Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES."— Presentation transcript:

1 Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES

2 Assessment of Execution Risks: Revenue Cycle Generic execution risks for each of the two revenue cycle transactions: 1.Delivering goods/services: Unauthorized sale/service permitted Authorized sale/service did not occur, occurred late, or was duplicated unintentally Wrong type of product/service Wrong quantity/quality Wrong customer/address

3 Assessment of Execution Risks: Revenue Cycle Generic execution risks for each of the two revenue cycle transactions: 2. Collecting cash: Cash not collected or collected late Wrong amount of cash collected

4 Assessment of Execution Risks: Acquisition Cycle Generic execution risks for each of the two acquisition cycle transactions: 1. Receiving goods/services: Unauthorized goods/services received Expected receipt of goods/services did not occur, occurred late, or was duplicated unintentionally Wrong type of product or service received Wrong quantity/quality Wrong supplier

5 Assessment of Execution Risks: Acquisition Cycle Generic execution risks for each of the two acquisition cycle transactions: 2. Making payment: Unauthorized payment Cash not paid, paid late, or duplicate payment Wrong amount paid Wrong supplier paid

6 Assessment of Execution Risks: Revenue & Acquisition Cycles Understanding and assessing execution risks – 5 steps: Step 1. Achieve understanding of the processes Step 2. Identify the at-risk goods/services provided and cash received Step 3. Restate generic risk to describe the execution risk more precisely for process under study - exclude irrelevant/immaterial risks

7 Assessment of Execution Risks: Revenue & Acquisition Cycles Understanding and assessing execution risks – 5 steps: Step 4. Assess the significance of remaining risks Step 5. Identify factors that contribute to each significant risk – use events in the process to systematically identify factors What control activities could be implemented to mitigate the risks?

8 Assessment of Information Systems Risks 2 categories of information systems risks: Recording risks Updating risks

9 Assessment of Information Systems Risks The process of recording and updating information – both a risk and a control Risk - information will be recorded incorrectly, perhaps resulting in transaction errors and incorrect financial statements Control – when information is correct because recorded information is used to control transactions

10 Assessment of Information Systems Risks Recording risks: Risks that event information is not captured accurately in an organization’s information system Errors in recording can cause substantial losses Recording events late can cause opportunity losses In the acquisition cycle, recording errors can result in overpaying bills or loss of credit from failure to pay

11 Assessment of Information Systems Risks Recording risks: Revenue/acquisition cycles - generic recording risks Event recorded never occurred Event not recorded, recorded late, or duplication of recording Wrong product/service recorded Wrong quantity/price recorded Wrong external/internal agent recorded Wrong recording of other data

12 Assessment of Information Systems Risks Recording risks: Identifying recording risks – 3 steps Step 1. Achieve an understanding of the process under study - identify the events Step 2. Review events - identify where data are recorded in a source document or a transaction file

13 Assessment of Information Systems Risks Recording risks: Identifying recording risks – 3 steps Step 3. For each event where data are recorded in a source document or transaction record: Consider the preceding generic recording risks Restate each generic risk to describe the risk more precisely for the particular event under consideration Exclude any risks that are irrelevant or immaterial

14 Assessment of Information Systems Risks Updating risks: Risks that summary fields in master records are not properly updated Update failures can be costly Errors in updates can reduce the effectiveness of controls over the general ledger balances for assets and liabilities

15 Assessment of Information Systems Risks Updating risks: Generic risks Update of master record omitted or unintended duplication of update Update of master record occurred at the wrong time If updates are scheduled, users need to know and schedule needs to be followed Summary field updated by wrong amount Wrong master record updated

16 Assessment of Information Systems Risks Identifying pdating risks: 3 steps Step 1. Identify recording risks Step 2. Identify the events that include update activity and the summary fields in updated master files

17 Assessment of Information Systems Risks Identifying update risks: 3 steps Step 3. For each event in updated master file Consider the preceding generic update risks Restate each generic risk to describe the update risk more precisely for the particular event under consideration Exclude any update risks that are irrelevant or immaterial

18 Recording and Updating in the General Ledger System The General_Ledger File stores reference and summary data about the general ledger accounts. The process of updating a general ledger account is sometimes referred to as “posting.”

19 Recording and Updating in the General Ledger System Risks in recording and updating information in a general ledger system: Risks Wrong general ledger account recorded Wrong amounts debited/credited General ledger master record not updated at all, updated late, or updated twice Wrong general ledger master record updated

20 Recording and Updating in the General Ledger System Risks in recording and updating information in a general ledger system: Important to internal control: Policy for updating general ledger accounts should be well understood. Often, general ledger balances are updated after a batch of transactions, not with each transaction

21 Recording and Updating in the General Ledger System Risks in recording and updating information in a general ledger system: Important to internal control: Employees need to know: Under the batch process, general ledger account balances are temporarily out of date When updates are made

22 Recording and Updating in the General Ledger System Controlling risks: Identify significant risks of losses or errors Consider ways to control the risks Accountants, external auditors, or internal auditors evaluate existing controls and suggest additional controls where warranted

23 Control Activities The policies and procedures to address risks to achievement of the organization’s objectives Manual or automated May be implemented at various levels of the organization. 4 types of controls: Workflow controls Input controls General controls Performance reviews

24 Control Activities Workflow controls: Used to control a process as it moves from one event to the next Exploit linkages between events Focus on: Responsibilities for events Sequence of events Flow of information between events in a business process

25 Control Activities Workflow controls: Segregation of duties Use of information from prior events to control activities Required sequence of events Follow-up on events Sequence of prenumbered Recording of internal agent(s) accountable for an event in a process Limitation of access to assets and information Reconciliation of records with physical evidence of assets

26 Control Activities 1. Segregation of duties: Organizations make an effort to segregate: Authorization of events Execution of events Recording of event data Custody of resources associated with the event The overview activity diagram is best suited to understanding and documenting segregation of duties

27 Control Activities 2. Use of information about prior events: Information about prior events can come from documents or computer records. 2 examples of information from computer files: Checking summary data in master files to authorize events Transaction records may help control events - similar to using documents before approving an invoice

28 Control Activities 3. Required sequence of events: Often, organizations - Have policies requiring a process to follow a particular sequence Require a sequence of events without having prior recorded information to rely on

29 Control Activities 4. Follow-up on events: Organizations: Need automated or manual way to review transactions not yet concluded Should have “open” item or aging reports to identify events needing follow up Can design/use routine reports to flag unfinished business Can querying a database for status reports

30 Control Activities 5. Prenumbered documents: Provide an opportunity to control events Prenumbered documents created during one event are accounted for in a later event Checking the sequence of prenumbered documents helps ensure that all events are executed and recorded appropriately

31 Control Activities 6. Recording of internal agent(s) accountable for an event in a process: Important Clear job descriptions and specific instructions from supervisors Recording employee ID number at the time the event Safeguarding of assets through use of with serial numbers, recordkeeping, and identification of custodian of the assets

32 Control Activities 7. Limitation of access to assets and information: Safeguards Access to assets only for employees needing them for assigned duties Physical assets stored in secure locations Employees badges for access Alarms Password required for access to data

33 Control Activities 8. Reconciliation of records with physical evidence of assets: Ensures that recorded event and master file data correspond to actual assets Differs from the use of documents to control events – reconciliation: Is broader Usually involves data about multiple events Occurs after the events have been executed and recorded

34 Control Activities Input controls: Used to control input of data into computer systems Drop-down or look-up menus Record-checking of data entered Confirmation of data entered Referential integrity controls Format checks to limit data Validation rules to limit the data Defaults from data entered in prior sessions

35 Control Activities Input controls: Restriction against leaving a field blank Field established as a primary key Computer-generated values entered in records Batch control totals taken before data entry compared to printouts after data entry Review for errors before posting Exception reports

36 Control Activities General controls: Broader controls that apply to multiple processes Help workflow and input controls be effective Organized into four categories: Information systems (IS) planning Organizing the information technology (IT) function Identifying and developing IS solutions Implementing and operating accounting systems

37 Control Activities Performance reviews: Measure performance by comparing actual data with budgets, forecasts, or prior- period data Include analyzing data, identifying problems, and taking corrective action Ensure events support broader long-term goals Typically involve comparing actual results to plans, standards, and prior performance

38 Control Activities Performance reviews: Often result in taking corrective action Require an information system (AIS in particular) that records and stores information about standards and actual outcomes Requires reports that allow for meaningful analysis of actual results

39 Control Activities Performance reviews: And master records Related in two ways: Planned standards and budget figures (reference data) are typically recorded during file maintenance activities in master records Summary data stored in master records are often used to implement corrective action Summary fields in master records can also help in reviewing performance

40 KEYTERMS Application controls Control activities Control environment Execution risk General controls Information system risks Input controls

41 KEYTERMS Internal controls Performance reviews Recording risks Risk assessment Segregation of duties Update risks Workflow controls

Download ppt "Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES."

Similar presentations

Chapter 14 Audit of the Sales and Collection Cycle

Chapter 14 Audit of the Sales and Collection Cycle
Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 12-1.

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 12-1.
The Revenue Cycle: Sales to Cash Collections

The Revenue Cycle: Sales to Cash Collections
General Ledger and Reporting System

General Ledger and Reporting System
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Concepts.

Auditing Concepts.
CHAPTER 8 INTERNAL CONTROL AND CASH After studying this chapter, you should be able to: 1 Define internal control. 2 Identify the principles of internal.

CHAPTER 8 INTERNAL CONTROL AND CASH After studying this chapter, you should be able to: 1 Define internal control. 2 Identify the principles of internal.
Chapter 5 Expenditure Cycle Applications. Expenditure Documents i.Purchase Requisitions ii.Purchase Orders iii.Receiving Report iv.Voucher Systems v.Invoice.

Chapter 5 Expenditure Cycle Applications. Expenditure Documents i.Purchase Requisitions ii.Purchase Orders iii.Receiving Report iv.Voucher Systems v.Invoice.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES
Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.
Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.

Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.
Accounting Information Systems: A Business Process Approach Chapter Nine: The Acquisition Cycle - Purchasing and Receiving.

Accounting Information Systems: A Business Process Approach Chapter Nine: The Acquisition Cycle - Purchasing and Receiving.
Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.

Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
1 SYSTEMS INVESTIGATION Pertemuan 3 s.d 6 Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006.

1 SYSTEMS INVESTIGATION Pertemuan 3 s.d 6 Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006.
Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.

Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.
Chapter 11 Auditing the Purchasing Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 11 Auditing the Purchasing Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING

Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING
Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING.

Chapter 9 THE ACQUISITION CYCLE— PURCHASING AND RECEIVING.

Similar presentations

Ads by Google