3 Red Bluff Inn & Café: Establishing Effective Internal Control in a Small Business

Find more at www.downloadslide.com



168



[3]



Describe the potential impact of your proposed controls on the morale of the couple in charge

of the day-to-day operations. How might Francisco deal with these concerns?



[4]



Briefly describe the impact each proposed control would have on the efficiency of running the

business. Are the controls you generated both effective and efficient?



© 2015 Pearson Education, Inc.



Find more at www.downloadslide.com



C A S E



Mark S. Beasley · Frank A. Buckless · Steven M. Glover · Douglas F. Prawitt

L EA R N ING OB JE C T IVE S

After completing and discussing this case you should be able to

[1]

[2]



Recognize risks in a manual-based accounting

sales system

Explain how an information technology (IT)based accounting system can reduce manual

system risks



[3]

[4]



Identify new risks potentially arising from the

use of an IT-based accounting system

Recognize issues associated with the process of

converting from a manual to an IT-based

accounting system



INTRODUCTION

St. James Clothiers is a high-end clothing store located in a small Tennessee town. St. James has

only one store, which is located in the shopping district by the town square. St. James enjoys the

reputation of being the place to buy nice clothing in the local area. The store is in its twentieth year

of operation.

The owner, Sally St. James, recently decided to convert from a relatively simple manual sales

system to an IT-based sales application package. The sales application software will be purchased

from a software vendor. As the audit senior on the St. James engagement, you recently asked one

of your staff auditors, Joe McSweeney, to visit with the client more formally to learn more about

the proposed accounting system change. You asked Joe to review the narrative in last year’s audit

files that he prepared, which describes the existing manual sales accounting system, and update

it for any current-year changes. You also asked him to prepare a second narrative describing the

proposed IT-based sales accounting system, using information he obtained in his discussions with

St. James personnel. The narrative from last year’s audit files and the narrative Joe recently prepared

are provided in the pages that follow.



The case was prepared by Mark S. Beasley, Ph.D. and Frank A. Buckless, Ph.D. of North Carolina State University and Steven M. Glover, Ph.D. and

Douglas F. Prawitt, Ph.D. of Brigham Young University, as a basis for class discussion. St. James is a fictitious company. All characters and names

represented are fictitious; any similarity to existing companies or persons is purely coincidental.



©



169



Find more at www.downloadslide.com



R EQ U I R ED

[1]



[2]



The proposed new IT-based sales accounting system will be cloud-based and St. James will

access the underling software via online access. Visit the website of the Committee of Sponsoring

Organizations of the Treadway Commission (COSO) (www.coso.org) to obtain a free copy of

COSO's thought paper, Enterprise Risk Management for Cloud Computing, to answer the following

questions:

[a]



What is cloud computing?



[b]



What benefits, if any, would use of cloud computing for the sales system provide St. James?



[c]



What risks, if any, would the use of cloud computing for the sale system impose on St. James?



The audit partner on the St. James engagement, Betty Watergate, has asked you to review the

narratives prepared by Joe as part of your audit planning procedures for the current year’s

December 31, 2015 financial statement audit. Betty wants you to prepare a memorandum for

her that addresses these questions:

[a]



What aspects of the current manual sales accounting system create risks that increase the

likelihood of material misstatements in the financial statements? Specifically identify each

risk and how it might lead to a misstatement. For example, don’t just put “Risk: Sales tickets

are manually prepared by the cashier.” Rather, you should state why this increases risks of

material misstatements by adding “This increases the risk of material misstatements because

it increases the risk of random mathematical errors by the cashier.”



[b]



What features, if any, of the proposed IT-based sales accounting system will help minimize

the risks identified in question 2.a? If a deficiency exists that is expected to persist under the

new system, indicate that “no computer controls reduce this risk.”



[c]



How does the IT-based sales system create new risks for material misstatements?



[d]



What recommendations do you have related to plans for the actual conversion to this new

system?



Prepare a memorandum containing your responses to Betty’s questions. You may find it helpful

to combine your responses to questions 2.a and 2.b. For example, you might present your

answers to questions 2.a and 2.b using the worksheet format on the next page (Note: You can

download an electronic version of the worksheet at the publisher's website that supports this

casebook www.pearsonhighered.com/beasley).



170



© 2015 Pearson Education, Inc.



Find more at www.downloadslide.com



© 2015 Pearson Education, Inc.



171



Find more at www.downloadslide.com



This page intentionally left blank



Find more at www.downloadslide.com



© 2015 Pearson Education, Inc.



173



Find more at www.downloadslide.com



Joe McSweeney



174



© 2015 Pearson Education, Inc.



Find more at www.downloadslide.com



© 2015 Pearson Education, Inc.



175



Find more at www.downloadslide.com



Joe McSweeney



176



© 2015 Pearson Education, Inc.



Find more at www.downloadslide.com



C A S E



Collins Harp Enterprises

Mark S. Beasley · Frank A. Buckless · Steven M. Glover · Douglas F. Prawitt

L EA R N ING OB JE C T IVE S

After completing and discussing this case you should be able to

[1]



[2]



Recognize risks associated with the IT organizational structure and systems development

processes at a potential audit client

Identify general IT-related controls that, if

implemented, could reduce risks associated with

IT systems development



[3]



Communicate negative information to a potential new audit client in a way that might lead to

new audit services for that company



BACKGROUND

You are the new information technology (IT) audit specialist at the accounting firm of Townsend and

Townsend, LLP. One of the audit partners, Harold Mobley, asked you to evaluate the effectiveness of

general and application IT-related controls for a potential new audit client, Collins Harp Enterprises,

which is a privately-held business. During a round of golf last week, an executive of Collins Harp

Enterprises asked Harold to have someone with good IT training look at the company’s IT systems

development process. Harold recently summarized the following information about Collins Harp’s IT

systems development process based on his recent conversation with Linda Seth, IT Vice President at

Collins Harp.



IT SUMMARY

Because of the company's unique business processes, Collins Harp Enterprises develops most of

its computer software applications in-house. Over the past several years, Linda Seth has been able

to hire several good software programmers with relatively strong programming experience. She has

assembled a team of five programmers who handle most of the application and systems programming

needs. Because of their strong backgrounds, Ms. Seth involves all five programmers in new application

developments or modifications to existing applications and also involves all of them in operating,

security, utility, and other system software programming and maintenance tasks. The staff is relatively

versatile, and any one of them is able to handle the programming demands of most changes.

Linda notes that because the programmers are typically more “free-spirited,” she prefers to

give the programmers relatively free latitude in the development of new applications or modifications

to existing applications. She comments that the programmers like to view their work as a form

of art. As a result, she notes that the programmers “attack” the programming logic development

using their own, unique programming style and approach. She believes that such “freedom” for the

programming staff enhances the quality of the application development.

New applications are generally initiated by Linda after she identifies suggestions for changes

to existing applications based on conversations with similar IT personnel at other companies.

The case was prepared by Mark S. Beasley, Ph.D. and Frank A. Buckless, Ph.D. of North Carolina State University and Steven M. Glover, Ph.D.

and Douglas F. Prawitt, Ph.D. of Brigham Young University, as a basis for class discussion. Collins Harp is a fictitious company. All characters and

names represented are fictitious; any similarity to existing companies or persons is purely coincidental.



©



177



Find more at www.downloadslide.com



Because she regularly attends IT development conferences, she believes that she is in the best

position to identify ways to improve current application procedures. Occasionally, non-IT personnel

(like accounting department personnel who work with the accounting systems) identify suggested

changes. Linda notes that she generally hears about application changes or new application ideas

from non-IT personnel in informal settings such as over lunch in the company cafeteria or when

bumping into people in the office hallways. She also monitors emerging trends in the industry, such

as the growing use of cloud computing. When that occurs, she makes a mental note to take back to

her programming staff.

When applications are developed or changes are made, the assigned programmer generally

telephones or emails the non-IT personnel primarily responsible for the application to discuss the

programmer’s suggested modification and to get their unofficial “blessing” to proceed. Occasionally,

the programmer meets with the respective personnel, if requested. However, the programmers

generally feel that such meetings have limited benefit because users have very little understanding

of the programming logic used.

If the programmer is making a modification to an existing application, he or she makes a copy

of the current version of the software program being used so that they don’t have to reprogram the

entire application. Before beginning, the programmer generally tries to meet with the programmer

who was previously involved with any programming associated with this application to get a “big

picture feel” for the application. Given the small size of the programming staff, the programmer

can generally identify the person last involved with this application by talking with the other

programmers. The programmer locates documents related to the programming logic maintained

in the programming department’s files. Generally, this documentation includes electronic files and

memos that contain the programmer's notes about his or her programming logic used to program

the software application. The newly assigned programmer is able to recreate a trail of the most

recent modifications to the application from these notes.

Programmers test all application developments and modifications. To increase the

independence of the testing, Linda assigns a different programmer to perform the testing of the

application before implementation. The test programmer creates a fictitious data set by copying

one of the actual data sets used in the relevant application. The test programmer performs a test

of the new application or modification and documents the results. Linda says that there are tight

controls over program testing because of her detailed reviews of all program test results and personal

approval of each program before implementation into live production. And, she adds that copies of

all test results are maintained in the files for subsequent review.

Once Linda believes that the program is accurately processing the test data, she approves

the program for implementation into live production. Linda notes that it is a big event for

the programmers when their application is ready for implementation. She comments that the

programmers take pride in the completion of the project and that all the programmers celebrate

once the project programmer announces that he or she has compiled the final version into object

code and forwarded the object code version to the IT Librarian.



178



© 2015 Pearson Education, Inc.