AIS CONTROL ISSUES - REVENUE CYCLE

Process
Receive
customer
order

Critical Issue and potential consequences

Incomplete or inaccurate customer orders Inefficiency/
Integrity control issue
During sales order entry, important data about the order could
be missing or inaccurate due to errors of manual recording.
Not only does this create inefficiencies due to the need to call
back the customer and reenter the order in the system but it
also may negatively affect customer perceptions and thereby
adversely affect future sales.

Unauthorised disclosure of sensitive information

Credit
assessment

Picking,
Packing and
Delivery

Credit officer have to phone sales officers to inform them

of credit approval decisions - Inefficiency
Since credit officer have to phone sales officers to inform
them of credit approval decisions, substantial amount of time
might be wasted. If credit officer cannot reach out to sales
officers on time, sales officers may not be able to provide
updated information to customers diligently. This efficiency
issue would affect the customer satisfaction.
Credit sales to customers with poor credit control issue
Sales manager can give approval for credit sales to customers
with poor credit in order to boost sales and thus qualify for
bonus./ There is no proper guideline for credit assessment. AR
clerks approval of credit sales is based on personal judgment,
which could be subjective and inaccurate. In doing so, sales
could later turn out to be uncollectible, which is detrimental to
companys income.
No proper inventory check Theft of inventory - Security
control risks

Recommendations
[Preventive/ Detective] The solution could be to implement ERP and centralized database that includes
limit/range check/reasonableness check for sales department. For example, the limit/range check would
ensure orders fall within a certain range which are set based on the sales orders from previous transactions
with the customer. Similarly, reasonableness check is helpful in notifying any unusual quantity
corresponding to the specific product. (eg 100 vs 1000). In addition, completeness check can ensure that all
required data are entered.
[Detective] Closed-loop Verification to check the accuracy of input data by using it to retrieve and display
other related information. E.g. On the sales order document, there will be the customer details such as the
customer name where the credit officer can simply click on the link to retrieve and display the record of the
customers past transaction which can then be used to evaluate and verify the existing customers current
creditworthiness
[Preventive] ERP and centralized database with access control which restrict the access to master data and
review all changes of data. This is to prevent internal unauthorized access.
[Preventive] Use encryption, which is the process of changing information in such a way as to make it
unreadable by anyone except those possessing special knowledge (usually referred to as a "key") that allows
them to change the information back to its original, readable form. This allows the company to securely
protect sensitive data even if the computer is stolen.
With an ERP and centralized database, credit officer can update the credit approval decision while the sales
officer can have access to it and start the preparation simultaneously.

1. [Detective] Automated controls such as limit checks based on certain guidelines on credit management
could be integrated in the ERP and centralized database to ensure objectiveness of credit assessment.
2. [Preventive] Segregation of duties
The credit manager, who sets credit policies and approves the extension of credit to new customers and
raising of credit limits for existing customers, is independent of the marketing and sales function. With an
ERP and centralized database, sale order entry clerks should be granted read-only access to information
about individual customer credit limits.
1. [Preventive] RFID technology to track the goods movement as it moves through the warehouse. The goods
movement data is then updated to the central database about the inventory. This allows perpetual inventory
control and prevents misappropriation of inventory. Restrict physical access to inventory; documentation of

Storage of goods in the warehouse department without any

proper inventory check poses security control risks. There is
likelihood that warehouse staff or delivery man could commit
theft of inventory.

Billing and
AR

Cash
collections

Shipping errors
Shipping the wrong items or quantities of merchandise and
shipping to wrong location are serious errors because they can
significantly reduce customer satisfaction and thus future
sales. They may also result in loss of assets if customers do
not pay for goods erroneously shipped.
AR clerk generate invoice and also updates the customers
AR file - Integrity control risks

all internal transfers of inventory; periodic physical counts of inventory and reconciliation of counts with
recorded amounts.
2. [Preventive] - Have the carrier to sign a document indicating the items that have been taken in for delivery
each day - can prevent fraud during delivery
3. [Preventive] Segregation of duties
Employees who are responsible for controlling the physical access to inventory should not be able to adjust
inventory records without review and approval. Neither the employees responsible for custody of inventory
nor those authorized to adjust inventory records should be responsible for the receiving or shipping function.
[Preventive/ detective] The use of bar-code scanners and RFID technology to record the picking and shipping
of inventory as it moves through the warehouse could enables detecting and then correcting any mistakes
before the merchandise leaves the premises by comparing the shipment data with the sales order. Only after
the system has verified that the shipment is correct should the packing slip and bill of lading be printed.

Through the ERP and centralized database, the available information of sales order can automatically be used
to generate invoices. Thus reducing the risk of fraudulent behaviors by the AR clerk.

There is no segregation of duties of cash handling function [Preventive] - Proper segregation of duties. Separate person (another AR clerk) to generate invoice and
with billing function as AR clerk generate invoice and also
update customers AR file such that AR clerk will not be able to easily write-off his friends accounts
updates the customers AR file. This poses an integrity control [Corrective] - Regular reconciliation: After the segregation of duties, regular reconciliation of bank
risks when AR clerk may update friends invoice as being
statements and account receivables should be done by another person independent from cash handling and
written off and do not collect payment from his friends.
billing functions. Any discrepancies must be reported to the managers and proper investigation should be
carried out.
Failure to bill customers no segregation of duty
1. [Preventive] Segregation of duties
An employee performing both shipping and billing functions
Billing functions should be performed by a person independent of shipping function.
could ship merchandise to his friend without billing them.
2. [Corrective] Reconciliation
This results in loss of assets and erroneous data about sales,
Sales order, picking tickets, packing slips, and sales invoices should be sequentially numbered and then
inventory and accounts receivable.
periodically accounted for. Any sales order or packing slips that cannot be matched to a sales invoice
represent shipments that have not been billed and corrective action should be taken.
Billing errors
[Preventive] Through the ERP and centralized database, pricing mistakes can be avoided by having the
Billing errors, such as pricing mistakes and billing customers
computer retrieve the appropriate data from the inventory master file.
for items not shipped or on back order, represents another
[Detective] Mistakes involving quantities shipped can be detected by reconciling the quantities listed on the
control issue. Overbilling can result in customer
packing slips with those on the sales order.
dissatisfaction and under billing results in loss of assets.
Theft of cash
1. [Preventive]Minimise the handling of cash and checks within the organization through a bank lockbox
There is no segregation of duties for those pairs:
arrangement or the use of electronic fund transfers for customer payments.
Handling cash or checks and posting remittance to customer
2. [Preventive] Segregating the recording and custody functions as follows provides addition control: Only
accounts: a person performing both of these duties could
the remittance data should be sent to accounts receivable department, with customer payments being sent to
commit the special type of embezzlement called lapping
the cashier. Such an arrangement establishes two mutually independent control checks. First, the total credits

Handling cash or checks and authorising credit memos: a

person performing both of these duties could conceal theft of
cash by creating a credit memo equal to the amount stolen.
Issuing credit memos and maintaining customer accounts: a
person performing both of these duties could write off as
uncollectible amounts owed by friends

to accounts receivable recorded by the accounting department should equal the total debit to cash
representing the amount deposited by cashier. Second, the copy of the remittance that is sent to the internal
audit department cann be compared with the validated deposit slips and bank statements to verify that all
checks the organization received were deposited. Finally, the monthly statements mailed to customers
provide another layer of control, because customer would notice the failure to properly credit their accounts
for payments remitted.
The person who reconciles the bank statement should be independent of all other activities involved in
handling or recording the receipt of cash. This separation of duties provides an independent check on the
cashier and prevents manipulation of the bank statement to conceal the theft of cash

AIS CONTROL ISSUES - EXPENDITURE CYCLE

Process
Order goods

Critical Issue and potential consequences

Preventing stockouts and/or excess inventory
Stockouts result in lost sales while inventory incurs higher than
necessary carrying costs.

Ordering unnecessary items

There is no system to check the validity of purchase decisions
that individual employees initiate.
Multiple purchases of the same items by different units of the
organization due to lack of integration about information system
Purchasing goods at inflated prices
There is no procedure to check the validity of the purchasing
costs. Managers can decided to purchase goods at inflated prices
to obtain commissions or other incentives, thus causing loss to
company.
Purchasing goods of inferior quality/ from unauthorized
suppliers

In their quest to obtain the lowest possible prices, managers can

decide to purchase goods of inferior quality.

This could severely affect the quality of goods and services.

Substandard products can result in costly production delays or
additional production costs for rework and scrap. Thus, this
would likely damage companys reputation and customer

Recommendations
1. [Preventive] Technology for perpetual inventory record
Bar-code technology can improve the accuracy and efficiency of the perpetual inventory records so that
information about inventory stocks is always current.
Affixing RFID tags to individual products to track the movement of inventory and allow instant update on
inventory stocks on the centralized database
2. [Preventive] Selection of suppliers: should select suppliers that are known to meet their delivery
commitments diligently.
[Preventive] The solution could be to implement ERP and centralized database that integrate purchase
orders by different units of the organization. This accurate perpetual inventory record could allow different
units to get access to updated information about inventory stocks before requesting for purchase. Moreover,
through the centralized database, supervisor can review and approve purchase requisitions based on valid
reasons.
1. Preventive: Several procedures could be implemented for procurement process:
Price lists for frequently purchased items should be stored in the computer and consulted when ordering.
Competitive, written bids should be solicited for high-cost and specialized products.
2. Corrective: Purchases should be charged to an account that is the responsibility of the person or
department approving the requisition. To facilitate control of budgets, managers are required to generate
reports highlighting any significant deviation from budgeted amount for further investigations.
1. Preventive: Several procedures could be implemented for procurement process:
Establishing lists of approved suppliers known to provide goods of acceptable quality should e stored in the
computer and consulted when ordering.
Competitive, written bids should be solicited on the basis of both cost and quality.
Supplier performance data should be collected and periodically reviewed to maintain the accuracy of these
approved lists.
2. Corrective: Purchasing managers should be held liable for the total cost of purchases, which includes
not only the purchase price but also the quality-related costs of rework and scrap.

satisfaction.
Kickbacks
Kickbacks are gifts from suppliers to purchasing agents for the
purpose of influencing their choice of suppliers. In order to
recover the money spent on the bribe, suppliers can inflate price
of subsequent purchases or substitute goods of inferior quality.

[Preventive] Companies should prohibit purchasing agents from accepting any gifts from potential or
existing suppliers. Purchasing agents should be required to sign annual conflict of interest statements,
disclosing any financial interests they may have in current or potential suppliers.
In order to prevent purchasing agents from dealing with the same suppliers infinitely, job rotation should be
implemented. Alternatively, company could conduct a detailed audit of the purchasing agents activities.

Process
Receive
and
store
goods

Approv
e
and
pay
vendor
invoices

Critical Issue and potential consequences

Accepting unordered goods
Accepting delivery of unordered goods results in
additional costs associated with unloading,
storing and later returning those items.
Making errors in counting goods received
Errors in counting goods received results in
inaccurate perpetual inventory records. Moreover,
such errors could be misleading in determining
the amount that company pays for the goods
actually received.

Recommendations
[Preventive] Company should allow the receiving department to have access to the open purchase orders file. In doing so,
company could instruct the receiving department to accept only deliveries for which there is an approved copy of purchase
order.

1. Technology for perpetual inventory record [preventive]

Bar-code technology can improve the accuracy and efficiency of receiving counts.
Affixing RFID tags to individual products to track the movement of inventory and allow instant update on inventory stocks on
the centralized database
2. [Preventive] Responsibility of receiving clerks:
Receiving clerks are required not only to record the quantity received but also to sign the receiving report or to enter their
employee ID numbers in the system. Such procedures indicate an assumption of responsibility, thus results in careless/ reckless
behaviour / more diligent work.
3. [Corrective] Responsibility of receiving deparment:
Require the inventory control function to count the items transferred from receiving and then hold that department responsible
for any subsequent shortages.
Theft of inventory
1. [Preventive/ Detective] All transfers of inventory within the company should be properly documented.
Theft of inventory results in additional costs to For example, both the receiving department and the inventory department should acknowledge the transfer of goods from the
compensate for the shortages of inventory and receiving dock into inventory. Similarly, both the inventory stores and the production department should acknowledge the
possible delays in production. Moreover, it release of inventory into production. This documentation provides the necessary information for establishing responsibility for
indicates a lack of integrity, which affect any shortages, therefore encouraging employees to take special care to record all inventory movements accurately.
employees morale
2. [Preventive] Segregation of duties
Employees who are responsible for controlling the physical access to inventory should not be able to adjust inventory records
without review and approval. Neither the employees responsible for custody of inventory nor those authorized to adjust
inventory records should be responsible for the receiving or shipping function.
Failing to catch errors in vendor invoices
[Preventive] AP clerks are required not only to check information on invoices before records and payments
Vendor invoices may contain errors such as discrepancies between but also to enter their employee ID numbers in the system upon approval of vendor invoices. Such
quoted and actual prices charged or miscalculations of the total procedures indicate an assumption of responsibility, thus results in more diligent work
amount due. This could lead to wrong calculation of payment from
the company.
Paying for goods not received/ paying the same 1. [Detective/ Corrective] Review and reconciling periodically by a person from different functions
invoice twice/ Record and posting errors in AP 2. [Detective] ERP + Centralised database to minimize human error: reasonable check
Misappropriatin
1. [Preventive] Segregation of duties:
g cash, checks or The accounts payable function should authorize payment, including the assembling of a voucher package. However, only the treasurer or cashier should sign
EFTs
checks for normal transaction.
Checks in excess of a certain amount should require two signatures to provide another independent review of the material expenditure. Access to the approved
supplier list should be restricted and any changes to that list should be carefully reviewed and approved.
In addition, internal auditors should periodically review the supplier master file to ensure that there are no duplicate entries for suppliers.
Reconciliation of bank accounts should be done by someone who did not participate in processing either cash collections or disbursements. This provides an
independent check on accuracy and prevents someone from misappropriating cash and then concealing the theft by adjusting the bank statement.

2. [For electronic funds transfer] Strict access controls over all outgoing EFTs should be followed all the times. Passwords and userID should be used to
specifically identify and monitor each employee authorized to initiate EFTs.
EFT transaction above a certain threshold should require real time supervisory approval and there should be limits on the total dollar amount of transactions
allowed per day per individual.