Control in

Financial  A review
Information
System
 l The second function of a well-designed AIS is to
provide adequate controls to ensure that the following
objectives are met:
 Transactions are properly authorized.
 Recorded transactions are valid.
Control  Valid, authorized transactions are recorded.
Objectives  Transactions are recorded accurately. Assets (cash,
inventory, and data) are safeguarded from loss or theft.

 Business activities are performed efficiently and

effectively.
REVIEW:
WHAT SOME THREATS, EXPOSURE,
CONTROL PROSEDURES IN GENERAL
LEDGER CYCLE
What are some threats?
– errors in updating the general ledger
 inaccurate/incomplete journal entries
 inaccurate/incomplete posting of journal entries
– unauthorized access to the general ledger
– loss or destruction of general ledger data

CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
l What are some exposures?
– inaccurate records and reports, resulting in
bad decisions based on erroneous information
– leak of confidential data
– corruption of general ledger
– cover-up of theft
– loss of data
– loss of assets
CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
 What are some control procedures?
– input, edit, and processing controls
– reconciliations and control reports
– access controls
– adequate audit trail
– proper backup procedures
– disaster recovery plan

CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN REVENUE
CYCLE
 l What are some threats?
 credit sales to customers with poor credit
Control  shipping errors
Objectives,  theft of cash and inventory
Threats, and  failure to bill customers
Procedures  billing errors
 loss of data
 l What are some exposures?
 uncollectible sales and losses due to bad debts
Control  customer dissatisfaction
Objectives,  loss of assets and overstated assets
Threats, and  loss of revenue and inventory
Procedures  incorrect records and poor decision making
 loss of confidential information
 l What are some control procedures?
 credit approval by credit manager and sales function
Control  reconciliation of sales order with picking ticket and
Objectives, packing slip

Threats, and  restriction of access to inventory and data

Procedures  lockbox arrangement
 segregation of duties
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN EXPENDITURE
CYCLE
 Control Objectives,
Threats, and Procedures
l The second function of a well-designed AIS is to provide
adequate controls to ensure that the following objectives are
met:
l Transactions are properly authorized.
l Recorded transactions are valid.
l Valid, authorized transactions are recorded.
l Transactions are recorded accurately.

13 - 12
 Control Objectives,
Threats, and Procedures
l Assets (cash, inventory, and data) are safeguarded from loss or
theft.
l Business activities are performed efficiently and effectively.

13 - 13
 Control Objectives,
Threats, and Procedures
l What are some threats?
– stockouts
– purchasing too many or unnecessary goods
– purchasing goods at inflated prices
– purchasing goods of inferior quality
– purchasing from unauthorized vendors
– kickbacks
13 - 14
 Control Objectives,
Threats, and Procedures
– receiving unordered goods
– errors in counting goods
– theft of inventory
– failure to take available purchasing discounts
– errors in recording and posting purchases and payments
– loss of data

13 - 15
 Control Objectives,
Threats, and Procedures
l What are some exposures?
– production delays and lost sales
– increased inventory costs
– cost overruns
– inferior quality of purchased goods
– inflated prices
– violation of laws or import quotas
– payment for items not received 13 - 16
 Control Objectives,
Threats, and Procedures
– inaccurate inventory records
– loss of assets
– cash flow problems
– overstated expenses
– incorrect data for decision making

13 - 17
 Control Objectives,
Threats, and Procedures
l What are some control procedures?
– inventory control system
– vendor performance analysis
– approved purchase requisitions
– restricted access to blank purchase requisitions
– price list consultation
– budgetary controls
13 - 18
 Control Objectives,
Threats, and Procedures
– use of approved vendor lists
– approval of purchase orders
– prenumbered purchase orders
– prohibition of gifts from vendors
– incentives to count all deliveries
– physical access control
– recheck of invoice accuracy
– cancellation of voucher package 13 - 19
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN PAYROLL
CYCLE
 Control Objectives,
Threats, and Procedures
l The second function of the AIS in the
HRM/payroll cycle is to provide adequate
internal controls to ensure meeting the
following objectives:
– payroll transactions are properly authorized
– recorded payroll transactions are valid
– authorized payroll transactions are recorded
– payroll transactions are accurately recorded
15 - 21
 Control Objectives,
Threats, and Procedures
– applicable government regulations regarding remittance of
taxes and filing of payroll and HRM reports are met
– assets (both cash and data) are safeguarded from loss or theft
– HRM/payroll cycle activities are performed efficiently and
effectively

15 - 22
 Control Objectives,
Threats, and Procedures
l What are some threats?
– hiring of unqualified or larcenous employees
– violation of employment law
– unauthorized changes to the master payroll file
– inaccurate time data
– theft or fraudulent distribution of paychecks
– loss or unauthorized disclosure of payroll data

15 - 23
 Control Objectives,
Threats, and Procedures
l What are some exposures?
– increased expenses
– lower productivity
– theft
– fines and civil suits
– inaccurate records and reports
– over/underpayment of employees
– reduced morale
15 - 24
 Control Objectives,
Threats, and Procedures
 What are some control procedures?
– sound hiring practices (verification of job applicant’s skills,
references, and employment history)
– thorough documentation of hiring procedures
– segregation of duties
– batch totals and other application controls

15 - 25
 Control Objectives,
Threats, and Procedures
– direct deposit
– paycheck distribution by someone independent of payroll
process
– investigation of all unclaimed paychecks
– separate payroll checking account
– access control
– backup procedures
– encryption
15 - 26
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN PRODUCTION
CYCLE
 Control Objectives,
Threats, and Procedures
l The second function of a well-designed AIS is to provide
adequate controls to ensure that the following objectives are
met:
1 All production and fixed asset acquisitions are properly
authorized.
2 Work-in-process inventories and fixed assets are safeguarded.
3 All valid, authorized production cycle transactions are
recorded.
14 - 28
 Control Objectives,
Threats, and Procedures
4 All production cycle transactions are recorded accurately.
5 Accurate records are maintained and protected from loss.
6 Production cycle activities are performed efficiently and
effectively.

14 - 29
 Control Objectives,
Threats, and Procedures
l What are some threats?
– unauthorized transaction
– theft or destruction of inventories and fixed assets
– recording and posting errors
– loss of data
– inefficiencies and quality control problems

14 - 30
 Control Objectives,
Threats, and Procedures
l What are some exposures?
– overproduction and excess inventories
– obsolescence
– underproduction, stockouts, and lost sales
– excess investment in fixed assets
– loss of assets
– overstated inventory records
14 - 31
 Control Objectives,
Threats, and Procedures
– ineffective scheduling and planning
– decision errors
– increased expenses and taxes on fixed assets that are
incorrectly valued
– ineffective decision making
– loss of customer goodwill and future sales

14 - 32
 Control Objectives,
Threats, and Procedures
l What are some control procedures?
– accurate sales forecasts and inventory records
– authorization of production
– restricted access to production planning program and to blank
production order documents
– review and approval of capital asset expenditures

14 - 33
 Control Objectives,
Threats, and Procedures
– documentation of all internal movements of inventory
– proper segregation of duties
– source data automation
– on-line data entry edit controls
– backup and disaster recovery procedures
– regular performance reports
– cost of quality control measurement
14 - 34
CONTROL IN REVENUE CYCLE, SILVIA VERONIKA
CONTROL IN EXPENDITURE CYCLE, ALIKA NATHASA
CONTROL IN PAYROLL, TETI YULIA
Ada kasus yang dibahas.

Format presentation
Case Description
Introduction
Pentingnya control pada siklus pendapatan

Problem Staements
Objective
Methodology
Review Literature
Discussion
Conclusion
 Control in
Financial  A review
Inforamation
System
INTERNAL CONTROL SYSTEMS

• Students are able to:

– Explain Basic control concepts and why computer control and security control are important.
– Compare and Contrast the COBIT, COSO and ERM control Frameworks.
– Describe Major elements in the Environmental of a company
– Describe the four types of Control objectives that companies need to set.
– Describe the event that affect uncertainty and The techniques to identify them
– Describe control activities commonly used in companies
 Explain Basic control concepts and why computer control and
security control are important.

• Ancaman Terhadap SIA

WHAT ARE EXAMPLES OF NATURAL
AND POLITICAL DISASTERS?
– fire or excessive heat
– floods
– earthquakes
– high winds
– war
WHAT ARE EXAMPLES OF SOFTWARE
ERRORS AND EQUIPMENT
MALFUNCTIONS ?
– hardware failures
– power outages and fluctuations
– undetected data transmission errors
WHAT ARE EXAMPLES OF
UNINTENTIONAL ACTS?
– accidents caused by human carelessness
– innocent errors of omissions (kelalaian)
– lost or misplaced data
– logic errors
– systems that do not meet company needs
WHAT ARE EXAMPLES OF INTENTIONAL
ACTS ?
– Sabotage (sabotase)
– computer fraud (kecurangan)
– Embezzlement (penggelapan)
 Need For Control
• Organizational Cost of
Organizational
cost of data
lost
data loss
O R G A N I Z AT I O N Value of
• Cost of incorrect
decision making
hardware a,
software and
personnel

High Cost of
Computer
error
• Cost of computer abuse
• Value of hardware,
Maintenance
Privacy
software, personnel
• High cost of computer
error
Cost of
incorrect
decision

Controlled
Evolution of
• Maintenance of privacy
• Controlled evolution of
Computer use

computer use
Cost of
computer
abuse

6/20/2019 Ron Webber, Overview of IS AUdting 43

PERTANYAAN

• Mengapa pengendalian dan keamanan terhadap SIK itu Penting

• Jelaskan bentuk ancaman terhadap SIA.
– Jawaban dengan memberikan contoh mendapat nilai tambah
OVERVIEWS CONCEPT CONTROLS
 What is management control?
 Management control encompasses the
following three features:
1 It is an integral part of management
responsibilities.
2 It is designed to reduce errors, irregularities,
and achieve organizational goals.
3 It is personnel-oriented and seeks to help
employees attain company goals.
IDENTIFY FINANCIAL INFORMATION
SYSTEM CONTROLS
• A control is a system that prevent, detect and corrects unlawful event. It Is a system because all
components of the controls must be in place and working for the controls to functions reliably.
• Control is a system, its compromises a set of interrelated system components that functions
together to achieve overall purposes.
• Focus of control is unlawful events. It can arise if unauthorized, inaccurate, incomplete,
redundant, ineffective or inefficient input enters the system

IS Constrol and AUdit, ROn Weber. CISA review Manual,

9/28/11 46
ISACA, 2003
OVERVIEWS CONCEPT CONTROLS

• What is the traditional definition of internal control?

• Internal control is the plan of organization and the methods a business uses to safeguard
assets, provide accurate and reliable information, promote and improve operational efficiency,
and encourage adherence to prescribed managerial policies.
INTERNAL CONTROL
CLASSIFICATIONS
• The specific control procedures used in the internal control and management control systems
may be classified using the following four internal control classifications:
1 Preventive, detective, and corrective controls
2 General and application controls
3 Administrative and accounting controls
4 Input, processing, and output controls
PERTANYAAN

• Apa defenisi dari Pengendalian atau control

• Sebutkan Klasifikasi dari pengendalian
COMMITTEE OF SPONSORING
ORGANIZATIONS
• The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of
five organizations:
1 American Accounting Association
2 AICPA
3 Institute of Internal Auditors
4 Institute of Management Accountants
5 Financial Executives Institute
COMMITTEE OF SPONSORING
ORGANIZATIONS
• In 1992, COSO issued the results of a study to develop a definition of internal controls and to
provide guidance for evaluating internal control systems.
• The report has been widely accepted as the authority on internal controls.
COMMITTEE OF SPONSORING
ORGANIZATIONS
• The COSO study defines internal control as the process implemented by the
board of directors, management, and those under their direction to provide
reasonable assurance that control objectives are achieved with regards to:
– effectiveness and efficiency of operations
– reliability of financial reporting
– compliance with applicable laws and regulations
COMMITTEE OF SPONSORING
ORGANIZATIONS
• COSO’s internal control model has five crucial components:
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring
INFORMATION SYSTEMS AUDIT
AND CONTROL FOUNDATION
• The Information Systems Audit and Control Foundation (ISACF) recently developed the
Control Objectives for Information and related Technology (COBIT).
• COBIT consolidates standards from 36 different sources into a single framework.
• The framework addresses the issue of control from three vantage points, or dimensions:
INFORMATION SYSTEMS AUDIT
AND CONTROL FOUNDATION
1 Information: needs to conform to certain criteria that COBIT refers to as business
requirements for information
2 IT resources: (people, application systems, technology, facilities, and data)
3 IT processes: (planning and organization, acquisition and implementation, delivery and support,
and monitoring
• Apa yang dimaksud dengan COSO dan ISACF
• Sebutkan anggota COSO
• Apa yang dihasilkan oleh COSO
• Apa yang dihasilkan oleh ISACF
•
COSO’S INTERNAL
CONTROL MODEL HAS FIVE
CRUCIAL COMPONENTS:
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring
CONTROL ENVIRONMENT

• The core business is Its people-their individual attributes, including integrity, ethical vales and
competence and the environment in which they are operate.
• They are the engine that drive organization and the foundation on which everything rest
RISK ASSESSMENT

• The organization must aware of and deal with the risk it faces
• It must set objectives, integrated with the sales, production, marketing, financial and other
activities.
• So that the organization is operating in concrete,. It must also establish mechanism to identify,
analyze and manage the related risks
CONTROL ACTIVITIES

• Control policies and procedure must be establish and execute to help ensure that the action
identifies by the management as necessary to address risk to achievement of the organization’s
objective are effectively carried out
INFORMATION AND COMMUNICATION

• Surrounding the control activities are information and communication. These enable the
organization’s people to capture and exchange the information needed to conduct. Manage and
control its operation
MONITORING

• The entire process a must be monitored and modifications made as necessary. In this way the
system can react dynamically. Changing as condition warrant
• Mana yang paling penting diantara 5 komponen internal control.
THE CONTROL ENVIRONMENT
• The control environment consists of many factors, including the following:
1 Commitment to integrity and ethical values
2 Management’s philosophy and operating style
3 Organizational structure
THE CONTROL ENVIRONMENT
4 The audit committee of the board of directors
5 Methods of assigning authority and responsibility
6 Human resources policies and practices
7 External influences
COMMITMENT TO INTEGRITY AND
ETHICAL VALUES
• The management of an organization must show their commitments toward implementation of
ethical values
• The most critical aspect of an organization’s control environment is management’s attitude
toward internal control and the emphasis it places on internal control in the organizations
MANAGEMENT’S PHILOSOPHY AND
OPERATING STYLE
• The management of any organization strives for profitable operation, growth and other
indicator business success.
• But there are often difference in how management attempt to achieve goals for business
ORGANIZATIONAL STRUCTURE

• Another key element of a company’s control environment is its organization structure Which
define the line of authority and responsibility within the company and provides the overall
framework for planning, directing and controlling its operation
METHODS OF ASSIGNING AUTHORITY
AND RESPONSIBILITY
• Management’s methods of assigning authority and responsibility have an important influence on
the control environment.
• Authority and responsibility my be assigned through formal job descriptions
 Audit Committee

• An important element of the control environment of a publicly held corporation is the

function of its board of director whose members act as representative of the shareholder in
direction the business and affair of the corporation. Much of board work is performed through
its various committee. Audit committee is the most important board
HUMAN RESOURCES POLICIES AND
PRACTICES
• An organization's personnel policies and practices are still another key element of its control
environment.
• Policies and practice dealing with hiring, training, evaluating, compensating and promoting
employee can have an important effect on the organization
EXTERNAL INFLUENCES

• Numerous external values may effect the operation and practices of a business organization
and its control environment.
CONTROL ACTIVITIES
• The second component of COSO’s internal control model is control activities.
• Generally, control procedures fall into one of five categories:
1 Proper authorization of transactions and activities
2 Segregation of duties
CONTROL ACTIVITIES
3 Design and use of adequate documents and records
4 Adequate safeguards of assets and records
5 Independent checks on performance
PROPER AUTHORIZATION OF
TRANSACTIONS AND ACTIVITIES
• Authorization is the empowerment management gives employees to perform activities and
make decisions.
• Digital signature or fingerprint is a means of signing a document with a piece of data that cannot
be forged.
• Specific authorization is the granting of authorization by management for certain activities or
transactions.
SEGREGATION OF DUTIES
• Good internal control demands that no single employee be given too much responsibility.
• An employee should not be in a position to perpetrate and conceal fraud or unintentional
errors.
SEGREGATION OF DUTIES
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail Authorization Functions
Authorization of
Recording Functions transactions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
SEGREGATION OF DUTIES
• If two of these three functions are the responsibility of a single person, problems can arise.
• Segregation of duties prevents employees from falsifying records in order to conceal theft of
assets entrusted to them.
• Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset
thefts.
SEGREGATION OF DUTIES
• Segregation of duties prevents an employee from falsifying records to cover up an inaccurate
or false transaction that was inappropriately authorized.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The proper design and use of documents and records helps ensure the accurate and complete
recording of all relevant transaction data.
• Documents that initiate a transaction should contain a space for authorization.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The following procedures safeguard assets from theft, unauthorized use, and vandalism:
– effectively supervising and segregating duties
– maintaining accurate records of assets, including information
– restricting physical access to cash and paper assets
– having restricted storage areas
ADEQUATE SAFEGUARDS OF
ASSETS AND RECORDS
• What can be used to safeguard assets?
– cash registers
– safes, lockboxes
– safety deposit boxes
– restricted and fireproof storage areas
– controlling the environment
– restricted access to computer rooms, computer files, and information
INDEPENDENT CHECKS
ON PERFORMANCE
• Independent checks to ensure that transactions are processed accurately are another
important control element.
• What are various types of independent checks?
– reconciliation of two independently maintained set of records
– comparison of actual quantities with recorded amounts
INDEPENDENT CHECKS
ON PERFORMANCE
– double-entry accounting
– batch totals
• Five batch totals are used in computer systems:
1 A financial total is the sum of a dollar field.
2 A hash total is the sum of a field that would usually not be added.
INDEPENDENT CHECKS
ON PERFORMANCE
3 A record count is the number of documents processed.
4 A line count is the number of lines of data entered.
5 A cross-footing balance test compares the grand total of all the rows with the grand total of all
the columns to check that they are equal.
PERTANYAAN

• Sebutkan lima katagori prosedur pengendalian (controls)

• Apa arti dari Authority
• Apa arti dari Segregation of duty
• Apa arti dari Design and Use of Adequate Documents and Records
• Apa arti dari Independen Check and performance
RISK ASSESSMENT
• Companies must identify the threats they face:
– strategic — doing the wrong thing
– financial — having financial resources lost, wasted, or stolen
– information — faulty or irrelevant information, or unreliable systems
RISK ASSESSMENT
• Companies that implement Accounting Information System must identify the threats the
system will face, such as:
1 Choosing an inappropriate technology
2 Unauthorized system access
3 Tapping into data transmissions
4 Loss of data integrity
RISK ASSESSMENT
5 Incomplete transactions
6 System failures
7 Incompatible systems
RISK ASSESSMENT
• Some threats pose a greater risk because the probability of their occurrence is more likely.
• What is an example?
• A company is more likely to be the victim of a computer fraud rather than a terrorist attack.
• Risk and exposure must be considered together.
PERTANYAAN

• Apa yang dimaksud Risk Asessment

• Mengapa RISK harus di identifikasi
• Sebutkan ancaman yang dihadapi dalam SIA dalam kaitannya dengan Risk Assesment
INFORMATION AND COMMUNICATION
• The fourth component of COSO’s internal control model is information and communication.
• Accountants must understand the following:
1 How transactions are initiated
2 How data are captured in machine-readable form or converted from source documents
INFORMATION AND COMMUNICATION
3 How computer files are accessed and updated
4 How data is processed to prepare information
5 How information is reported
6 How transactions are initiated
• All of these items make it possible for the system to have an audit trail.
• An audit trail exists when individual company transactions can be traced through the system.
PERTANYAAN

• Apa yang harus diketahui oleh akuntan dalam kaitannya dengankomponen COSO; Information
and communication?
• Jelaskan dengan contoh
MONITORING PERFORMANCE
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
MONITORING PERFORMANCE
• The fifth component of COSO’s internal control model is monitoring.
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
• Terima Kasih