Transaction Processing and the Internal Control Process

1
Transaction Processing and the Internal Control
Process

• Small Business Information Systems
• Professor Barry Floyd

2
Agenda

• Necessity for controls
• Risks
• Current thinking .
• Cycles
• Segregation of duties

3
Necessity for controls

• Reduce exposures
• Exposure consists of the potential financial
  effect multiplied by the probability of
  occurrence (risk)
• Common exposures
• Excessive costs, Deficient Revenues, Loss of
  assets, Inaccurate accounting, Business
  interruption, Statutory Sanctions, Competitive
  Disadvantage, Fraud and embezzlement

4
Internal Control Process

• Used to provide reasonable assurance regarding
  achievement of objectives in following
  categories
• Reliability of financial reporting,
• Effectiveness and efficiency of operations,
• Compliance with applicable laws and regulations

5
Current thinking

• Control frameworks
• COBIT (Control Objectives for Information and
  Related Technology)
• Addresses the issue of control from 3 vantage
  points
• Business Objectives Information must conform to
  criteria Effectiveness, Efficiency,
  Confidentiality, Integrity, Availability,
  Compliance with legal requirements and
  Reliability
• IT Resources People, Apps, technology,
  Facilities, and data
• IT Processes Planning and organization,
  acquisition and implementation, delivery and
  support, and monitoring
• COSO (Committee of Sponsoring Organizations
• Internal Control Integrated Framework
• Defines internal controls and provides guidance
  for evaluating and enhancing internal control
  systems

6
Cycles

• Revenue cycle
• events related to the distribution of goods and
  services to other entities and the collection of
  related payments
• Expenditure cycle
• events related to the acquisition of goods and
  services from other entities and the settlement
  of related obligations
• Production cycle
• events related to the transformation of resource
  into goods and services
• Finance cycle
• events related to the acquisition and management
  of capital funds, including cash

REFERENCE Introduction to MS GP 8.0 Focus on
Internal Controls by Brundson, Romney, and
Steinbart
7
Segregation of Duties

• For example, we do not want an employee to be
  able to enter an order, approve the order,
  fulfill the order, and receive payment for the
  order.
• Why?

8
Segregation of duties

• Three major duties
• Authorization Approving transactions and
  decisions
• Recording preparing source documents entering
  data into online systems maintaining journals,
  files or databases preparing reconciliations,
  and preparing performance reports
• Custody handling cash, tools, inventory, or
  fixed assets receiving incoming customer checks
  writing checks on the organizations bank account.

9
Separation

• Separating Custodial functions from Recording
  functions prevents employees from falsifying
  records in order to conceal theft of assets
  entrusted to them.
• Separating Recording functions from Authorization
  functions prevents an employee from falsifying
  records to cover up an inaccurate or false
  transaction that was inappropriately authorized.
• Separating Authorization functions from Custodial
  functions prevents authorization of a fictitious
  or inaccurate transaction as a means of
  concealing asset theft.

10
Segregation of Duties - GP
Category Great Plains Activity Examples
Authorization Create or delete master records Add customer, delete vendor, create general ledger account, etc
  Implement security Create/delete users and assign permissions
  Approve transactions Approve batches, perform write-offs, enter a discount, etc.
  Field Controls Establish customer credit limits, payment terms, override pricing, permit sales exceeding credit limit, etc.
Recording Enter and post transactions Enter sales orders, change purchase orders, post transaction, etc.
  Change non-critical master file data Update customer addresses, employee address,etc
  Reconcile Prepare bank reconciliations, perform comparisons of aging reports to control account, etc
Custody Print information Print company checks, preprinted purchase orders, etc
11
Enter a Sales Order

• First lets create a batch with transaction and
  control totals
• Transactions gt Sales gt Sales Batches

12
Now create two sales orders
13
Check out sales batch
WHO POSTS THIS? SHOULD SOMEONE APPROVE THIS?
14
Setup Posting Defaults

• Tools gt
• Setup gt
• Posting gt
• Posting

15
Setting Up Users

• ToolsgtSetupgtSystemgtAdvanced Security

16
Activity Tracking

• ToolsgtSetupgtSystemgtActivity Tracking

17
The Audit Trail

• Audit trails are an important component of
  internal controls.
• The audit trail documents the source of general
  ledger postings.
• Accountants and auditors use the audit trail to
  trace transactions from the point of origin to
  the general ledger and vice versa.
• In GP, the audit trail functions automatically

18
The Audit Trail

• Source document codes are first component of GPs
  audit trail
• Codes identify point of origin
• ToolsgtSetupgtPostinggtSource Document

19
Source Document Codes
20
Audit Trail Codes Setup

• ToolsgtSetupgtPostinggtAudit Trail Codes

SJ Code for sales Transactions are assigned
SLSTE prefix
21
Review Audit Trail

• InquirygtFinancialgtDetail

Choose 0000-1200-00
Select first transaction and Click on Journal
Entry
22
Review Audit Trail
SJ code identifying Document entered
through Receivables in the Sales Series. SLSTE
audit trail meaning Document posted as Sales
Transaction.
23
Five Elements ofInternal Control Process

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

24
Five Elements ofInternal Control Process

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

25
Control Environment

• Integrity and ethical values
• Commitment to competence
• Management philosophy and operating style
• Organizational structure
• Attention and direction provided by the board of
  directors and its committees
• Manner of assigning authority and responsibility
• Human resource policies and procedures

26
Five Elements ofInternal Control Process

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

27
Risk Assessment

• Process of identifying, analyzing, and managing
  risks that affect the companys objectives

28
Five Elements ofInternal Control Process

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

29
Control Activities

• Policies and procedures established to help
  ensure that management directives are carried
  out.
• Plans of organization (segregation of duties)
• authorizing vs. recording vs. maintaining custody
• Procedures w/ control docs
• Restricted Access
• Independent checks
• Info processing controls

30
Transaction processing controls

• Transaction processing controls procedures,
  techniques, etc. to achieve goals of organization
  in reducing risk
• General controls
• Designed to make sure an organizations control
  environment is stable and well-managed.
• Application controls
• Prevent, detect, and correct transaction errors
  and fraud. Concerned with accuracy, completeness,
  validity, and authorization.

31
General Controls

• Definition of responsibilities
• Prenumbered forms
• Preprinted forms
• Labeling
• Documentation
• Backup and recovery
• Transaction trail

• Error-source statistics
• Reliable Personnel
• Training of personnel
• Rotation of duties
• Forms design

32
Application controls
Input controls are designed to prevent or detect
errors in the input stage of data processing

• Input
• Authorization
• Approval
• Formatted input
• Cancellation
• Exception Input
• Passwords
• Amount control total
• Hash total

• Reasonable checks
• Overflow checks
• Format checks
• Check digit
• Dating
• Expiration checks

33
Application Controls
Processing controls are designed to provide
assurances that processing has occurred according
to intended specifications and that no
transactions have been lost or incorrectly
entered.

• Processing Controls
• Mechanization
• Standardization
• Defaults
• Batch Balancing

• Clearing account
• Tickler file
• Matching

34
Application Controls
Output controls are designed to check that input
and processing resulted in valid output and that
outputs are properly distributed.

• Output Controls
• Reconciliation
• Aging
• Suspense file
• Periodic audit
• Discrepancy reports

35
Summary

• Controls are an important part of your
  information system think about what you would
  do in your organization?