Control Activities & Bussiness

Process

R. Fitrios
Learning Outcomes
1. Memahami dan menjelaskan aktivity controls
2. Memahami dan menjelaskan manfaat aktivity controls
3. Memahami dan menjelaskan proses bisnis
4. Memahami dan menggambarkan aktivity controls yang diperlukan pada setiap
sub proses bisnis
 Internal Control
Control Activities
• These are the actions established by policies
and procedures that help to assure
management directives are carried out.
Control activities should be performed at all
levels of your organization, and at various
stages within business processes.
• To be successful, your control activities
should:
• Address the risks identified in your risk
assessment
• Be clearly documented and communicated to
stakeholders and staff
• Evolve with the changing needs of your business
Control activities are specific actions that can be
observed and documented for future inspection, or re-
performed by a third party. When designing your
control activities, use a risk-based approach so that
controls are designed to address the risk factors you
identified during the risk assessment stage rather than
a predefined control list.
If you’re considering an internal control framework
such as COSO, keep in mind that each organization
faces unique challenges. Even if you use the best
framework for your industry, expect to customize it for
your specific needs.
Control activities (COSO)

Control policies and procedures help ensure that the actions identified by management to address risks and
achieve the organization’s objectives are effectively carried out. Control activities are performed at all levels
and at various stages within the business process and over technology.
10. Selecting and developing controls that might help mitigate risks to an acceptable level
11. Selecting and developing general control activities over technology
12. Deploying control activities as specified in policies and relevant procedures
Internal Control Classifications

• Preventive - designed to stop problems before they

arise
• Detective - designed to find problems if they arise

• Corrective - designed to fix problems once they are

found
• Find the cause of the problems
• Correct the results of the problem
• Modify the system to keep problem from
happening again
Internal Control Classifications
• Feedback controls - measure a process and correct it when deviations
from normal occur

• Feedforward controls - monitor a process and inputs to that process

and try to predict potential problems
Internal Control Classifications
• General controls - ensure that the control environment is stable and
well managed to enhance the effectiveness of application controls

• Application controls - used to prevent, detect, and correct errors and

irregularities during processing
Internal Control Classifications
• Input controls - ensure that only accurate, valid, and authorized data
are entered into the system

• Processing controls - ensure that all data are processed completely

and accurately and all applicable files are updated correctly

• Output controls - ensure that output is properly controlled

Aktivitas pengendalian adalah kebijakan, prosedur, dan aturan yang
memberikan keyakinan memadai bahwa tujuan pengendalian terpenuhi dan
respons risiko telah dilaksanakan.
Merupakan tanggung jawab manajemen untuk mengembangkan sistem yang
aman dan terkendali secara memadai. Manajemen harus memastikan bahwa:
1. Pengendalian dipilih dan dikembangkan untuk membantu mengurangi
risiko ke tingkat yang dapat diterima.
2. Pengendalian umum yang sesuai dipilih dan dikembangkan melalui
teknologi.
3. Aktivitas pengendalian dilaksanakan dan diikuti sebagaimana ditentukan
dalam kebijakan dan prosedur perusahaan.
Control Activities
• Control activities - rules that provide reasonable
assurance that management’s control objectives are
achieved.

• Five categories:
• Proper authorization of transactions and activities
• Separation of duties
• Project Development and Acquisition Controls
• Design and use of adequate documents and records
• Adequate safeguards over assets and records
• Independent checks on performance
Proper authorization of transactions and
activities
• Otorisasi dokumentasi dengan menandatangani, menginisialisasi, atau
memasukkan kode otorisasi pada dokumen atau merekam.
• Proper authorization
• General authorization - authorize employees to handle routine transactions
without explicit approval from management (daily sales)
• Specific authorization - require employees to obtain approval for unusual or
large transactions (sale in excess of a certain amount, write off of an A/R over
a certain amount)
Tanda tangan digital - Sarana untuk menandatangani dokumen secara
elektronik dengan data yang tidak dapat dipalsukan.
Control Activities
• Separation of duties - no single employee should
have too much responsibility - must separate the
authorization, recording and custody of assets
involved in a transaction

• Documents and records - help to ensure accurate

and complete recording of all relevant data about
transactions and events
• Keep forms simple and include room for authorization
pemisahan tugas akuntansi yang efektif dicapai ketika fungsi-fungsi
berikut dipisahkan:
• Otorisasi—menyetujui transaksi dan keputusan.
• Pencatatan—menyiapkan dokumen sumber; memasukkan data ke
dalam sistem komputer; dan memelihara jurnal, buku besar, file, atau
database.
• Penitipan—menangani uang tunai, peralatan, inventaris, atau aset
tetap; menerima cek pelanggan yang masuk; menulis cek.
Segregation of Duties

7-14
Segregation of Duties
• Pemisahan tugas sistem -
menerapkan prosedur kontrol
untuk membagi wewenang
dan tanggung jawab dengan
jelas dalam fungsi sistem
informasi.
Project Development and Acquisition
Controls
• Memiliki metodologi Pengendalian pengembangan sistem mencakup:
untuk mengatur
1. steering committee (Komite pengarah) memandu dan mengawasi
pengembangan, pengembangan dan akuisisi sistem.
akuisisi, implementasi, 2. strategic master plan dikembangkan dan diperbarui setiap tahun untuk
dan pemeliharaan menyelaraskan SI organisasi dengan strategi bisnisnya.
sistem informasi. 3. project development plan menunjukkan tugas yang harus dilakukan,
• Berisi kontrol yang siapa yang akan melaksanakannya, biaya proyek, tanggal penyelesaian,
dan pencapaian proyek—poin penting ketika kemajuan ditinjau dan
sesuai untuk waktu penyelesaian aktual dan perkiraan dibandingkan.
persetujuan
4. A data processing schedule menunjukkan kapan setiap tugas harus
manajemen, dilakukan.
keterlibatan 5. System performance measurements ditetapkan untuk mengevaluasi
pengguna, analisis, sistem.
desain, pengujian, Pengukurannya meliputi: throughput (output per satuan waktu),
implementasi, dan pemanfaatan (persentase waktu penggunaan sistem), dan waktu respons
konversi. (berapa lama waktu yang dibutuhkan sistem untuk merespons).
6. postimplementation review dilakukan setelah proyek pembangunan
selesai untuk menentukan apakah manfaat yang diantisipasi telah
tercapai.
Design and use of adequate documents and
records
• Desain dan penggunaan dokumen dan catatan elektronik dan kertas yang
tepat.
• Bentuk dan isinya harus sesederhana mungkin, meminimalkan kesalahan,
dan memfasilitasi peninjauan dan verifikasi.
• Dokumen yang memulai transaksi harus berisi ruang untuk otorisasi.
• Yang melakukan pengalihan harta memerlukan ruang untuk tanda tangan
pihak penerima.
• Dokumen harus diberi nomor urut terlebih dahulu sehingga masing-masing
dapat dipertanggungjawabkan.
• Jejak audit memfasilitasi penelusuran transaksi individual melalui sistem,
mengoreksi kesalahan, dan memverifikasi keluaran sistem.
 Safeguarding of assets, record and Data
• Create and enforce appropriate policies and procedures.
• Maintain accurate records of all assets.
• Rekonsiliasi jumlah tercatat aset dengan penghitungan fisik aset.
• Restrict access to assets.
• batasi akses ke area penyimpanan akan lindungi inventaris & peralatan.
• Protect records and documents.
• Area penyimpanan tahan api, lemari arsip yang terkunci, file cadangan, dan
penyimpanan di luar lokasi melindungi catatan dan dokumen.
• Akses terhadap form cek dan dokumen dibatasi hanya untuk personel yang
berwenang.
Independent Checks on Prformance
Dilakukan oleh orang lain selain orang yang pekerja yang melakukan untuk memastikan
bahwa transaksi diproses secara akurat:
• Top level reviews.
• secara berkala membandingkan kinerja aktual perusahaan dengan (1) kinerja yang direncanakan;
(2) kinerja periode sebelumnya; dan (3) kinerja pesaing.
• Analytical Reviews.
• Misalnya, ketika penjualan kredit meningkat, maka piutang juga harus meningkat. hubungan
antara penjualan dan HPP, persediaan, dan ongkos angkut.
• Rekonsiliasi catatan secara independent, misl rekonsiliasi bank
• Perbandingan jumlah aktual dengan jumlah tercatat.
• Double-entry accounting
• Independen revew.
• Setelah transaksi diproses, orang kedua meninjau pekerjaan orang pertama,
• memeriksa otorisasi yang tepat, meninjau dokumen pendukung, dan memeriksa keakuratan
harga, jumlah, dan perluasan.
BUSSINESS PROCESS
• A business process is an activity or set of activities that accomplish a
specific organizational goal.
• Business processes should have purposeful goals, be as specific as
possible and produce consistent outcomes.
• Proses bisnis Penjualan dan penerimaan kas
• Proses bisnis pembelian dan pengeluaran kas
• Proses bisnis produksi
• Proses bisnis SDM
• Proses bisnis dan pelaporan keuangan
The Revenue Cycle

12-21
The Revenue Cycle
• Provides goods and services to customers
• Collects cash in payment for those sales
• Primary Objective:
• Provide the right product
• In the right place
• At the right time for the right price

Copyright © 2012 Pearson Education, Inc. publishing as

12-23
Prentice Hall
Revenue Cycle Activities
1. Sales order entry
2. Shipping
3. Billing
4. Cash collections

Copyright © 2012 Pearson Education, Inc. publishing as

12-24
Prentice Hall
General Revenue Cycle Threats
• Inaccurate or invalid master data
• Unauthorized disclosure of sensitive information
• Loss or destruction of master data
• Poor performance

Copyright © 2012 Pearson Education, Inc. publishing as

12-25
Prentice Hall
General Revenue Cycle Controls
• Data processing integrity controls
• Restriction of access to master data
• Review of all changes to master data
• Access controls
• Encryption
• Backup and disaster recovery procedures
• Managerial reports

Copyright © 2012 Pearson Education, Inc. publishing as

12-26
Prentice Hall
General Revenue Cycle Controls
Sales Order Entry

1. Take order
2. Check and approve credit
3. Check inventory
availability

Copyright © 2012 Pearson Education, Inc. publishing as

12-28
Prentice Hall
Sales Order Threats
• Incomplete/inaccurate orders
• Invalid orders
• Uncollectible accounts
• Stockouts or excess inventory
• Loss of customers

Copyright 2012 © Pearson Education, Inc. publishing as

12-29
Prentice Hall
Sales Order Entry Controls
• Data entry edit controls (see • Perpetual inventory
Chapter 10) control system
• Restriction of access to • Use of bar-codes or RFID
master data
• Digital signatures or written • Training
signatures • Periodic physical counts
• Credit limits of inventory
• Specific authorization to • Sales forecasts and
approve sales to new activity reports
customers or sales that
exceed a customer’s credit • CRM systems, self-help
limit Web sites, and proper
• Aging of accounts receivable evaluation of customer
service ratings
Copyright © 2012 Pearson Education, Inc. publishing as
12-30
Prentice Hall
Shipping

1. Picking and packing the

order
2. Shipping the order

Copyright © 2012 Pearson Education, Inc. publishing as

12-32
Prentice Hall
Shipping Threats
• Picking the wrong items or the wrong quantity
• Theft of inventory
• Shipping errors (delay or failure to ship, wrong quantities, wrong
items, wrong addresses, duplication)

Copyright © 2012 Pearson Education, Inc. publishing as

12-33
Prentice Hall
Shipping Controls
• Bar-code and RFID • Reconciliation of shipping
technology documents with sales
• Reconciliation of picking orders, picking lists, and
lists to sales order details packing slips
• Restriction of physical • Use RFID systems to
access to inventory identify delays
• Documentation of all • Data entry via bar-code
inventory transfers scanners and RFID
• RFID and bar-code • Data entry edit controls (if
technology shipping data entered on
• Periodic physical counts of terminals)
inventory and • Configuration of ERP
reconciliation to recorded system to prevent
quantities duplicate shipments
Copyright © 2012 Pearson Education, Inc. publishing as
12-34
Prentice Hall
Billing

1. Invoicing
2. Updating accounts
receivable

Copyright © 2012 Pearson Education, Inc. publishing as

12-36
Prentice Hall
Billing Threats
• Failure to bill
• Billing errors
• Posting errors in accounts receivable
• Inaccurate or invalid credit memos

Copyright © 2012 Pearson Education, Inc. publishing as

12-37
Prentice Hall
Billing Controls
• Separation of billing and
shipping functions
• Periodic reconciliation of
invoices with sales orders,
picking tickets, and shipping
documents
• Configuration of system to
automatically enter pricing
data
• Restriction of access to
pricing master data
• Data entry edit controls
• Reconciliation of shipping
documents (picking tickets,
bills of lading, and packing
list) to sales orders
Copyright © 2012 Pearson Education, Inc. publishing as
Prentice Hall
• Data entry controls
• Reconciliation of batch totals
• Mailing of monthly statements
to customers
• Reconciliation of subsidiary
accounts to general ledger
• Segregation of duties of credit
memo authorization from
both sales order entry and
customer account
maintenance
• Configuration of system to
block credit memos unless
there is either corresponding
documentation of return of
damaged goods or specific
authorization by management
12-38
Cash Collections Threats
1. Theft of cash
2. Cash flow problems

Copyright © 2012 Pearson Education, Inc. publishing as

12-40
Prentice Hall
Cash Collection Controls
• Pemisahan fungsi penanganan kas dari fungsi piutang dan kredit
• Rekonsiliasi rutin rekening bank dengan jumlah yang dicatat oleh seseorang yang
independen terhadap prosedur pengumpulan kas
• Penggunaan EFT, FEDI, dan lockbox untuk meminimalkan penanganan pembayaran
pelanggan oleh karyawan
• Dukungan yang cepat dan ketat terhadap semua cek pelanggan
• Meminta dua orang membuka semua email yang kemungkinan besar berisi pembayaran
pelanggan
• Penggunaan mesin kasir
• Setoran harian seluruh penerimaan kas
• Pengaturan lockbox, EFT, atau kartu kredit
• Diskon untuk pembayaran cepat oleh pelangganAnggaran arus kas
Copyright © 2012 Pearson Education, Inc. publishing as
12-41
Prentice Hall