CHAPTER 11

ERP functionality falls into two general groups of applications:

●​ core applications and
●​ business analysis applications.

Typical core applications include, but are not limited to,

●​ sales and distribution,
●​ business planning,
●​ production planning,
●​ shop floor control, and
●​ logistics.

Online analytical processing (OLAP) includes

●​ decision support,
●​ modeling,
●​ information retrieval,
●​ ad hoc reporting/analysis, and
●​ what-if analysis

Two basic architectures are the (server configuration - client server model)
●​ two-tier model and the
●​ three-tier model

OLAP servers support common analytical operations including

●​ consolidation,
●​ drilldown, and
●​ slicing and dicing.

The data warehousing process has the following essential stages:

●​ Modeling data for the data warehouse
●​ Extracting data from operational databases
●​ Cleansing extracted data
●​ Transforming data into the warehouse model
●​ Loading the data into the data warehouse database

Clerical, data entry, and computer program errors can create illogical data such as
●​ negative inventory quantities,
●​ misspelled names, and
●​ blank fields.

four dimensions of scalability are important:

●​ size,
●​ speed,
●​ workload, and
●​ transaction cost
more commonly experienced problems occur in the following areas:
●​ Training
●​ System Testing and Integration
●​ Database Conversion

ERP Internal CONTROL

●​ Segregation of duties
●​ Transaction Authorization
●​ Supervision
●​ Accounting Records
●​ Independent Verification
●​ Access Controls

access control list

It is an IT resource (computer directory, data file, program, or printer) that controls access to
the resources.

​
big bang

An attempt to switch operations from the old legacy systems to the new system in a single
event that implements the ERP across the entire company.

​
bolt-on software

A company’s use of a third-party vendor to perform a specialized function.

​
changed data capture

A technique that can dramatically reduce the extraction time by capturing only newly
modified data.

client-server model

A form of network topology in which a user’s computer or terminal (the client) accesses the
ERP programs and data via a host computer (the server).

​
closed database architecture

Database management sys- tem used to provide minimal technological advantage over
flat-file systems.
Consolidation

The aggregation or roll-up of data.

core applications

Operations that support the day-to-day activities of the business.

​
data mart

Data warehouse organized for a single depart- ment or function.

​
data warehouse

A relational or multidimensional database that supports online analytical processing (OLAP).

​
Drill-down

The disaggregation of data to reveal underlying details that explain certain phenomena.

​
enterprise resource planning (ERP)

A generalized system that incorporates the best business practices in use

online analytical processing (OLAP)

A branch of ERP that includes decision support, modeling, information retrieval, ad hoc
reporting/analysis, and what-if analysis

online transaction processing (OLTP)

Processes consist- ing of large numbers of relatively simple transactions.

phased-in​
The ERP systems are installed independently in each business unit over a period of time.

Role

It is a formal technique for grouping together users according to the system resources they
need to perform their assigned tasks.

role-based access control (RBAC)

The technique that assigns access permissions to the role an individual plays in the
organization rather than directly to the individual. It handles many-to-many relationships
between users and permissions and facilitates dealing efficiently with vast number of
employees.
role-based governance

The system allow managers to view the current and historical inventory of roles, permissions
granted and the individuals assigned to roles.​

Scalability

The system’s ability to grow smoothly and economically as user requirements increase.

slicing and dicing​

The process that enables the user to examine data from different viewpoints.

supply chain management (SCM)

The convergence be- tween ERP and bolt-on software to move goods from raw material
stage to the consumer.

three-tier model

It is typical of large ERP systems that use wide area networks (WANs) for connectivity
among the users. It includes database and application functions

​
two-tier model

In this model, the server handles both application and database duties.

CHAPTER 11

1.​ Closed database architecture is

a.​ a control technique intended to prevent unauthorized access from trading
partners.
b.​ a limitation inherent in traditional information systems that prevents
data sharing.
c.​ a data warehouse control that prevents unclean data from entering the
warehouse.
d.​ a technique used to restrict access to data Marts.
e.​ a database structure that many of the leading ERPs use to support OLTP
applications.

2. Each of the following is a necessary element for the successful warehousing of

data EXCEPT

a.​ cleansing extracted data.

b.​ transforming data.
c.​ modeling data.
d.​ loading data
 e.​ all of the above are necessary.

3. Which of the following is typically NOT part of an ERP’s OLAP applications?

a.​ Decision support system.

b.​ Information retrieval.
c.​ Ad hoc reporting/analysis
d.​ Logistics
e.​ What-if analysis

4. ERP implementation is associated with a number of risks.. Which of the following

was NOT stated as a risk in the chapter?

a.​ A drop in firm performance after implemen- tation because the firm looks and
works dif- ferently than it did while using a legacy system.
b.​ Implementing companies have found that staff members, employed by ERP
consulting firms, do not have sufficient experience in implementing new
systems.
c.​ Implementing firms fail to select systems that properly support their business
activities.
d.​ The selected system does not adequately meet the adopting firm’s economic
growth.
e.​ ERPs are too large, complex, and generic for them to be well integrated
into most company cultures.

5. Which statement is NOT true?

a.​ In a typical two-tier client-server architec- ture, the server handles both
application and database duties.
b.​ Client computers are responsible for present- ing data to the user and
passing user input back to the server.
c.​ Two-tier architecture is for local area net- work applications where the
demand on the server is restricted to a relatively small popu- lation of users.
d.​ The database and application functions are separated in the three-tier model.
e.​ In three-tier client-server architectures, one tier is for user presentation,
one is for data- base and applications access, and the third is for
Internet access.

6. Which statement is NOT true?

a.​ Drill-down capability is an OLAP feature of data mining tools available to the
user.
b.​ The data warehouse should be separated from operational systems.
c.​ Denormalization of data involves dividing the data into very small tables
that support detailed analysis.
d.​ Some decisions supported by a data warehouse are not fundamentally
different from those that are supported by traditional databases.
e.​ Data cleansing involves transforming data into standard business terms with
standard data values.
7. Which statement is LEAST accurate?

a.​ Implementing an ERP system has more to do with changing the way an
organization does business than it does with technology
b.​ The phased-in approach to ERP implementa- tion is particularly suited to
diversified orga- nizations whose units do not share common processes and
data.
c.​ Because the primary reason for implement- ing an ERP is to standardize
and integrate operations, diversified organizations whose units do not
share common processes and data do not benefit and tend not to imple-
ment ERPs.
d.​ To take full advantage of the ERP process, reengineering processes will need
to occur.
e.​ A common reason for ERP failure is that the ERP does not support one or
more important business processes of the organization.

8. Which of the following is not a typical core application in an ERP system?

a.​ Sales and distribution

b.​ Business planning
c.​ Production planning
d.​ On-line analytical processing (OLAP)
e.​ Logistics

9. Auditors of ERP systems

A.​ need not be concerned about segregation of duties because these systems
possess strong computer controls.
B.​ focus on output controls such as independent verification to reconcile batch
totals.
C.​ are concerned that managers fail to exercise adequate care in assigning
permissions.
D.​ do not see the data warehouse as an audit or control issue at all because
financial records are not stored there.
E.​ need not review access levels granted to users because these are
determined when the sys- tem is configured and never change.

10. Which statement below is correct?

a.​ Only one individual can be assigned to a role and a predefined set of access
permissions.
b.​ A role is a formal technique for grouping together users according to
the system resources they need to perform their assigned Tasks.
c.​ RBAC assigns specific access privileges to Individuals.
d.​ Because of the use of roles, access security concerns are essentially
eliminated in the ERP environment.
e.​ None of the above are correct.
Ethical issues in business can be divided into four areas:
●​ equity,
●​ rights,
●​ honesty, and the
●​ exercise of corporate power.

following ethical principles provide some guidance in the discharge of this

responsibility
●​ Proportionality
●​ Justice
●​ Minimize risk

three levels of computer ethics:

●​ pop,
●​ para, and
●​ theoretical

Several issues of concern for students of accounting information systems are

discussed in the following section.
●​ Privacy
●​ Security (Accuracy and Confidentiality)
●​ Ownership of Property
●​ Equity in Access
●​ Environmental Issues
●​ Artificial Intelligence
●​ Unemployment and Displacement
●​ Misuse of Computer

Section 406 necessitates a written code of ethics that addresses the following ethical
issues.
●​ Conflicts of Interest
●​ Full and fair disclosure
●​ Legal Compliance
●​ Internal Reporting of Code Violations
●​ Accountability

According to common law, a fraudulent act must meet the following five conditions:
●​ False Representation
●​ Material Fact
●​ Intent
●​ Justifiable Reliance
●​ Injury or loss

Fraud Triangle
●​ Situational pressure
●​ Opportunity
●​ Ethics
the opportunity factor explains much of the financial loss differential in each of the
demographic categories presented in the ACFE study:
●​ Position
●​ Age
●​ Gender
●​ Collusion
●​ Education

Three broad categories of fraud schemes are defined:

●​ fraudulent statements,
●​ corruption, and
●​ asset misappropriation.

Underlying Problems
●​ Lack of Auditor Independence
●​ Lack of Director Independence
●​ Questionable Executive Compensation Schemes
●​ Inappropriate Accounting Practices

Sarbanes-Oxley Act and Fraud s principal reforms pertain to

●​ (1) the creation of an accounting oversight board,
●​ (2) auditor independence,
●​ (3) corporate governance and responsibility,
●​ (4) disclosure requirements, and
●​ (5) penalties for fraud and other violations

four principal types of corruption:

●​ bribery,
●​ illegal gratuities,
●​ conflicts of interest, and
●​ economic extortion.

Asset misappropriation
●​ Skimming
●​ Cash Larceny
●​ Billing schemes
●​ Check Tampering
●​ Payroll Fraud
●​ Expense Reimbursements
●​ Thefts of Cash
●​ Non-Cash Misappropriations

Billing schemes
●​ Shell company fraud
●​ Pass through fraud
●​ Pay and return fraud

key stages of an information system

 ●​ data collection,
●​ data processing,
●​ database management, and
●​ information generation

Regardless of physical form, useful information has the following characteristics:

●​ relevance,
●​ timeliness,
●​ accuracy,
●​ completeness, and
●​ summarization.

In the case of financial fraud (management fraud), external auditors should look for
the following kinds of common schemes:
●​ Improper revenue recognition
●​ Improper treatment of sales
●​ Improper asset valuation
●​ Improper deferral of costs and expenses
●​ Improper recording of liabilities
●​ Inadequate disclosures

Examples of common schemes related to employee theft (asset misappropriation)

include the following:
●​ Personal purchases
●​ Ghost employees
●​ Fictitious expenses
●​ Altered payee
●​ Pass-through vendors
●​ Theft of cash (or inventory)
●​ Lapping

Accuracy

Information must be free from material errors.

​
Association of Certified Fraud Examiners (ACFE)

An organization that conducts studies to estimate losses from fraud and abuse.

balance forward method

A method in which total sales to customers for the period are itemized and billed at the
period end.

Billing schemes
Also known as vendor fraud, are perpe- trated by employees who cause their employer to
issue a payment to a false supplier or vendor by submitting in- voices for fictitious goods or
services, inflated invoices, or invoices for personal purchases.

bribery​
The influence of an official in the performance of his or her lawful duties.

business ethics​
The study of ethical principles and moral or ethical problems that arise in a business
environment.

Cash larceny​
It involves schemes where cash receipts are stolen from an organization after they have
been recorded in the organization’s books and records.

Check tampering​
It involves forging or changing in some material way a check that the organization has
written to a legitimate payee.

completeness​
The idea that no piece of information essential to a decision or task should be missing.

computer ethics

It is “the analysis of the nature and social impact of computer technology and the corre-
sponding formulation and justification of policies for the ethical use of such technology....
[This includes] con- cerns about software as well as hardware and concerns about networks
connecting computers as well as com- puters themselves.”

computer fraud​
The use of a computer to commit fraud.

computer security​
It is an attempt to avoid such unde- sirable events as a loss of confidentiality or data
integrity.

conflict of interest​
When an employee acts on behalf of a third party during the discharge of his or her duties or
has self-interest in the activity being performed.

corruption​
The act of an official or fiduciary person who unlawfully and wrongfully uses his station or
character to procure some benefit for himself or for another person, contrary to duty and the
rights of others.

data collection​
It is the first operational stage in the in- formation system. The objective is to ensure that
trans- action data entering the system are valid, complete, and free from material errors.
database management fraud​
The act(s) of altering, deleting, corrupting, destroying, or stealing an organization’s data.

eavesdropping​
Listening to output transmissions over telecommunication lines.

economic extortion​
The use (or threat) of force (includ- ing economic sanctions) by an individual or an organi-
zation to obtain something of value.

employee fraud​
Performance fraud by non-management employees generally designed to directly convert
cash or other assets to the employee’s personal benefit.

ethical responsibility​
Organization managers have an ethical responsibility to seek a balance between the risks
and benefits to the constituents that result from their decisions.

ethics​
The principles of conduct that individuals use in making choices and guiding their behavior in
situations that involve the concepts of right and wrong.

Expense reimbursement​
It is a scheme in which an em- ployee makes a claim for reimbursement of fictitious or
inflated business expenses.

false representation​
A fraudulent act involving a false statement or a nondisclosure.

fraud​
A false representation of a material fact made by one party to another party with the intent to
deceive and induce the other party to justifiably rely on the fact that to his or her detriment.

fraud triangle​
The combination of situational pressures, opportunities, and personal characteristics that
can lead to the act of fraud.

fraudulent financial reporting​

Fraud commonly com- mitted by persons at the management level.

fraudulent statements​
They are associated with manage- ment fraud. While all fraud involves some form of fi-
nancial misstatement, to meet the definition under this class of fraud scheme, the financial
statement misrepre- sentation must itself bring direct or indirect financial benefit to the
perpetrator.

hackers​
They are distinguished from other computer criminals because their motives are not usually
to defraud for financial gain. They are motivated primarily by the challenge of breaking into
the system rather than the theft of assets.
illegal gratuity​
The act of “rewarding” an official for tak- ing a particular course of action.

injury or loss

The condition to a fraudulent act that the deception must have caused injury or loss to the
victim of the fraud.

intent​
The condition to a fraudulent act that the intent to deceive or the knowledge that one’s
statement is false.

justifiable reliance​
The condition to a fraudulent act that the misrepresentation must have been a substantial
factor on which the injured party relied.

lapping​
Use of customer checks, received in payment of their accounts, to conceal cash previously
stolen by an employee.

mailroom fraud​
An employee opening the mail steals a customer’s check and destroys the associated
remittance advice.

management fraud​
Performance fraud that often uses deceptive practices to inflate earnings or to forestall the
recognition of either insolvency or a decline in earnings.

masquerading​
A perpetrator gaining access to the system from a remote site by pretending to be an
authorized user.

material fact​
The condition to a fraudulent act that is a substantial factor in inducing someone to act.

misappropriation of assets​
Fraud commonly committed by employees

Non-cash fraud​
The scheme that involves the theft or misuse of the victim organization’s non-cash assets.

open invoice method​

A method in which each invoice is recorded as a separate item in the invoice file.

operations fraud​
The misuse or theft of a firm’s computer resources.
ownership​
The personal information a person owns.

pass-through​
It is similar to the shell company fraud with the exception that a transaction actually takes
place.

pay-and-return​
It is a third form of vendor fraud. This typically involves a clerk with check writing authority
who pays a vendor twice for the same products (inventory or supplies) received.

payroll fraud​
The overpayment of employees and pay- ments to nonexistent employees.

Piggybacking

The action in which a perpetrator taps into the telecommunications line from a remote source
and latches onto an authorized user who is logging onto the system.

​
privacy​
A matter of restricted access to persons or information about persons.

program fraud​
A form of data processing fraud that in- volves creating illegal programs to alter accounting
re- cords, destroying a program’s logic using a virus, or altering the program logic to cause
the application to process the data incorrectly.

Public Company Accounting Oversight Board (PCAOB)

A company created by the Sarbanes-Oxley Act to set auditing, quality control, and ethics
standards, to inspect registered accounting firms, to conduct investigations, and to take
disciplinary actions.

Relevance

The need for the contents of a report or docu- ment to serve a purpose.

SAS No. 99

The current guidelines on fraud detection.

scavenging

Searching through the trash cans of the com- puter center for discarded output.

shell company

A fraud that requires that the perpetrators establish a false supplier on the books of the
victim company.
skimming

It involves stealing cash from an organization before it is recorded on the organization’s

books and records.

summarization

The idea that information should be aggregated in accordance with a user’s needs.

thefts of cash

It is a scheme that involve the direct theft of cash on hand in the organization.

timeliness

The idea that information must be no older than the time period of the action it supports.

vendor fraud

It is also known as billing schemes, are perpetrated by employees who cause their employer
to issue a payment to a false supplier or vendor by submit- ting invoices for fictitious goods
or services, inflated in- voices, or invoices for personal purchases.

CHAPTER 12

1.​ Which characteristic is not associated with soft- ware as intellectual property?
a.​ uniqueness of the product
b.​ possibility of exact replication
c.​ automated monitoring to detect intruders
d.​ ease of dissemination

2.​ One characteristic of employee fraud is that the fraud

a.​ is perpetrated at a level to which internal controls do not apply
b.​ involves misstating financial statements
c.​ involves the direct conversion of cash or other assets to the employee’s
personal benefit
d.​ involves misappropriation of assets in a series of complex transactions
involving third parties

3.​ Which of the following frauds is not classified as corruption:

a.​ illegal gratuities
b.​ asset misappropriation
c.​ Bribery
 d.​ conflicts of interest
e.​ all of the above are forms of corruption

4.​ A mailroom clerk opens envelopes containing checks and remittance advices.
The clerk steals a check, cashes it, and destroys the remittance advice. What
type of fraud is this?
a.​ Skimming
b.​ Pay-and-return fraud
c.​ Cash larceny
d.​ Lapping
e.​ None of the above

5.​ Which of the following is not a feature of employee fraud?

a.​ Concealing the crime to avoid detection
b.​ Stealing something of value
c.​ Misstating financial statements
d.​ Converting the asset to a usable form
e.​ All are features of employee fraud

6.​ The Congress enacted SOX into law in July 2002 establishes a framework to
modernize and reform the oversight and regulation of public company
auditing. Which of the following is not one of the acts principal reforms?
a.​ Creation of an accounting oversight board
b.​ Auditor independence
c.​ Corporate governance and responsibility
d.​ Penalties for fraud and other violations
e.​ All of the above are principal reforms

7.​ A cash disbursements clerk pays the same vendor AP twice. When the vendor
reimburses the over- payment the clerk cashes the check and keeps the
proceeds. What type of fraud is this?
a.​ Lapping
b.​ Pass through fraud
c.​ Shell company
d.​ Kiting
e.​ None of the above

8.​ Business ethics involves

a.​ how managers decide on what is right in conducting business.
 b.​ how managers achieve what they decide is right for the business.
c.​ both a and b.
d.​ only a.

9.​ All of the following are conditions for fraud except

a.​ material reliance.
b.​ injury or loss.
c.​ Intent.
d.​ false representation

10.​Which of the following benefits is least likely to occur from implementing a

system of internal controls?
a.​ Reduced cost of an external audit
b.​ Preventing employee collusion to commit fraud
c.​ Availability of reliable data for decision-making purposes
d.​ Some assurance of compliance with the Foreign Corrupt Practices Act of
1977
e.​ Some assurance that important documents and records are protected

11.​Which of the following situations is least likely to promote a fraudulent act?

a.​ The treasurer has the authority to sign checks but gives the signature
block to the assistant treasurer to run the check-signing machine.
b.​ The warehouse clerk, who has the custodial responsibility over inventory in
the ware- house, selects the vendor and authorizes pur- chases when
inventories are low.
c.​ The sales manager has the responsibility to approve credit and the authority
to write off accounts.
d.​ The accounting clerk who shares the record- keeping responsibility for the
accounts receivable subsidiary ledger performs the monthly reconciliation of
the subsidiary led- ger and the control account.
e.​ All of the above will promote fraud.

12.​The purchasing agent for a Company XYZ places an order with a false vendor,
which is himself. He then purchases the needed items from a legiti- mate
vendor and sells them to Company XYZ at a higher than market price. What
type of fraud is this?
a.​ Lapping
b.​ Pass through fraud
c.​ Shell company
d.​ Kiting
e.​ None of the above
13.​Which of the following controls would best pre- vent the lapping of accounts
receivable?
a.​ Segregate duties so that the clerk responsible for recording in the accounts
receivable subsidiary ledger has no access to the general ledger.
b.​ Request that customers review their monthly statements and report any
unrecorded cash payments
c.​ Require customers to send payments directly to the company’s bank.
d.​ Request that customers make the check pay- able to the company.

14.​The purchasing agent creates a false PO, a false receiving report, and a false
vendor invoice. Based on these documents the system prepares an AP and
writes a check to the purchasing agent. What type of fraud is this?
a.​ Lapping
b.​ Kiting
c.​ Pass through
d.​ Shell company
e.​ None of the above

15.​What fraud scheme is similar to the “borrowing from Peter to pay Paul”
scheme?
a.​ Expense account fraud
b.​ Kiting
c.​ Lapping
d.​ Transaction fraud’

16.​Which of the following best describes lapping?

a.​ Applying cash receipts to a different customer’s account in an attempt
to conceal previous thefts of funds.
b.​ Inflating bank balances by transferring​
money among different bank accounts.
c.​ Expensing an asset that has been stolen.
d.​ A clerk writes off a customer’s account receivable and keeps the cash that the
customer remits.

17.​Operations fraud includes

a.​ altering program logic to cause the application to process data incorrectly.
b.​ misusing the firm’s computer resources.
 c.​ destroying or corrupting a program’s logic using a computer virus.
d.​ creating illegal programs that can access data files to alter, delete, or insert
values.

18.​For an action to be called fraudulent all of the following conditions are required
except
a.​ material fact.
b.​ false representation.
c.​ intent to deceive.
d.​ injury or loss.
e.​ all of the above are conditions.

19.​ Which of the following is NOT an element of the fraud triangle?

a.​ Ethics
b.​ Justifiable reliance
c.​ Situational pressure
d.​ Opportunity