Control and ais, revenue cycle

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart

Creating the great business leaders

Control and Accounting Information Systems


Fakultas Ekonomi dan Bisnis

School of Economic and Business

Telkom University

2 Creating the great business leaders

Questions to be addressed in this chapter:

What are the basic internal control concepts, and why are computer control and security important?

What is the difference between the COBIT, COSO, and ERM control frameworks?

What are the major elements in the internal environment of a company?

What are the four types of control objectives that companies need to set?

What events affect uncertainty, and how can they be identified?

How is the Enterprise Risk Management model used to assess and respond to risk?

What control activities are commonly used in companies?

How do organizations communicate information and monitor control processes?

INTRODUCTION




Telkom University


Why AIS threats are increasing

Control risks have increased in the last few years because: There are computers and servers everywhere, and information is

available to an unprecedented number of workers.

Distributed computer networks make data available to many users, and these networks are harder to control than centralized mainframe systems.

Wide area networks are giving customers and suppliers access to each other’s systems and data, making confidentiality a major concern.

INTRODUCTION




Telkom University


To use IT in achieving control objectives, accountants must:

Understand how to protect systems from threats.

Have a good understanding of IT and its capabilities and risks.

Achieving adequate security and control over the information resources of an organization should be a top management priority.

INTRODUCTION




Telkom University


Internal control is the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that the following control objectives are achieved:

Assets (including data) are safeguarded.

Records are maintained in sufficient detail to accurately and fairly reflect company assets.

Accurate and reliable information is provided.

There is reasonable assurance that financial reports are prepared in accordance with GAAP.

Operational efficiency is promoted and improved.

Adherence to prescribed managerial policies is encouraged.

The organization complies with applicable laws and regulations.

OVERVIEW OF CONTROL CONCEPTS




Telkom University


Internal controls perform three important functions:

Preventive controls

Detective controls

Corrective controls


• Remedy problems that have occurred by:

– Identifying the cause;

– Correcting the resulting errors; and

– Modifying the system to prevent future

problems of this sort.




Telkom University


Internal controls are often classified as:

General controls

Application controls


• Prevent, detect, and correct transaction errors

and fraud.

• Concerned with accuracy, completeness,

validity, and authorization of the data captured,

entered into the system, processed, stored,

transmitted to other systems, and reported.




Telkom University


A number of frameworks have been developed to help companies develop good internal control systems. Three of the most important are:

The COBIT framework

The COSO internal control framework

COSO’s Enterprise Risk Management framework (ERM)

CONTROL FRAMEWORKS




Telkom University


A number of frameworks have been developed to help companies develop good internal control systems. Three of the most important are:

The COBIT framework

The COSO internal control framework

COSO’s Enterprise Risk Management framework (ERM)

CONTROL FRAMEWORKS




Telkom University


COBIT framework

Also know as the Control Objectives for Information and Related Technology framework.

Developed by the Information Systems Audit and Control Foundation (ISACF).

A framework of generally applicable information systems security and control practices for IT control.

CONTROL FRAMEWORKS




Telkom University


COSO’s internal control framework

The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of: The American Accounting Association

The AICPA

The Institute of Internal Auditors

The Institute of Management Accountants

The Financial Executives Institute

CONTROL FRAMEWORKS




Telkom University


COSO’s internal control model has five crucial components:

- Control environment

- Control activities

- Risk assessment

- Information and communication

- Monitoring

CONTROL FRAMEWORKS

• The entire process must be monitored and modified

as necessary.




Telkom University


Basic principles behind ERM:

Companies are formed to create value for owners.

Management must decide how much uncertainty they will accept.

Uncertainty can result in: Risk

Opportunity

CONTROL FRAMEWORKS

• The possibility that something will happen to

positively affect the ability to create or preserve

value.




Telkom University


The most critical component of the ERM and the internal control framework.

Is the foundation on which the other seven components rest.

Influences how organizations:

Establish strategies and objectives

Structure business activities

Identify, access, and respond to risk

A deficient internal control environment often results in risk management and control breakdowns.

INTERNAL ENVIRONMENT




Telkom University


The following policies and procedures are important:

Hiring

Compensating

Training

Evaluating and promoting

Discharging

Managing disgruntled employees

Vacations and rotation of duties

Confidentiality insurance and fidelity bonds

INTERNAL ENVIRONMENT




Telkom University


To learn a little about segregation of duties, let’s first meet Bill.

CONTROL ACTIVITIES




Telkom University


Bill is in charge of a pile of the organization’s money—let’s say $1,000.

CONTROL ACTIVITIES




Telkom University


Bill also keeps the books for that money.

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Bill has a date tonight, and he’s a little desperate to impress that special someone, so he takes $100 of the cash. (Thinks he’s only borrowing it, you know.)

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Bill also records an entry in the books to show that $100 was spent for some “legitimate” purpose. Now the balance in the books is $900.

CONTROL ACTIVITIES

Ledger

$900




Telkom University


How will Bill ever get caught at his theft?

CONTROL ACTIVITIES

Ledger

$900




Telkom University


Now let’s change the story. Bill is in charge of the pile of cash.

CONTROL ACTIVITIES




Telkom University


But Mary keeps the books.

This arrangement is a form of segregation of duties.

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Bill gets in a pinch again and takes $100 of the organization’s cash.

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


How will Bill get caught?

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Segregation of accounting duties

Effective segregation of accounting duties is achieved when the following functions are separated: Authorization—Approving transactions and decisions.

Recording—Preparing source documents; maintaining journals, ledgers, or other files; preparing reconciliations; and preparing performance reports.

Custody—Handling cash, maintaining an inventory storeroom, receiving incoming customer checks, writing checks on the organization’s bank account.

If any two of the preceding functions are the responsibility of one person, then problems can arise.

CONTROL ACTIVITIES




Telkom University


CONTROL ACTIVITIES

CUSTODIAL FUNCTIONS

• Handling cash

• Handling inventories, tools,

or fixed assets

• Writing checks

• Receiving checks in mail

AUTHORIZATION

FUNCTIONS

• Authorization of

transactions

RECORDING FUNCTIONS

• Preparing source

documents

• Maintaining journals,

ledgers, or other files

• Preparing reconciliations

• Preparing performance

reports




Telkom University


In a system that incorporates an effective separation of duties, it should be difficult for any single employee to commit embezzlement successfully.

But when two or more people collude, then segregation of duties becomes impotent and controls are overridden.

CONTROL ACTIVITIES




Telkom University


If this happens . . .

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Then segregation of duties is out the window. Collusion overrides segregation.

CONTROL ACTIVITIES

Ledger

$1,000




Telkom University


Segregation of duties

Good internal control requires that no single employee be given too much responsibility over business transactions or processes.

An employee should not be in a position to commit and conceal fraud or unintentional errors.

Segregation of duties is discussed in two sections: Segregation of accounting duties

Segregation of duties within the systems function

CONTROL ACTIVITIES




Telkom University


Authority and responsibility must be divided clearly among the following functions:

Systems administration

Network management

Security management

Change management

Users

Systems analysts

Programming

Computer operations

Information systems library

Data control

CONTROL ACTIVITIES


Creating the great business leaders

The Revenue Cycle:

Sales to Cash Collections




Telkom University


Questions to be addressed in this chapter include:

What are the basic business activities and data processing operations that are performed in the revenue cycle?

What decisions need to be made in the revenue cycle, and what information is needed to make these decisions?

What are the major threats in the revenue cycle and the controls related to those threats?

INTRODUCTION




Telkom University


The revenue cycle is a recurring set of business activities and related information processing operations associated with:

Providing goods and services to customers

Collecting their cash payments

The primary external exchange of information is with customers.

INTRODUCTION




Telkom University


Information about revenue cycle activities flows to other accounting cycles, e.g.:

The expenditure and production cycles

The human resources/payroll cycle

The general ledger and reporting function

INTRODUCTION

• Uses information produced by the

revenue cycle in preparing financial

statements and performance reports.




Telkom University


Management also has to evaluate the efficiency and effectiveness of revenue cycle processes:

Requires data about: Events that occur.

Resources used.

Agents who participate.

The data needs to be accurate, reliable, and timely.

INTRODUCTION




Telkom University


Four basic business activities are performed in the revenue cycle:

Sales order entry

Shipping

Billing

Cash collection

REVENUE CYCLE BUSINESS ACTIVITIES



School Economics and Business


The Revenue Cycle : Sales To Cash Collection

Sales Order Entry

Take the custumer’s order (in the store, by mail, by phone, on a website, by a salesperson in

the field)

Check the custumer’s credit (General authorization, Specific authorization)

Check inventory availability (quantitiy on hand, quantity already committed to others, quantity

on order)

Respon to customer inquiries (may occur before or after the order is placed, the quality of this

customer service can be critical to company success)

Shipping

Picking and packing the order (which products to pick, what quantity)

Shipping the order (Physical count of inventory, quantities indicated on picking ticket,

quantities on sales order)

Billing Invoicing (the amount to be paid, where o send payment)

Updating accounts receivable (Debit n credit customer accounts)

Cash Collection Possible approaches to collecting

cash

Turnaround documents forwaded to accounts receivable

Lockbox arrangements

Electronic lockboxes

Electronic fund transfer and bill payment

Financial electronic data interchange (EDI)

Accept credit cards or procurement card form customers




Telkom University


Sales order entry is performed by the sales order department.

The sales order department typically reports to the VP of Marketing.

Steps in the sales order entry process include:

Take the customer’s order.

Check the customer’s credit.

Check inventory availability.

Respond to customer inquiries (may be done by customer service or sales order entry).

SALES ORDER ENTRY




Telkom University


1.1

Take

Order

Customer

Shipping

1.2

Approve

Credit

1.3 Check

Inv.

Avail.

Billing Ware-

house

Purchas-

ing

1.4 Resp. to

Cust. Inq.

Customer

Sales Order

Customer

Inventory

Orders

Orders

Approved

Orders

Packing

List

Sales

Order

Sales

Order

Inq

uir

ies

Re

sp

on

se

DFD for

Sales Order Entry




Telkom University


Take customer orders

Order data are received on a sales order document which may be completed and received: In the store

By mail

By phone

On a Website

By a salesperson in the field

SALES ORDER ENTRY




Telkom University


The sales order (paper or electronic) indicates:

Item numbers ordered

Quantities

Prices

Salesperson

SALES ORDER ENTRY




Telkom University


How IT can improve efficiency and effectiveness:

Orders entered online can be routed directly to the warehouse for picking and shipping.

Sales history can be used to customize solicitations.

Choiceboards can be used to customize orders.

SALES ORDER ENTRY

• Initially popular with Dell and Gateway.

• Now used for purchases of shoes and

jeans!




Telkom University


Electronic data interchange (EDI) can be used to link a company directly with its customers to receive orders or even manage the customer’s inventory.

Email and instant messaging are used to notify sales staff of price changes and promotions.

Laptops and handheld devices can equip sales staff with presentations, prices, marketing and technical data, etc.

SALES ORDER ENTRY




Telkom University


How can IT improve the process?

Automatic checking of credit limits and balances

Emails or IMs to the credit manager for accounts needing specific authorization

SALES ORDER ENTRY




Telkom University


The second basic activity in the revenue cycle is filling customer orders and shipping the desired merchandise.

The process consists of two steps

Picking and packing the order

Shipping the order

The warehouse department typically picks the order

The shipping departments packs and ships the order

Both functions include custody of inventory and ultimately report to the VP of Manufacturing.

SHIPPING




Telkom University


2.1

Pick &

Pack

Sales Order

2.2

Ship

Goods

Sales

Order

Entry

Shipping

Carrier

Inventory

Shipments Billing &

Accts.

Rec.

Picking List

Goods &

Packing

List

Goods,

Packing Slip,

& Bill of Lading

Bill of

Lading &

Packing Slip

Sales

Order




Telkom University


The third revenue cycle activity is billing customers.

This activity involves two tasks:

Invoicing

Updating accounts receivable

BILLING




Telkom University


3.1

Billing

Customer

3.2

Maintain

Accts.

Rec.

Sales

Order

Entry

Billing and

Accounts

Receivable

Customer Sales

General

Ledger &

Rept. Sys.

Shipping

Mailroom

Sales Order

Sales

Invoice

Remittance

List




Telkom University


The final activity in the revenue cycle is collecting cash from customers.

The cashier, who reports to the treasurer, handles customer remittances and deposits them in the bank.

Because cash and checks are highly vulnerable, controls should be in place to discourage theft.

Accounts receivable personnel should not have access to cash (including checks).

CASH COLLECTIONS




Telkom University


In the revenue cycle (or any cycle), a well-designed AIS should provide adequate controls to ensure that the following objectives are met:

All transactions are properly authorized.

All recorded transactions are valid.

All valid and authorized transactions are recorded.

All transactions are recorded accurately.

Assets are safeguarded from loss or theft.

Business activities are performed efficiently and effectively.

The company is in compliance with all applicable laws and regulations.

All disclosures are full and fair.

CONTROL OBJECTIVES, THREATS, AND PROCEDURES




Telkom University


Threats in the sales order entry process include:

1) THREAT 1: Incomplete or inaccurate customer orders

2) THREAT 2: Sales to customers with poor credit

3) THREAT 3: Orders that are not legitimate

4) THREAT 4: Stockouts, carrying costs, and markdowns

5) THREAT 5: Shipping Errors

6) THREAT 6: Theft of Inventory

7) THREAT 7: Failure to bill customers

8) THREAT 8: Billing errors

9) THREAT 9: Errors in maintaining customer accounts

10) THREAT 10: Theft of cash

THREATS IN SALES ORDER ENTRY




Telkom University


11) THREAT 11: Loss, alteration, or unauthorized disclosure of data

12) THREAT 12: Poor performance

GENERAL CONTROL ISSUES




Telkom University


Aktivitas Ancaman Pengendalian

Masalah-masalah umum di dalam siklus pendapatan

1. Data induk tidak akurat atau tidak valid

2. Pengungkapan yang

tidak diotorisasi atas informasi sensitif

3. Kehilangan atau penghancuran data

4. Kinerja buruk

a. Pengendalian Integritas pemrosesan data

b. Pembatasan akses ke data induk

c. Tinjauan atas seluruh perubahan terhadap data induk

Enskripsi Backup dan prosedur pemulihan bencana Laporan manajerial

Ancaman Dan Pengendalian Dalam Siklus Pendapatan






Entri pesanan Penjualan 1. Pesanan yang tidak lengkap/tidak akurat

2. Pesanan yang tidak valid

3. Piutang yang tidak tertagih

4. Kehabisan stock atau kelebihan persediaan

5. Kehilangan pelanggan

a. Pengendalian edit entri data b. Pembatasan akses ke data induk Tanda tangan digital atau tanda tangan tertulis a. Batas kredit b. Otorisasi spesifik untuk menyetujui penjualan

kepada para pelanggan baru atau penjualan yang melebihi batas kredit seorang pelanggan

c. Penuaan piutang

a. Sistem pengendalian persediaan perpetual b. Penggunaan kode batang (bar code) atau RFID c. Pelatihan d. Perhitungan fisik persediaan secara periodik e. Prediksi penjualan dan laporan aktivitas

Sistem CRM, situs swadaya, dan evaluasi yang tepat atas peringkat layanan pelanggan.







Pengiriman 1. Memilih barang yang salah atau kuantitas yang salah

2. Pencurian persediaan

3. Kesalahan pengiriman (penundaan atau kegagalan untuk mengirim, kuantitas yang salah, barang yang salah, alamat yang salah, duplikasi)

a. Teknologi kode batang dan RFID b. Rekonsiliasi daftar pemilihan untuk

detail pesanan penjualan a. Pembatasan akses fisik ke persediaan b. Dokumentasi seluruh transfer

persediaan c. Teknologi RFID dan kode batang d. Perhitungan fisik persediaan secara

periodik dan rekonsiliasi terhadap kuantitas tercatat

a. Rekonsiliasi dokumen pengiriman

dengan pesanan penjualan, daftar pemilihan, dan slip pengepakan

b. Menggunakan sistem RFID untuk mengidentifikasi penundaan

c. Entri data melalui pemindai kodebatang dan RFID

d. Pengendalian edit entri data (jika data pengiriman dimasukan ke terminal)

e. Konfigurasi sistem ERP untuk mencegah pengiriman duplikat







Penagihan 1. Kegagalan untuk menagih

2. Kesalahan penagihan

3. Kesalahan posting dalam piutang

4. Memo kredit yang tidak akurat atau tidak valid

a. Pemisahan fungsi penagihan dan pengiriman b. Rekonsiliasi secara periodik atas faktur dengan

pesanan penjualan, kartu pengambilan, dan dokumen pengiriman

a. Konfigurasi sistem untuk memasukan data harga

secara otomatis b. Pembatasan akses ke data induk harga c. Pengendalian edit entri data d. Rekonsiliasi dokumen pengiriman (kartu

pengambilan, bill of lading, dan daftar pengepakan) untuk pesanan penjualan

e. Pengendalian entri data f. Rekonsiliasi total batch g. Pengiriman laporan bulanan kepada para pelanggan h. Rekonsilliasi buku pembantu piutang di buku besar

umum a. Pengendalian entri data b. Rekonsiliasi total batch c. Pengiriman laporan bulanan kepada para pelanggan d. Rekonsiliasi buku pembantu piutang di buku besar

umum a. Pemisahan tugas otorisasi memo kredit baik dari

entri pesanan penjualan maupun pemeliharaan rekening pelanggan

b. Konfigurasi sistem untuk memblokir memo kredit kecuali ada dokumentasi yang sesuai dengan pengembalian barang rusak atau otorisasi yang spesifik oleh manajemen


Education

Control and ais, revenue cycle