7 

 

CHAPTER 2

THEORITICAL FOUNDATION

2.1 Information System

The information system falls into two systems

Fig. 2.1 the Information System

“A system is a unified group of interacting parts that function together to achieve its

purpose” (Wilkinson et al., 2000).

“The information system is the set of formal procedure by which data are collected,

processed into information and distribute to users” (Hall, 2008).

Data which was collected is facts which may or may not be processed and have no direct

effect on the user. On the other hand Information is data that have been organized and

processed which is useful to users. Users use information to make decision or to improve

the decision making process and users fall into two groups, external and internal.

External users include creditors, stockholders, potential investors, tax authorities,

Management information system (MIS)

Accounting Information system (AIS)

The information system (IS)

 

7 

8 

 

suppliers and consumers. Internal users include management at every level of the

organization.

The information system accepts inputs called transactions. There are two types of

transaction, financial transaction and non financial transaction.

Financial transaction

Nonfinancial transaction information

Fig 2.2 Types of Transaction

Financial transaction: economic event that measured in monetary terms affecting the

assets and equities of the organization. Nonfinancial transaction: event that do not meet

the definition of financial transaction.

2.1.1 Accounting information system

The AIS is a system that collects, records, stores and processes data to produce

information for decision makers (Romney and Steinbart, 2009). The AIS process both

financial and nonfinancial transactions that directly affect the process of financial

transaction (Hall, 2008).

User decision

Information system

9 

 

The general model for AIS performed throughout three stages. The first stage is data

collection, the source of data extracted from internal as well as external sources. The

data should be valid, complete and free from material errors. After data collected, data

need to be process to produce information. Then data enter the second stage which is

data processing. The process can be simple and also complex. Database management is

needed in the data processing. Database management involves three tasks; storage,

retrieval and deletion of database which are data attribute, record and file. The third

stage is information generation, the process of compiling, arranging, formatting and

presenting information to internal and external users. Both of users then give feedback to

the system which later will be use as source of data. This process is summarizing in the

figure below.

Feed back

Fig 2.3 The General model for AIS

                                            

 

 

 

 

 

      Feedback

 

The business organization

Internal sources of data

Internal end users 

External source of data

External end users

The information

system Database management 

Data collection

Data processing

Information generation 

10 

 

The AIS is composed of three major subsystem: (1) the transaction processing system :

support daily operation with reports and documents, (2) the general ledger/ financial

reporting system : produces the financial statements, such as the income statement,

balance sheet, statement of cash flows, tax return and other reports require by law; and

(3) the management reporting system : provide information and financial report such as

budgets, variance reports and responsibility report needed for decision making.

Six elements compose the Accounting information system: ( Romney and Steinbart,

2009)

1. People : the user of system

2. Procedure and instruction: method for retrieving and processing data.

3. Data: information regarding organization’s business practices.

4. Software: computer program used to process data.

5. Information technology infrastructure: hardware use to operate the system.

6. Internal controls: security to protect data.

Purpose of accounting information system

- Help to keep accounting records accurately and efficiently and

provide useful information so that management, accountants,

investors and creditors can make economic decisions.

11 

 

- Support firm’s day to day operations. The information system

provides information to operations personnel to assist them in the

efficient and effective discharge of their daily tasks.

But to achieve the purpose of Accounting information system above, this following

condition must be present:

- The information system that is designed should be flexible,

simple, and can serve the needs of company’s customer because

information system is not only to satisfy the internal needs of

company but also the external needs

- The cost to conduct the system should be made as minimum as

possible without sacrificing the use of the system in providing

information and in monitoring company’s asset. The system

should be implemented only when benefits of having them are

greater than cost to provide them.

2.1.2 Management Information system

Management information system is the study of how management making operational,

tactical and strategic decision using information needed which are not normally

processed by accounting information system. The purpose of MIS is to design and

implement computerize system that provide accurate, consistent and timely manner

12 

 

reports. The MIS employs all type of data, financial as well as non financial transaction

data. MIS divided into three subsystems: (Wilkinsn et al., 2000).

1. Decision support system

Computer based information system that helps manager in making decision

which involves uncertainty.

2. Expert system

Knowledge based information system that fully supports the making of decision.

3. Executive information system

Information that fulfill manager’s needs and interest.

SOX legislation requires that management design and implements internal control over

the entire financial reporting process. SOX also require that management certify these

controls and that the external auditor express an opinion on control effectiveness.

Management and auditors need to distinguish the risk and responsibility between those

two systems (Hall, 2008).

13 

 

2.1.3 System Tools

System tools help accountants, management, auditor and anyone performing their tasks.

In this research the use of flowchart and data flow diagram help summarize the

purchases and sales process.

a) Flowchart

Flowchart helps to describe the relationship among sequentional process. There

are three type of flowchart (Boockholdt , 1999).

- System flowchart

Is a representation that shows relationship between processes.

Accountants use this type of flowchart to describe the input and

output of an application system, the computerize system and the

manual operation.

- Program flowchart

Is a graphical description of the sequence of logical operations

that a computer performs as it executes a program (Romney and

Steibart, 2009).

- Document flowchart

Document flowchart Show the flow of document between the

organizational units. This research use document flowchart. The

document flowchart use to show the manual system of accounting

14 

 

record process and activities performed in the organizational

department.

Symbol use for document flowchart

Termina Showing source of destination documents and reports.

Source of document or report

Manual operation

File for storing source documents and reports

Accounting record (journals, registers, logs, ledgers).

On page connector

Off page connector

Document flow line.

15 

 

b) Data flow diagram

Data flow diagram is a commonly used system design and documentation

technique that represent the logical flow of data being processed and transfer in a

system using symbols at different level.

Symbol use in DFD:

Input source or output destination data.

A process that is supported by data.

A store of data such as a transaction file, master file

Direction of data flow.

16 

 

2.2 Purchase process and Sales order process procedure

2.2.1 Purchase processing procedure

According to Wilkinson (2000) Objective of purchase process is to:

- Ensure items being order are needed

- Receive and verify all order goods in good condition

- Safeguard goods until needed

- To ensure invoice are valid and correct

Step in purchasing procedure according to Hall (2008)

Identify inventory needs

• Prepare purchase requisition for each inventory item when certain inventory

reach a predetermined reorder point.

Placing the Order

• Sort purchase requisition by vendor

• Prepare PO for each vendor

• Make multiple copies of PO and sent to AP, receive goods and file in

open/closed PO file.

• PO sent to receive goods function is blind copy which contain no information

about items being order

17 

 

Receiving the goods

• Count and inspect goods using blind copy

• Prepare receiving report using blind copy

• Goods store in the warehouse and a copy of receiving report accompany them

• Another copies of receiving report file in open/closed PO file, AP pending file,

receiving report file and sent to inventory control department

Update inventory records

• Update the inventory record using receiving report

Recognize the liability

• Reconcile invoice with PO and RR

• Record transaction in purchase journal and posted to supplier’s account in AP

subsidiary ledger

2.2.2 Sales order process

According to Wilkinson (2000) the objective of sales order process are to:

- Record sales order promptly and accurately

- Verify customer’s creditworthiness

- Ship product by agreed dates

- To bill product in a timely and accurate manner

- Post sales to proper customer’s account

18 

 

Receive order

• Receive customer order by mail, telephone ,etc

• Transcribe customers order into sales order

• A copy of Sales order is filed in customer open order file

Check credit

• Check about the customer’s creditworthiness before processing the order

• For new customer, financial investigation need to be established

• Usually there is a credit limit for each customers

Pick Goods

• The receive order function prepare stock release document

• After picking the stock, verified stock release document will sent to ship goods

task

• If inventory levels are insufficient, a back order record is prepare and file until

the inventories arrive from suppliers

• Adjust the stock record at last

Ship Goods

• Receive of packing slip and shipping notice from receive order function

• Arrival of goods and verified stock release document

• Reconcile physical items with stock release, packing slip and shipping notice

19 

 

• Shipping clerk then package the goods, attaches the packing slip, complete

shipping notice and prepare bill of lading

• Shipping notice will be sent to bill customer function

Bill Customer

• Bill customer after the shipment of goods using sales invoice

• Billing function also perform following record keeping tasks:

- Record the sales in sales journal, which at the end of the period will be

combine into sales journal voucher

- Forward ledger copy of sales order to update AR

- Send stock release document to update inventory record

Update inventory record

• Update inventory subsidiary ledger using the stock release document

Update AR

• Update customer records in AR Subsidiary ledger using the sales order (ledger

copy)

20 

 

Post to General Ledger

• The general ledger use journal voucher to post following:

AR control xxxx

Cost of Good sold xxxx

Inventory control xxxx

Sales xxxx

2.2.3 Sales return process

The reason for sales return:

- Company shipped the wrong items

- The goods were defective

- The product was damage in shipment

- Buyer refused delivery because the seller shipped the goods too

late.

Prepare return slip

• Receiving department prepare return slip after counting and inspection of goods

• Along with a copy of return slip, goods sent to warehouse to be restock

• Send another copy of return slip to sales function

21 

 

Prepare credit memo

• Sales employee prepare credit memo after receive the return slip

• Credit memo goes to credit manager for approval

Approve credit memo

• Credit manager evaluate and make judgment

• Return the approve credit memo to sale department

Update sale journal

• Record transaction in credit memo to sales journal

• Credit memo sent to inventory control function

Update inventory and AR record

• Adjust inventory record and AR record

Update General Ledger

• Post the following

Inventory control xxxx

Sales return & allowance xxxx

Cost of Good Sold xxxx

AR control xxxx

22 

 

2.2.4 Document use in purchasing process and sales order process

- Purchase requisition : a formal document stating that certain code and type of item has

reach predetermined reorder point. It also states the quantity of items need to order and

date when the product is needed. Usually for each inventory item there will be separate

purchase requisition.

- Purchase order: is a formal document made based on the purchase requisition, showing

the vendor name and code, date ordered, items being purchased, name of items,

quantities of item needed and the correct price. This document use as a formal procedure

when we want to order specific items from specific vendor.

- Blind PO: is a copy of purchase order which purpose is to force the receiving clerk to

count and inspect the items being received from suppliers. It contains no quantity or

price information about the items received.

- Receiving report: document prepare by the receiving clerk after they completed the

blind PO. The receiving report stating the quantity and condition of inventory received,

the date of receiving inventory and the supplier who deliver the inventory.

- Supplier’s invoice: a copy of document from supplier stating the amount of money

need to be pay and the due date. It also contains the terms and condition for discount

given by the supplier.

- Customer order: order from customer indicating type and quantity of item desired.

Customer order is not in a standard format and may not be a physical document.

23 

 

- Sales order: contain customer’s name, address, account number, items sold, quantities

and price of each items

- Stock release/ picking slip: a document sent to warehouse for picking the ordered

goods from warehouse

- Back order: a document prepare when there is insufficient quantities of inventory

ordered by customers

- Packing slip: packing slip will be sent along the goods to describe the content of the

order

- Shipping notice: document that serves as proof that goods were shipped

- Bill of lading: the contract between seller and the shipping company to transport the

goods to the customers

- Sales invoice: document sent to customers to reflect amount of sales

- Return slip: slip prepare by receiving department describe the items being return by

customer

- Credit memo: a document that allow a credit to a customer for a sale return or for

allowance on a sale.

24 

 

2.3 Internal control

Having a good internal control in a system is one way to deal with fraudulent and bad

situation inside the organization.

Definition of internal control: control framework that measure the firm’s security and

provide reasonable assurance that there is no risk exposure within the firm (Hall, 2008).

There are four objective of internal control:

- To safeguard the asset of firm

- To ensure the reliability of financial reporting

- Better effectiveness and efficiency in day to day

operation

- Compliance of applicable laws and regulation inside

company.

Every system have limitation, as well as internal control system and these are the

limitation of internal control:

1. There is possibility of error because no system is perfect.

2. Due to misinterpretation or insufficient information, management

may make mistake in making decision which lead to loss.

3. To implement a good internal control system, firm need to pay high

cost.

25 

 

4. Management override: being a manager means they have position to

override control procedure.

5. In overtime, the condition may change and cause the existing control

useless.

Type of internal control:

- Preventive control: before something bad happen we should take action to

prevent it. This is the first step of defense in internal control. Preventive control

cost less than detective and corrective control. Example of preventive control:

segregation duties, well designed document, use of password, etc.

- Detective control: detective control is the second step in internal control to

prevent fraud. These are procedure or device to identify any fraud that preventive

control cannot handle. It works like a warning alarm that management should

pay attention for.

- Corrective control: action taken to fix any problem which been detected by

previous step. There will be more than one corrective action need to conduct to

fix problem. This is why corrective control is the most expensive control rather

than the previous steps.

26 

 

2.3.1 COSO

According to SOX 2002 section 302, states that corporate management need to certify

financial and other information in the organization annually. To provide the accuracy

and reliability of financial reports. The rule also requires management to have design

internal controls. Section 404 requires management to assess effectiveness of

organization’s internal controls over financial report. The Security and Exchange

Commission has made COSO as the recommended control standard for every firm.

COSO (Committee of Sponsoring Organizations of the Tread way), establish in year

1985 and initially published in 1992 and studied about the factors which lead to

fraudulent financial reporting ( www.coso.org).

Component of COSO

The SAS 78/COSO Framework consists of 5 components

1. Control Environment

A strong internal control environment is very important for every

organization regardless of size. Control Environment is the Foundation

from all components of COSO framework (Wilkinson et al., 2000).

Important elements of control environment are:

27 

 

o Management philosophy and operating style

Management should create such an environment that minimize

any fraudulent or unwanted event to occur

o Integrity and ethical values

Management should send a positive message to all employees by

becoming role model and following standards Rules and

regulation.

o Commitment to competence

firm should recruit employees that have competence and

trustworthy personnel characteristic to perform their task

o Board of Directors or Audit Committee

Board of Directors appoint audit committee from outside whose

function is to detect any fraud and review of the financial

statement

o Organizational Structure

identifies formal/relationship for achieving firm objective

o Assignment of authority and responsibility

the authority duties should be assign to a person who has a high

responsibility

28 

 

o Human resources policies and practices

involves in implementing policies regarding recruitment,

motivation, training, promotion, compensation and protection of

employee. Human resource policies and practices help firm

achieve efficient and effective day to day operation.

2. Risk assessment

All firms will face risk, internally and externally regardless of their sie,

structure or industry. In risk assessment, it involve the identification,

analyze and managing risk that may prevent organization to reach their

objective

According to Hall (2008) risk can arise because of:

o Recruitment of new personnel who have insufficient

understanding of internal control

o The new system of technology implementation may

impact the transaction processing

o The rapid growth in the future will make the existing

internal control useless

o New product being introduced

o Organizational restructure

29 

 

3. Information and communication

To prepare reliable financial statements, management need an accurate

and high quality of information. A high quality and accurate information

is a source for management to make decision and to take desired action.

A high quality of Accounting Information System will:

o Occurrence: record all transaction in the time which they

occurred

o Accuracy: Transaction record must be free from material

errors

o Complete: no information that should be record in

Financial Statement missing

o Timeliness: all information needed for financial statement

are recorded in proper accounting period.

4. Monitoring

Monitoring is a process of assessing the quality of internal control

system. This process can be done by conducting ongoing monitoring

activities. In ongoing monitor activities, test of control can be conducting

by integrating special computer modules. Supervision of employees is

also another way to assess quality control by ongoing monitoring

activities. Separate monitoring activities are done by the internal auditor.

30 

 

Internal auditor perform internal control test and find the strength and

weaknesses of internal control system. Monitoring activity can be benefit

from automation (Ramamoorti and Dupree, 2010).

5. Control activities

Control activities is standard procedure need to be performed to make

sure proper actions are taken in dealing with firm’s identified

weaknesses.

Control activities separate into two different categories:

o IT Controls

Action taken by firm to control the computerize system.

There are general controls and application control.

General controls involve the controls over program

maintenance, data center, system development and

organization database. Application controls involve

control for specific system. For example: payroll system,

purchase order, process system, etc.

o Physical controls

Physical control is more into human activities performed

to prevent any fraud or risk take place in organization.

31 

 

Six categories of physical control:

a) Transaction authorization

To ensure only valid transaction are processed by the

system and in accordance with management objective.

General authorization is the procedure to authorize day

to day operation. Specific authorization is the

procedure to authorize non routine and case by case

transaction.

b) Segregation of duties

Segregation of duties is the most important control

activities to minimize fraud and risk. There are three

objective of segregation of duties must be follow:

Objective 1: the processing of transaction must be

separated from the authorization of transaction.

Objective 2: the record keeping department must be

separate from the custody of asset.

Objective 3: the organization must be structured.

c) Supervision

For small organization sometimes it is hard to

implement segregation of duties, therefore it must be

32 

 

compensate by close supervision. Firm need to recruit

competent and trustworthy person to supervise

employees.

d) Accounting records

Documents, journals and ledgers are contain in the

accounting records Of firms. These records help to

provide audit trail. External and internal auditor use

audit trail to verify selected transaction. An audit trail

should provide clear time recorded and also by whom

the audit trail is prepare for each transaction

( Wiersema, 2010).

e) Access control

The function of access control is make sure that the

only person who assess the firm’s asset is the

authorized person. Access control is very important to

the firm’s asset. If there is no access control over the

firm’s asset, there will be damage or theft. Firms need

to have good security devices to control against direct

access to assets.

33 

 

f) Independent verification

Action taken by person who is not directly involved in

the system to identify errors, weakness and fraud.

Through independent verification, management can

assess the integrity and correctness of data in

accounting records.

2.3.2 Internal control for small Medium Enterprise

The greatest concern to larger firms was cost. Small firms said that insufficient resources

and time constraints were the primary issues followed by the cost of the project.

(Michelson,Stryker and Throne, 2009).

According to Aguilar cited by Hamilton (2009), smaller companies gain particular

benefits from section 404 (b). Managers of smaller companies may be able to dominate

and override existing internal controls. The companies also have limitation on the

resource needed to maintain appropriate technical controls. Having section 404 (b) apply

to smaller companies will be a help. Furthermore Hamilton said that section 404 has

made fraud harder to commit and easier to detect.

Characteristic of small business according to Michelman and Waldrup (2008):

• Large number of Cash transaction

• Using simple accounting system to process complicated accounting issues

• Focused more on service but lack of training in accounting and business

34 

 

• No audit

• No regulatory reporting issues

• Complicated organizational structure

In smaller organization, they still use the SAS78/COSO but less formal and structured.

1. Control Environment

According to Michelman and Waldrup (2008), integrity and ethical value

are the basis for control model. In small organization, management

philosophy and operating style is an important element, they may be

more apparent in the actions and attitudes of the owner or CEO rather

than in formal documents and written procedure (Tanki and Steinberg,

1993).

Further more, Michelman and Waldrup (2008) state that the organization

must be structure to help company define the authority and responsibility

of each employee. Board of directors and human resource may be no

need since small companies usually do not have both elements.

2. Risk Management

Focus more on fraud risk rather than financial reporting risk, because

many of them using cash basis accounting (Michelman and Waldrup,

2008). Companies should have clear objective since there is no practical

35 

 

way to eliminate all risk. Management must decide how much risk it will

tolerate and determine how those tolerance levels can be maintained.

3. Information and Communication

Smaller organization may have an advantage with this component

because there is greater for face to face discussion among employees and

management or owner ( Tanki and Steinberg, 1993).

4. Monitoring

Monitoring action for smaller companies are the same with Monitoring

action in larger companies, on going and separate monitoring.

5. Control Activities

According to Tanki and Steinberg (1993), there may be no need for

certain activities due to direct involvement f manager, owner or CEO.

According to Michelman and Waldrup (2008), the control activities focus

on mitigating any risk or fraud that have been identified, segregation of

duties and firm have to develop policies that deal with record

maintenance.

In addition, Gramling et all (2010) recommend solutions for segregation

of duties problems:

• Adding more people

• Rotation of duties: some companies that may not able to add more

people can do this.

36 

 

• Management oversight: small business need to rely on greater

management involvement in day to day operation.

• Top down- risk based analysis:

New SEC rule and PCAOB Auditing standard (AS)2 allow

company to conduct a top down risk based analysis of company’s

internal control. Each company will be allowed to determine

which areas present the greatest risk for making material errors in

financial statement and implement control for those risks (Filisko,

2007).

Three aspects of the top down risk based:

- Determine the components of significant accounts and consider

eliminating certain components subject to differing level of risk

from the scope of assessment.

- Leverage a strong, relevant, entity level controls strategy when

determining the testing of transaction controls

- Align testing procedures for transaction control to the assessed

level of risk, particularly for areas with lower risk of material

misstatement. (Earnst &Young, 2005).

37 

 

2.3.3 Fraud

The word fraud is more familiar in today’s financial press. Fraud is one major problem

cause bankruptcies and business failure. Ramamoorti and Dupree (2010) stated in their

journal that a survey of the Association of Certificate Fraud Examiners’ (ACFE) found

that about 7 percent of annual revenues in US organization were lost because of fraud.

Moreover Ramamoorti and Dupree (2010) state that every organization regardless f their

size potentially suffering from fraud risk. This is why the internal and external auditors

need to detect any fraud in all phase during financial audit. As presented in statement of

auditing standard (SAS) no. 99, Consideration of fraud in a financial statement audits.

The SAS 99 also require auditor to perform new step during the process of financial

audit to assess potential risk of misstatement in financial statement. Hall (2008) define

fraud as false representation of material fact made by one party to another party with

intent to deceive and induce the other party to justifiably rely on the fact to his or her

detriment.

An act consider as fraudulent act if it meets the following condition:

- False representation: there must be false statement

- Material fact: a fact must be factor for someone to act fraudulent.

- Intent: there must be intent that person who conduct the act knows what he/she

did is wrong.

38 

 

- Justifiable reliance: the false representation must have been a substantial factor to

the business.

- Injury or loss: the act must have caused loss to the business.

There are two level of fraud:

a) Employee fraud: fraudulent act by non management employees which

usually involve stealing something (asset) and convert them (asset)

into cash (money).

b) Management fraud: it causes the business a huge loss. Management

fraud is often escaped from detection and it is more insidious than

employee fraud.

According to Wiersema (2010) as business become larger, it is easy to lose sight of

different type of fraud which is much broader than item theft. Those include apply

reimbursement of funds they did not spent, report time that employees did not work.

Another type of fraud is collusion, for example: supplier billing company for product

that was never delivered. Problem of authority may also cause fraud. Manager having

approval authority may authorize payment on their own, overpay vendor and intent to

pocket the overpayment and also they may charge invoice to the company for personnel

work done by vendor.

39 

 

According to Arens et all (2006) There are three characteristic that cause someone to act

fraud also known as the triangle fraud:

• Pressure: if someone in a situation that force him/her to do fraud act. For

example: financial problem such as: family having health problem and

need money, pay school fees, etc. this cause someone to solve his/her

problem secretly.

• Opportunities: there is lack of control in company’s system that causes

opportunity for someone to do fraud.

• Attitude: the character of employees determine he/she to do fraud

2.3.4 Purchase Process control

a) Transaction authorization

• the inventory control department is the one who authorize to

make purchase requisition when certain inventory drop to their

predetermined reorder point.

• Without this step, purchasing department will purchase items on

their own and could lead to excessive inventories for some items.

b) Segregation of duties

There must be separation between inventory control from warehouse

according to objective 2 of segregation of duties, “the record keeping

40 

 

department must be separate from asset custody”. Inventory control is the

one who keep record on asset and warehouse is the asset custody.

c) Supervision

The area that need more attention for supervision is receiving department.

Close supervision in receiving department reduce the chance of:

- Failure to properly inspect the asset

The blind copy which contain no quantity or price

information use by the receiving clerk to count and inspect

the goods.

- Theft of asset

A close supervision is necessary from the arrival of goods

until securely place in the warehouse. Close supervision

help to reduce the exposure to theft during busy period.

d) Accounting record

• The accounting records in purchase process are: AP subsidiary

ledger and general ledger.

• These records help to maintain audit trail by internal auditor.

Auditor reconciles accounting record with supporting document.

41 

 

e) Access control

• Direct access to asset such as cash and inventory must be

controlled.

• Locks, alarm, fence and restricted access are devices to control

direct access.

• For indirect access, firm must control the access to documents

such as PO, RR, etc so there will be no unwanted transaction

occur.

f) Independent Verification

Independent Verification by Account payable.

• Before firm recognizes their obligation, the AP clerk reconciles

the entire purchasing transaction document.

• Works need to be done by AP clerk before firm fulfills their

obligation: (1) reconcile PO to ensure only the needed

inventories are ordered. (2) Reconcile RR to ensure firm receives

only the right quantities and good condition of inventories. (3)

Double check the supplier’s invoice to ensure firm pay the

correct price for the inventories received.

42 

 

Independent verification by GL department

• GL department verify total amount of money to be pay must

equal total inventory receive.

“ in addition for internal control, the journal entries should be numbered

and attached together with other supporting document and both preparer

and viewer should sign off. Without control, journal entry is dangerous

because they convey the power to commit fraud as they can be used to

camouflage any number of improprieties” ( Wiersema, 2010).

43 

 

Table 2.1 The Threat and Control of Purchase process ( Romney and Steinbart,

2009 )

Process/ Activity Threat Applicable control procedure

Order goods 1. Preventing stock out inventory control system; barcode

Or excess inventory technology; periodic counts.

2. Ordering unnecessary items approval of purchase requisition.

3. Purchasing goods at inflated price list; budgetary controls

Price. Use of approved suppliers.

4. Purchasing goods at inferior use of approved vendors; monitor

Quality. Vendor performance.

5. Purchasing from unauthorized restricting access to supplier

Suppliers. Master File.

6. Kickbacks training; job rotation; policies

against Accepting gift from

vendors.

Receive and 7. Receiving unordered goods require receiving clerk verify

Store goods existence of valid purchase order.

8. Making errors in counting using barcode technology;

Goods received documenting employees

performance.

9. theft of inventory physical access controls; proper

segregation Of duties; periodic

count of inventories.

44 

 

2.3.5 Sales order process control

a) Transaction Authorization

• Credit check

To ensure the proper firm’s credit policies and making judgment about

customer’s creditworthiness using various techniques and test. For new

customer, the credit approval may take time. The sales transaction cannot

proceed without credit approval

• Return Policy

The approval determination is based on the nature of the sale and

circumstances of the return each firm have their own rules for return policy.

b) Segregation of duties

• the credit department is segregated from the rest of the process so the

authorization of customer’s creditworthiness is an independent event

• separate the inventory warehouse department and inventory control

department

• the subsidiary ledger, journals and general ledger should be separately

maintained

45 

 

c) Supervision

• For firm that have too few employees to achieve an adequate separation

of department, close supervision is important

d) Accounting records

• Pre numbered document

Each document should be sequentially numbered by the printer. This

will permits tracking of single transaction

e) Access controls

Limiting access to:

• warehouse security such us fences, alarm and guard

• depositing cash daily in the bank

• use safe deposit box for cash

Example of access risk

• individual with access to AR sub ledger could remove his or her account

from the books

• access to sales order document may permit unauthorized individual to

trigger the shipment of a product

46 

 

f) Independent Verification

• The shipping department verify goods sent from warehouse are correct

in type and quantity

• Reconcile original sales order with shipping notice to ensure only right

quantities shipped will be billed

• Reconcile journal voucher and summary report

47 

 

Table 2.2 The threat and control of sales process ( Romney and Steinbart, 2009)

Process/ Activity Threat Control Procedure

Sales Order 1.Incomplete or inaccurate data entry edit checks

orders

2.Credit sales to customers credit approval by credit manager

With poor credit not by sales function

3.Legitimacy of orders signatures on documents

4. Stockouts, carrying cost inventory control system; sales

And markdowns forecast; periodic counting

Shipping 1. Shipping errors: bar code scanner; reconcile SO with

Wrong merchandise, packing slip; data entry application

Quantities, address controls

2. Theft of inventory restrict access to inventory; barcode

Technology; periodic counting;

Documentation of all internal

Transfer of inventory

Billing and AR 1. Failure to bill customer separation of shipping and billing;

Prenumbering all documents;

2. Billing errors data entry edit controls;

Price lists

3.Posting errors in reconcile sub AR ledger with GL;

Updating AR monthly statement to customers

48 

 

2.4 PC based accounting system

“ With certain types of controls, efficiency would actually improve. One way is to take

advantage of computer software capabilities” (Wiersema, 2010).

PC application is custom designed system that serves wide range of needs. This strategy

allows software vendors to mass produce low cost and error free standard products. This

is why PC accounting system are popular with smaller firms. Smaller firms use PC

accounting system to automate and replace manual system. Most PC systems are

modular in design. It include SO process and AR, Purchase and AP, Cash receipt, cash

disbursement, GL and financial report, Inventory and payroll. Modular design provides

users flexibility in using system to achieve their specific needs. To achieve user’s

specific needs, some vendors target their product to specific industries. Commercial

system usually has fully integrated modules that means that data transfers between

modules occur automatically.

PC Control issues

• Segregation of duties

PC system usually has inadequate segregation of duties. A single employee may

be responsible for entering all transaction data. A high degree of supervision,

adequate management reports and independent verification is needed.

• Access control

PC system usually provides inadequate control over access to data file. Some

application use password control but accessing data file directly via operating

49 

 

system often circumvents this control. Control action should be taken including

data encryption, disk locks and physical security device.

• Accounting records

Threat of data losses is the main concern of PC system. The primary cause of

data losses is the computer disk failure. Creating backup copies of data files and

program can reduce the exposure of this threat.

The Pros and contras of having automated system

“ The automated AIS could speed up information process and overcome the traditional

human weaknesses. As a result, the system support the resource management and help

the company projection of continuing business profit” ( Sori, 2009).

Fay (1998) also stated that using computerized system would give the flexibility to do

other things. But, he also describe the time it takes for the computer system to become

acquainted with the business operation. He also mention about the problem with the

reparation and the difficulty in handling and understanding the software will lessened

the benefit of using them to save time. A costly problematic implementation period also

become the problem of using automated system

50 

 

The 2009 COSO of Trade away Commission’s guidance on monitoring internal ccntrol

system argues that firm need to implement system in the right time and firm need to

monitor the continuing operating effectiveness periodically ( Ramamoorti and Dupree,

2010). In addition, according to Wiersema (2010), the system should be protected with

password to assured the segregation of duties.