1 / 34

Transaction Processing and the Internal Control Process

Agenda. Necessity for controlsRisksCurrent thinking

accalia
Download Presentation

Transaction Processing and the Internal Control Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd

    2. Agenda Necessity for controls Risks Current thinking …. Cycles Segregation of duties

    3. Necessity for controls Reduce exposures Exposure consists of the potential financial effect multiplied by the probability of occurrence (risk) Common exposures Excessive costs, Deficient Revenues, Loss of assets, Inaccurate accounting, Business interruption, Statutory Sanctions, Competitive Disadvantage, Fraud and embezzlement

    4. Internal Control Process Used to provide reasonable assurance regarding achievement of objectives in following categories: Reliability of financial reporting, Effectiveness and efficiency of operations, Compliance with applicable laws and regulations

    5. Current thinking … Control frameworks COBIT (Control Objectives for Information and Related Technology) Addresses the issue of control from 3 vantage points: Business Objectives – Information must conform to criteria: Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance with legal requirements and Reliability IT Resources – People, Apps, technology, Facilities, and data IT Processes – Planning and organization, acquisition and implementation, delivery and support, and monitoring COSO (Committee of Sponsoring Organizations Internal Control – Integrated Framework Defines internal controls and provides guidance for evaluating and enhancing internal control systems

    6. Cycles Revenue cycle events related to the distribution of goods and services to other entities and the collection of related payments Expenditure cycle events related to the acquisition of goods and services from other entities and the settlement of related obligations Production cycle events related to the transformation of resource into goods and services Finance cycle events related to the acquisition and management of capital funds, including cash

    7. Segregation of Duties For example, we do not want an employee to be able to enter an order, approve the order, fulfill the order, and receive payment for the order. Why?

    8. Segregation of duties Three major duties Authorization: Approving transactions and decisions Recording: preparing source documents; entering data into online systems; maintaining journals, files or databases; preparing reconciliations, and preparing performance reports Custody: handling cash, tools, inventory, or fixed assets; receiving incoming customer checks; writing checks on the organization’s bank account.

    9. Separation Separating Custodial functions from Recording functions prevents employees from falsifying records in order to conceal theft of assets entrusted to them. Separating Recording functions from Authorization functions prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized. Separating Authorization functions from Custodial functions prevents authorization of a fictitious or inaccurate transaction as a means of concealing asset theft.

    10. Segregation of Duties - GP

    11. Enter a Sales Order First let’s create a ‘batch’ with transaction and control totals Transactions > Sales > Sales Batches

    12. Now create two sales orders

    13. Check out sales batch

    14. Setup Posting Defaults Tools > Setup > Posting > Posting

    15. Setting Up Users Tools>Setup>System>Advanced Security

    16. Activity Tracking Tools>Setup>System>Activity Tracking

    17. The Audit Trail Audit trails are an important component of internal controls. The audit trail documents the source of general ledger postings. Accountants and auditors use the audit trail to trace transactions from the point of origin to the general ledger and vice versa. In GP, the audit trail functions automatically

    18. The Audit Trail Source document codes are first component of GP’s audit trail Codes identify point of origin Tools>Setup>Posting>Source Document

    19. Source Document Codes

    20. Audit Trail Codes Setup Tools>Setup>Posting>Audit Trail Codes

    21. Review Audit Trail Inquiry>Financial>Detail

    22. Review Audit Trail

    23. Five Elements of Internal Control Process Control environment Risk assessment Control activities Information and communication Monitoring

    24. Five Elements of Internal Control Process Control environment Risk assessment Control activities Information and communication Monitoring

    25. Control Environment Integrity and ethical values Commitment to competence Management philosophy and operating style Organizational structure Attention and direction provided by the board of directors and its committees Manner of assigning authority and responsibility Human resource policies and procedures Companies with inward focus more likely to get into trouble. Overemphasis on sales quotas, making unreasonable deadlines, pleasing the boss. Autocratic managers … fear pointing out criticism. Should have enough controls to stop temptation. Don’t just pay lip service to control. Organizational chart shouldn’t let billing report to production for example. Board of directors has an audit committee Fidelity bond … insures someone who is responsible for assets of the company. HR Practices: Segregation of duties, supervision, job rotation / forced vacations.Companies with inward focus more likely to get into trouble. Overemphasis on sales quotas, making unreasonable deadlines, pleasing the boss. Autocratic managers … fear pointing out criticism. Should have enough controls to stop temptation. Don’t just pay lip service to control. Organizational chart shouldn’t let billing report to production for example. Board of directors has an audit committee Fidelity bond … insures someone who is responsible for assets of the company. HR Practices: Segregation of duties, supervision, job rotation / forced vacations.

    26. Five Elements of Internal Control Process Control environment Risk assessment Control activities Information and communication Monitoring

    27. Risk Assessment Process of identifying, analyzing, and managing risks that affect the company’s objectives

    28. Five Elements of Internal Control Process Control environment Risk assessment Control activities Information and communication Monitoring

    29. Control Activities Policies and procedures established to help ensure that management directives are carried out. Plans of organization (segregation of duties) authorizing vs. recording vs. maintaining custody Procedures w/ control docs Restricted Access Independent checks Info processing controls Authorization limits the initiation of a transaction or performance of an activity to selected individuals Approval is the acceptance of a transaction for processing after it is initiated.Authorization limits the initiation of a transaction or performance of an activity to selected individuals Approval is the acceptance of a transaction for processing after it is initiated.

    30. Transaction processing controls Transaction processing controls – procedures, techniques, etc. to achieve goals of organization in reducing risk General controls Designed to make sure an organization’s control environment is stable and well-managed. Application controls Prevent, detect, and correct transaction errors and fraud. Concerned with accuracy, completeness, validity, and authorization.

    31. General Controls Definition of responsibilities Prenumbered forms Preprinted forms Labeling Documentation Backup and recovery Transaction trail Error-source statistics Reliable Personnel Training of personnel Rotation of duties Forms design

    32. Application controls Input Authorization Approval Formatted input Cancellation Exception Input Passwords Amount control total Hash total Reasonable checks Overflow checks Format checks Check digit Dating Expiration checks

    33. Application Controls Processing Controls Mechanization Standardization Defaults Batch Balancing Clearing account Tickler file Matching

    34. Application Controls Output Controls Reconciliation Aging Suspense file Periodic audit Discrepancy reports

    35. Summary Controls are an important part of your information system … think about what you would do in your organization?

More Related