Strategic Information Systems for Business and Enterprise

Individual assignment

Case Study – Giant Eggplant

By

Student Name
Table of Contents

1. Introduction ............................................................................................................................. 3

2. Revenue Cycle Data Flow Diagram ........................................................................................ 3

3. Expenditure Cycle Data Flow Diagram................................................................................... 5

4. Giant Eggplant’s System Weaknesses in Physical Internal Controls ...................................... 6

5. Recommendations to IT Controls for Giant’s Eggplant’s System .......................................... 8

6. Conclusion ............................................................................................................................. 10

References ..................................................................................................................................... 12
 1. Introduction

Giant Eggplant is a vegetable and fruit market company in Rowville that belonged to Victoria

State in Australia. It offers various food-related products to the customers including the dairy,

agricultural, and bakery from different bakeries and local farms. Currently, it is equipped with 25

employees into three functional departments including store supervisors, sales staff, and

administrative staff. This company general manager recently identified an issue of decline in the

profits and sales of products in performing buying from suppliers and reselling to customers. It has

a set of procedures for managing the expenditure and revenue cycle. As an internal auditor at Giant

Eggplant, responsibility is given to the assessment of the company’s existing procedures and

processes to expenditure and revenue cycle. The present report is to prepare a document to general

manager on the findings of processes evaluated and identification of the internal controls and risks

presented to the revenue and expenditure cycles by developing the data flow diagram for them.

2. Revenue Cycle Data Flow Diagram

The below figure shows the data flow diagram for the revenue cycle implementing at Giant’s

Eggplant’s system.
 Customer visits Selects food
Customer
products
Updating
electronic stock
records
Pushing shopping carts

Records to
general ledger
Shopping cart and sales
Deposits daily revenue
to counter journal
Bill of purchased products
Reviewing stock information

Sales journal and Summary of sales

Purchase receipt general ledger

Prepares
Generating bill Updating the
Sales staff Sales information deposit slip for
to customer sales records
bank

Generates Store supervisor handover credit Finance clerk

purchase Collects money card receipts and cash
receipt

Figure 1: Data Flow Diagram for Revenue Cycle (Hall, 2015)

As shown in the figure, the revenue cycle includes various key activities and key actors. The actors

involved include customers, sales staff, store supervisor, and finance clerk. First, the customer

visits the stores of Giant Eggplant for purchasing the food and dairy products. Select the desired

food in the desired quantities and adds to the shopping cart and then reach the counter. Then, the

sales staff will gather money from the customer for purchased goods generating the bill. They

accept payment through cash in hand and credit card and generates a purchase receipt to customers.

Then, the store supervisor all payment receipts and cash to the finance clerk. Finance clerk reviews

and updates the sales records and enter a summary of sales in a day to sales journal and general

ledger. After that, a deposit slip is prepared to deposit the amount into the bank.
 3. Expenditure Cycle Data Flow Diagram

The below figure shows the data flow diagram for the expenditure cycle implementing at Giant’s

Eggplant’s system.

Warehouse Identifies products Purchase Transfers goods

clerk required order Vendor

Mails cheque

Cheque
Assess
register Transfers invoice to
packing slip

Records cheque into Accounting

clerk
Corrects invoices
Restocks shelves in Reviews
Updating
warehouse due Summary of cash disbursements
records of
invoices
stock

Prints journal
Transfers to
Preparation of hard copy voucher

Purchase Send to finance Finance General

Post to
summary clerk clerk ledger

Figure 2: Data Flow Diagram for the Expenditure Cycle (Dennis, Wixom, & Roth, 2012)

As shown in the figure, the expenditure cycle includes various key activities and key actors. The

actors involved include warehouse clerk, vendors, accounting clerk, and finance clerk. These are

responsible for performing different tasks. First of all, the warehouse clerk checks for empty

shelves to fill with the products. If products are required, then he prepares a note to order the

products from the vendor. A purchase order is sent to the supplier through phone or email. After

receiving the goods, the warehouse clerk assesses the packing slip and updates the stock details

from the computer. The purchase summary is prepared and transferred to the finance clerk to post
to the general ledger. Then, the invoice of the vendor is transferred to the accounting clerk to make

corrections. Then, he sends a cheque to the vendor through email producing details into the cheque

register. A journal voucher is prepared and printed including the details of cash disbursements and

transfer to the finance department. Then, the finance clerk posts the journal voucher to general

ledger accounts.

4. Giant Eggplant’s System Weaknesses in Physical Internal Controls

The physical internal controls are defined as the activities associated with the employees working

with the accounting system in the context of Giant Eggplant’s company. These are completely

manual activities that involve the facilitation of physical protection to assets. Sometimes physical

controls may associate with the utilization of the personal computers for recording the sales

transactions and updating the details of accounts. These do not any relation with the computer

logic used to do accounting activities. The main focus of physical controls is on the humans in

which paperwork is taking place in accounting activities (Hall, 2010). The physical controls are

divided into six types including the supervision, access control, authorization of transactions,

accounting records, segregation of responsibilities, and independent verification.

In Giant Eggplant’s system set of weaknesses is presented on the physical internal controls that

are categorized into six types.

Authorization of transactions: In the expenditure cycle of Giant Eggplant’s, there is no general

authorization on the existing suppliers or vendors in purchasing or ordering the inventory. No

preapproval is established for the warehouse clerk from the general manager prior to making a

purchase order. The management is failed to the proper allocation of the registers to manage the

sales and checking the credit limit of the customers making payment through credit cards. No
specific authority is established for extending the credit limit of a customer against the normal

amount.

Segregation of responsibilities: In the revenue cycle activities, there is no proper segregation of

responsibilities to the sales staff in authorizing the transactions. They are allocated to other regular

operations instead of checking the damage caused to the products by humans. No segregation is

presented in ordering inventory between the warehouse department and the sales department

(Kumuthinidevi, 2016).

Supervision: Lack of supervision is observed on the five registers established to manage the sales

as less number of employees are working. Only one store supervisor is established to monitor the

five cash registers and the collection of money from the customers. No person is handling the

issues facing by the customer in making a credit card payment. It is impossible to provide physical

custody to the assets as lack of supervision exists. There is no supervision on the sales staff and

data warehouse clerk in monitoring their activities and prevention of fraud being occurred.

Accounting records: Giant Eggplant’s does not establish any audit trails to monitor the economic

transactions and events from initiation to financial statement development. Audit trails are absent

in financial audit and evaluating the way of response providing to the inquiries made by customers

and managing the regular transactions and assessing journals, accounting ledgers, and source

documents to aligning the legal obligations like tax payment. This results in increasing the

loopholes for financial fraud in the future (Ainsworth & Deines, 2019).

Access control: Access controls are to guarantee that access is provided to authorize employees

towards the assets of the company. These are not presented for the audit trails to ensure protection

to accounting records in maintaining integrity and avoiding destroying of sales records. Physical
security is not provided to the five cash registers to avoid direct and indirect access to other people

when the Store supervisor is not at his desk that may result in theft of money.

Independent verification: Independent supervision is lacked in verifying the activities of the

individual employees in different departments including accounting, warehouse, finance, and

sales. Finance clerk in revenue management does not perform the counting of sales in the presence

of the store supervisor and product warehouse clerk to align match between the products sold and

cash received. Lack of management assessment on the evaluation of the manual and computer

reports.

5. Recommendations to IT Controls for Giant’s Eggplant’s System

IT controls are specified only for the environment of computer systems to ensure protection for

the data. These are of two types including the application controls and general controls.

Application controls are intended to manage the integrity of several systems including the accounts

payable, sales order processing, and payroll applications. These are also helpful in ensuring the

accuracy, completeness, and validity of the financial transactions (Anomah & Agyabeng, 2013).

General controls are required to manage the system development activities, data center, providing

maintenance for programs, and organizing the databases. These are required to guarantee that the

business met its objectives.

Application controls: The controls used for accounting applications and manual procedures at

Giant’s Eggplant systems are identified as input controls, output controls, and processing controls.

The input controls work for the different activities including the authorization of input, conversion

of data, and edit checks. Input authorization requires only the authorization from the intended

people. For example, to enter the data of sales transactions of food products, the authorization is
only given to the financial clerk. Data conversion controls are required to reduce the error while

transcribing data presented in one form to another form (BPP Learning Media, 2016). Edit check

the advantageous control in correcting the errors occurred by mistakenly. The output controls are

required for the processing of the data completely and accurately to distribute it in the organization.

These are of different types including the assessment of the processing jobs done by the computer,

formal documentation and adoption of procedures for checks and reports, performing audits on the

output reports, and achieving a balance between the processing and input totals. The processing

controls are useful in establishing accurate and complete data while updating the sales and

inventory details. These are of three types including the edit checks, computer matching, and run

control totals. Edit checks are used for improving the consistency between the data related to

transactions performed by customers (ACCA Global, 2019). Computer matching technique is used

for performing the investigation of whether complete data is using for updating the information.

The matching programs developed are helping in identifying whether employee time cards are

matching with the master files presented in the payroll system. Run control charts are used in

comparing through computer and manual operations for processing data.

General controls: The general controls are divided into six types including the hardware controls,

software controls, computer operations control, administrative controls, data security controls, and

implementation controls. Software controls must be used for prohibiting unauthorized access of

computer programs and software programs. Program security controls are utilized to avoid the

required modifications and changes to software programs (AICPA, 2016). Hardware controls need

to be used for improving the performance and guaranteeing physical security. The mechanism such

as validity checks, echo checks, and parity checks are useful in monitoring the equipment

malfunction. The administrative controls focus on imposing strict rules in performing the
operations. These include procedures, standards, control disciplines, and rules to ensure that all

application and general controls are properly implemented. These are mainly three types including

supervision, separation of responsibilities, and facilitating the written procedures and policies. It

needs to ensure that no loopholes are presented with these controls to avoiding manipulation of

assets. The data security controls are required to increase protection to value data from the

unauthorized changing and accessing and abuse of data. These need to be implemented in different

levels such as terminals to restriction of physical access of computers, password-based

authentication, and security restrictions on the different systems and applications (Moeller, 2013).

Implementation controls need to be integrated if the organization plans to develop its own systems.

These include audits on the system development activities and techniques for quality assurance,

system testing, and system conversion. These focus on user engagement to analyze the costs and

benefits.

6. Conclusion

Giant Eggplant’s using the accounting information systems to manage the sales and accounting

operations. It has been using several internal physical controls to take custody of the assets. The

present report focused on the assessment of the weaknesses presented in the revenue and

expenditure cycles at Giant Eggplant systems. It covered various key sections including the

revenue cycle data flow diagram, expenditure cycle data flow diagram, assessment of the

weaknesses presented in the physical internal controls, and recommendation of the required IT

controls to the systems. Data flow diagrams are developed effectively to understand the key

processes and actors involved in the revenue and expenditure cycle. Giant Eggplant’s System

Weaknesses in Physical Internal Controls are identified in six physical controls such as

supervision, access control, authorization of transactions, accounting records, segregation of

responsibilities, and independent verification. The recommendations for IT controls are provided

as application controls and general controls. Application controls include input controls, output

controls, and processing controls and general controls include hardware controls, software

controls, computer operations control, administrative controls, data security controls, and

implementation controls.
References

ACCA Global. (2019). Auditing in a computer-based environment (2). Retrieved from

accaglobal.com/: https://www.accaglobal.com/in/en/student/exam-support-
resources/professional-exams-study-resources/p7/technical-articles/auditing-computer-
based-environment2.html
AICPA. (2016). Audit Guide: Assessing & Responding to Audit Risk In a Financial Statement
Audit. New York: John Wiley & Sons.
Ainsworth, P., & Deines, D. (2019). Introduction to Accounting: An Integrated Approach. New
Jersey: John Wiley & Sons.
Anomah, S., & Agyabeng, O. (2013). Evaluating internal controls in a computerised works
environment – a risk to audit professionals and a challenge to accountancy training
providers. Research Journal of Finance and Accounting, 4(1), 132-143.
BPP Learning Media. (2016). ACCA F8 Audit and Assurance. UK: BPP Learning Media.
Dennis, A., Wixom, B. H., & Roth, R. M. (2012). Systems Analysis and Design (5th ed.). New
York: John Wiley & Sons.
Hall, J. A. (2010). Accounting Information Systems. USA: Cengage Learning.
Hall, J. A. (2015). Information Technology Auditing (4th ed.). Boston: Cengage Learning.
Kumuthinidevi, S. (2016). A Study on Effectiveness of the Internal Control System in the Private
Banks of Trincomalee. International Journal of Scientific and Research Publications, 6(6),
600-612.
Moeller, R. R. (2013). Executive's Guide to COSO Internal Controls: Understanding and
Implementing the New Framework. New Jersey: John Wiley & Sons.