• Audit sampling
    •• Tests of controls.
    •• Detailed testing of transactions and balances.
    •• Computer assisted audit techniques (CAATs)
    These methods overlap and may be used for different purposes during an audit of financial statements.

    Required:
    Describe the relationship between the five methods of evidence gathering described above.

    Date posted: April 12, 2019.  Answers (1)

  • (Solved)

    Curdco is a company that runs a chain of fast food restaurants. The company has a centralized
    operating style and managers of individual restaurants have very limited decision-making powers
    on day-to-day operational matters. The company’s centralized administration is responsible for
    the buying of food, the payment of staff, the maintenance and cleaning of restaurants by staff
    employed by a national agency, and all other matters relating to the running of the business. The
    company has good internal controls over purchasing. Inventory counts are conducted at each
    restaurant at the year-end. Your firm has recently been appointed as auditor to Curdco.

    Required:
    a. List the account headings you would expect to find in Curdco’s schedule of accounts payable and accrued expenditure.
    b. Describe and give reasons for the audit tests you would carry out to obtain audit evidence for Curdco’s accounts payable and accrued expenditure.

    Date posted: April 12, 2019.  Answers (1)

  • Explain the difficulties faced by auditors, and the decisions that auditors have to make, in conducting direct confirmations of accounts payable.(Solved)

    Explain the difficulties faced by auditors, and the decisions that auditors have to make, in conducting direct confirmations of accounts payable.

    Date posted: April 12, 2019.  Answers (1)

  • The external audit process for the audit of large entities generally involves two or more recognizable stages. One stage involves understanding the business and risk assessment,...(Solved)

    The external audit process for the audit of large entities generally involves two or more recognizable
    stages. One stage involves understanding the business and risk assessment, determining the
    response to assessed risk, testing of controls and a limited amount of substantive procedures.
    This stage is sometimes known as the interim audit. Another stage involves further tests of
    controls and substantive procedures and audit finalization procedures. This stage is sometimes
    known as the final audit.

    Describe and explain the main audit procedures and processes that take place during the interim
    and final audit of a large entity.

    Date posted: April 12, 2019.  Answers (1)

  • Explain whether the following types of audit evidence meets the standards of relevancy, reliability and sufficiency as required by the auditor’s operational standards regarding: • Written confirmation...(Solved)

    Explain whether the following types of audit evidence meets the standards of relevancy,
    reliability and sufficiency as required by the auditor’s operational standards regarding:
    • Written confirmation of a trade debtor circularized at year end
    • Work-in-progress stocks identified during the annual physical stock count
    • Solicitor’s letter confirming pending legal action

    Date posted: April 12, 2019.  Answers (1)

  • Explain the meaning of the following terms; • Relevant audit evidence • Reliable audit evidence(Solved)

    Explain the meaning of the following terms;
    • Relevant audit evidence
    • Reliable audit evidence

    Date posted: April 12, 2019.  Answers (1)

  • Compare the responsibilities of the directors and auditors regarding the published financial statements(Solved)

    Compare the responsibilities of the directors and auditors regarding the published financial statements

    Date posted: April 12, 2019.  Answers (1)

  • The responsibilities of internal and external auditors in relation to the risk of fraud and error differ.(Solved)

    The responsibilities of internal and external auditors in relation to the risk of fraud and error differ.

    Explain the responsibilities of external auditors in respect of the risk of fraud and error in an audit
    of financial statements

    Date posted: April 12, 2019.  Answers (1)

  • Stone Holidays is an independent travel agency. It does not operate holidays itself. It takes commission on holidays sold to customers through its chain of...(Solved)

    Stone Holidays is an independent travel agency. It does not operate holidays itself. It takes commission on holidays sold to customers through its chain of high street shops. Staff are partly paid on a commission basis. Well-established tour operators run the holidays that Stone Holidays sells. The networked reservations system through which holidays are booked and the computerised accounting system are both well-established systems used by many independent travel agencies. Payments by customers, including deposits, are accepted in cash and by debit and credit card. Stone Holidays is legally required to pay an amount of money (based on its total sales for the year) into a central fund maintained to compensate customers if the agency should cease operations.

    Describe the nature of the risks to which Stone Holidays is subject arising from fraud and error.

    Date posted: April 12, 2019.  Answers (1)

  • Fraud and error present risks to an entity. Both internal and external auditors are required to deal with risks to the entity.(Solved)

    Fraud and error present risks to an entity. Both internal and external auditors are required to deal
    with risks to the entity.
    Required:
    Explain how the internal audit function helps an entity deal with the risk of fraud and error.

    Date posted: April 12, 2019.  Answers (1)

  • You are the audit manager for Parker, a limited liability company which sells books, CDs, DVDs and similar items via two divisions: mail order and on-line...(Solved)

    You are the audit manager for Parker, a limited liability company which sells books, CDs, DVDs
    and similar items via two divisions: mail order and on-line ordering on the Internet. Parker is a
    new audit client. You are commencing the planning of the audit for the year-ended 31 May 2005.
    An initial meeting with the directors has provided the information below.
    The company’s turnover is in excess of Kshs85 million with net profits of Kshs4 million. All profits
    are currently earned in the mail order division, although the Internet division is expected to return
    a small net profit next year. Turnover is growing at the rate of 20% p.a. Net profit has remained
    almost the same for the last four years. In the next year, the directors plan to expand the range of
    goods sold through the Internet division to include toys, garden furniture and fashion clothes. The
    directors believe that when one product has been sold on the Internet, then any other product
    can be as well.
    The accounting system to record sales by the mail order division is relatively old. It relies on
    extensive manual input to transfer orders received in the post onto Parker’s computer systems.
    Recently errors have been known to occur, in the input of orders, and in the invoicing of goods
    following dispatch. The directors maintain that the accounting system produces materially
    correct figures and they cannot waste time in identifying relatively minor errors. The company
    accountant, who is not qualified and was appointed because he is a personal friend of the
    directors, agrees with this view, The directors estimate that their expansion plans will require a
    bank loan of approximately Kshs30 million, partly to finance the enhanced web site but also to
    provide working capital to increase inventory levels. A meeting with the bank has been scheduled
    for three months after the year end. The directors expect an unmodified auditor’s report to be
    signed prior to this time.

    Required:
    Identify and describe the matters that give rise to audit risks associated with Parker .

    Date posted: April 12, 2019.  Answers (1)

  • Ajio is a charity whose constitution requires that it raises funds for educational projects. These projects seek to educate children and support teachers in certain countries(Solved)

    Ajio is a charity whose constitution requires that it raises funds for educational projects. These
    projects seek to educate children and support teachers in certain countries. Charities in the
    country from which Ajio operates have recently become subject to new audit and accounting
    regulations. Charity income consists of cash collections at fund raising events, telephone
    appeals, and bequests (money left to the charity by deceased persons). The charity is small
    and the trustees do not consider that the charity can afford to employ a qualified accountant.
    The charity employs a part-time bookkeeper and relies on volunteers for fund raising. Your firm
    has been appointed as accountants and auditors to this charity because of the new regulations.
    Accounts have been prepared (but not audited) in the past by a volunteer who is a recently
    retired Chartered Certified Accountant.

    Required:
    Describe the risks associated with the audit of Ajio under the headings inherent risk, control risk and detection risk and explain the implications of these risks for overall audit risk

    Date posted: April 12, 2019.  Answers (1)

  • List and explain the audit tests to be performed on income and expenditure from fund raising events.(Solved)

    List and explain the audit tests to be performed on income and expenditure from fund raising events.

    Date posted: April 12, 2019.  Answers (1)

  • ISA 400 (Risk Assessments and Internal Control) deals with internal control objectives and internal controls. ISA 500 (Audit Evidence) deals with audit objectives and audit procedures....(Solved)

    ISA 400 (Risk Assessments and Internal Control) deals with internal control objectives and
    internal controls. ISA 500 (Audit Evidence) deals with audit objectives and audit procedures. A
    proper understanding of internal controls is essential to auditors in order that they understand the
    business and are able to effectively plan and execute tests of controls and an appropriate level
    of substantive procedures.
    You are the auditor of a small manufacturing company, Dinko, that pays its staff in cash and by
    bank transfer and maintains its payroll on a small stand-alone computer.

    Required:
    (a) For the payroll department at Dinko, describe the:
    i. Internal control objectives that should be in place.
    ii. Internal control environment and internal control procedures that should be in place to achieve the internal control objectives.
    (b) For the payroll charges and payroll balances (including cash) in the financial statements of Dinko:
    i. Describe the external auditor audit objectives.
    ii. List the tests of control and substantive procedures that will be applied in order to achieve the audit objectives identified in (b) (i) above.

    Date posted: April 12, 2019.  Answers (1)

  • Rhapsody Co supplies a wide range of garden and agricultural products to trade and domestic customers. The company has 11 divisions, with each division specializing in...(Solved)

    Rhapsody Co supplies a wide range of garden and agricultural products to trade and domestic
    customers. The company has 11 divisions, with each division specializing in the sale of specific
    products, for example, seeds, garden furniture, and agricultural fertilizers. The company has an
    internal audit department which provides audit reports to the audit committee on each division
    on a rotational basis.
    Products in the seed division are offered for sale to domestic customers via an Internet site.
    Customers review the product list on the Internet and place orders for packets of seeds using
    specific product codes, along with their credit card details, onto Rhapsody Co’s secure server.
    Order quantities are normally between one and three packets for each type of seed. Order details
    are transferred manually onto the company’s internal inventory control and sales system, and
    a two part packing list is printed in the seed warehouse. Each order and packing list is given a
    random alphabetical code based on the name of the employee inputting the order, the date, and
    the products being ordered.
    In the seed warehouse, the packets of seeds for each order are taken from specific bins and
    dispatched to the customer with one copy of the packing list. The second copy of the packing list
    is sent to the accounts department where the inventory and sales computer is updated to show
    that the order has been dispatched. The customer’s credit card is then charged by the inventory
    control and sales computer. Bad debts in Rhapsody are currently 3% of total sales.
    Finally, the computer system checks that for each charge made to a customer’s credit card
    account, the order details are on file to prove that the charge was made correctly. The order file
    is marked as completed confirming that the order has been dispatched and payment obtained.

    Required:
    a) In respect of sales in the seeds division of Rhapsody Co, prepare a report to be sent to the
    audit committee of Rhapsody Co which:
    i. Identifies and explains four weaknesses in that sales system.
    ii. Explains the possible effect of each weakness.
    iii. Provides a recommendation to alleviate each weakness.

    Date posted: April 12, 2019.  Answers (1)

  • List down internal control procedures for raw material purchasing system of a large manufacturing firm(Solved)

    List down internal control procedures for raw material purchasing system of a large manufacturing firm

    Date posted: April 12, 2019.  Answers (1)

  • The time is now towards the end of the audit, and you are reviewing working papers produced by the audit team. An example of a...(Solved)

    The time is now towards the end of the audit, and you are reviewing working papers produced by the audit team. An example of a working paper you have just reviewed is shown below.

    Client Name Specs4You Co
    Working paper Payables transaction testing
    Year end 30 April 2007
    Prepared by ……………………..
    Reviewed by ……………………
    Audit assertion: To make sure that the purchases day book is correct.
    Method: Select a sample of 15 purchase orders recorded in the purchase order system. Trace
    details to the goods received note (GRN), purchase invoice (PI) and the purchase day book
    (PDB) ensuring that the quantities and prices recorded on the purchase order match those on
    the GRN, PI and PDB.
    Test details: In accordance with audit risk, a sample of purchase orders were selected from
    a numerically sequenced purchase order system and details traced as stated in the method.
    Details of items tested can be found on another working paper.
    Results: Details of purchase orders were normally correctly recorded through the system. Five
    purchase orders did not have any associated GRN, PI and were not recorded in the PDB.
    Further investigation showed that these orders had been cancelled due to a change in spectacle
    specification. However, this does not appear to be a system weakness as the internal controls do
    not allow for changes in specification.
    Conclusion: Purchase orders are completely recorded in the purchase day book.

    Required:
    Explain why the working paper shown above does not meet the standards normally expected of
    a working paper.

    Date posted: April 12, 2019.  Answers (1)

  • You are an audit senior responsible for understanding the entity and its environment and assessing the risk of material misstatements for the audit of Rock for...(Solved)

    You are an audit senior responsible for understanding the entity and its environment and assessing
    the risk of material misstatements for the audit of Rock for the year ending 31 December 2004.
    Rock is a company listed on a stock exchange. Rock is engaged in the wholesale import,
    manufacture and distribution of basic cosmetics and toiletries for sale to a wide range of stores,
    under a variety of different brand names. You have worked on the audit of this client for several
    years as an audit junior.

    Required:
    Describe the information you will seek, and procedures you will perform in order to understand the entity and its environment and assess risk for the audit of Rock for the year ending 31 December 2004.

    Date posted: April 12, 2019.  Answers (1)

  • Discuss on features of audit working papers(Solved)

    Discuss on features of audit working papers

    Date posted: April 12, 2019.  Answers (1)