AIS CONTROL ISSUES - REVENUE CYCLE

Process Critical Issue and potential consequences RecommendationsReceive customer order

Incomplete or inaccurate customer orders – Inefficiency/ Integrity control issueDuring sales order entry, important data about the order could be missing or inaccurate due to errors of manual recording. Not only does this create inefficiencies due to the need to call back the customer and reenter the order in the system but it also may negatively affect customer perceptions and thereby adversely affect future sales.

[Preventive/ Detective] The solution could be to implement ERP and centralized database that includes limit/range check/reasonableness check for sales department. For example, the limit/range check would ensure orders fall within a certain range which are set based on the sales orders from previous transactions with the customer. Similarly, reasonableness check is helpful in notifying any unusual quantity corresponding to the specific product. (eg 100 vs 1000). In addition, completeness check can ensure that all required data are entered.

[Detective] Closed-loop Verification to check the accuracy of input data by using it to retrieve and display other related information. E.g. On the sales order document, there will be the customer details such as the customer name where the credit officer can simply click on the link to retrieve and display the record of the customer’s past transaction which can then be used to evaluate and verify the existing customer’s current creditworthiness

Unauthorised disclosure of sensitive information [Preventive] ERP and centralized database with access control which restrict the access to master data and review all changes of data. This is to prevent internal unauthorized access.[Preventive] Use encryption, which is the process of changing information in such a way as to make it unreadable by anyone except those possessing special knowledge (usually referred to as a "key") that allows them to change the information back to its original, readable form. This allows the company to securely protect sensitive data even if the computer is stolen.

Credit assessment

Credit officer have to phone sales officers to inform them of credit approval decisions - InefficiencySince credit officer have to phone sales officers to inform them of credit approval decisions, substantial amount of time might be wasted. If credit officer cannot reach out to sales officers on time, sales officers may not be able to provide updated information to customers diligently. This efficiency issue would affect the customer satisfaction.

With an ERP and centralized database, credit officer can update the credit approval decision while the sales officer can have access to it and start the preparation simultaneously.

Credit sales to customers with poor credit – control issueSales manager can give approval for credit sales to customers with poor credit in order to boost sales and thus qualify for bonus./ There is no proper guideline for credit assessment. AR clerk’s approval of credit sales is based on personal judgment, which could be subjective and inaccurate. In doing so, sales could later turn out to be uncollectible, which is detrimental to company’s income.

1. [Detective] Automated controls such as limit checks based on certain guidelines on credit management could be integrated in the ERP and centralized database to ensure objectiveness of credit assessment.2. [Preventive] Segregation of dutiesThe credit manager, who sets credit policies and approves the extension of credit to new customers and raising of credit limits for existing customers, is independent of the marketing and sales function. With an ERP and centralized database, sale order entry clerks should be granted read-only access to information about individual customer credit limits.

Picking, Packing and Delivery

No proper inventory check – Theft of inventory - Security control risksStorage of goods in the warehouse department without any proper inventory check poses security control risks. There is likelihood that warehouse staff or delivery man could commit theft of inventory.

1. [Preventive] RFID technology to track the goods movement as it moves through the warehouse. The goods movement data is then updated to the central database about the inventory. This allows perpetual inventory control and prevents misappropriation of inventory. Restrict physical access to inventory; documentation of all internal transfers of inventory; periodic physical counts of inventory and reconciliation of counts with recorded amounts.2. [Preventive] - Have the carrier to sign a document indicating the items that have been taken in for delivery each day - can prevent fraud during delivery

3. [Preventive] Segregation of dutiesEmployees who are responsible for controlling the physical access to inventory should not be able to adjust inventory records without review and approval. Neither the employees responsible for custody of inventory nor those authorized to adjust inventory records should be responsible for the receiving or shipping function.

Shipping errorsShipping the wrong items or quantities of merchandise and shipping to wrong location are serious errors because they can significantly reduce customer satisfaction and thus future sales. They may also result in loss of assets if customers do not pay for goods erroneously shipped.

[Preventive/ detective] The use of bar-code scanners and RFID technology to record the picking and shipping of inventory as it moves through the warehouse could enables detecting and then correcting any mistakes before the merchandise leaves the premises by comparing the shipment data with the sales order. Only after the system has verified that the shipment is correct should the packing slip and bill of lading be printed.

Billing and AR

AR clerk generate invoice and also updates the customer’s AR file - Integrity control risks

There is no segregation of duties of cash handling function with billing function as AR clerk generate invoice and also updates the customer’s AR file. This poses an integrity control risks when AR clerk may update friend’s invoice as being written off and do not collect payment from his friends.

Through the ERP and centralized database, the available information of sales order can automatically be used to generate invoices. Thus reducing the risk of fraudulent behaviors by the AR clerk.

[Preventive] - Proper segregation of duties. Separate person (another AR clerk) to generate invoice and update customer’s AR file such that AR clerk will not be able to easily write-off his friends’ accounts

[Corrective] - Regular reconciliation: After the segregation of duties, regular reconciliation of bank statements and account receivables should be done by another person independent from cash handling and billing functions. Any discrepancies must be reported to the managers and proper investigation should be carried out.

Failure to bill customers – no segregation of dutyAn employee performing both shipping and billing functions could ship merchandise to his friend without billing them. This results in loss of assets and erroneous data about sales, inventory and accounts receivable.

1. [Preventive] Segregation of dutiesBilling functions should be performed by a person independent of shipping function.2. [Corrective] ReconciliationSales order, picking tickets, packing slips, and sales invoices should be sequentially numbered and then periodically accounted for. Any sales order or packing slips that cannot be matched to a sales invoice represent shipments that have not been billed and corrective action should be taken.

Billing errorsBilling errors, such as pricing mistakes and billing customers for items not shipped or on back order, represents another control issue. Overbilling can result in customer dissatisfaction and under billing results in loss of assets.

[Preventive] Through the ERP and centralized database, pricing mistakes can be avoided by having the computer retrieve the appropriate data from the inventory master file.[Detective] Mistakes involving quantities shipped can be detected by reconciling the quantities listed on the packing slips with those on the sales order.

Cash collections

Theft of cashThere is no segregation of duties for those pairs:Handling cash or checks and posting remittance to customer accounts: a person performing both of these duties could commit the special type of embezzlement called lappingHandling cash or checks and authorising credit memos: a person performing both of these duties could conceal theft of cash by creating a credit memo equal to the amount stolen.Issuing credit memos and maintaining customer accounts: a person performing both of these duties could write off as uncollectible amounts owed by friends

1. [Preventive]Minimise the handling of cash and checks within the organization through a bank lockbox arrangement or the use of electronic fund transfers for customer payments.2. [Preventive] Segregating the recording and custody functions as follows provides addition control: Only the remittance data should be sent to accounts receivable department, with customer payments being sent to the cashier. Such an arrangement establishes two mutually independent control checks. First, the total credits to accounts receivable recorded by the accounting department should equal the total debit to cash representing the amount deposited by cashier. Second, the copy of the remittance that is sent to the internal audit department cann be compared with the validated deposit slips and bank statements to verify that all checks the organization received were deposited. Finally, the monthly statements mailed to customers provide another layer of control, because customer would notice the failure to properly credit their accounts for payments remitted.The person who reconciles the bank statement should be independent of all other activities involved in handling or recording the receipt of cash. This separation of duties provides an independent check on the cashier and prevents manipulation of the bank statement to conceal the theft of cash

AIS CONTROL ISSUES - EXPENDITURE CYCLE

Process Critical Issue and potential consequences RecommendationsOrder goods Preventing stockouts and/or excess inventory

Stockouts result in lost sales while inventory incurs higher than necessary carrying costs.

1. [Preventive] Technology for perpetual inventory recordBar-code technology can improve the accuracy and efficiency of the perpetual inventory records so that information about inventory stocks is always current.Affixing RFID tags to individual products to track the movement of inventory and allow instant update on inventory stocks on the centralized database2. [Preventive] Selection of suppliers: should select suppliers that are known to meet their delivery commitments diligently.

Ordering unnecessary itemsThere is no system to check the validity of purchase decisions that individual employees initiate.Multiple purchases of the same items by different units of the organization due to lack of integration about information system

[Preventive] The solution could be to implement ERP and centralized database that integrate purchase orders by different units of the organization. This accurate perpetual inventory record could allow different units to get access to updated information about inventory stocks before requesting for purchase. Moreover, through the centralized database, supervisor can review and approve purchase requisitions based on valid reasons.

Purchasing goods at inflated pricesThere is no procedure to check the validity of the purchasing costs. Managers can decided to purchase goods at inflated prices to obtain commissions or other incentives, thus causing loss to company.

1. Preventive: Several procedures could be implemented for procurement process: Price lists for frequently purchased items should be stored in the computer and consulted when ordering. Competitive, written bids should be solicited for high-cost and specialized products.2. Corrective: Purchases should be charged to an account that is the responsibility of the person or department approving the requisition. To facilitate control of budgets, managers are required to generate reports highlighting any significant deviation from budgeted amount for further investigations.

Purchasing goods of inferior quality/ from unauthorized suppliersIn their quest to obtain the lowest possible prices, managers can decide to purchase goods of inferior quality.This could severely affect the quality of goods and services. Substandard products can result in costly production delays or additional production costs for rework and scrap. Thus, this would likely damage company’s reputation and customer satisfaction.

1. Preventive: Several procedures could be implemented for procurement process: Establishing lists of approved suppliers known to provide goods of acceptable quality should e stored in

the computer and consulted when ordering. Competitive, written bids should be solicited on the basis of both cost and quality. Supplier performance data should be collected and periodically reviewed to maintain the accuracy of

these approved lists.2. Corrective: Purchasing managers should be held liable for the total cost of purchases, which includes not only the purchase price but also the quality-related costs of rework and scrap.

KickbacksKickbacks are gifts from suppliers to purchasing agents for the purpose of influencing their choice of suppliers. In order to recover the money spent on the bribe, suppliers can inflate price of subsequent purchases or substitute goods of inferior quality.

[Preventive] Companies should prohibit purchasing agents from accepting any gifts from potential or existing suppliers. Purchasing agents should be required to sign annual conflict of interest statements, disclosing any financial interests they may have in current or potential suppliers.In order to prevent purchasing agents from dealing with the same suppliers infinitely, job rotation should be implemented. Alternatively, company could conduct a detailed audit of the purchasing agent’s activities.

Process Critical Issue and potential consequences RecommendationsReceive and store goods

Accepting unordered goodsAccepting delivery of unordered goods results in additional costs associated with unloading, storing and later returning those items.

[Preventive] Company should allow the receiving department to have access to the open purchase orders file. In doing so, company could instruct the receiving department to accept only deliveries for which there is an approved copy of purchase order.

Making errors in counting goods receivedErrors in counting goods received results in inaccurate perpetual inventory records. Moreover, such errors could be misleading in determining the amount that company pays for the goods actually received.

1. Technology for perpetual inventory record [preventive]Bar-code technology can improve the accuracy and efficiency of receiving counts.Affixing RFID tags to individual products to track the movement of inventory and allow instant update on inventory stocks on the centralized database2. [Preventive] Responsibility of receiving clerks:Receiving clerks are required not only to record the quantity received but also to sign the receiving report or to enter their employee ID numbers in the system. Such procedures indicate an assumption of responsibility, thus results in careless/ reckless behaviour / more diligent work.3. [Corrective] Responsibility of receiving deparment:Require the inventory control function to count the items transferred from receiving and then hold that department responsible for any subsequent shortages.

Theft of inventoryTheft of inventory results in additional costs to compensate for the shortages of inventory and possible delays in production. Moreover, it indicates a lack of integrity, which affect employees’ morale

1. [Preventive/ Detective] All transfers of inventory within the company should be properly documented.For example, both the receiving department and the inventory department should acknowledge the transfer of goods from the receiving dock into inventory. Similarly, both the inventory stores and the production department should acknowledge the release of inventory into production. This documentation provides the necessary information for establishing responsibility for any shortages, therefore encouraging employees to take special care to record all inventory movements accurately.2. [Preventive] Segregation of dutiesEmployees who are responsible for controlling the physical access to inventory should not be able to adjust inventory records without review and approval. Neither the employees responsible for custody of inventory nor those authorized to adjust inventory records should be responsible for the receiving or shipping function.

Approve and pay vendor invoices

Failing to catch errors in vendor invoicesVendor invoices may contain errors such as discrepancies between quoted and actual prices charged or miscalculations of the total amount due. This could lead to wrong calculation of payment from the company.

[Preventive] AP clerks are required not only to check information on invoices before records and payments but also to enter their employee ID numbers in the system upon approval of vendor invoices. Such procedures indicate an assumption of responsibility, thus results in more diligent work

Paying for goods not received/ paying the same invoice twice/ Record and posting errors in AP

1. [Detective/ Corrective] Review and reconciling periodically by a person from different functions2. [Detective] ERP + Centralised database to minimize human error: reasonable check

Misappropriating cash, checks or EFTs

1. [Preventive] Segregation of duties:The accounts payable function should authorize payment, including the assembling of a voucher package. However, only the treasurer or cashier should sign checks for normal transaction.Checks in excess of a certain amount should require two signatures to provide another independent review of the material expenditure. Access to the approved supplier list should be restricted and any changes to that list should be carefully reviewed and approved.In addition, internal auditors should periodically review the supplier master file to ensure that there are no duplicate entries for suppliers.Reconciliation of bank accounts should be done by someone who did not participate in processing either cash collections or disbursements. This provides an independent check on accuracy and prevents someone from misappropriating cash and then concealing the theft by adjusting the bank statement.2. [For electronic funds transfer] Strict access controls over all outgoing EFTs should be followed all the times. Passwords and userID should be used to specifically identify and monitor each employee authorized to initiate EFTs.EFT transaction above a certain threshold should require real time supervisory approval and there should be limits on the total dollar amount of transactions allowed per day per individual.