chapter 2 theoritical foundationlibrary.binus.ac.id/ecolls/ethesisdoc/bab2/bab 2_40-12_bi.pdf ·...
TRANSCRIPT
7
CHAPTER 2
THEORITICAL FOUNDATION
2.1 Information System
The information system falls into two systems
Fig. 2.1 the Information System
“A system is a unified group of interacting parts that function together to achieve its
purpose” (Wilkinson et al., 2000).
“The information system is the set of formal procedure by which data are collected,
processed into information and distribute to users” (Hall, 2008).
Data which was collected is facts which may or may not be processed and have no direct
effect on the user. On the other hand Information is data that have been organized and
processed which is useful to users. Users use information to make decision or to improve
the decision making process and users fall into two groups, external and internal.
External users include creditors, stockholders, potential investors, tax authorities,
Management information system (MIS)
Accounting Information system (AIS)
The information system (IS)
7
8
suppliers and consumers. Internal users include management at every level of the
organization.
The information system accepts inputs called transactions. There are two types of
transaction, financial transaction and non financial transaction.
Financial transaction
Nonfinancial transaction information
Fig 2.2 Types of Transaction
Financial transaction: economic event that measured in monetary terms affecting the
assets and equities of the organization. Nonfinancial transaction: event that do not meet
the definition of financial transaction.
2.1.1 Accounting information system
The AIS is a system that collects, records, stores and processes data to produce
information for decision makers (Romney and Steinbart, 2009). The AIS process both
financial and nonfinancial transactions that directly affect the process of financial
transaction (Hall, 2008).
User decision
Information system
9
The general model for AIS performed throughout three stages. The first stage is data
collection, the source of data extracted from internal as well as external sources. The
data should be valid, complete and free from material errors. After data collected, data
need to be process to produce information. Then data enter the second stage which is
data processing. The process can be simple and also complex. Database management is
needed in the data processing. Database management involves three tasks; storage,
retrieval and deletion of database which are data attribute, record and file. The third
stage is information generation, the process of compiling, arranging, formatting and
presenting information to internal and external users. Both of users then give feedback to
the system which later will be use as source of data. This process is summarizing in the
figure below.
Feed back
Fig 2.3 The General model for AIS
Feedback
The business organization
Internal sources of data
Internal end users
External source of data
External end users
The information
system Database management
Data collection
Data processing
Information generation
10
The AIS is composed of three major subsystem: (1) the transaction processing system :
support daily operation with reports and documents, (2) the general ledger/ financial
reporting system : produces the financial statements, such as the income statement,
balance sheet, statement of cash flows, tax return and other reports require by law; and
(3) the management reporting system : provide information and financial report such as
budgets, variance reports and responsibility report needed for decision making.
Six elements compose the Accounting information system: ( Romney and Steinbart,
2009)
1. People : the user of system
2. Procedure and instruction: method for retrieving and processing data.
3. Data: information regarding organization’s business practices.
4. Software: computer program used to process data.
5. Information technology infrastructure: hardware use to operate the system.
6. Internal controls: security to protect data.
Purpose of accounting information system
- Help to keep accounting records accurately and efficiently and
provide useful information so that management, accountants,
investors and creditors can make economic decisions.
11
- Support firm’s day to day operations. The information system
provides information to operations personnel to assist them in the
efficient and effective discharge of their daily tasks.
But to achieve the purpose of Accounting information system above, this following
condition must be present:
- The information system that is designed should be flexible,
simple, and can serve the needs of company’s customer because
information system is not only to satisfy the internal needs of
company but also the external needs
- The cost to conduct the system should be made as minimum as
possible without sacrificing the use of the system in providing
information and in monitoring company’s asset. The system
should be implemented only when benefits of having them are
greater than cost to provide them.
2.1.2 Management Information system
Management information system is the study of how management making operational,
tactical and strategic decision using information needed which are not normally
processed by accounting information system. The purpose of MIS is to design and
implement computerize system that provide accurate, consistent and timely manner
12
reports. The MIS employs all type of data, financial as well as non financial transaction
data. MIS divided into three subsystems: (Wilkinsn et al., 2000).
1. Decision support system
Computer based information system that helps manager in making decision
which involves uncertainty.
2. Expert system
Knowledge based information system that fully supports the making of decision.
3. Executive information system
Information that fulfill manager’s needs and interest.
SOX legislation requires that management design and implements internal control over
the entire financial reporting process. SOX also require that management certify these
controls and that the external auditor express an opinion on control effectiveness.
Management and auditors need to distinguish the risk and responsibility between those
two systems (Hall, 2008).
13
2.1.3 System Tools
System tools help accountants, management, auditor and anyone performing their tasks.
In this research the use of flowchart and data flow diagram help summarize the
purchases and sales process.
a) Flowchart
Flowchart helps to describe the relationship among sequentional process. There
are three type of flowchart (Boockholdt , 1999).
- System flowchart
Is a representation that shows relationship between processes.
Accountants use this type of flowchart to describe the input and
output of an application system, the computerize system and the
manual operation.
- Program flowchart
Is a graphical description of the sequence of logical operations
that a computer performs as it executes a program (Romney and
Steibart, 2009).
- Document flowchart
Document flowchart Show the flow of document between the
organizational units. This research use document flowchart. The
document flowchart use to show the manual system of accounting
14
record process and activities performed in the organizational
department.
Symbol use for document flowchart
Termina Showing source of destination documents and reports.
Source of document or report
Manual operation
File for storing source documents and reports
Accounting record (journals, registers, logs, ledgers).
On page connector
Off page connector
Document flow line.
15
b) Data flow diagram
Data flow diagram is a commonly used system design and documentation
technique that represent the logical flow of data being processed and transfer in a
system using symbols at different level.
Symbol use in DFD:
Input source or output destination data.
A process that is supported by data.
A store of data such as a transaction file, master file
Direction of data flow.
16
2.2 Purchase process and Sales order process procedure
2.2.1 Purchase processing procedure
According to Wilkinson (2000) Objective of purchase process is to:
- Ensure items being order are needed
- Receive and verify all order goods in good condition
- Safeguard goods until needed
- To ensure invoice are valid and correct
Step in purchasing procedure according to Hall (2008)
Identify inventory needs
• Prepare purchase requisition for each inventory item when certain inventory
reach a predetermined reorder point.
Placing the Order
• Sort purchase requisition by vendor
• Prepare PO for each vendor
• Make multiple copies of PO and sent to AP, receive goods and file in
open/closed PO file.
• PO sent to receive goods function is blind copy which contain no information
about items being order
17
Receiving the goods
• Count and inspect goods using blind copy
• Prepare receiving report using blind copy
• Goods store in the warehouse and a copy of receiving report accompany them
• Another copies of receiving report file in open/closed PO file, AP pending file,
receiving report file and sent to inventory control department
Update inventory records
• Update the inventory record using receiving report
Recognize the liability
• Reconcile invoice with PO and RR
• Record transaction in purchase journal and posted to supplier’s account in AP
subsidiary ledger
2.2.2 Sales order process
According to Wilkinson (2000) the objective of sales order process are to:
- Record sales order promptly and accurately
- Verify customer’s creditworthiness
- Ship product by agreed dates
- To bill product in a timely and accurate manner
- Post sales to proper customer’s account
18
Receive order
• Receive customer order by mail, telephone ,etc
• Transcribe customers order into sales order
• A copy of Sales order is filed in customer open order file
Check credit
• Check about the customer’s creditworthiness before processing the order
• For new customer, financial investigation need to be established
• Usually there is a credit limit for each customers
Pick Goods
• The receive order function prepare stock release document
• After picking the stock, verified stock release document will sent to ship goods
task
• If inventory levels are insufficient, a back order record is prepare and file until
the inventories arrive from suppliers
• Adjust the stock record at last
Ship Goods
• Receive of packing slip and shipping notice from receive order function
• Arrival of goods and verified stock release document
• Reconcile physical items with stock release, packing slip and shipping notice
19
• Shipping clerk then package the goods, attaches the packing slip, complete
shipping notice and prepare bill of lading
• Shipping notice will be sent to bill customer function
Bill Customer
• Bill customer after the shipment of goods using sales invoice
• Billing function also perform following record keeping tasks:
- Record the sales in sales journal, which at the end of the period will be
combine into sales journal voucher
- Forward ledger copy of sales order to update AR
- Send stock release document to update inventory record
Update inventory record
• Update inventory subsidiary ledger using the stock release document
Update AR
• Update customer records in AR Subsidiary ledger using the sales order (ledger
copy)
20
Post to General Ledger
• The general ledger use journal voucher to post following:
AR control xxxx
Cost of Good sold xxxx
Inventory control xxxx
Sales xxxx
2.2.3 Sales return process
The reason for sales return:
- Company shipped the wrong items
- The goods were defective
- The product was damage in shipment
- Buyer refused delivery because the seller shipped the goods too
late.
Prepare return slip
• Receiving department prepare return slip after counting and inspection of goods
• Along with a copy of return slip, goods sent to warehouse to be restock
• Send another copy of return slip to sales function
21
Prepare credit memo
• Sales employee prepare credit memo after receive the return slip
• Credit memo goes to credit manager for approval
Approve credit memo
• Credit manager evaluate and make judgment
• Return the approve credit memo to sale department
Update sale journal
• Record transaction in credit memo to sales journal
• Credit memo sent to inventory control function
Update inventory and AR record
• Adjust inventory record and AR record
Update General Ledger
• Post the following
Inventory control xxxx
Sales return & allowance xxxx
Cost of Good Sold xxxx
AR control xxxx
22
2.2.4 Document use in purchasing process and sales order process
- Purchase requisition : a formal document stating that certain code and type of item has
reach predetermined reorder point. It also states the quantity of items need to order and
date when the product is needed. Usually for each inventory item there will be separate
purchase requisition.
- Purchase order: is a formal document made based on the purchase requisition, showing
the vendor name and code, date ordered, items being purchased, name of items,
quantities of item needed and the correct price. This document use as a formal procedure
when we want to order specific items from specific vendor.
- Blind PO: is a copy of purchase order which purpose is to force the receiving clerk to
count and inspect the items being received from suppliers. It contains no quantity or
price information about the items received.
- Receiving report: document prepare by the receiving clerk after they completed the
blind PO. The receiving report stating the quantity and condition of inventory received,
the date of receiving inventory and the supplier who deliver the inventory.
- Supplier’s invoice: a copy of document from supplier stating the amount of money
need to be pay and the due date. It also contains the terms and condition for discount
given by the supplier.
- Customer order: order from customer indicating type and quantity of item desired.
Customer order is not in a standard format and may not be a physical document.
23
- Sales order: contain customer’s name, address, account number, items sold, quantities
and price of each items
- Stock release/ picking slip: a document sent to warehouse for picking the ordered
goods from warehouse
- Back order: a document prepare when there is insufficient quantities of inventory
ordered by customers
- Packing slip: packing slip will be sent along the goods to describe the content of the
order
- Shipping notice: document that serves as proof that goods were shipped
- Bill of lading: the contract between seller and the shipping company to transport the
goods to the customers
- Sales invoice: document sent to customers to reflect amount of sales
- Return slip: slip prepare by receiving department describe the items being return by
customer
- Credit memo: a document that allow a credit to a customer for a sale return or for
allowance on a sale.
24
2.3 Internal control
Having a good internal control in a system is one way to deal with fraudulent and bad
situation inside the organization.
Definition of internal control: control framework that measure the firm’s security and
provide reasonable assurance that there is no risk exposure within the firm (Hall, 2008).
There are four objective of internal control:
- To safeguard the asset of firm
- To ensure the reliability of financial reporting
- Better effectiveness and efficiency in day to day
operation
- Compliance of applicable laws and regulation inside
company.
Every system have limitation, as well as internal control system and these are the
limitation of internal control:
1. There is possibility of error because no system is perfect.
2. Due to misinterpretation or insufficient information, management
may make mistake in making decision which lead to loss.
3. To implement a good internal control system, firm need to pay high
cost.
25
4. Management override: being a manager means they have position to
override control procedure.
5. In overtime, the condition may change and cause the existing control
useless.
Type of internal control:
- Preventive control: before something bad happen we should take action to
prevent it. This is the first step of defense in internal control. Preventive control
cost less than detective and corrective control. Example of preventive control:
segregation duties, well designed document, use of password, etc.
- Detective control: detective control is the second step in internal control to
prevent fraud. These are procedure or device to identify any fraud that preventive
control cannot handle. It works like a warning alarm that management should
pay attention for.
- Corrective control: action taken to fix any problem which been detected by
previous step. There will be more than one corrective action need to conduct to
fix problem. This is why corrective control is the most expensive control rather
than the previous steps.
26
2.3.1 COSO
According to SOX 2002 section 302, states that corporate management need to certify
financial and other information in the organization annually. To provide the accuracy
and reliability of financial reports. The rule also requires management to have design
internal controls. Section 404 requires management to assess effectiveness of
organization’s internal controls over financial report. The Security and Exchange
Commission has made COSO as the recommended control standard for every firm.
COSO (Committee of Sponsoring Organizations of the Tread way), establish in year
1985 and initially published in 1992 and studied about the factors which lead to
fraudulent financial reporting ( www.coso.org).
Component of COSO
The SAS 78/COSO Framework consists of 5 components
1. Control Environment
A strong internal control environment is very important for every
organization regardless of size. Control Environment is the Foundation
from all components of COSO framework (Wilkinson et al., 2000).
Important elements of control environment are:
27
o Management philosophy and operating style
Management should create such an environment that minimize
any fraudulent or unwanted event to occur
o Integrity and ethical values
Management should send a positive message to all employees by
becoming role model and following standards Rules and
regulation.
o Commitment to competence
firm should recruit employees that have competence and
trustworthy personnel characteristic to perform their task
o Board of Directors or Audit Committee
Board of Directors appoint audit committee from outside whose
function is to detect any fraud and review of the financial
statement
o Organizational Structure
identifies formal/relationship for achieving firm objective
o Assignment of authority and responsibility
the authority duties should be assign to a person who has a high
responsibility
28
o Human resources policies and practices
involves in implementing policies regarding recruitment,
motivation, training, promotion, compensation and protection of
employee. Human resource policies and practices help firm
achieve efficient and effective day to day operation.
2. Risk assessment
All firms will face risk, internally and externally regardless of their sie,
structure or industry. In risk assessment, it involve the identification,
analyze and managing risk that may prevent organization to reach their
objective
According to Hall (2008) risk can arise because of:
o Recruitment of new personnel who have insufficient
understanding of internal control
o The new system of technology implementation may
impact the transaction processing
o The rapid growth in the future will make the existing
internal control useless
o New product being introduced
o Organizational restructure
29
3. Information and communication
To prepare reliable financial statements, management need an accurate
and high quality of information. A high quality and accurate information
is a source for management to make decision and to take desired action.
A high quality of Accounting Information System will:
o Occurrence: record all transaction in the time which they
occurred
o Accuracy: Transaction record must be free from material
errors
o Complete: no information that should be record in
Financial Statement missing
o Timeliness: all information needed for financial statement
are recorded in proper accounting period.
4. Monitoring
Monitoring is a process of assessing the quality of internal control
system. This process can be done by conducting ongoing monitoring
activities. In ongoing monitor activities, test of control can be conducting
by integrating special computer modules. Supervision of employees is
also another way to assess quality control by ongoing monitoring
activities. Separate monitoring activities are done by the internal auditor.
30
Internal auditor perform internal control test and find the strength and
weaknesses of internal control system. Monitoring activity can be benefit
from automation (Ramamoorti and Dupree, 2010).
5. Control activities
Control activities is standard procedure need to be performed to make
sure proper actions are taken in dealing with firm’s identified
weaknesses.
Control activities separate into two different categories:
o IT Controls
Action taken by firm to control the computerize system.
There are general controls and application control.
General controls involve the controls over program
maintenance, data center, system development and
organization database. Application controls involve
control for specific system. For example: payroll system,
purchase order, process system, etc.
o Physical controls
Physical control is more into human activities performed
to prevent any fraud or risk take place in organization.
31
Six categories of physical control:
a) Transaction authorization
To ensure only valid transaction are processed by the
system and in accordance with management objective.
General authorization is the procedure to authorize day
to day operation. Specific authorization is the
procedure to authorize non routine and case by case
transaction.
b) Segregation of duties
Segregation of duties is the most important control
activities to minimize fraud and risk. There are three
objective of segregation of duties must be follow:
Objective 1: the processing of transaction must be
separated from the authorization of transaction.
Objective 2: the record keeping department must be
separate from the custody of asset.
Objective 3: the organization must be structured.
c) Supervision
For small organization sometimes it is hard to
implement segregation of duties, therefore it must be
32
compensate by close supervision. Firm need to recruit
competent and trustworthy person to supervise
employees.
d) Accounting records
Documents, journals and ledgers are contain in the
accounting records Of firms. These records help to
provide audit trail. External and internal auditor use
audit trail to verify selected transaction. An audit trail
should provide clear time recorded and also by whom
the audit trail is prepare for each transaction
( Wiersema, 2010).
e) Access control
The function of access control is make sure that the
only person who assess the firm’s asset is the
authorized person. Access control is very important to
the firm’s asset. If there is no access control over the
firm’s asset, there will be damage or theft. Firms need
to have good security devices to control against direct
access to assets.
33
f) Independent verification
Action taken by person who is not directly involved in
the system to identify errors, weakness and fraud.
Through independent verification, management can
assess the integrity and correctness of data in
accounting records.
2.3.2 Internal control for small Medium Enterprise
The greatest concern to larger firms was cost. Small firms said that insufficient resources
and time constraints were the primary issues followed by the cost of the project.
(Michelson,Stryker and Throne, 2009).
According to Aguilar cited by Hamilton (2009), smaller companies gain particular
benefits from section 404 (b). Managers of smaller companies may be able to dominate
and override existing internal controls. The companies also have limitation on the
resource needed to maintain appropriate technical controls. Having section 404 (b) apply
to smaller companies will be a help. Furthermore Hamilton said that section 404 has
made fraud harder to commit and easier to detect.
Characteristic of small business according to Michelman and Waldrup (2008):
• Large number of Cash transaction
• Using simple accounting system to process complicated accounting issues
• Focused more on service but lack of training in accounting and business
34
• No audit
• No regulatory reporting issues
• Complicated organizational structure
In smaller organization, they still use the SAS78/COSO but less formal and structured.
1. Control Environment
According to Michelman and Waldrup (2008), integrity and ethical value
are the basis for control model. In small organization, management
philosophy and operating style is an important element, they may be
more apparent in the actions and attitudes of the owner or CEO rather
than in formal documents and written procedure (Tanki and Steinberg,
1993).
Further more, Michelman and Waldrup (2008) state that the organization
must be structure to help company define the authority and responsibility
of each employee. Board of directors and human resource may be no
need since small companies usually do not have both elements.
2. Risk Management
Focus more on fraud risk rather than financial reporting risk, because
many of them using cash basis accounting (Michelman and Waldrup,
2008). Companies should have clear objective since there is no practical
35
way to eliminate all risk. Management must decide how much risk it will
tolerate and determine how those tolerance levels can be maintained.
3. Information and Communication
Smaller organization may have an advantage with this component
because there is greater for face to face discussion among employees and
management or owner ( Tanki and Steinberg, 1993).
4. Monitoring
Monitoring action for smaller companies are the same with Monitoring
action in larger companies, on going and separate monitoring.
5. Control Activities
According to Tanki and Steinberg (1993), there may be no need for
certain activities due to direct involvement f manager, owner or CEO.
According to Michelman and Waldrup (2008), the control activities focus
on mitigating any risk or fraud that have been identified, segregation of
duties and firm have to develop policies that deal with record
maintenance.
In addition, Gramling et all (2010) recommend solutions for segregation
of duties problems:
• Adding more people
• Rotation of duties: some companies that may not able to add more
people can do this.
36
• Management oversight: small business need to rely on greater
management involvement in day to day operation.
• Top down- risk based analysis:
New SEC rule and PCAOB Auditing standard (AS)2 allow
company to conduct a top down risk based analysis of company’s
internal control. Each company will be allowed to determine
which areas present the greatest risk for making material errors in
financial statement and implement control for those risks (Filisko,
2007).
Three aspects of the top down risk based:
- Determine the components of significant accounts and consider
eliminating certain components subject to differing level of risk
from the scope of assessment.
- Leverage a strong, relevant, entity level controls strategy when
determining the testing of transaction controls
- Align testing procedures for transaction control to the assessed
level of risk, particularly for areas with lower risk of material
misstatement. (Earnst &Young, 2005).
37
2.3.3 Fraud
The word fraud is more familiar in today’s financial press. Fraud is one major problem
cause bankruptcies and business failure. Ramamoorti and Dupree (2010) stated in their
journal that a survey of the Association of Certificate Fraud Examiners’ (ACFE) found
that about 7 percent of annual revenues in US organization were lost because of fraud.
Moreover Ramamoorti and Dupree (2010) state that every organization regardless f their
size potentially suffering from fraud risk. This is why the internal and external auditors
need to detect any fraud in all phase during financial audit. As presented in statement of
auditing standard (SAS) no. 99, Consideration of fraud in a financial statement audits.
The SAS 99 also require auditor to perform new step during the process of financial
audit to assess potential risk of misstatement in financial statement. Hall (2008) define
fraud as false representation of material fact made by one party to another party with
intent to deceive and induce the other party to justifiably rely on the fact to his or her
detriment.
An act consider as fraudulent act if it meets the following condition:
- False representation: there must be false statement
- Material fact: a fact must be factor for someone to act fraudulent.
- Intent: there must be intent that person who conduct the act knows what he/she
did is wrong.
38
- Justifiable reliance: the false representation must have been a substantial factor to
the business.
- Injury or loss: the act must have caused loss to the business.
There are two level of fraud:
a) Employee fraud: fraudulent act by non management employees which
usually involve stealing something (asset) and convert them (asset)
into cash (money).
b) Management fraud: it causes the business a huge loss. Management
fraud is often escaped from detection and it is more insidious than
employee fraud.
According to Wiersema (2010) as business become larger, it is easy to lose sight of
different type of fraud which is much broader than item theft. Those include apply
reimbursement of funds they did not spent, report time that employees did not work.
Another type of fraud is collusion, for example: supplier billing company for product
that was never delivered. Problem of authority may also cause fraud. Manager having
approval authority may authorize payment on their own, overpay vendor and intent to
pocket the overpayment and also they may charge invoice to the company for personnel
work done by vendor.
39
According to Arens et all (2006) There are three characteristic that cause someone to act
fraud also known as the triangle fraud:
• Pressure: if someone in a situation that force him/her to do fraud act. For
example: financial problem such as: family having health problem and
need money, pay school fees, etc. this cause someone to solve his/her
problem secretly.
• Opportunities: there is lack of control in company’s system that causes
opportunity for someone to do fraud.
• Attitude: the character of employees determine he/she to do fraud
2.3.4 Purchase Process control
a) Transaction authorization
• the inventory control department is the one who authorize to
make purchase requisition when certain inventory drop to their
predetermined reorder point.
• Without this step, purchasing department will purchase items on
their own and could lead to excessive inventories for some items.
b) Segregation of duties
There must be separation between inventory control from warehouse
according to objective 2 of segregation of duties, “the record keeping
40
department must be separate from asset custody”. Inventory control is the
one who keep record on asset and warehouse is the asset custody.
c) Supervision
The area that need more attention for supervision is receiving department.
Close supervision in receiving department reduce the chance of:
- Failure to properly inspect the asset
The blind copy which contain no quantity or price
information use by the receiving clerk to count and inspect
the goods.
- Theft of asset
A close supervision is necessary from the arrival of goods
until securely place in the warehouse. Close supervision
help to reduce the exposure to theft during busy period.
d) Accounting record
• The accounting records in purchase process are: AP subsidiary
ledger and general ledger.
• These records help to maintain audit trail by internal auditor.
Auditor reconciles accounting record with supporting document.
41
e) Access control
• Direct access to asset such as cash and inventory must be
controlled.
• Locks, alarm, fence and restricted access are devices to control
direct access.
• For indirect access, firm must control the access to documents
such as PO, RR, etc so there will be no unwanted transaction
occur.
f) Independent Verification
Independent Verification by Account payable.
• Before firm recognizes their obligation, the AP clerk reconciles
the entire purchasing transaction document.
• Works need to be done by AP clerk before firm fulfills their
obligation: (1) reconcile PO to ensure only the needed
inventories are ordered. (2) Reconcile RR to ensure firm receives
only the right quantities and good condition of inventories. (3)
Double check the supplier’s invoice to ensure firm pay the
correct price for the inventories received.
42
Independent verification by GL department
• GL department verify total amount of money to be pay must
equal total inventory receive.
“ in addition for internal control, the journal entries should be numbered
and attached together with other supporting document and both preparer
and viewer should sign off. Without control, journal entry is dangerous
because they convey the power to commit fraud as they can be used to
camouflage any number of improprieties” ( Wiersema, 2010).
43
Table 2.1 The Threat and Control of Purchase process ( Romney and Steinbart,
2009 )
Process/ Activity Threat Applicable control procedure
Order goods 1. Preventing stock out inventory control system; barcode
Or excess inventory technology; periodic counts.
2. Ordering unnecessary items approval of purchase requisition.
3. Purchasing goods at inflated price list; budgetary controls
Price. Use of approved suppliers.
4. Purchasing goods at inferior use of approved vendors; monitor
Quality. Vendor performance.
5. Purchasing from unauthorized restricting access to supplier
Suppliers. Master File.
6. Kickbacks training; job rotation; policies
against Accepting gift from
vendors.
Receive and 7. Receiving unordered goods require receiving clerk verify
Store goods existence of valid purchase order.
8. Making errors in counting using barcode technology;
Goods received documenting employees
performance.
9. theft of inventory physical access controls; proper
segregation Of duties; periodic
count of inventories.
44
2.3.5 Sales order process control
a) Transaction Authorization
• Credit check
To ensure the proper firm’s credit policies and making judgment about
customer’s creditworthiness using various techniques and test. For new
customer, the credit approval may take time. The sales transaction cannot
proceed without credit approval
• Return Policy
The approval determination is based on the nature of the sale and
circumstances of the return each firm have their own rules for return policy.
b) Segregation of duties
• the credit department is segregated from the rest of the process so the
authorization of customer’s creditworthiness is an independent event
• separate the inventory warehouse department and inventory control
department
• the subsidiary ledger, journals and general ledger should be separately
maintained
45
c) Supervision
• For firm that have too few employees to achieve an adequate separation
of department, close supervision is important
d) Accounting records
• Pre numbered document
Each document should be sequentially numbered by the printer. This
will permits tracking of single transaction
e) Access controls
Limiting access to:
• warehouse security such us fences, alarm and guard
• depositing cash daily in the bank
• use safe deposit box for cash
Example of access risk
• individual with access to AR sub ledger could remove his or her account
from the books
• access to sales order document may permit unauthorized individual to
trigger the shipment of a product
46
f) Independent Verification
• The shipping department verify goods sent from warehouse are correct
in type and quantity
• Reconcile original sales order with shipping notice to ensure only right
quantities shipped will be billed
• Reconcile journal voucher and summary report
47
Table 2.2 The threat and control of sales process ( Romney and Steinbart, 2009)
Process/ Activity Threat Control Procedure
Sales Order 1.Incomplete or inaccurate data entry edit checks
orders
2.Credit sales to customers credit approval by credit manager
With poor credit not by sales function
3.Legitimacy of orders signatures on documents
4. Stockouts, carrying cost inventory control system; sales
And markdowns forecast; periodic counting
Shipping 1. Shipping errors: bar code scanner; reconcile SO with
Wrong merchandise, packing slip; data entry application
Quantities, address controls
2. Theft of inventory restrict access to inventory; barcode
Technology; periodic counting;
Documentation of all internal
Transfer of inventory
Billing and AR 1. Failure to bill customer separation of shipping and billing;
Prenumbering all documents;
2. Billing errors data entry edit controls;
Price lists
3.Posting errors in reconcile sub AR ledger with GL;
Updating AR monthly statement to customers
48
2.4 PC based accounting system
“ With certain types of controls, efficiency would actually improve. One way is to take
advantage of computer software capabilities” (Wiersema, 2010).
PC application is custom designed system that serves wide range of needs. This strategy
allows software vendors to mass produce low cost and error free standard products. This
is why PC accounting system are popular with smaller firms. Smaller firms use PC
accounting system to automate and replace manual system. Most PC systems are
modular in design. It include SO process and AR, Purchase and AP, Cash receipt, cash
disbursement, GL and financial report, Inventory and payroll. Modular design provides
users flexibility in using system to achieve their specific needs. To achieve user’s
specific needs, some vendors target their product to specific industries. Commercial
system usually has fully integrated modules that means that data transfers between
modules occur automatically.
PC Control issues
• Segregation of duties
PC system usually has inadequate segregation of duties. A single employee may
be responsible for entering all transaction data. A high degree of supervision,
adequate management reports and independent verification is needed.
• Access control
PC system usually provides inadequate control over access to data file. Some
application use password control but accessing data file directly via operating
49
system often circumvents this control. Control action should be taken including
data encryption, disk locks and physical security device.
• Accounting records
Threat of data losses is the main concern of PC system. The primary cause of
data losses is the computer disk failure. Creating backup copies of data files and
program can reduce the exposure of this threat.
The Pros and contras of having automated system
“ The automated AIS could speed up information process and overcome the traditional
human weaknesses. As a result, the system support the resource management and help
the company projection of continuing business profit” ( Sori, 2009).
Fay (1998) also stated that using computerized system would give the flexibility to do
other things. But, he also describe the time it takes for the computer system to become
acquainted with the business operation. He also mention about the problem with the
reparation and the difficulty in handling and understanding the software will lessened
the benefit of using them to save time. A costly problematic implementation period also
become the problem of using automated system
50
The 2009 COSO of Trade away Commission’s guidance on monitoring internal ccntrol
system argues that firm need to implement system in the right time and firm need to
monitor the continuing operating effectiveness periodically ( Ramamoorti and Dupree,
2010). In addition, according to Wiersema (2010), the system should be protected with
password to assured the segregation of duties.