Accounting Information System 1: Final Exam Tips

Topic 6 & 7: Internal Control

Controls are segregated into two categories:
1. General controls which ensure that organization’s control environment is stable
and well managed.
2. Application controls that prevent, detect, and correct transaction errors and fraud
in application programs.
Control Framework:
1. COBIT - Framework for Information and Related Technology (IT) control
2. COSO - Framework for enterprise internal controls (control-based approach)
3. COSO- ERM Expands COSO framework taking a risk-based approach

Enterprise Risk Manage Integrated Framework (ERM)

 An enhanced corporate governance document.
 Expands on elements of preceding framework.
 Provides a focus on the broader subject of enterprise risk management.
The major difference between COSO and COSO-ERM is that COSO-ERM’s focus is on
a risk-based approach and the components are expanded for this approach (objective
setting, event identification, and risk response are added). All of the other components are
similar.

Control Activities: (Topic 7 – Slides 24)

 Proper authorization of transactions and activities (Slides 25, 26)

o Employees who process transactions should verify the presence of the

appropriate authorizations. Auditors review transactions for proper
authorization.

o Management should have written policies for both types of authorization

and for all types of transactions.

 Segregation of duties (Slides 27 – 48)

o Authority and responsibility must be divided clearly among the employees.

  Project development and acquisition controls (Slides 49)

o Implement appropriate control to make it possible for management to trace

information inputs from source to disposition and vice versa.

 Change management controls (Slides 50)

o Organizations constantly modify their information systems

 Design and use of documents and records (Slides 51, 52)

o Form and content should be kept as simple as possible.

o Documents that initiate a transaction should contain a space for

authorization.

o Those used to transfer assets should have a space for the receiving party’s
signature.

o Documents should be sequentially pre-numbered. To reduce likelihood that

they would be used fraudulently and help to ensure that all valid transactions
are recorded.

 Safeguarding assets, records, and data (Slides 53 – 56)

o Maintain accurate records of all assets

o Periodically reconcile recorded amounts to physical counts

o Restrict access to assets - Use restricted storage areas for inventories and
equipment, Use cash registers,

o Protect records and documents - Limit access to blank checks and documents
to authorized personnel.

 Independent checks on performance (Slides 57 – 60)

o Top-level reviews, Analytical reviews, Independent review

o Reconciliation of independently maintained sets of records

 o Comparison of actual quantities with recorded amounts

o Double-entry accounting

Topic 8: Input, Processing & Output Controls

Input Controls:

 Forms design  Validity check

 Pre-numbered forms sequence test  Reasonableness test
 Turnaround documents  Check digit verification
 Cancellation and storage of documents  Sequence check
 Field check  Error log
 Sign check  Batch totals
 Limit check  Prompting
 Range check  Closed-loop verification
 Size (or capacity) check  Transaction logs
 Completeness check

Processing Controls:

 Data matching
 File labels
 Recalculation of batch totals
 Cross-footing balance test
 Write-protection mechanisms
 RFID security
 Database processing integrity procedures

Output Controls:

 User review of output

  Reconciliation procedures
 External data reconciliation

Availability Controls: Slides 35

Topic 9: Revenue Cycle

Sales Order Entry:

 Orders entered online can be routed directly to the warehouse for picking and
shipping.
 Electronic data interchange (EDI) can be used to link a company directly with its
customers to receive orders or even manage the customer’s inventory.
 Email and instant messaging are used to notify sales staff of price changes and
promotions.
 Laptops and handheld devices can equip sales staff with presentations, prices,
marketing and technical data, etc.

Approve customer credit:

 Automatic checking of credit limits and balances
 Emails or IMs to the credit manager for accounts needing specific authorization

Transaction processing technology can be used to improve customer relationships:

 POS systems can link to the customer master file to:
o Automatically update accounts receivable.
o Print customized coupons (e.g., if the customer just bought yogurt, print a
yogurt coupon to encourage repeat sales).

IT should be used to automate responses to routine customer requests:

 Providing telephone menus or Websites that lead customers to answers about:
o Account balances
o Order status
o Frequently asked questions (FAQs)
 Online chat or instant messaging
Threats in Sales Order Entry: (problem & controls)
 Incomplete or inaccurate customer order (Slides17)
 Uncollectible accounts (Slide 18)
 Invalid orders (Slide 19)
 Stockouts and excess inventory (Slide 20)
Threats in Shipping: (problem & controls)
 Shipping errors (Slide 28)
 Theft of Inventory (Slide 29)

Billing
Requires information from:
 Shipping Department on items and quantities shipped.
 Sales on prices and other sales terms.
Two basic ways to maintain accounts receivable:
 Open-invoice method - Customers pay according to each invoice.
 Balance forward method - Customers pay according to amount on their monthly
statement, rather than by invoice.
Threats in Billing: (problems & controls)
 Failure to bill customers (Slide 36)
 Billing errors (Slide 37)
 Errors in maintaining customer accounts (Slide 38)

Cash Collections
Possible approaches to collecting cash: (Slides 41 – 46)
 Turnaround documents forwarded to accounts receivable.
 Lockbox arrangements.
 Electronic lockboxes.
 Electronic funds transfer and bill payment.
 Financial electronic data interchange (FEDI).
 Accept credit cards or procurement cards from customers
Threats in Cash Collections: (problems & controls)
 Theft of cash (Slides 47 – 49)
General Control Issues
Threats in General Control Issues: (problems & controls)
 Loss, alteration, or unauthorized disclosure of data (Slides 51 – 53)
 Poor performance (Slide 54)
Topic 10: Expenditure Cycle
Three approaches to ordering: (inventory control methods)
1. Economic quantity ordered (EOQ) is used to minimize costs and stockouts. For
example, stores may identify certain inventory items that are sold frequently and
may have an EOQ that is different than an inventory item that is not sold as
frequently.
2. Materials requirements planning (MRP) is based on forecast sales.
3. Just-in-time inventory (JIT) responds to actual sales (demand).

Threats in Ordering Goods: (problems & controls)

 Stockouts and/or excess inventory (Slides 18, 19)
 Ordering unnecessary items (Slides 20, 21)
 Purchasing goods at inflated prices (Slides 22, 23)
 Purchasing goods of inferior quality (Slides 24, 25)
 Purchasing from unauthorized suppliers (Slides 26, 27)
 Kickbacks = rebate (Slides 28, 29)

The two major responsibilities of the receiving department are: (Slides 32 – 35)
 Deciding whether to accept delivery.
 Verifying the quantity and quality of delivered goods.

Threats in Receiving and Storing Goods: (problems & controls)

 Receiving unordered goods (Slide 36)
 Errors in counting received goods (Slides 37)
 Theft of inventory (Slides 38, 39)

There are two basic approaches to processing vendor invoices: (Slides 43 – 45)
 Non-voucher system
 Voucher system
Threats in Approving and Paying Vendor Invoices: (problems & controls)
 Errors in suppliers invoices (Slide 47)
 Paying for goods not received (Slide 48)
 Failing to take available purchase discounts (Slide 49)
 Paying the same invoice twice (Slide 50)
 Recording and posting errors to accounts payable (Slide 51)
 Misappropriating cash, checks, or EFTs (Slide 52)

To prevent schemes where an employee causes his employer to issue a fraudulent check:
(Slide 53)
To prevent check alteration and forgery: (Slide 54)
If a petty cash fund is needed: (Slide 55)
Electronic funds transfer requires additional control procedures: (Slide 56)

Threats in General Control Issues: (problems & controls)

 Loss, alteration, or unauthorized disclosure of data (Slides 58 - 60)
 Poor performance (Slide 61)

Topic 11: Production Cycle

There are two common approaches to production planning: (Slides 13 – 15)
 Manufacturing Resource Planning (MRP-II) [extension of MRP inv control
system]
 Lean Manufacturing (extension of Just-in-time inventory systems)

Key documents and forms:

 Master production schedule
 Production order
 Materials requisition
 Move ticket
Threats in Planning and Scheduling: (problems & controls) (Slide 20)
 Poor product design
 Over and under production

Threats in Production Operations: (problems & controls) (Slide 24)

 Inventory theft
 Fixed asset theft
 Poor performance
 Suboptimal investments in fixed assets
 Loss of inventory or fixed assets due to fire or disasters
 Disruption of operations

Types of cost accounting systems:

 Job order costing (Slide 26)
 Process costing (Slide 27)

The amounts involved necessitate some modification to the process:

 Competitive bidding
 Number of people involved
 Payment
 Controls
 Disposal

A typical AIS would look something like the following:

 Product design
 Production planning
 Cost accounting
 Production operations

Threats in Cost Accounting: (problems & controls) (Slide 45)

 Inaccurate cost data
 Inappropriate allocation of overhead costs
 Misleading reports
Topic 12: Human Resource & Payroll Cycle
Human Resource Management Process: Slide 4
Threats in Preparing Payroll: (problems & controls) (Slide 20)
 Unauthorized changes to payroll master data
 Inaccurate updating of master data
 Inaccurate time and attendance data
 Errors in processing payroll
Disburse Payroll (Slide 22)
 For control purposes, checks should not be drawn on the company’s regular bank
account
 A separate account is created for this purpose.
 Limits the company’s loss exposure.
 Makes it easier to reconcile payroll and detect paycheck forgeries.

Threats in Disbursing Payroll: (problems & controls) (Slide 28)

 Theft or fraudulent distribution of paychecks
 Failure to make required payments
 Untimely payments
 Inaccurate payments

Topic 13: General Ledger & Reporting System

Threats in Update General Ledger: (problems & controls) (Slide 10)
 Inaccurate updating of general ledger
 Unauthorized journal entries

Threats in Post Adjusting Entries: (problems & controls) (Slide 14)

 Inaccurate adjusting entries
 Unauthorized adjusting entries
 Threats in Prepare Financial Statements & Produce Managerial Reports: (problems &
controls) (Slide 14)
 Inaccurate financial statements
 Fraudulent financial reporting
 Poorly designed reports and graphs
Internal Controls

Revenue Cycle

 A second member of the accounts team or staff independent of the accounts team should
assist with the mail, one should open the post and the second should record cash received
in the cash log.

 Related members of staff should not be allowed to work in the same department where
they can seek to override segregation of duty controls.

 Cash and cheques should be ideally banked daily, if not then it should be stored in a
fireproof safe, and access to this safe should be restricted to supervised individuals.
 Cash and cheques should be banked every day.
 Customer statements should be sent out each month to all customers. The receivables
ledger supervisor should check that all customers have been sent statements.
 The cashier should prepare the paying-in-book from the cash received log. Then a
separate responsible individual should have responsibility for banking this cash.
 The cashier should update the cash book from the cash received log. A member of the
sales ledger team should update the sales ledger.

 Bank reconciliations should be performed monthly. A responsible individual should then

review them.
 Bank reconciliations should be reviewed regularly by an appropriate level of
management who is not involved in its preparation. Unreconciled amounts should be
investigated and resolved at the time of review.
 Cash should be collected at irregular times and possibly someone other than the payroll
clerk each time. The cash if it has to be held overnight should be kept in the company
safe and not with the managers.
 Those collecting the cash wages should sign for it personally and any uncollected cash
wages should be returned to the company safe.
Expenditure Cycle
 Observe and inquire about personnel performing purchasing, shipping, payables and
disbursing functions.
 Account for numerical sequence of receiving reports and determine that all were
recorded.
 Observe and inquire about the procedure performed by mail clerk.
 Compare date mail is received to date accounting received invoices.
 Examine cancelled invoices for indication of checking for clerical accuracy.
 Examine indication of approval.
 Observe whether the system automatically posts checks when they are prepared.
 Examine invoices for which checks have been disbursed to determine that they have been
cancelled.
 Observe and inquire about the handling of checks from the time they are mailed to
suppliers.

Weaknesses of internal control procedures Recommendations to improve

(1) Purchase goods from various Compile a list of approved suppliers
suppliers before sending out the purchase order.
There is no checking among the suppliers
Looking into the price, quality, delivery Look into area of price, quality, delivery
time, terms and condition time, terms and condition, credit terms
Does not prepare a list of approved
suppliers
(2) Purchase orders are not sequentially All purchase order should be sequentially
numbered numbered and frequently checked.
Do not know how many purchase orders
are placed and whether the purchase
orders are fulfilled.
Check the sequence regularly to ensure
Not able to check whether the orders are that all purchase orders are fulfilled.
fully completed or fulfilled according to
the sequence number.
(3) Only orders above RM5,000 require All purchase orders should be properly
authorization from purchasing authorized by the authorized personnel
manager established by the company.
There is a possibility that big amount of
orders may be split into small amount of
Authorization can by any level and
orders which are below Rm5,000
properly authorized.
Fraud could happen

(4) The purchase ledger is posted There should be an authorized personnel

manually to the general ledger to confirm and reconcile the purchase
ledger account and general ledger account
It should be updated automatically and
regularly to the general ledger account.
(5) The policy of delaying payments to The company should establish a cash flow
all suppliers for as long as possible forecast and cash flow budget to ensure
that sufficient funds are available for
Delayed payments may destroy the
payments to suppliers.
relationship with the suppliers
Cash flow budgets can maximize the cash
The suppliers may not want to supplier
and bank balance and ensure that there is
the goods to the company in the future
no delayed payments to the suppliers in
order to maintain a good relationship with
the suppliers.
(6) The finance director, Mr. Amar is The finance director should be provided
given the total amount of the payments with the supporting document for each of
list and there is no supporting the suppliers and a full payment list so
document for each payment that he is able to review and check all the
payments.
He did not actually look into the amount
for each of the supplier and he did not
have the supporting document to review
To avoid payments to unknown suppliers,
He is not provided with the supporting double payments or any error of
document and payment list to review payments.
before he authorize the payment
Human Resource & Payroll Cycle

(i) Deficiency (ii) Internal control recommendation

(2) The foreman is in a position to set up The issue of new employee numbers
fictitious employees onto the wages should be authorized by a manager and
system as he has authority to issue supported by employee contract letter.
temporary employee numbers. This would
allow him to collect cash wages for such
bogus/fictitious employees.
(4) The two wages clerks are responsible The list of personnel should be matched
for the set up and maintenance of all with the payroll by a manger and all new
employee records. They could therefore, employee records should be authorized
in conclusion, set up bogus employees before being set up on the system.
and collect cash wages from them.
The wages clerks are also responsible for
Any amendments to standing data on the
making amendments to holidays and
wages system should be done by an
illness. They could make unauthorized
authorized manager so that unauthorized
amendments which affect individual staff
amendments are not made. A log of
members’ pay.
amendments should be regularly
reviewed.
(5) The computer system calculates gross A pay slip should be generated by the
pay and any deductions, but these are computer system and included in the wage
handwritten by the wages clerks for the packet to reduce the chance of errors in
staff pay packets, so errors could be made deductions and gross pay being made.
and incorrect wages issued.

One of the wages clerks should check the

The computer automatically calculates gross pay and deductions for a sample of
gross pay and deductions, however there employees to gain assurance that the
is no check to ensure the calculations are computer is calculating amounts correctly.
accurate.
 The foreman distributes cash wages to the The distribution of wages should be
employees. He could therefore overseen by another manager. Unclaimed
misappropriate any wages not claimed. wages should be noted on a form and
returned to the wages department.

 All payrolls should go through the payroll system to ensure tax payments are also
collected from casual staff.