Applying Internal Control Concepts Using Database Design: An Educational Case Open Access

This paper develops a learning exercise based on the intersection of technology and internal control by instructing students in how to incorporate internal controls using a database software application. We selected the integration of internal control in a database application for several reasons. First, recent changes to the Uniform Certified Public Accountant Examination require a robust understanding of information processing and the controls surrounding such processing (AICPA, 2021). In stressing that importance, the AICPA announced significant changes to the CPA examination, effective in 2024. These changes require candidates to choose and pass one of three discipline areas (in addition to the three core CPA exams), one of which addresses business processes and internal controls (AICPA, 2021).

Second, because of exam changes, the AICPA (2022) updated its core competencies, citing technology application and internal control evaluation as main skill areas (AICPA, 2021). The CPA Evolution specifically challenges educators to adopt technology, internal control, and data analytics into the accounting curricula. Because instruction in integrating internal control into technology requires the ability to determine the necessary internal controls and how to incorporate those controls within the confines of the software, such effort also develops critical thinking skills, fulfilling the call for such development (AACSB, 2022, 2020).

Third, support for applying internal controls in a database setting also comes from practitioners. Pincus et al. (2017) stress the need for the teaching of technology and its application to meet the needs of accounting graduates entering the work force. Additionally, both Pan and Seow (2016) and Spraarkman et al. (2015) cite employers' concerns over the lack of accounting graduates' competency in technology, suggesting the need for greater coverage of the topic.

Yet, acquiring skills in internal control and technology separately is not as valuable as learning to assess internal control within technology, such as whether a database has the proper data entry controls¹ to prevent unauthorized or erroneous transactions from being accepted into the system. Unfortunately, few cases exist that combine internal control application in a technology setting. Contemporary accounting information systems (AIS) textbooks address internal controls and databases separately; they do not integrate the two concepts. To close this gap, we developed a project in which students apply internal control knowledge using Microsoft Access™ (Access) database software.

We chose database software (1) because databases are an important part of big data analysis and (2) that, although spreadsheets are effective for many tasks, their lack of scalability or relational features allowing easy access to data, limit their applicability (Bendre et al., 2015). Additionally, databases help students learn how online controls operate at the field level to prevent erroneous data from being processed.

Because both AICPA (2022) and AACSB standards (2022, 2020) call for increased emphasis on developing problem-solving skills by applying technology to “real world” issues (AICPA, 2022), we present a project for teaching internal controls to senior-level accounting students using Access. As such, our project combines both internal control and database technology and meets the AICPA and AACSB recommendation to teach students a technology skill set. The students improve their knowledge of internal controls and database technology—skills needed for newly minted accountants.

Concept mapping is a method for assisting the transfer of knowledge (Kim, 2013). It requires participants to link one concept to another concept by associating a threat to a particular field with the internal control preventing that threat. This linking acts as a memory aid by assimilating the necessary bits of information needed for a task and allows students to apply knowledge of one area (internal control) to another area (database software). Marlia et al. (2007) note that concept mapping is the tool that allows internal expert knowledge to be examined, refined, and re-used. This mapping increases information available to students and allows several knowledge components to appear at the same time to the individual, which can increase task accuracy.

The issue then becomes how to structure concept mapping in a learning project requiring multiple steps with multiple links. While concept mapping is commonly associated with visual diagrams, research indicates that paired associations (Frederick, 1991; Frederick et al., 1994), specific matching of concepts (Curtis & Viator, 2000), semantical associations (Kim, 2013), and textual lists (Block & Morwitz, 1999) are effective mechanisms for implementing “concept mapping,” as each method serves as an external memory aid. In our database exercise, we adopt the textual lists strategy of Curtis and Viator (2000) and Block and Morwitz (1999) because our task is multi-step, is textual, and requires a fair degree of specificity.

Our database exercise helps students learn by matching concepts (threats, controls, and application of controls) to each other and applying them in a software context. This exercise combines two separate course components with which students have historically struggled: internal control and learning database software (Access).

This project extends the concept of internal control from transaction level to field level. Although most contemporary AIS textbooks (e.g., Romney et al., 2022) cover transaction-level controls thoroughly, they do not stress internal control at the field level, despite the pervasiveness of online data entry where initial internal control operates at the field level. Indeed, Taheer (2022) and Arora et al. (2021) estimate that 91% of the U.S. population will be shopping online in 2023 and beyond, making the use of internal controls over online data entry important.

Students often have difficulty comprehending internal control and are thus frequently unsuccessful at evaluating internal control deficiencies and identifying appropriate internal control solutions (Douglass et al., 2022). Compounding this effect, students often focus on higher transaction-level controls (e.g., credit limits preventing sales to unworthy customers) and fail to grasp that, in an online environment, control first occurs at the point of data entry. Yet, understanding field-level controls is crucial because many transactions (e.g., sales) originate online, necessitating accurate data entry.

Although students can identify a sales order transaction by listing the steps necessary to process this transaction (such as credit approval, inventory availability, etc.) and, with prompting, they can identify the necessary internal controls associated with each step, our experience teaching internal control over 20 years indicates that students often cannot identify how these steps translate into field-level controls. Absent this understanding, students find it difficult to design a database table, and even more difficult to incorporate appropriate field-level controls.

The learning outcomes for this case are that students will:

1. Match internal control threats with their appropriate internal controls at the cycle, activity, and field levels.

2. Apply internal controls when designing two Access tables, including all appropriate Access property controls.²

3. Identify the fields required to capture data for a given activity.

4. Identify the necessary internal controls to prevent threats to the fields.

Our assignment consists of an Access project divided into two separate steps. First, students match internal control threats with their appropriate controls at the cycle, activity, and field level. Second, students apply these controls in the design of two tables in Access, including all appropriate Access property controls. The complete assignment is provided in  Appendix A.  Appendix B contains a list of resources for Access that can be given to students.

This assignment is the result of an Access project developed over three semesters at a public regional institution. The students were senior-level undergraduate accounting students enrolled in an AIS course.

The assignment requires students to (1) identify fields required for a given activity (e.g., sales order entry), (2) match those fields with the threats (e.g., what could go wrong), and (3) identify the data entry (input edit) controls that would prevent those threats from occurring. Students submit written evidence of these activities, which is a critical part of the learning, because students must link the fields they identify with controls that would prevent those threats, focusing on both internal control and database concepts. Thus, these exercises facilitate student success in designing Access tables.

The written exercises and the Access project are graded separately. Fifty percent of the total points are awarded to the final Access project and fifty percent to the written exercises. Student grades thus reflect the amount of effort required to identify the fields, threats, and controls, and design the tables in Access. We have students complete the project over six weeks, as described in  Appendix C.

We evaluated student performance in three ways: through change in knowledge scores (pre- to post-), student written exercises, and the final project grade, which included the two Access tables presented in design view with all appropriate controls working. Grading measures control properties and whether they effectively execute data entry controls.

Student scores on the pre- and post-questionnaires indicate that knowledge of general internal control and database knowledge improved over three separate semesters.  Appendix D shows the mean difference scores from pre- to post- and the significance of this difference by semester. The students' knowledge improved as the case process improved over time. Additionally, we included six questions in our pre- and post- questionnaires specifically measuring student knowledge of Access. Student scores revealed that their Access knowledge increased significantly pre- to post- (p = 0.0029, mean = 1.4737) and that their total database knowledge scores (original database questions + Access database questions) also increased significantly, pre- to post- (p = 0.0001, mean = 3.5789). See  Appendix E for the pre- to post-questionnaire.

Student scores on the written exercise also improved over the three semesters, increasing to 42.5% (from a low of 10%), with several (20%) of the scores at or above 90%. This improvement was important as the written exercises precede the Access database design and thus have a direct effect on the final project score. Overall, students' lists were robust, with the majority identifying all controls available for each threat in sufficient detail. Most importantly students' Access project grade averaged 86.54% with over 20% of the class scoring a 90% or better.

This assignment is appropriate for an undergraduate AIS or database class that emphasizes internal controls. It could also be used at the graduate level in AIS, auditing, or database courses if enhanced with advanced features, such as look-ups to other tables for data validation or the use of more than one transaction cycle (e.g., linking revenue sales ordering with inventory control and re-ordering).

We run this project in a computer lab after students have designed Access tables, including property control features. Students begin their work in the lab but finish it on their own. Only a handful of students (less than 10% over three semesters) began and finished the project in the lab. The time taken ranged widely, from time-in-classroom of 300 minutes (four 75-minute sessions) to two weeks outside of class, where the actual time was unobserved and therefore not recorded.

We developed the assignment over several semesters after experiencing frustration teaching students how to apply their internal control knowledge to evaluate an accounting application. During the rounds of development and implementation, we learned the following:

1. Students performed better when they did not have many choices to make. In the beginning, we allowed students to choose the cycle (e.g., revenue or expenditure) and activity (e.g., sales order entry, shipping, invoicing, or cash collection). Students were overwhelmed with the choices, so we specified sales order activity in the revenue cycle. We originally allowed students to design up to three Access tables, and this choice was also difficult for the students. Thus, we reduced the complexity of the case by requiring students to design just two tables: the sales order master table and the sales order detail table.

2. Based on feedback in post-project student evaluations and conversations, we learned that students wanted more guidance about how to identify the threats and fields required for an activity or transaction, which data entry control was needed to match which threat, which data entry control matched which Access control property, and which Access control property to choose. From this feedback, we learned that students needed more specific instruction and practice linking the elements together, especially when they linked the threats to data entry controls and then to Access property controls. The assignment now provides specific instructions that help students connect the dots between data entry controls and Access property controls.

3. We realized students need a refresher on table design, including how to effect third normal form (primary key data, such as a specific account number in one row cannot be repeated elsewhere in the table), how and why to break data into separate tables, how to link Access Property controls to data entry controls, and how data rows (records) and data columns (fields) differ. These steps followed specific examples using transactions from a cycle different from the one assigned to students.

4. Our examination of project scores revealed that students often choose an easy property control option (e.g., choosing validation as the only control) rather than identifying each control that addressed each threat. Anecdotal feedback revealed a student perception that any validation control addressed all evils and that individual controls such as field type, size, sign, limit, or range were unnecessary. We amended our instructions by emphasizing the need for students to identify all the control(s) that addressed each threat. We also strengthened our coverage of referential integrity, highlighting it as both a detective and preventive control. To help students identify the appropriate property controls, we explained the relationship between threats, fields, and the data entry control to prevent the threat, followed by the Access property control that implements the data entry control. We also stressed that multiple property controls are often necessary to prevent threats to a given field.

5. Student feedback indicated students did not consider Access software a necessary skill an accountant needed to acquire. They expressed their perception of Access software as being for programmers and not a tool they expected to use. Thus, students were not sufficiently engaged or motivated to earn a good grade. To increase the assignment's salience, we added an in-class discussion of Access software' relevance to accounting analysis of big data. We included examples that showed database tables being imported into data visualization software and discussed advantages of using Access rather than a spreadsheet program for data entry.

This paper presents an assignment that addresses internal controls and the use of an Access database. The project instructions follow the concept mapping method for transferring knowledge. The project results show that matching threats, fields, and controls improved the learning of general and database internal controls. Specifically, linking a threat to the internal control preventing that threat served to connect one concept (internal controls) to another concept (database software). The textual lists and paired associations of the concepts in the written exercises proved to be effective mechanisms for improving student learning of internal controls and the Access database tool. Overall, the additional training in connecting field controls, threats, and Access property controls helped improve students' performance on the project.

We acknowledge the input of the editor, two anonymous reviewers, and the students who participated in the projects.

1. Students will be able to match internal control threats with their appropriate internal controls at the cycle, activity, and field levels.

2. Students will be able to apply the internal controls to design two tables in Access including all appropriate Access property controls.

3. Students will be able to identify the fields required to capture data for a given activity.

4. Students will be able to identify the necessary internal controls to prevent threats to the fields.

This project consists of two parts—a written exercise and a final Access project requiring you to design two tables in design view with the goal of preventing errors during online data entry. This project is worth 100 points (50 points for the written exercises and 50 points for the Access table design). The written exercises will be turned in for grading prior to your completing the final Access project. You are to use the feedback provided to complete the table design in Access. The written exercise is meant to guide you through identifying the fields required for your Access tables and the data entry controls required for “conversion” into Access property controls. For a list of helpful Access resources, please refer to  Appendix B.

You are to complete this assignment using the SALES ORDER ENTRY activity from the revenue cycle and the SALES ORDER as your “transaction.” As such, your two tables should be a sales customer “master” table and a sales order detail table. The steps required are as follows. First, customer verification occurs where the customer on the sales order is compared to an existing customer table. If no match exists, either a new customer is created or the sales order is denied because the customer is not valid. Second, assuming the customer is valid or added, the product numbers and their respective prices are entered. This generally occurs using drop-down menus listing prefilled product numbers and pricing. Third, the sales order total (sum of prices times quantities for each item) is compared against the customer's available credit limit. If the sales order amount is greater than the available credit limit, then the order is rejected. Finally, if the total sales order amount equals or is less than the credit limit amount, then the available quantity for each order line item is compared against the quantity ordered. If the quantity ordered is greater than the amount available, then the order is rejected. If the quantity order equals or is less than the amount available, then the order is accepted. Because of the different steps involved, the sales order activity requires three tables:

1. A sales customer master table with customer number, credit limit amount, and customer contact information (e.g., address, phone, and email)

2. A sales order detail table with fields for the sales order number, product number, quantity, and price

3. An inventory table with a listing of product numbers and quantities on hand

PART ONE: WRITTEN EXERCISES (50 points): List the following columns on your paper in the order given:

Fields    Threats    Data Entry Controls    Access Property Controls

• a) You need to identify the fields for each table. For example, as noted above, the sales order entry activity consists of four steps, and each step requires data entry for the fields needed to affect the entry. For example, at a minimum you will need the customer number, customer name, credit limit, and contact information for the sales customer master table; and the sales order detail table needs a field for each different data element required to record the sales order, including customer number, sales order number, product number, quantity, and price.

• b) For each field, you need to identify a threat that could occur if appropriate controls are not available to prevent that threat from occurring. The fields are the individual data items collected for a transaction (e.g., “name,” “address,” etc., represented by the columns in a spreadsheet). A threat is essentially something that can go wrong or cause an error for that field, such as “wrong name” or “incorrect address.” For example, a sale to a customer who is not in the sales customer master table could result in a sale to someone who is not authorized (e.g., has no credit) and could result in lost income.

PART TWO: DESIGNING YOUR ACCESS TABLES (50 points)

Based on the feedback from your written exercises, you should:

• a) Refer to the list of your fields.

• b) Refer to your list of data entry controls for each threat listed and then identify the Access property controls that achieve the same effect as the data entry controls. For example, the data entry control of “type” converts into Access by specifying whether the field can contain text, numeric, or alphanumeric characters; “size” specifies exactly the length of the field (how many characters it can hold); and “sign” specifies if only positive or negative values are allowed (e.g., credit memos should have a negative sign). You have several format options in Access to address each or all of these. Likewise, threats best addressed through validation, such as verification of customer number, limit, or range tests (credit limit cannot exceed $$$; price must be between “x” and “y”), can also be addressed in different ways. You will probably realize that if you select the “drop-down” menu option in Access, then the type, field, size, etc., controls are redundant as the user can only select one entry that is (presumably) valid. However, as this is a learning exercise, you must select all the control properties that could be used to prevent the threat posed, such as Input Mask, Format Rule, Validation Rules, etc.

• c) List the fields you will include in your sales customer master table and those you will include in your sales order detail table. For each table you need to select one field as a primary key. This field must appear in your second table—as either the primary key or a non-primary key. This is your “foreign key,” and you will link your tables to enforce referential integrity by “dragging” the primary key in one table to its corresponding key in the second table.

• d) Open your Access program and complete two new tables in design view.

• e) Identify your fields and each field's type, and select a field as a primary key in the TOP portion of the table design screen.

• f) In the section below the TOP screen (labeled the property tab), incorporate the Access control properties that you listed in (a) above.

• g) Enter five rows of data into your table using the spreadsheet view or forms wizard to “test” your controls.

• h) A final test you need to perform is the one involving enforcement of referential integrity. This was described in step “c” above. Referential integrity acts as a detective control since it cannot be enforced if the field properties for the primary key are not exactly the same as those for the foreign key. If referential integrity is not successful, then you need to recheck your field properties and make certain that the field which is your primary and therefore foreign key are identical in property definition. FYI, referential integrity is also a preventive control insofar as it prevents you from deleting records in one table that are “linked” to another.

• i) Satisfied? Save your project on a flash drive with your last name and turn it in by ________. The flash drive will be returned to you along with the grade sheet. If you don't have access to a flash drive, you can save the project on your laptop and email it to me.

GOOD LUCK!

Access 2021 Beginner Tutorial: https://www.youtube.com/watch?v=I29tbZfPehI

Access 2021 Advanced Tutorial: https://www.youtube.com/watch?v=WS_bvI-MRl4

Access Help & Learning: https://support.microsoft.com/en-us/access

Microsoft Access for PC: https://www.microsoft.com/en-us/microsoft-365/buy/compare-all-microsoft-365-products-b?ef_id

How to Install Microsoft Access on Mac: https://www.thewindowsclub.com/how-to-install-microsoft-access-on-mac

What is Microsoft Access? Database Management Simplified: https://www.simplilearn.com/what-is-microsoft-access-article

What New in Access 2021: https://support.microsoft.com/en-au/office/what-s-new-in-access-2021-2c5c0766-b22b-4b81-a222-a791a8b5b54b

Create a Database in Access: https://support.microsoft.com/en-us/office/create-a-database-in-access-f200d95b-e429-4acc-98c1-b883d4e9fc0a

Microsoft Access Customer Database (CRM) MS Access Customer Template: https://www.youtube.com/watch?v=wWUW3WTMhBM

Access 2021 Full Course Tutorial (6+ Hours): https://www.youtube.com/watch?v=J344sAUP0to

Text Resources

Go! Microsoft 365: Access 2021, 1^st Edition: https://www.pearson.com/en-us/subject-catalog/p/go-microsoft-365-access-2021/P200000007314?view=educator

Microsoft Access 365 Complete: In Practice, 2021 Edition, 1^st edition: https://www.mheducation.com/highered/product/microsoft-access-365-complete-practice-2021-edition-nordell-easton/M9781266774010.html

FastCourse Microsoft Access 2021 & 365: Level 1:https://www.lablearning.com/FastCourse-Microsoft-Access-2021-365-Level-1-Textbook.html

Microsoft Access 2021 & 365: Level 2:https://www.lablearning.com/Microsoft-Access-2021-365-Level-2-Textbook.html

Microsoft Access 2021 Manual PDF: Access 2021 Basic Reference Guide: https://www.customguide.com/cheat-sheet/access-2021-basic-quick-reference.pdf

Description: The purpose of this research is to investigate learning.

Benefits and Risks: This study contributes to the understanding of how the use of tutorials affects student learning. There are no known risks associated with this research.

Voluntary & Confidential: All demographic information is reported anonymously in summary form; individuals will not be identified. Answering demographic information is voluntary and will remain confidential.

Implied Informed Consent: By completing this questionnaire, I consent to the use of the information for research.

Demographics:

• 1. Gender: _____Male _____Female

• 2. Age: _____

• 3. What is your first language?

  _____English _____Spanish _____Chinese (any dialect) _____Other, please specify______________

• 4. What is your continent of origin?

  _____North America _____South America _____Asia _____Africa _____Europe _____Australia

• 5. Class Standing: _____Sophomore _____Junior _____Senior _____Graduate

• 6. Major: _____Accounting _____Finance _____Other, please specify______________

• 7. This course is: _____Required _____An elective

• 8. Have you completed a course in (check all that apply)?

  _____Audit _____Database _____Accounting Information Systems (AIS)

• 9. Have you completed an accounting internship? _____Yes _____No

  If yes, indicate the type of organization. _____Public Accounting _____Private Accounting _____Other, please specify ______________

• 10. Years of professional accounting work experience: _______

  Please indicate the highest accounting position you held. ______________

• 11. Do you have work experience using an ERP system or database? _____Yes _____No

  If yes, please describe the experience in terms of what you did. _______________________________________

• 1. Which type of control is associated with making sure an organization's control environment is stable?

  • A) General

  • B) Application

  • C) Detective

  • D) Preventive

  • E) None of the above

• 2. Which type of control prevents, detects, and corrects transaction errors and fraud?

  • A) General

  • B) Application

  • C) Detective

  • D) Preventive

  • E) None of the above

• 3. One of the key objectives of segregating duties is to:

  • A) Ensure that no collusion will occur

  • B) Achieve an optimal division of labor for efficient operations

  • C) Make sure that different people handle different transactions

  • D) Make sure that different people handle different parts of the same transaction

  • E) All of the above

• 4. Control activities can be defined as:

  • A) A means to an end

  • B) Authorized procedures

  • C) The particular category in which a control is placed

  • D) The actions of people to help ensure that management directives necessary to address risks are carried out

  • E) None of the above

• 5. Which of the following is a general control?

  • A) Locked petty cash box

  • B) Required permission prior to changing an employee's department number

  • C) Required login and password prior to system access

  • D) Management authorization prior to purchase

  • E) All of the above

• 6. Restricting access to the Human Resources computer system is an example of which control?

  • A) Entity-level

  • B) Application-level

  • C) Transaction-level

  • D) All of the above

  • E) None of the above

• 7. A password prevents unauthorized:

  • A) Persons from entering erroneous data

  • B) Persons from entering data to applications to which they do have access

  • C) Ability to affect all applications on the system

  • D) All of the above

  • E) None of the above

• 8. Data entry (input edit) controls:

  • A) Govern data input in an online environment

  • B) Include a control for completeness

  • C) Prevent errors from occurring during the input phase

  • D) All of the above

  • E) None of the above

• 9. Which of the following data entry (input edit) control prevents the omission of key data?

  • A) Validation rule

  • B) Completeness check

  • C) Limit test

  • D) All of the above

  • E) None of the above

• 10. Which of the following data entry (input edit) controls prevents the input of an incorrect amount?

  • A) Limit test

  • B) Range test

  • C) Validation rule

  • D) All of the above

  • E) None of the above

• 11. Which of the following data entry (input edit) controls tests whether or not a customer exists in the database?

  • A) Completeness test

  • B) Validation rule

  • C) Parity check

  • D) All of the above

  • E) None of the above

• 12. Which of the following data entry (input edit) controls would detect that a customer made an error when entering the quantity for an on-line order?

  • A) Reasonableness check

  • B) Drop-down menu

  • C) Range test

  • D) All of the above

  • E) None of the above

• 13. Which of the following data entry (input edit) controls would prevent the payment of too low of a wage?

  • A) Reasonableness test

  • B) Validation rule

  • C) Limit test

  • D) Both “B” and “C”

  • E) Both “A” and “C”

• 14. Which of the following data entry (input edit) controls would detect a transposition made while entering a customer account number?

  • A) Reasonableness test

  • B) Check digit verification

  • C) Validation rule

  • D) Completeness test

  • E) None of the above

• 15. Which of the following data entry (input edit) controls prevents posting a sale to the wrong account?

  • A) Reasonableness test

  • B) Check digit verification

  • C) Completeness check

  • D) All of the above

  • E) None of the above

• 16. If you wanted to validate an account number in Access, you would:

  • A) Use an input mask

  • B) Use a drop-down menu

  • C) Use of a format rule

  • D) All of the above

  • E) None of the above

• 17. If you want to allow price discounts to not exceed 10% in an Access table, you would:

  • A) Write a validation rule limiting the amount of the discount

  • B) Use a drop-down menu containing discount amounts in even percent amounts (e.g., 1%, 2%, 3%, etc.)

  • C) Use an input mask to limit the number of characters in the discount field

  • D) All of the above

  • E) None of the above

• 18. The best way to prevent erroneous data entry of part number data in an Access table would be to:

  • A) Use a format field to describe how the part number should appear

  • B) Use an input mask to describe how the part number should appear

  • C) Use a drop-down menu

  • D) Both “A” and “B”

  • E) Both “A” and “C”

• 19. The difference between a validation rule and a drop-down menu in Access is:

  • A) The validation rule is written for all possible data values; the drop-down menu has a finite number of entries

  • B) The drop-down menu is easier to set up than the validation rule

  • C) The validation rule can be used for numeric values only; the drop-down menu can contain numeric and alpha values

  • D) Both “A” and “B”

  • E) Both “A” and “C”

• 20. Data entry (input edit) controls:

  • A) Are preventive in an online environment

  • B) Are detective in an online environment

  • C) Exist only in online environments

  • D) All of the above

  • E) None of the above

• 21. Data entry (input edit) controls in Access can be performed through which of the following techniques:

  • A) Drop-down menus

  • B) Table look-ups

  • C) Validation rules

  • D) All of the above

  • E) None of the above

• 22. You wish to implement a control for a QUANTITY field in Access such that there is a limit to the amount that can be entered. What way(s) could you do this?

  • A) Drop-down menu

  • B) Validation rule

  • C) Input mask

  • D) Size test

  • E) All of the above

• 23. Assume you oversee designing internal controls for a database at your company. You are specifically tasked with designing a sales invoice table. Which of the following controls are most important for the EXTENDED PRICE field, which is the quantity multiplied by the price:

  • A) Size check

  • B) Sign check

  • C) Completeness check

  • D) Validation rule

  • E) All of the above

Assume the same as above, except that now you are designing controls for the purchase order table. The table contains the purchase order number, part number, quantity, cost, and extended cost (quantity times cost). Use this information to answer 24–27 below.

• 24. For the PART NUMBER field, the best control to prevent entry of invalid part numbers would be:

  • A) Drop-down menu

  • B) Validation rule

  • C) Format rule

  • D) Completeness check

  • E) All of the above

• 25. For the COST field, what is the best control to prevent a user from entering an incorrect amount?

  • A) Validation rule

  • B) Size check

  • C) Sign check

  • D) Completeness check

  • E) None of the above

• 26. For the PURCHASE ORDER field, how would you prevent a user from issuing a purchase order out of sequence?

  • A) Use a drop-down menu

  • B) “Auto number” the P.O. (e.g., select the “auto number” feature)

  • C) Validation rule

  • D) Completeness check

  • E) All of the above

• 27. The difference between a validation rule and a size check is:

  • A) The validation rules can be designed to address any data pattern; the size check is set to one predetermined level

  • B) The validation rule cannot vary based on the data entered; the size check is a function of the data entered

  • C) The validation rule requires a drop-down menu; the size check does not

  • D) The validation rule is easier to implement than the size check

  • E) All of the above

END OF SURVEY