Accounting Information Systems: A Business Process Approach. Chapter Four: Identifying Risks and Controls in Business Processes. Exhibits: 4.2, 4.3, 4.5, 4.6, 4.7, 4.9. Tables: 4.1 - 4.11. Exhibit 4.2 Objectives and Risks Objectives: Objective typeDescription of objective
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Chapter Four: Identifying Risks and Controls in Business Processes
Tables: 4.1 - 4.11
Exhibit 4.2 Objectives and Risks
Objective typeDescription of objective
ExecutionProper execution of transactions in the revenue and acquisition cycles
Information systemProper recording, updating, and reporting of data in an information system
Asset protectionSafeguarding of assets
PerformanceFavorable performance of an organization, person, department, product, or service
Risk typeDescription of risk
ExecutionRisk of not achieving execution objectives
Information systemRisk of not achieving information system objectives
Asset protectionRisk of loss or theft of assets
PerformanceRisk of not achieving performance objectives
Exhibit 4.6 ELERBE, Inc.: Payroll Process
Event 1: Assign tasks. Supervisor assigns tasks to employees.
Event 2: Perform assigned duties. Based on supervisor’s instructions, employees perform their assigned duties.
Event 3: Record arrival time. As employees begin work, they “clock-in” by entering a password in an electronic time keeper that records the time of arrival.
Event 4: Record departure time. As employees leave work, they “clock-out” using the same device.
Event 5: Prepare payroll. On Monday mornings, the payroll clerk obtains a printed report from the electronic time keeper showing the sign-in and sign-out times for each employee during the past week. The clerk computes the hours worked for the week for each employee, separating regular and overtime hours, and enters the information in payroll application software. The clerk uses the system to print a payroll report showing a row for each employee, with employee identification, hours worked, wages earned, and deductions.
Event 6: Approve payroll. The clerk gives the payroll report to the controller who approves the payroll determination.
Event 7: Print checks. The payroll clerk prints the checks.
Event 8: Signs checks. He gives the checks to the controller who signs them.
Event 9: Distribute checks. Employees pick up their checks from the controller’s secretary.
Table 4.1 Applying the Generic Execution Risks in Exhibit 4.3 to ELERBE’s Revenue Cycle
Generic execution risksELERBE’s execution risks
Delivering goods and services:Delivering CD-ROM/Internet products:
Unauthorized sale or service permittedProducts were sold without authorization.
Authorized sale or service did not occur, occurredAn order was not shipped, was shipped late, or was late, or was duplicated unintentionallyunintentionally shipped twice.
Wrong type of product or serviceWrong products were shipped.
Wrong quantity, quality, or priceThe wrong quantity of product was shipped.
Damaged inventory was shipped.
Inventory was sold at an incorrect price.
Wrong customer or addressGoods were shipped to the wrong bookstore or sent to the wrong address.
Cash collection:Cash collection:
Cash not collected or collected lateCash not collected or collected late.
Wrong amount of cash collectedWrong quantity of cash collected.
Table 4.2 Applying the Generic Acquisition Cycle Risks in Exhibit 4.5 to ELERBE’s Payroll Process
Generic execution risksELERBE’s execution risks
Receiving goods and services:Receiving employee services:
Unauthorized service receivedEmployee provided unauthorized service (e.g., performed a duty that he was not permitted to do).
Expected receipt did not occur,Employee did not report for work or reported
occurred late, or was duplicatedlate.
unintentionallyUnintentional duplication is unlikely.
Wrong type of product or ser vice received Employee did not do the job correctly.
Wrong quantity, quality, or priceEmployee provided incorrect amount of service, provided poor service, or was granted a wage rate that was inappropriate.
Wrong supplierWrong (e.g., unqualified) employee provided the service.
Cash paymentCash payment
Unauthorized paymentAn unauthorized payment was made to anemployee.
A paycheck was prepared for an employee no longer working at the company.
Cash not paid or paid lateAn employee was not paid or paid late.
Wrong amount paidAn employee was paid the wrong amount. The wrong amount was withheld, thus violating government requirements.
Wrong supplier paidWrong employee was paid.
Table 4.3 Events Recorded in AIS for Angelo’s Diner
1. Take orderThe server records the customer’s order on a prenumbered sales ticket.
2. Prepare foodSales ticket information is read by the cook. No additional information is created.
3. Serve foodSales ticket information is used by server to determine where to deliver the cooked meal. The prices are recorded on the sales ticket.
4. Collect cashThe cashier enters the code of each item. The register displays the price. After all the items have been entered, the register displays the total. The register stores the information about sales of various items during the day.
5. Close registerThis event uses data from prior events.
6. Reconcile cashThis event uses data from prior events.
Table 4.4 Recording Risks during the Take Order Event
Generic recording risksAngelo’s Diner’s recording risks
Event recorded that never occurredNot likely in this situation.
Event not recorded, recorded late,Server does not record order, relying on
or unintended duplication ofmemory. Server recorded order late, relying
recordingon memory of what customer said. Unintended duplication is unlikely in this situation.
Wrong type of product or serviceServer recorded incorrect menu selections
recordedon sales ticket.
Wrong quantity or price recordedServer recorded wrong quantity of a menu item.
Wrong external or internal agentServer failed to record her name on the sales
External agent is not applicable because customer name is not to be recorded.
Table 4.5 Recording Risks during the Collect Cash Event
Generic recording riskAngelo’s Diner’s recording risks
Event recorded that never occurredNot likely in this situation.
Event not recorded, recorded late,Cashier fails to record a sale. Sale was
or unintended duplication ofrecorded late. For example, after closing the
recordingcash register, a customer’s payment was seen
on a table.
It is unlikely that a cashier will record the same
Wrong type of product or serviceWrong product code entered.
Wrong quantity or price recordedCashier recorded incorrect quantity.
Wrong external or internal agentExternal and internal agents are not applicable.
recordedCustomers and servers are not recorded in this
Table 4.6Tables in ELERBE’s Revenue Cycle with Errors
Panel A: Order File
Order Date = date the order was received by ELERBE, Inc.
Panel B: Order_Detail File
ISBN = number identifying the book; Quantity = quantity ordered
Table 4.6 Tables in ELERBE’s Revenue Cycle with Errors (Concluded)
Panel C: Shipment File
010001105/11/20033454 Wrong customer
010001205/15/20033451No such shipment
Ship Date = date the order was received by ELERBE, Inc.
Missing shipment for order 0100013
Panel D: Shipment_Detail File
01000110-256-12596-778.35200 Wrong product, quantity
No such shipment
ISBN = number identifying the book; Quantity = quantity shipped; Errors are in italics.
Table 4.8 Update Risks in ELERBE’s Shipping Event
Generic update risksUpdate risks in ELERBE’s shipping event
Update of master recordThe Quantity_On_Hand and the Quantity_Allocated
omitted or unintendedfields in the inventory are not updated or are updated
duplication of updatetwice by accident.
Update of master recordThe update of the two summary fields in the inventory
occurred at the wrongrecord occurred late (perhaps resulting in customers
timebeing told that goods were on hand when they were not).
Summary field updatedThe Quantity_On_Hand or Quantity_Allocated were not
by wrong amountreduced by the correct amounts.
Wrong master recordThe wrong inventory record was updated.
Table 4.9 Financial Accounting Significance of Events in ELERBE’s Revenue Cycle
EventAny impact on general ledger balances?
Respond to customer inquiriesNo.
Ship goodsYes. Record decrease in inventory and increase in cost of goods sold.
Bill customerYes. Record increase in accounts receivable and increase in sales.
Collect cashYes. Record increase in cash and decrease in accounts receivable.
Table 4.10 Sample ELERBE Files with General Ledger Fields and Files Added (Concluded)
Panel C: Shipment_Detail File
Panel D: General_Ledger_Master File
. . .. . .. . .. . .
2030Inventory—Business ProductsCurrent asset$ 873,400
2040Inventory—Technology ProductsCurrent asset$ 700,000
. . . . . . . . . . . .
6030Cost of Goods Sold—Business ProductsExpense$1,400,560
6040Cost of Goods Sold—Technology ProductsExpense$1,350,518
Table 4.11 Summary of Risks and Workflow Control Activities at Angelo’s Diner
1. Segregation of dutiesServer authorizes, but cannot execute;Server could give customer more kitchen staff executes, but cannotthan ordered for increased tips.
authorize.Kitchen staff could cook meals for
friends without an order.
2. Use of informationKitchen staff uses information from salesErrors in cooking meals and
about prior eventsticket to prepare meal. Cashier useserrors in collecting cash.
to control activitiesinformation on completed sales
ticket to make sure the customer is
3. Required sequenceKitchen staff cannot start cooking a mealWasted food from cooking the
of eventsuntil the server finishes taking the order.wrong meal and theft of food by
4. Follow-up onThe narrative for Angelo’s Diner made noLost sales from failing to fill
eventsreference to follow-up. However, a systemorders.
could be implemented in which the diner
makes sure that orders are followed by
cooking. The policy of posting all orders to
the wall using a clip, until they have been
filled, could be established.
5. PrenumberedThe manager checks the sequence ofCash is lost or stolen. (The
documentsprenumbered sales tickets issued bycashier cannot conceal a theft by
servers.taking the cash and discarding
the sales ticket.)
6. Recording of internalNot mentioned in the Angelo’s DinerServer could take amounts paid
agent(s) accountablenarrative. However, the server could beby customer and destroy sales
for an event in agiven a sales ticket book that has aticket.
processspecific range of identification numbers.
Thus, it is obvious which server is
responsible for missing sales tickets.
7. Limitation ofThe diner probably has the policy that noServer or kitchen staff cannot
access to assetsone has access to the cash registersteal cash.
and informationother than the cashier.
8. Reconciliation ofThe register totals are reconciled with cashCash is lost or stolen.
records with physicalin register
evidence of assets