You are on page 1of 3

Computer Auditing- Question Pack

Question 1
Application controls

General controls

Required:
Put the controls listed below in the above table in the correct category.
One to one checking, Virus checks, Hash totals, Program libraries, Passwords, Segregation of
duties, Controls over account deletions, Back up power source, Record counts, Back-up copies,
Review of master files, Training.

Question 2
The Beeches is a privately owned company operating a retirement home complex of the same
name in Limerick City, which offers a safe and secure living environment for some 150 retirees
requiring medical attention living there, as well as nursing and medicine dispensation services.
The Beeches is organised into three different buildings, each in turn broken down into three
separate wards of between 15 and 20 residents, each manned by qualified staff including at least
one nurse. The Beeches is certified by the Department of Health, which provides 30% of its
funding, contingent on passing inspection reports and a clean audit opinion on its statutory
accounts.
Each ward is equipped with two PCs, which professional staff and nurses access, in order to
modify and input information as regard to each resident, including his/her personal and family
background, personality profile, dietary requirements and daily medicine intakes. All of this
information is stored in a database on a server in the Administration office, where the head
administrator, Gus Peters enters accounting transactions and maintains the books of account. The
server is in turn connected to outside networks, with firewalls and other controls in place to
block unauthorised access from the outside. The Beeches database is updated using a batch
system and is backed-up at the end of each day.
During your planning visit to The Beeches you noted that, in some of the wards, PCs, when not
in use by staff, were often accessed by residents and visitors to surf the internet, with the latter,
particularly children, also installing DVDs or CD-ROMs to play games or listen to music.

BBS4/BAA3

Auditing Practice

Computer Auditing- Question Pack

Question 2 (continued)
When asked about this practice, Gus Peters noted that the use of passwords, which had been
assigned for each individual, was suspended in order to facilitate the work of staff, and that he
saw nothing wrong with seniors or visitors using the PCs when not in use by staff as it
contributed to the relaxed environment at The Beeches. He felt that any exposure The Beeches
had as a result of this inadequate control over the limitation of computer system access was more
than offset by the state-of-the-art input, processing and output controls on the system, ensuring
that data integrity in no way was compromised.
You are Toby Lang, audit manager responsible for the audit of The Beeches 2010 financial year
accounts. You are asked to address the above issue and related computer audit issues.

REQUIREMENT:
(a) Regarding residents and visitors unhindered access to The Beeches computer system,
identify and explain:
i) Two major risks to which The Beeches is exposing itself:
(5 marks)
ii) Two potential serious consequences that may result.
(5 marks)
(b) Make recommendations to address the issues raised in (i) and (ii) above.
Your recommendations should incorporate a listing of desirable password features and take into
account the specificities of an organisation like The Beeches.
(5 marks)
(d) List five specific risks posed by information technology to an entitys internal control.
(5 marks)
[Total: 20 Marks]
Question 3
Layton Limited is a retailer of fabrics and soft furnishings. The company was established by
John Layton twenty years ago and despite some economic challenges over the years it has grown
steadily during that period. Since it was founded the company has employed a small but loyal
staff and maintained a completely manual accounting system using large ledgers to record
accounting transactions. At the beginning of this year John Layton announced that he wished to
retire and that his son, Michael would become the Chief Executive of the company. Michael has
a degree in business studies specialising in marketing and has made it clear that he intends to use
his knowledge and qualification to modernise the company. As part of the modernising process
Michael has announced that the companys accounting system will be computerised. As your
firm has been the auditor of Layton Limited for many years he has asked for your advice.

BBS4/BAA3

Auditing Practice

Computer Auditing- Question Pack

Layton Limited has always highlighted the importance of good control and has implemented all
improvements to internal control suggested by your firm.
Question 3 (continued)

Required:
From your perspective as auditor of Layton Limited, draft a report to the new Chief Executive,
Michael Layton regarding the proposed computerisation of the accounting system. Your report
should:

a) Explain the two main categories of controls that you would expect to find in a computer
based environment
( 6 marks)

b) Provide examples of (each category of) controls that Layton Limited should establish and
that would be expected in a computerised operating environment
( 10 marks)

c) Suggest what may be done to assist in the smooth transition from a manual accounting
system to a computerised accounting system in Layton Limited.
( 4 marks)

[Total: 20 marks]

BBS4/BAA3

Auditing Practice