1. Management at Goldstein's, a large retail company with over 125 stores, has become
concerned about the increasing number of customer complaints. Customers reported
that electronic scanners are not charging proper prices in the stores in the Southeast
region. There has been some decline in profitability in the Southeast, but the company
has not experienced unusual fluctuations in profitability. Although the company
has strong central management, each region controls its own prices and, within limits,
an individual store manager can change prices in a store to compete locally.
The internal audit department has just completed an audit of the Southeast region.
The following are excerpts from the auditors' notes:
? Each store operates in a client/server computing environment. All prices are maintained
in the regional database. The database is downloaded daily to each store to
run the computer checkout system. Because the database is administered in a
client/server environment, there is no need to reconcile the downloaded database
with the master database. Furthermore, it is not necessary to use control totals or
similar totals because the company does not operate in a batch mode.
? All price changes are approved by the buyer responsible for procuring the goods.
? Buyers are evaluated based on the profitability of the items they purchase.
? Each buyer has access to the database for price changes. Access to the overall database
is limited by passwords. However, a buyer will often delegate access to an assistant
to perform the mechanical duties of keypunching in the data and updating
? Each buyer has the responsibility to develop promotional campaigns and advertising
for each store in the region. However, within limits, a local store manager can
place an ad for some special closeouts.
? Each store manager has the ability to change the price table on the store's price database.
However, those changes are not uploaded and thus cannot affect other stores.
CHAPTER 14 / Information Technology Auditing 459
? In order to maintain the integrity of the price database, the full database is downloaded
from the regional database each morning prior to the start of business.
? Closeout items are specially marked and are required to be entered at the cash register
rather than scanned in. In order to expedite customer service, the cashier enters
only the price of the product, not its number. The price entered does not affect
the selling price recorded in the store's database.
? The stores have been complaining about inventory shrinkage on certain products.
In other words, the stores do not have inventory on hand when the perpetual inventory
indicates that goods are present.
? The price table database is reconciled with the authorized price list kept by
each buyer on a quarterly basis. The reconciliation is performed by an assistant
to the merchandising manager, who is separate from the buyers making changes
to the database.
? The company prepares daily reports of sales per store and per department within
? Before any new product can be input into the price database, its product number
and purchase approval must first be entered. Approval is required from the merchandise
manager, and data are input by an assistant separate from the buyer. The
merchandise manager has a separate password to access the database.
? Any new product entry must conform to the company's existing product numbering
scheme. An edit check is run to determine that the product number is valid.
1. Given the description of the company's system and the audit findings, identify
five control strengths and five control weaknesses.
2. For each weakness identified, state the potential impact of the weakness on the
2. Uptown Bucks (UB) is an off-campus meal plan business in Oxford, Ohio. Students,
or their families, buy debit cards with fixed amounts that they can use to purchase
food only at more than 18 local restaurants. Customers can buy the cards at UB's office
in the center of town, or they may purchase the cards online. The following
paragraph describes the online card sale process.
A customer enters his credit card information online and the amount of purchase.
UB's software automatically checks the card number to determine that it is a valid
credit card number; for instance, there are certain digits that indicate Visa cards. The
software displays an error message if the number is not valid. The usual cause of
these errors is typographical. Once the customer completes the card order screen,
the software sends the data in an encrypted form to UB's host computer. Periodically,
the UB accountant retrieves transactions from the server. This is done by clicking
on the "Get Transactions" screen button.
For each online transaction, the accountant then manually copies down the creditcard
number on a scrap of paper,walks across the office to the credit-card machine,
and keys in the credit card number, the amount, and the numerical portion of the address.
The credit-card software checks to see if the card is valid and charges it for the
amount. The accountant next writes down the validation number, returns to the host
computer, and enters it. She prints a receipt for the transaction and puts it in a file.
The customer database now reflects the new customer. When a customer purchases
a card offline with a credit card, the accountant swipes the card directly, checks its
validity, charges the card, and then writes down the validation number and enters it
in the host computer.
UB is considering the purchase of credit-card software that can reside on the host
computer and interact with their accounting software. The credit card software
costs about $400. The credit card company rates are likely to increase by about 0.5
CHAPTER 6 / Accounting Information Systems and Business Processes: Part I 209
percent because cards could no longer be swiped directly?all credit card purchases
would need to go through the online software. The rate UB has to pay the credit card
company is based on this mix. Credit-card companies typically charge more if card
numbers are punched rather than swiped because they have more chance of invalid
transactions due to theft. It's easier to steal a number than a card. Currently, about
half of UB's sales transactions arise from online sales; the other half result from sales
through the office.
1. Should UB buy the credit-card software?
2. Develop a flowchart for UB's online sales process. What are the business risks associated
with this process?
REFERENCES, RECOMMENDED READINGS, AND WEB SITES
Accounting Information Systems is discussed very comprehensively in this explanation.