RESUME CHAPTER 4

TRANSACTIONAL PROCESSING AND INTERNAL CONTROL

PROCESS

THE NECESSITY FOR CONTROL

Enterprise Risk Management (ERM): selecting the best opportunities and managing
uncertainties. ERM Contains 8 components:
1. Internal Environment: culture, atmosphere, and tone the organization.
2. Objective Setting: the way to consistents with their “appetite” for risk.
3. Event Identification: identifying internal and external event that affect the entity.
4. Risk Assessment: analyzing risk, the potential impact.
5. Risk Response: responding risk and identified events.
6. Control Activities: policies and procedures effect risk responses.
7. Information and Communication: flow infomation to support the other 7 components.
8. Monitoring
Control and Exposures: exposure consist of the potential financial effect of an event
multiplied by its probability occurance. Control tend to reduce exposures, but controls rarely
affect the causes of exposures.
Common exposure:
a. Excessive cost: reduce the profits and every exp is potentially excessive.
b. Deficient Revenue
c. Loss of asset: may be lost due to theft, act of violents or natural disasters.
d. Inaccurate accounting: may be cause of error
e. Business interruption: may result from excessive operating exposure.
f. Statutory Sanctions: include any penalties that arise from judicial or regulatory
authorities.
g. Competitive Disadvatages: inability to remain viable in the marketplace.
h. Fraud and Embezzlement: may be from outsider or insider. The other common exposure
may all result from fraud and embezzlement.
Fraud and White Collar Crime: occurs when assets are deceitfully diverted from proper use
or deceitfully from misrepresented by an act or series of act that are nonviolent in nature.White
collar crime may result in fraudulent financial reporting.
 Forensic Accounting: concerned with preventing and detecting of fraud and white collar
crime. Type activities: fraud examiner, fraud auditor, loss prevention proffesional.
 Seriousness of Fraud: type of fraud: misappropriation of funds, check forgery, credit
card fraud, false invoice, theft, AR manipulation, false financial statements, diversion
of service, phantom vendors, purchase of personal use diversion of sales, unnecessary
purchase, vandalism and sabotage.
Computer Processing and Exposure: ability to iincrease an organizations exposure, the
aspects like mechanical processing data, mechanical data storage.
Control Objectives and Transaction Cycles: common cycle of businnes actity are, revenue
cycle, expenditure cycle, production cycle, amd finance cycle. Management should develop
detailed control objectives for each transaction cycle.

THE COMPONENTS OF INTERNAL CONTROL PROCESS

The objectives of internal control: (1) reliability of financial reporting (2) effectiveness and
efficiency (3) compliance with applicable laws and regulations. External influences concerning
an entity and internal control: SEC, FASB, FCAB.
An entity internal control process depend on the context of size, organizational structure,
ownership characteristic, methods of transmitting, processing, maintaining and assessing
information. Internal control consists five elements:
1. Control Environment: setting the overall tone of organizations and influences the
control consciousness of the employee. Factors included in the control enviroment are
as follow:
a. Integrity and ethical value: ethical code to conduct that specify guidlines for
conducting business in an ethical manner.
b. Commitment to competence: ensuring the ability to carry out the control process.
c. Management philosophy and operating style: if management believes that controls
are important, than it will see to it that effective control policies and procedures are
implemented.
d. Organizational Structure: patterns of authority and responsibility that exist within
the organization.
e. Functions of the board of directors and its committees: stockholeders exercise
control over management through the functions of the board of directors and its
committees. The audit committee should be independent of an organization’s
management composed primarily of outside members of the board directors.Audit
committee should be charged with reviewing management’s reaction to public
accountants report on the organization’s internal control process.
f. Manner of assigning authority and responsibility: indicating from formal
organization chart, written documents.
g. Human resources policies and practices: qualifications established for each job
position in company should reflect the degree of responsibility associated with
position. Segregation duties depends to considerable extent on pricise and detailde
palnning of all procedures and carefull assignment.

2. Risk Assessment: identifying, analyzing and managing risks that effect the company’s
obbjectives. Identifying internal and exterbal changes related the entity.

3. Control Activities: policies and procedures established to help ensure that management
directive are carried out. The specific control activities are:
a. Segregation of Duties: reducing opportunities to allow any person to be in position
to both perpetrate and conceal errors or irregularities in the normal course of his or
her duties.
b. Adequate documents and records: helpin ensure proper recording of transactions
and events. Items should be prenumbered in sequential order to facilitate
accountability.
 c. Restricted access to assets: permitted only in accordance with management
authoritization.
d. Independent accountability checks and reviews of perfomance: the recorded
accountability for assets should be compared with the existing assets at reasonable
intervals and appropriate action taken with respect to any difference.
e. Information processing controls: ensuring proper authorization, accuracy and
completeness of individual transactions.

4. Information and Communication: consists methods and record established to identify,

assemble, analyze, classify, record and report the organization. Information system also
designed and installed to produce management control and operational information.
- Documentation of the accountings system, used to report transaction.
- Double emtry system of accounting, should reliable record data. Audit trail make
the auditor more confident that AIS and related financial statements are reliable and
accurate.
- Communication: reguiring oral communication, adequate procedure manuals,
policy manuals, and other type documentations.

5. Monitoring: assessing the quality of internal control over time and taking corrective
actions when necessary to ensure the control remain effective. Guidance of monitoring
internal control systems:
- Establish foudation for monitoring
- Design and excute monitoring procedures that are based on risk
- Assess and report the results.

TRANSACTION PROCESSING CONTROL, are procedures designed to ensure the elements

of an organizations internal control process are implemented in the spesific applications system
contained within each of an organization transaction cycle.
General Control, comprise the following:
- The plan of data processing organization
- General operating procedures
- Equipment control features
- Equipment and data acsess control
Application Controls are specific to individual applications. Application control are
categorized into input, processing and output controls.
Preventative, Detective, and Corrective Controls:
- Preventative act to prevent errors and fraud before they happen
- Detective act to uncover errors and fraud after they have occured
- Corrective act to correct errors.
ANALYSIS OF INTERNAL CONTROL PROCESS, requiring an understanding of the
process both as it is designed and as it actually operates.
The internal questionnare is a common analytic techniques used in internal control analysis.
Analytic flowchart might be used in internal control analysi, particularly if the analysis
involves a computer system application. A matrix can be used systematically evaluate an
analysis or the other type of flowchart by listing sequence of operations.
Internal Control and Compliance in Small Business and Small Public Companies
The small business has no independent IT or internal audit department, and in many cases is
run by managers with no accounting educations or financial expertise. Further, the small
member of employee typically makes traditional segregation of duties. The COSO give
suggestion to small business in cases:
a. Leadership Involvement: a leader can actively oversee and be involved in all operations
and the financial reporting process.
b. Effective Board of Directors
c. Limited Segregation of Duties and Increased Focus on Monitoring: this can be
accomplished by management’s focusing more observing employee, reviewing reports,
investigating unsual transaction and so on.
d. Compensating for Limitation in Information Technology.