Professional Documents
Culture Documents
Group 6:
2019
FOREWORD
Our praise and gratitude to God Almighty because for His blessings and grace, we can
work and complete this paper well. Because of His blessings and mercy, so the author can
complete this paper entitled “Auditing Computer-Based Information System” and “The Revenue
Cycle: Sales to Cash Collections”
Not forgetting, we thank Dr. Marselinus Asri, S.E., M.Sc., Ak., CA as a lecturer in
Accounting Information Systems that have guided us in this course. This paper explains about
how to control accounting information systems and also controls for information security.
We also realize that this paper is far from perfect. We hope that this paper can be useful
as an insight into the readers who read this paper. We ask for criticism and suggestions if there
are mistakes or deficiencies in this paper, so that we can learn more and can arrange other papers
better. Finally, we say thank you and happy reading.
Author
ii
TABLE OF CONTENTS
FOREWORD ........................................................................................................................... ii
1.1 Background........................................................................................................................ 4
1.2 Problem Formulation ......................................................................................................... 4
1.3 Purpose .............................................................................................................................. 5
1.4 Benefit of Research ........................................................................................................... 5
CHAPTER II DISCUSSION ................................................................................................... 6
CHAPTER 11.......................................................................................................................... 6
2.1 Introduction ....................................................................................................................... 6
2.2 The Nature of Auditing ..................................................................................................... 7
2.3 Information Systems Audits .............................................................................................. 8
2.4 Audit Software................................................................................................................... 9
2.5 Operational Audits of an AIS ............................................................................................ 9
CHAPTER 12........................................................................................................................ 10
2.1 Introduction ..................................................................................................................... 10
2.2 Revenue Cycle Information System ................................................................................ 10
2.3 Sales Order Entry ............................................................................................................ 11
2.4 Shipping........................................................................................................................... 13
2.5 Billing .............................................................................................................................. 14
2.6 Cash Collections .............................................................................................................. 15
FINAL .................................................................................................................................... 18
iii
CHAPTER I
PRELIMINARY
1.1 Background
Information System Audit is also called EDP Audit (Electronic Data Processing
Audit) / Computer audit is a process collecting data and evacuating evidence to determine
whether computerized application systems have been implemented and implemented
systems control, internal, commensurate, all assets are well protected or misused and also
guaranteed data integrity, reliability and also the effectiveness and efficiency of
organizing computer-based information.
Cash selling and receiving activities are part of a company's business process,
which is usually called the Revenue cycle. In AIS, to handle these activities a separate
subsystem is needed which includes a series of business activities and data collection
activities and processing them into information repeatedly related to the supply of goods
and services, receiving orders from customers to receiving payments. The main purpose
of this activity is to provide the right goods and services at the right place and time, at the
right price, and smooth payment.
The three basic functions of the AIS for the Revenue cycle are (1) obtaining and
processing data regarding various sales and cash receipts activities, (2) storing and
organizing the data to support decision making, (3) monitoring and monitoring to ensure
data reliability and safeguarding resources organization. On the other hand, management
must also continuously monitor and evaluate the efficiency and effectiveness of the
revenue cycle process for the need for system development.
4
1.3 Purpose
1. Know what auditing is and the nature of it.
2. Know the purpose of an information systems audit and audit software.
3. Know what operational audits of an AIS is.
4. Know what the revenue cycle is.
5. Know what the basic activities in the revenue cycle are.
5
CHAPTER II
DISCUSSION
CHAPTER 11
2.1 Introduction
This chapter focuses on auditing an accounting information system (AIS).
Auditing is the systematic process of obtaining and evaluating evidence regarding
assertions about economic actions and events in order to determine how well they
correspond with established criteria. Internal auditing is an independent, objective
assurance and consulting activity designed to add value and improve organizational
effectiveness and efficiency, including assisting in the design and implementation of an
AIS. Internal auditing helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
6
2.2 The Nature of Auditing
1. Overview Of The Audit Process
All audits follow a similar sequence of activities. Audits may be divided into
four stages: planning, collecting evidence, evaluating evidence, and communicating
audit results. Figure 11-1 is an overview of the auditing process and lists many of the
procedures performed within each of these stages.
a. Audit Planning
Audit planning determines why, how, when, and by whom the audit will
be performed. The first step is to establish the audit's scope and objectives. For
example, an audit of a publicly held corporation determines whether its financial
statements are presented fairly.
An audit is planned so the greatest amount of audit work focuses on the
areas with the highest risk factors. There are three types of audit risk:
1) Inherent risk is the susceplibility to material risk in the absence of controls.
2) Control risk is the risk that a material misstatement will get through the
intermal control structure and into the financial statements.
3) Detection risk is the risk that auditors and their audit procedures will fail to
detect a material error or misstatement.
b. Collection Of Audit Evidence
Most audit effort is spent collecting evidence. Because many audit tests
cannot be performed on all items under review, they are often performed on a
sample basis. The following are the most common ways to collect audit
evidence:
1) Observation of the activities being audited.
2) Review of documentation to understand how a particular process or internal
control system is supposed to function.
3) Discussions with employees about their jobs anl ahout how they carry out
certain procedures.
4) Questionnaires that gather data.
5) Physical examination of the quantity and/or condition of tangible assets.
7
6) Reperformance of calculations to verify quantitative information.
7) Vouching for the validity of a transaction by examining supporting
documents.
8) Analytical review of relationships and trends among information to detect
items that should be further investigated.
c. Evaluation Of Audit Evidence
The auditor evaluates the evidence gathered and decides whether it
supports a favorable or unfavorable conclusion. If inconclusive, the auditor
perfoms sufficient additional procedures to reach a definitive conclusion.
d. Communication Of Audit Results
The auditor submits a written report summarizing audit findings and
recommendations to management, the audit committee, the board of directors,
and other appropriate parties. Afterwards, auditors often do a follow-up study to
ascertain whether recommedations were implementes.
2. The Risk-Based Audit Approach
The following internal control evaluation approach, called the risk based audit
approach, provides a framework for conducting information system audits:
a) Determine the threats (fraud and errors) facing the company.
b) Identify the control procedures that prevent, detect, or correct the threats.
c) Evaluate control procedures.
d) Evaluate control weaknesses to determine their effect on the nature, timing, or
extent of auditing procedures.
8
3) Program modifications have management's authorization and approval.
4) Processing of transactons, files, reports, and other computer records is accurate
and complete.
5) Source data that are inaccurate or improperly authorized are identified and
handled according to prescribed managerial policies.
6) Computer data files are accurate, complete, and confidential
9
CHAPTER 12
2.1 Introduction
The revenue cycle is a recurring set of business activities and related informatinn
processing operations associated with providing goods and services to customers and
collecting cash in payment for those sales. The primary external exchange of information
is with customers. Information about revenue cycle activites also flows to the other
accounting cycles. The revenue cycle's primary objective is to provide the right product
in the right place at the right time for the right price.
10
2. Threats And Controls
The revenue cycle begins with the receipt of orders from customers. The sales
department which reports to the vice president of marketing, typically performs the sales
order entry process, but increasingly customers are themselves entering much of this data
through forms on a company's Web site storefront.
1. Process
ln the past, customers orders were entered into the system by employees.
lncreasingly, organizations seek to leverage IT to have customers do more of the data
entry themselves. One way to accomplish this is to have customers complete a form
on the company's Web site. Another is for customers to use electronic data
interchange (EDI) to submit the order electronically in a fomat compatible with the
compauy's sales order processing system. Both techniques improve efficiency and
costs by eliminating the need for human involvement in the sales order entry process.
11
2. Threats and Controls
Activity Threat Controls
Sales order 1. Incompleted/inaccurate 1. Data entry edit controls
entry orders 2. Restriction of access to
2. Invalid orders master data
3. Uncollectible accounts 3. Digital signatures or written
4. Stockouts or excess inventory signatures
5. Loss of customers 4. Credit limits
5. Specific authorization to
approve sales to new
customers or sales that
exceed a customer’s credit
limit
6. Aging of accounts
receivable
7. Perpetual inventory control
system
8. Use of bar codes or RFID
9. Training
10. Periodic physical counts of
inventory
11. Sales forecasts and activity
records
12. CRM systems, self-help
web sites, and proper
evaluation of customer
service ratings
12
2.4 Shipping
1. Process
The picking ticket generated by the sales order entry process triggers the pick
and pack process. Warehouse workers use the picking ticket to identify which
products, and the quantity of each product, to remove from inventory.
13
terminals
11. Configuration of ERP
system to prevent duplicate
shipments
2.5 Billing
1. Process
The basic document created in the billing process is the sales invoice which
notifies customers of the amount to be paid and where to send payment. Like many
companies, AOE still prints paper invoices that it mails to many of its smaller
customers Larger customers, however, receive invoices via EDI. EDI not only
eliminates printing and postage costs. but also the labor involved in performing those
tasks. For companies that generate hundreds of thousands a sales invoices annually
saving even a few seconds per invoice can yield significant cost reductions. TDI
invoices and online hill payment also benefit customers by reducing their tin and
costs, which should increase both satisfaction and loyalty.
2. Threats and controls
14
6. Reconciliation of shipping
documents (picking tickets,
bills of lading, and packing
list) to sales orders
7. Data entry controls
8. Reconciliation of batch
totals
9. Mailing of monthly
statements to customers
10. Reconciliation of subsidiary
accounts to general ledger
11. Segregation of duties of
credit memos authorization
from both sales order entry
and customer account
maintenance
12. Configuration of system to
block credit memos unless
there is either
corresponding
documentation of return of
damaged goods or specific
authorization by
maanagement
15
2. Threats and controls
Activity Threat Controls
Cash 1. Theft of cash 1. Segregation duties-the
collection 2. Cash flow problems person who handles
(deposits) payments from
customers should not also
a. Post remittances to
customer accounts.
b. Create or authorize
credit memos
c. Reconcile the bank
account
2. Use of EFT, FEDI, and
lockboxes to minimize
handling of customer
payments by employess
3. Obtain and use a UPIC to
receive EFT and FEDI
payments from customers.
4. Immediately upon opening
mail, create list of all
customer payments
received
5. Prompt, restrictive
endorsement of all
customer payment
6. Use of cash registers
7. Daily deposit off all cash
receipts
8. Lockbox arrangements,
EFT, or credit cards
16
9. Discounts for prompts
payment by customers
10. Cash flow budgets
17
FINAL
3.1 Conclusion
Internal controls are the processes implemented to provide reasonable assurance
because it permeates an organization’s operating activities and is an integral part of
management activities. Internal controls are also important because it can be used as
safeguard assets, maintain records in sufficient detail, provide accurate and reliable
information, prepare financial reports, promote and improve operational efficiency,
encourage adherence to prescribed managerial policies, and comply with applicable laws
and regulations. There are also three kinds of control framework and each of them has it
usage depends on firm’s requirements.
We also have to understand what kind of tactics that criminals use to attack an
organization’s information system so as not to get caught up in an unwanted situation. If
we have a basic understanding of those kind of things, we can proceed to discuss
methods for mitigating the risk that such attacks, as well as random threats such as
viruses and worms, will be successful.
3.2 Advice
We must remain vigilant and improve internal controls also information security
system so that we are not trapped in a condition that will hamper the company’s
activities.
18
REFERENCES
Romney, Marshall B and Paul John Steinbart. 2015. Accounting Information System. United
States of America: Pearson.
19