Control in Financial Information System: A Review
Control in Financial Information System: A Review
Financial A review
Information
System
l The second function of a well-designed AIS is to
provide adequate controls to ensure that the following
objectives are met:
Transactions are properly authorized.
Recorded transactions are valid.
Control Valid, authorized transactions are recorded.
Objectives Transactions are recorded accurately. Assets (cash,
inventory, and data) are safeguarded from loss or theft.
CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
l What are some exposures?
– inaccurate records and reports, resulting in
bad decisions based on erroneous information
– leak of confidential data
– corruption of general ledger
– cover-up of theft
– loss of data
– loss of assets
CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
What are some control procedures?
– input, edit, and processing controls
– reconciliations and control reports
– access controls
– adequate audit trail
– proper backup procedures
– disaster recovery plan
CONTROL OBJECTIVES,
THREATS, AND PROCEDURES
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN REVENUE
CYCLE
l What are some threats?
credit sales to customers with poor credit
Control shipping errors
Objectives, theft of cash and inventory
Threats, and failure to bill customers
Procedures billing errors
loss of data
l What are some exposures?
uncollectible sales and losses due to bad debts
Control customer dissatisfaction
Objectives, loss of assets and overstated assets
Threats, and loss of revenue and inventory
Procedures incorrect records and poor decision making
loss of confidential information
l What are some control procedures?
credit approval by credit manager and sales function
Control reconciliation of sales order with picking ticket and
Objectives, packing slip
13 - 12
Control Objectives,
Threats, and Procedures
l Assets (cash, inventory, and data) are safeguarded from loss or
theft.
l Business activities are performed efficiently and effectively.
13 - 13
Control Objectives,
Threats, and Procedures
l What are some threats?
– stockouts
– purchasing too many or unnecessary goods
– purchasing goods at inflated prices
– purchasing goods of inferior quality
– purchasing from unauthorized vendors
– kickbacks
13 - 14
Control Objectives,
Threats, and Procedures
– receiving unordered goods
– errors in counting goods
– theft of inventory
– failure to take available purchasing discounts
– errors in recording and posting purchases and payments
– loss of data
13 - 15
Control Objectives,
Threats, and Procedures
l What are some exposures?
– production delays and lost sales
– increased inventory costs
– cost overruns
– inferior quality of purchased goods
– inflated prices
– violation of laws or import quotas
– payment for items not received 13 - 16
Control Objectives,
Threats, and Procedures
– inaccurate inventory records
– loss of assets
– cash flow problems
– overstated expenses
– incorrect data for decision making
13 - 17
Control Objectives,
Threats, and Procedures
l What are some control procedures?
– inventory control system
– vendor performance analysis
– approved purchase requisitions
– restricted access to blank purchase requisitions
– price list consultation
– budgetary controls
13 - 18
Control Objectives,
Threats, and Procedures
– use of approved vendor lists
– approval of purchase orders
– prenumbered purchase orders
– prohibition of gifts from vendors
– incentives to count all deliveries
– physical access control
– recheck of invoice accuracy
– cancellation of voucher package 13 - 19
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN PAYROLL
CYCLE
Control Objectives,
Threats, and Procedures
l The second function of the AIS in the
HRM/payroll cycle is to provide adequate
internal controls to ensure meeting the
following objectives:
– payroll transactions are properly authorized
– recorded payroll transactions are valid
– authorized payroll transactions are recorded
– payroll transactions are accurately recorded
15 - 21
Control Objectives,
Threats, and Procedures
– applicable government regulations regarding remittance of
taxes and filing of payroll and HRM reports are met
– assets (both cash and data) are safeguarded from loss or theft
– HRM/payroll cycle activities are performed efficiently and
effectively
15 - 22
Control Objectives,
Threats, and Procedures
l What are some threats?
– hiring of unqualified or larcenous employees
– violation of employment law
– unauthorized changes to the master payroll file
– inaccurate time data
– theft or fraudulent distribution of paychecks
– loss or unauthorized disclosure of payroll data
15 - 23
Control Objectives,
Threats, and Procedures
l What are some exposures?
– increased expenses
– lower productivity
– theft
– fines and civil suits
– inaccurate records and reports
– over/underpayment of employees
– reduced morale
15 - 24
Control Objectives,
Threats, and Procedures
What are some control procedures?
– sound hiring practices (verification of job applicant’s skills,
references, and employment history)
– thorough documentation of hiring procedures
– segregation of duties
– batch totals and other application controls
15 - 25
Control Objectives,
Threats, and Procedures
– direct deposit
– paycheck distribution by someone independent of payroll
process
– investigation of all unclaimed paychecks
– separate payroll checking account
– access control
– backup procedures
– encryption
15 - 26
REVIEW:
WHAT SOME THREATS, EXPOSURES,
CONTROL PROCEDURES IN PRODUCTION
CYCLE
Control Objectives,
Threats, and Procedures
l The second function of a well-designed AIS is to provide
adequate controls to ensure that the following objectives are
met:
1 All production and fixed asset acquisitions are properly
authorized.
2 Work-in-process inventories and fixed assets are safeguarded.
3 All valid, authorized production cycle transactions are
recorded.
14 - 28
Control Objectives,
Threats, and Procedures
4 All production cycle transactions are recorded accurately.
5 Accurate records are maintained and protected from loss.
6 Production cycle activities are performed efficiently and
effectively.
14 - 29
Control Objectives,
Threats, and Procedures
l What are some threats?
– unauthorized transaction
– theft or destruction of inventories and fixed assets
– recording and posting errors
– loss of data
– inefficiencies and quality control problems
14 - 30
Control Objectives,
Threats, and Procedures
l What are some exposures?
– overproduction and excess inventories
– obsolescence
– underproduction, stockouts, and lost sales
– excess investment in fixed assets
– loss of assets
– overstated inventory records
14 - 31
Control Objectives,
Threats, and Procedures
– ineffective scheduling and planning
– decision errors
– increased expenses and taxes on fixed assets that are
incorrectly valued
– ineffective decision making
– loss of customer goodwill and future sales
14 - 32
Control Objectives,
Threats, and Procedures
l What are some control procedures?
– accurate sales forecasts and inventory records
– authorization of production
– restricted access to production planning program and to blank
production order documents
– review and approval of capital asset expenditures
14 - 33
Control Objectives,
Threats, and Procedures
– documentation of all internal movements of inventory
– proper segregation of duties
– source data automation
– on-line data entry edit controls
– backup and disaster recovery procedures
– regular performance reports
– cost of quality control measurement
14 - 34
CONTROL IN REVENUE CYCLE, SILVIA VERONIKA
CONTROL IN EXPENDITURE CYCLE, ALIKA NATHASA
CONTROL IN PAYROLL, TETI YULIA
Ada kasus yang dibahas.
Format presentation
Case Description
Introduction
Pentingnya control pada siklus pendapatan
Problem Staements
Objective
Methodology
Review Literature
Discussion
Conclusion
Control in
Financial A review
Inforamation
System
INTERNAL CONTROL SYSTEMS
High Cost of
Computer
error
• Cost of computer abuse
• Value of hardware,
Maintenance
Privacy
software, personnel
• High cost of computer
error
Cost of
incorrect
decision
Controlled
Evolution of
• Maintenance of privacy
• Controlled evolution of
Computer use
computer use
Cost of
computer
abuse
• The core business is Its people-their individual attributes, including integrity, ethical vales and
competence and the environment in which they are operate.
• They are the engine that drive organization and the foundation on which everything rest
RISK ASSESSMENT
• The organization must aware of and deal with the risk it faces
• It must set objectives, integrated with the sales, production, marketing, financial and other
activities.
• So that the organization is operating in concrete,. It must also establish mechanism to identify,
analyze and manage the related risks
CONTROL ACTIVITIES
• Control policies and procedure must be establish and execute to help ensure that the action
identifies by the management as necessary to address risk to achievement of the organization’s
objective are effectively carried out
INFORMATION AND COMMUNICATION
• Surrounding the control activities are information and communication. These enable the
organization’s people to capture and exchange the information needed to conduct. Manage and
control its operation
MONITORING
• The entire process a must be monitored and modifications made as necessary. In this way the
system can react dynamically. Changing as condition warrant
• Mana yang paling penting diantara 5 komponen internal control.
THE CONTROL ENVIRONMENT
• The control environment consists of many factors, including the following:
1 Commitment to integrity and ethical values
2 Management’s philosophy and operating style
3 Organizational structure
THE CONTROL ENVIRONMENT
4 The audit committee of the board of directors
5 Methods of assigning authority and responsibility
6 Human resources policies and practices
7 External influences
COMMITMENT TO INTEGRITY AND
ETHICAL VALUES
• The management of an organization must show their commitments toward implementation of
ethical values
• The most critical aspect of an organization’s control environment is management’s attitude
toward internal control and the emphasis it places on internal control in the organizations
MANAGEMENT’S PHILOSOPHY AND
OPERATING STYLE
• The management of any organization strives for profitable operation, growth and other
indicator business success.
• But there are often difference in how management attempt to achieve goals for business
ORGANIZATIONAL STRUCTURE
• Another key element of a company’s control environment is its organization structure Which
define the line of authority and responsibility within the company and provides the overall
framework for planning, directing and controlling its operation
METHODS OF ASSIGNING AUTHORITY
AND RESPONSIBILITY
• Management’s methods of assigning authority and responsibility have an important influence on
the control environment.
• Authority and responsibility my be assigned through formal job descriptions
Audit Committee
• Numerous external values may effect the operation and practices of a business organization
and its control environment.
CONTROL ACTIVITIES
• The second component of COSO’s internal control model is control activities.
• Generally, control procedures fall into one of five categories:
1 Proper authorization of transactions and activities
2 Segregation of duties
CONTROL ACTIVITIES
3 Design and use of adequate documents and records
4 Adequate safeguards of assets and records
5 Independent checks on performance
PROPER AUTHORIZATION OF
TRANSACTIONS AND ACTIVITIES
• Authorization is the empowerment management gives employees to perform activities and
make decisions.
• Digital signature or fingerprint is a means of signing a document with a piece of data that cannot
be forged.
• Specific authorization is the granting of authorization by management for certain activities or
transactions.
SEGREGATION OF DUTIES
• Good internal control demands that no single employee be given too much responsibility.
• An employee should not be in a position to perpetrate and conceal fraud or unintentional
errors.
SEGREGATION OF DUTIES
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail Authorization Functions
Authorization of
Recording Functions transactions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
SEGREGATION OF DUTIES
• If two of these three functions are the responsibility of a single person, problems can arise.
• Segregation of duties prevents employees from falsifying records in order to conceal theft of
assets entrusted to them.
• Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset
thefts.
SEGREGATION OF DUTIES
• Segregation of duties prevents an employee from falsifying records to cover up an inaccurate
or false transaction that was inappropriately authorized.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The proper design and use of documents and records helps ensure the accurate and complete
recording of all relevant transaction data.
• Documents that initiate a transaction should contain a space for authorization.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The following procedures safeguard assets from theft, unauthorized use, and vandalism:
– effectively supervising and segregating duties
– maintaining accurate records of assets, including information
– restricting physical access to cash and paper assets
– having restricted storage areas
ADEQUATE SAFEGUARDS OF
ASSETS AND RECORDS
• What can be used to safeguard assets?
– cash registers
– safes, lockboxes
– safety deposit boxes
– restricted and fireproof storage areas
– controlling the environment
– restricted access to computer rooms, computer files, and information
INDEPENDENT CHECKS
ON PERFORMANCE
• Independent checks to ensure that transactions are processed accurately are another
important control element.
• What are various types of independent checks?
– reconciliation of two independently maintained set of records
– comparison of actual quantities with recorded amounts
INDEPENDENT CHECKS
ON PERFORMANCE
– double-entry accounting
– batch totals
• Five batch totals are used in computer systems:
1 A financial total is the sum of a dollar field.
2 A hash total is the sum of a field that would usually not be added.
INDEPENDENT CHECKS
ON PERFORMANCE
3 A record count is the number of documents processed.
4 A line count is the number of lines of data entered.
5 A cross-footing balance test compares the grand total of all the rows with the grand total of all
the columns to check that they are equal.
PERTANYAAN
• Apa yang harus diketahui oleh akuntan dalam kaitannya dengankomponen COSO; Information
and communication?
• Jelaskan dengan contoh
MONITORING PERFORMANCE
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
MONITORING PERFORMANCE
• The fifth component of COSO’s internal control model is monitoring.
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
• Terima Kasih