Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.

Similar presentations


Presentation on theme: "Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd."— Presentation transcript:

1 Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd

2 Agenda Necessity for controls Necessity for controls Risks Risks Current thinking …. Current thinking …. Cycles Cycles Segregation of duties Segregation of duties

3 Necessity for controls Reduce exposures Reduce exposures Exposure consists of the potential financial effect multiplied by the probability of occurrence (risk) Exposure consists of the potential financial effect multiplied by the probability of occurrence (risk) Common exposures Common exposures Excessive costs, Deficient Revenues, Loss of assets, Inaccurate accounting, Business interruption, Statutory Sanctions, Competitive Disadvantage, Fraud and embezzlement Excessive costs, Deficient Revenues, Loss of assets, Inaccurate accounting, Business interruption, Statutory Sanctions, Competitive Disadvantage, Fraud and embezzlement

4 Internal Control Process Used to provide reasonable assurance regarding achievement of objectives in following categories: Used to provide reasonable assurance regarding achievement of objectives in following categories: Reliability of financial reporting, Reliability of financial reporting, Effectiveness and efficiency of operations, Effectiveness and efficiency of operations, Compliance with applicable laws and regulations Compliance with applicable laws and regulations

5 Current thinking … Control frameworks Control frameworks COBIT (Control Objectives for Information and Related Technology) COBIT (Control Objectives for Information and Related Technology) Addresses the issue of control from 3 vantage points: Addresses the issue of control from 3 vantage points: Business Objectives – Information must conform to criteria: Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance with legal requirements and Reliability Business Objectives – Information must conform to criteria: Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance with legal requirements and Reliability IT Resources – People, Apps, technology, Facilities, and data IT Resources – People, Apps, technology, Facilities, and data IT Processes – Planning and organization, acquisition and implementation, delivery and support, and monitoring IT Processes – Planning and organization, acquisition and implementation, delivery and support, and monitoring COSO (Committee of Sponsoring Organizations COSO (Committee of Sponsoring Organizations Internal Control – Integrated Framework Internal Control – Integrated Framework Defines internal controls and provides guidance for evaluating and enhancing internal control systems Defines internal controls and provides guidance for evaluating and enhancing internal control systems

6 Cycles Revenue cycle Revenue cycle Revenue cycle Revenue cycle events related to the distribution of goods and services to other entities and the collection of related payments events related to the distribution of goods and services to other entities and the collection of related payments Expenditure cycle Expenditure cycle Expenditure cycle Expenditure cycle events related to the acquisition of goods and services from other entities and the settlement of related obligations events related to the acquisition of goods and services from other entities and the settlement of related obligations Production cycle Production cycle events related to the transformation of resource into goods and services events related to the transformation of resource into goods and services Finance cycle Finance cycle events related to the acquisition and management of capital funds, including cash events related to the acquisition and management of capital funds, including cash REFERENCE: Introduction to MS GP 8.0 Focus on Internal Controls by Brundson, Romney, and Steinbart

7 Segregation of Duties For example, we do not want an employee to be able to enter an order, approve the order, fulfill the order, and receive payment for the order. For example, we do not want an employee to be able to enter an order, approve the order, fulfill the order, and receive payment for the order. Why? Why?

8 Segregation of duties Three major duties Three major duties Authorization: Approving transactions and decisions Authorization: Approving transactions and decisions Recording: preparing source documents; entering data into online systems; maintaining journals, files or databases; preparing reconciliations, and preparing performance reports Recording: preparing source documents; entering data into online systems; maintaining journals, files or databases; preparing reconciliations, and preparing performance reports Custody: handling cash, tools, inventory, or fixed assets; receiving incoming customer checks; writing checks on the organization’s bank account. Custody: handling cash, tools, inventory, or fixed assets; receiving incoming customer checks; writing checks on the organization’s bank account.

9 Separation Separating Custodial functions from Recording functions prevents employees from falsifying records in order to conceal theft of assets entrusted to them. Separating Custodial functions from Recording functions prevents employees from falsifying records in order to conceal theft of assets entrusted to them. Separating Recording functions from Authorization functions prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized. Separating Recording functions from Authorization functions prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized. Separating Authorization functions from Custodial functions prevents authorization of a fictitious or inaccurate transaction as a means of concealing asset theft. Separating Authorization functions from Custodial functions prevents authorization of a fictitious or inaccurate transaction as a means of concealing asset theft.

10 Segregation of Duties - GP CategoryGreat Plains ActivityExamples Authorization Create or delete master records Add customer, delete vendor, create general ledger account, etc Implement security Create/delete users and assign permissions Approve transactions Approve batches, perform write-offs, enter a discount, etc. Field Controls Establish customer credit limits, payment terms, override pricing, permit sales exceeding credit limit, etc. RecordingEnter and post transactions Enter sales orders, change purchase orders, post transaction, etc. Change non-critical master file data Update customer addresses, employee address,etc Reconcile Prepare bank reconciliations, perform comparisons of aging reports to control account, etc CustodyPrint information Print company checks, preprinted purchase orders, etc

11 Enter a Sales Order First let’s create a ‘batch’ with transaction and control totals First let’s create a ‘batch’ with transaction and control totals Transactions > Sales > Sales Batches Transactions > Sales > Sales Batches

12 Now create two sales orders

13 Check out sales batch WHO POSTS THIS? SHOULD SOMEONE APPROVE THIS?

14 Setup Posting Defaults Tools > Setup > Posting > Posting

15 Setting Up Users Tools>Setup>System>Advanced Security Tools>Setup>System>Advanced Security

16 Activity Tracking Tools>Setup>System>Activity Tracking Tools>Setup>System>Activity Tracking

17 The Audit Trail Audit trails are an important component of internal controls. Audit trails are an important component of internal controls. The audit trail documents the source of general ledger postings. The audit trail documents the source of general ledger postings. Accountants and auditors use the audit trail to trace transactions from the point of origin to the general ledger and vice versa. Accountants and auditors use the audit trail to trace transactions from the point of origin to the general ledger and vice versa. In GP, the audit trail functions automatically In GP, the audit trail functions automatically

18 The Audit Trail Source document codes are first component of GP’s audit trail Source document codes are first component of GP’s audit trail Codes identify point of origin Codes identify point of origin Tools>Setup>Posting>Source Document Tools>Setup>Posting>Source Document

19 Source Document Codes

20 Audit Trail Codes Setup Tools>Setup>Posting>Audit Trail Codes Tools>Setup>Posting>Audit Trail Codes SJ Code for sales Transactions are assigned SLSTE prefix

21 Review Audit Trail Inquiry>Financial>Detail Inquiry>Financial>Detail Choose 0000-1200-00 Select first transaction and Click on Journal Entry

22 Review Audit Trail SJ code identifying Document entered through Receivables in the Sales Series. SLSTE audit trail meaning Document posted as Sales Transaction.

23 Five Elements of Internal Control Process Control environment Control environment Risk assessment Risk assessment Control activities Control activities Information and communication Information and communication Monitoring Monitoring

24 Five Elements of Internal Control Process Control environment Control environment Risk assessment Risk assessment Control activities Control activities Information and communication Information and communication Monitoring Monitoring

25 Control Environment Integrity and ethical values Integrity and ethical values Commitment to competence Commitment to competence Management philosophy and operating style Management philosophy and operating style Organizational structure Organizational structure Attention and direction provided by the board of directors and its committees Attention and direction provided by the board of directors and its committees Manner of assigning authority and responsibility Manner of assigning authority and responsibility Human resource policies and procedures Human resource policies and procedures

26 Five Elements of Internal Control Process Control environment Control environment Risk assessment Risk assessment Control activities Control activities Information and communication Information and communication Monitoring Monitoring

27 Risk Assessment Process of identifying, analyzing, and managing risks that affect the company’s objectives Process of identifying, analyzing, and managing risks that affect the company’s objectives

28 Five Elements of Internal Control Process Control environment Control environment Risk assessment Risk assessment Control activities Control activities Information and communication Information and communication Monitoring Monitoring

29 Control Activities Policies and procedures established to help ensure that management directives are carried out. Policies and procedures established to help ensure that management directives are carried out. Plans of organization (segregation of duties) Plans of organization (segregation of duties) authorizing vs. recording vs. maintaining custody authorizing vs. recording vs. maintaining custody Procedures w/ control docs Procedures w/ control docs Restricted Access Restricted Access Independent checks Independent checks Info processing controls Info processing controls

30 Transaction processing controls Transaction processing controls – procedures, techniques, etc. to achieve goals of organization in reducing risk Transaction processing controls – procedures, techniques, etc. to achieve goals of organization in reducing risk General controls General controls Designed to make sure an organization’s control environment is stable and well-managed. Designed to make sure an organization’s control environment is stable and well-managed. Application controls Application controls Prevent, detect, and correct transaction errors and fraud. Concerned with accuracy, completeness, validity, and authorization. Prevent, detect, and correct transaction errors and fraud. Concerned with accuracy, completeness, validity, and authorization.

31 General Controls Definition of responsibilities Definition of responsibilities Prenumbered forms Prenumbered forms Preprinted forms Preprinted forms Labeling Labeling Documentation Documentation Backup and recovery Backup and recovery Transaction trail Transaction trail Error-source statistics Reliable Personnel Training of personnel Rotation of duties Forms design

32 Application controls Input Input Authorization Authorization Approval Approval Formatted input Formatted input Cancellation Cancellation Exception Input Exception Input Passwords Passwords Amount control total Amount control total Hash total Hash total Reasonable checks Overflow checks Format checks Check digit Dating Expiration checks Input controls are designed to prevent or detect errors in the input stage of data processing

33 Application Controls Processing Controls Processing Controls Mechanization Mechanization Standardization Standardization Defaults Defaults Batch Balancing Batch Balancing Processing controls are designed to provide assurances that processing has occurred according to intended specifications and that no transactions have been lost or incorrectly entered. Clearing account Tickler file Matching

34 Application Controls Output Controls Reconciliation Aging Suspense file Periodic audit Discrepancy reports Output controls are designed to check that input and processing resulted in valid output and that outputs are properly distributed.

35 Summary Controls are an important part of your information system … think about what you would do in your organization? Controls are an important part of your information system … think about what you would do in your organization?


Download ppt "Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd."

Similar presentations


Ads by Google