1. Monster Company has an in-house information systems department of 50 people. The company generally does its own programming, although some software was acquired as a software package. A software package was purchased for customer relationship management, which will be modified by the programming staff.

Procedures for implementing programs vary by department. All major changes are approved by the Management Information Systems steering committee. The committee is also given a list of the maintenance changes that are planned in the coming year. Some departments request that the data processing department handle testing, while other users are rather picky and want to do their own testing. Requirements are generally prepared in writing, although small maintenance changes may be handled verbally.

a) Assess inherent risk associated with program changes. provide 3.

b) What is your conclusion and impact of the inherent risk associated with program changes at Monster. Explain.

2. Alliance Co. has 250 different customers in the plastics manufacturing industry, with accounts receivable balances ranging from $500 to $25,000 per customer. It uses about 15 different suppliers for all raw materials. There is one accountant working full time for the company. A professional accountant comes in once a week for three hours to review the work of the accounting employee and prepare journal entries.

Bad debts are rare, as the owner is actively involved in accounts receivable collection. Alliance Co. has an integrated suite of accounting software and a four-station local area network that is used by accounting staff, the owner, and production personnel. There is an automated time-keeping system that includes job costing.

a) Describe four IT governance controls or control environment controls over information technology that should be present at the organization.

b) For each IT governance control or control environment control that you describe, provide an audit procedure that an internal auditor could use to audit the control.

Austin is the information systems manager and thinks that a number of internal control problems exist with the inventory system; however, Russel, the inventory manager, does not think there are any problems. The firm has a network of seven PCs in the inventory department, which replaced the old mini computer-based information system that had previously been used to help manage the inventory. Joe, the employee that operates the inventory PC network, is responsible for receiving inventory requisitions, checking them for proper approvals, disbursing the requested items, and entering the transactions into the inventory system. This networked inventory system is used solely for this function, and only Joe knows how to operate it. There are other inventory clerks that know how to enter data into the system but nothing more (they do not check the data). No set of controls has been developed for its use because it is out of the formal management control of Jane and the information systems department. Ryssel thinks that Joe is more than qualified to operate the PC network without any interfering controls, and that Austin and the information systems department are just trying to extend their authority.

a) Use the case facts, briefly explain threeproblems (weakness and impact) you see with Russels's reasoning and recommend to Russel how to improve the controls.

b) For the use of a PC network in this case, list and describe threecontrols that should be used.