Summary Internal Control & Accounting

Information Systems
Chapter 1 Organizations and Their Systems

1.1 The Definitions of Information and AIS

❖ Information is all the processed data that contributes to the recipient’s understanding of
applicable parts of reality. Information provision is not a goal as such, but serves three purposes:
1. Delegation and accountability 3. The operation of the business
2. Decision making

In turn information and communication

technology (IT) consists of all the electronic
media used to collect, store and process data, to
produce information and to support or enable
communication

❖ Accounting Information System (AIS) studies the structuring and operation of planning and
control processes which are aimed at:
- Providing information for decision making and accountability to internal and external
stakeholders that complies with specified quality criteria
- Providing the right conditions for sound decision making
- Ensuring that no assets illegitimately exit the organization

The quality of the IT infrastructure

Apart from providing high quality information, the quality of an IT system is also dependent on:
Maintainability The degree to which information systems can be tested, renewed and changed
Transferability The degree to which the IT can be transferred from one environment to another
Efficiency The degree to which the costs of the investments are in control
Availability The IT must be at the intended user’s disposal on time and at the right place
Confidentiality Only authorized persons are allowed to have access to specific parts of the IT
Authenticity The senders and receivers of information within the IT are who they claim to be
Compliance The IT infrastructure must fall within rules and regulations of the firm and the law

Governance and control are related to AIS:

- Control consists of all those organizational activities that are aimed at having organization
members cooperate to reach the organization’s goals
- Governance is the process of keeping an organization on track towards legitimized goals

When looking at the study of IT one can say that the information systems such as AIS looks at
information communication from the supply side, while management accounting looks from a
demand point of view
1.2 Integral Control Framework

Within the integral control framework three alignment problems can be recognized:
1. Informational alignment, is the situation in which the business and the IT domain are aligned
to realize strategic advantages from IT
2. Operational alignment, in which the formulated strategy is implemented for operational
excellence. Thus if something is said to be done, it will indeed be done
3. Organizational control, in which a framework is developed that serves as the standard or
norm for the solution of problems stemming from informational and operational alignment
Chapter 2 Internal Control

2.1 Internal Control and COSO

❖ Internal control (IC) is a process, effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance
▪ COSO Report was prepared in order to have management report on the effectiveness of its
internal controls, as well as to create a consensus about what IC actually is

The COSO framework, as shown on the right, consists of three

dimensions. The objectives and components are discussed in depth
1. The three objectives of internal control
2. The five components of internal control
3. The four levels organizational structure

The five components of internal control:

1. Control environment is the organization’s culture with respect to the importance of IC and thus
focuses on the firm’s awareness and acceptance of IC by using ethics, integrity and commitment
2. Risk assessment is focused on establishing such measures that the residual risk (not avoidable
risk) is reduced to an acceptable level. This is done using enterprise risk management
3. Control activities fall within three main categories being preventive, detective and corrective
controls. Detective and corrective tend to be used together in order to solve existing problems
4. Information and communication are necessary to facilitate control, but are also subjected to
control systems
5. Monitoring assesses the quality of IC systems over time by looking at ongoing activities as well as
using separate evaluations at certain moments in time

Enterprise risk management

Enterprise Risk Management (ERM) is developed to identify and manage potential risky events in order for them
to fall within the firm’s risk appetite. This is done using the eight components shown within the model below

A manager can decide to either accept a control problem or

to implement control measures. This depends on whether
the benefits of the measures outweigh the costs. One tool
to find out whether this is the case is a risk map as shown on
the right to see whether a risky event falls within the risk
appetite of the manager

The dimensions of the COSO framework are furthermore subdivided into the seventeen fundamental
principles of internal control. These principles are listed in the COSO executive summary
▪ Corporate governance (CG) is aimed at securing the continuity of organizations by maintaining
good relations with stakeholders by dealing with issues such as control, decision-making power,
responsibility, oversight, integrity and accountability

The Sarbanes-Oxley Act 2002 came to improve corporate governance and IC after several corporate
scandals which were blamed on bad CG. The act introduced CEO and CFO responsibility for
misstatements in the financial statements and IC and introduced the internal control audit. Finally,
the act stated that the internal control system should follow certain frameworks such as COSO

2.2 The Cornerstones of Internal Control

If the theory of internal control were to be developed then four concepts should be implemented:

1. The steering paradigm

An organization can be considered a
controlled system, which is controlled by its
management. Management needs information
which comes either from the information
system or from the environment. This process
is referred to as the steering paradigm

- Feedforward mechanism tries to prevent undesirable events from occurring

- Feedback mechanism tries to transform undesirable outcomes into desirable outcomes

2. The management cycle

The management cycle indicates the steps of the
activities management undertakes. The cycle contains
five steps as shown on the left. A variation of this cycle
is the PCDA cycle which means Plan, Do, Check and Act

Two rules of effective planning exist:

1. Planning quality improves if the object is closer to the planner
2. As the future event draws nearer, information becomes more reliable

3. The basic pattern of information provision

In general each process of information provision has
the same structure and consists of three parts being
input, processing (using procedures and existing data
collections) and output
4. The value cycle
The value cycle is a model that helps to
describe the relationship between
positions and events in organizations.
These relations follow the BIDE formula:

Beginning balance + Increase – Decrease =

Ending Balance

The value cycle above also shows that a separation of duties is necessary to avoid an individual
misusing his position. Five duties exist that need to be separated from each other:
- Authorization - Recording - Execution
- Custody - Checking

Classification of Internal Controls (Page 49-55)

Detailed and total checks Policy control Progress control
Direct and indirect checks Standards control Efficiency control
Formal and material checks Expectations control Execution control
Negative and positive checks Authority control Custody control
Chapter 3 Bridging the Gap Between IC and MC

3.1 The Framework of Management Control

❖ Management control bridges the gap between strategic planning and task control. It also ensures
the efficient and effective use of resources. Three frameworks of management control exist:

1. The Framework of Ouchi

Ouchi focused on three separate forms
of control, being the perfect market,
mechanisms to avoid agency costs and
clan control. Since these situations are
not as perfect as described in theory,
they are combined to supplement each
other’s weaknesses

2. The Framework of Merchant

Merchant looked at the complete process within

a firm and separated controls, based on the three
different stages: Input, process and output, which
were all affected by the culture of the company

3. The Framework of Simons

Simons developed a framework for management control
that allows for innovation. It rather tries to align the
beliefs of people and give them a playground with
boundaries, instead of merely restricting and monitoring
the employees. The four levers of management control
are summarized in the figure on the right

4. Main Framework for IC&AIS

The frameworks of Ouchi and Merchant
can be combined into one general
framework for management control as
shown on the right. It combines the
steps of Merchant and incorporates the
outside effects of Ochi

Soft vs. Hard controls:

The cultural controls and the framework of
Simons are grouped as soft controls, while
the input, process, output, market and
bureaucratic controls are hard controls
There are four other ways of avoiding management control problems:
1. Activity elimination by turning potential profits and risks of a certain activity over to a third party
2. Automation is done by deploying computerized systems and by eliminating manual tasks. This in
turn decreases the chance of human errors
3. Centralization means that the decisions within a company are made from a central point within
the organization, usually being top management
4. Risk sharing where activities are only partially eliminated and the firm incurs less risk

3.2 Bridging the Gap

The figure below explains the ling between management control and internal control, as well as the
differences between both controls
Chapter 4 The Dynamics of Control and IT

4.1 The Information Sys tem and its Components

❖ Information is all the processed data that contributes to the recipient’s understanding of
applicable parts of reality
▪ Communication is the process of sending and receiving data or information
Information and communication technology
(IT) is all the electronic media used to
collect, store and process data, to produce
information and to support or enable
communication.
The general components of an information
system are shown on the right. The arrows
indicate the communication of information
or data through the information system

4.2 Information System Development and IT Applications

Two approaches towards the development of an information system are discussed in this chapter:
1. Systems Development Life Cycle (SDLC) is a stepwise
approach, shown on the right, that focuses on a thorough
planning, before the system is developed and implemented.
The process follows a set number of steps, but one can
always go back one step

2. Prototyping is an approach, shown on the

left, that develops a simplified working model of
an information system or a part of an
information system in order to enable user
testing

IT Applications
Enterprise Resource Is a means for a company to streamline traditionally separate operations into one
Planning (ERP) system, resulting in more efficient processes
Data bases and data Is a place where all data of a firm is stored. It avoids data redundancy and is focused
warehouses on its appearance towards the users
Groupware Is communication software that enables more efficient communication within and
between organizations
Executive Information Allows end-users at the tactical and strategic managerial level to produce the
Systems (EIS) information they themselves find necessary
Decision Support Computerized information systems aimed at assisting and improving human
Systems (DDS) decision-making
Expert systems Replace human decision-making by presenting proposed decisions to their users
Neural networks Are expert systems that are capable of learning, thus being artificial intelligence (AI)
Several examples of IT-enabled innovations are:
- e-business - Business intelligence
- Business process re-engineering - Business process management
- Customer relationship management - Shared service centers and outsourcing

IT-enabled innovations and internal control

The innovations listed above change the way internal controls work within the company. On the one hand,
controls become obsolete due to automated processes or the absence of inventory. On the other hand, new
controls are necessary due to process re-engineering or outsourcing

The book provides examples of such changes of BPR, ERP, e-business and shared service centers on page 111
– 117

4.3 Information Security

There are four categories of threats in the

realm of information security, which are
shown in the figure on the right

These categories are subjected to different

forms of threats, which in turn, can be
avoided through different methods as shown
in table 4.2 on page 104

Methods for information security

Encryption Physical security Confirmations
Event logging Fallback systems Priority and preemption
Access control Data recovery Authentication & digital signatures
Routeing control Data and time stamps Message authentication codes (MAC)
*Each of these methods are discussed more in depth on page 105 - 109
Chapter 5 Documenting and Evaluating Internal Control Systems

5.1 Narratives and Graphic Documentation

❖ Narrative description is an analytical description of an internal control system. It describes the

flow of documents as well as a number of internal control measures within an organization
▪ Systematic narrative provides the same information as in a narrative description (text form),
but is formatted in a step-by-step form within a table

Graphic documentation is usually used in combination with narrative descriptions and represent the
same information in a more visually appealing way. Two types exist:

1. Data Flow Diagrams (DFD)

Data flow diagrams are graphical representations of
information systems, consisting of four components
as shown in the figure on the right
Three types of Data flow diagrams exist:
1. Context diagram is a diagram with the least level of detail which combines organizational
units and data-processing activities into processes and positions those processes vis-à-vis
the sources and destinations for the data
2. Logical DFD reflects the activities and content of the information flows in a certain process
3. Physical DFD shows the departments or employees that perform those activities and the
data carriers that are used to record and transfer the data between two departments
Therefore, when looking at the integral control framework, the logical DFD is part of the information
and communication domain and the physical DFD is part of the IT domain

2. Systems Flowcharts
A systems flowchart is a chart that
incorporates the business,
information and communication
and IT domains and thus helps to
create a comprehensive picture of
not only the data flows, but also
the actual operations of a process

The symbols used within system

flowcharts are shown in the figure
on the right

Graphic documentation of the internal control systems are furthermore complemented by a listing of
the internal controls that are applicable (present or absent) to the process being documented. This is
called the controls checklist. The checklist distinguishes five categories:
1. Segregation of duties between departments 4. Process controls and procedures
2. Independent recording of transactions 5. Technology-related controls
3. Independent reconciliations by the controller
 5.2 Normative IC Descriptions and the Internal Control Manual

Providing a normative internal control description means that one describes the internal control
system as it should be from a theoretical control perspective. This requires five steps:
1. Determine the typology of the organization and the inherent risks for that typology
2. Identify the specific risks for the organization
3. Discuss the administrative and organizational conditions that the organization should meet in
order for the internal controls to be effective. These include:
- Computer security - Budgets and budgeting procedures
- Segregation of duties - Guidelines issued by management
4. Describe the internal controls as discussed in the book, as they apply to the organization
5. Discuss the data that need to be recorded to meet the management’s information requirements

Internal Control Manual

The internal control manual is one final approach to provide a systematic description of the organization as it is
and the internal control system as it should be. The manual should be considered as the final step in setting up or
improving the internal control system
Such manual consists of several components:
- Introduction including the purpose, structure and audience of the manual
- A description of the organization, including its structure, strategy, culture and IS
- Risks for the organization with respect to information provision
- An assessment for the likelihood and impact of certain risks
- A description of the internal control process including administrative procedures, controls to be
performed, data flows and data collections and involved departments
- The information that is to be available for decision making, accountability and functioning of the
organization
Chapter 6 Organizational Processes

Within a typical organization one can find several processes, which in turn fall within two broad
categories:
Primary Processes
Primary organizational processes are the main processes of an organization. Without such processes
an organization should not exist as these processes provide the revenue for an organization. The
following processes in a firm can be considered primary:
- Purchasing Chapter 7
- Inventory Chapter 8
- Production Chapter 9
- Sales Chapter 10

Each of these primary processes consist of several steps which are discussed in their respective
chapters as shown above

Secondary Processes
Secondary organizational processes support the primary processes and thus do not directly produce
revenue. Still they are necessary for the firm to function properly. The secondary processes include:
- Human resources management
- Investment in fixed assets
- Cash management
- Accounting and general ledger

Like the primary processes, each of the secondary processes consists of a number of steps that, in
combination with the appropriate controls, should lead to the effective and efficient functioning of
that process. These steps are discussed in chapter 11

The relationship between the various primary and secondary processes are can be illustrated within
the value cycle as is shown in the picture below
 Chapter 7 The Purchasing Process

7.1 Risks, Exposures and Internal Controls

The risks that can occur within the purchasing process and the respective internal controls are
summarized within the table below:
Risk Exposure Internal Controls
Influenced purchasing Cost of goods sold - Adequate screening and rewarding of purchasing clerks
clerks by means of too high in relation - Code of conduct prohibiting acceptance of gifts from vendors
forms of inducement to quality of the - Use of tender procedure
from vendors goods or services - Detailed sample-based checks of purchase prices by controller
- Analytical review of purchase prices
Purchasing too much Inventory costs are - Automation of purchases not by the requisitioning department
too high - Proper perceptual inventory records
Purchase goods at Purchase costs are - Use of a tender procedure
inflated prices too high - Comparison of purchase price with list before purchase
- Rewarding purchasing clerks based on purchase result
Purchase goods of Dissatisfied - Purchase from previously screened vendors
inferior quality customers or - Periodic price and quality assessment of vendors
production delays
Purchasing too little Dissatisfied - Periodic assessment of vendors on delivery terms
customers or - Proper perceptual inventory records
production delays
Not taking advantage of Purchase costs are - Automated procedure which makes the invoices payable when
purchase discounts too high due
Payment for goods that Loss of money - Reconciling invoices with goods received by controller or head
have not been received of accounting department

7.2 The Stages in the Purchasing Process

The purchasing process consists of five stages as shown in the figure below. Each of these steps
contain their own decision-making problems

1.0 Purchase requisitions

This step needs to determine when to re-order inventory, how much to reorder and for what price.
This depends on production planning or pre-calculations of sales prices. Information about the re=-
order point can come from three sources:
- The warehouse clerk - The purchasing clerk
- The inventory records

2.0 Purchase Orders

After the purchasing department has received the purchase requisitions, they process these bb
following:
1. Verifying which vendors can deliver the goods 3. Selecting the vendor(s)
2. Examining the vendor’s delivery terms 4. Preparing and sending a purchase order
3.0 Receipt of goods
Receipt of goods should confirm that the vendor has delivered what the purchasing department has
ordered. The receiving department needs to establish:
- The validity of the goods that are received
- The completeness of the execution of the order by the vendor
- The correctness of the time of delivery against the delivery terms

4.0 Validation of Invoices

The accounts payable department needs to establish the validity of the vendor invoices. To properly
validate these invoices, the accounts payable department requires the purchase order, the receiving
report and the invoice itself. The process of invoice validation is shown on page 159

5.0 Payment of vendor invoices

Only those invoices where it is certain that the amount is correct should be made payable. This
payment should then be performed by someone of the cash disbursement department. It is crucial
that the correct amount is paid on the correct date. Early and late payments would both result in
problems

The logical data flow diagram of the whole purchasing process is shown on page 161
 Chapter 8 The Inventory Process

8.1 Risks, Exposures and Internal Controls

The risks that can occur within the inventory process and the respective internal controls are
summarized within the table below:
Risk Exposure Internal Controls
Theft of goods Loss of assets - Closed warehouse accessible only to warehouse employees
- Discharge of all goods releases and receipts
- All releases and receipts are recorded in the inventory records
- Periodic inventory counts
Write-down, Loss if inventory - Periodic overviews of goods that have not been released over a certain
obsolescence or value period of time
quality decrease of - Periodic comparison of book and market value of goods
goods - Periodic inventory counts to assess quality decrease
- Storing goods in appropriate warehouses
- Rejection of goods by controller or head of accounting department
Receipt of goods of Loss of inventory - Quality checks of all received goods by warehouse manager or a
inferior quality value separate quality inspector
Recording goods as Loss of inventory - Segregation of duties between purchasing and warehouse departments
being cheaper or of value and unreliable - Automatic updates of inventory records based on authorized purchases
lower quality than inventory records
actually received
Delaying the Loss of inventory - Automatic updates of inventory records based on authorized purchases
recording of goods value and no or and sales
receipts (lapping) insufficient - Segregation of duties between the purchasing, sales and warehouse
knowledge of actual departments
inventory levels - Surprise inventory counts
Inventory records Inventory shortages - Automatic updates of inventory records based on authorized purchases
are not up-to-date or surpluses - Programmed input controls in updating inventory records

8.2 The Stages in the Inventory Process

The inventory process consists of five stages as shown in the figure below. Each of these steps
contain their own decision-making problems

1.0 Receiving goods

On receiving the goods the manager needs to verify whether the number and type of goods are
correct and should enter it into the system. The inventory records are subsequently updated

2.0 Recording of goods

The inventory records are necessary to check whether inventory is actually present, to control
inventory and to monitor inventory control. One needs to be aware of the type of inventory used:

Inventory records should:

- Record inventory quantities and values - Identify obsolete products
- Indicate re-order points - Identify excessive inventory amounts
3.0 Storage
A warehouse needs to meet two requirements:
1. Goods need to be stored in the best way possible and should thus be treated by
knowledgeable employees and be kept in the most appropriate state
2. Goods cannot be retrieved from the warehouse without authorization

Due to these requirements goods need to be stored in an enclosed space which cannot be entered
by unauthorized personnel, goods should only be released in exchange for proper documents and
the warehouse manager should have access to inventory-related information

Goods of low value should not be kept in an enclosed warehouse since it may not be worthwhile to
do so

4.0 Release of goods

Goods cannot be released from the warehouse without proper authorization. The warehouse
manager does not have such authorization. He can only release the goods when receiving a proper
picking ticket

5.0 Inventory counts

Inventory counts complete the internal controls in the inventory process. When doing this the
existence and value of the goods should be established. The following formula should thus be
checked:

Since an inventory can be distinguished by product, partial inventory counts can be performed, based
on samples

There is no logical data flow diagram for this process, as it is incorporated in the other DFDs
 Chapter 9 The Production Process

9.1 Risks, Exposures and Internal Controls

The risks that can occur within the production process and the respective internal controls are
summarized within the table below:
Risk Exposure Internal Controls
Inefficient High production costs - Segregation of duties between the operations office, the production
production department and the accounting department
- Documentation of actual input usage and actual production output
- Tight and detailed product and production standards
- Performance of pre- and post-calculations to determine efficiency
Insufficiently Flawed decision-making - Segregation of duties between the product design department and
reliable with respect to production the operations office
production targets and production - Management guidelines with respect to product standard setting
standards efficiency and quality checks on product development
- Technical post-calculation in order to optimize product standards
Unauthorized Incurring costs for products - Authorization of production orders not by production department
production for which there is no but by sales or warehouse
demand - Production orders are based on sales forecasts or inventory levels
Theft of work-in- Loss of assets - Minimize entry to production facilities by non-production personnel
progress - Locking production facilities outside production hours
- A system of granting discharge when WIP is transferred
- Periodic inventory counts of WIP
Insufficient Dissatisfied customers and - Use reliable sales forecasts by sales department & market research
alignment loss of revenues, - Use of an adequate production planning system which allows for
between demand obsolescence, increasing periodic realignment of production output levels
and production stocks and inventory costs - Cash planning in order to survive periods of low demand
Shifting of costs Cost-reimbursement - Segregation of duties between production and accounting
between projects customers are overbilled, department
unreliable production - Allocation of projects to project managers on a sequential and not
records and unreliable input on a simultaneous basis
for new pre-calculations - Analytical review of project efficiency

9.2 The Stages in the Production Process

The production process consists of six stages as shown in the figure below. Each of these steps
contain their own decision-making problems:

1.0 Product Design

Product design usually involves a large amount of R&D costs and therefore requires authorization by
management and must be based on marketing research and customer demands. The result of this
stage is a bill of materials and an operations list

2.0 Annual planning, cost calculation and production planning

The most important task of this stage is doing the pre-calculations of required wages, work hours
material costs, etc. This is very specific for produce to stock practices, but more general for produce
to order productions
3.0 Job preparation
Production orders are always based on sales forecasts and/or inventory levels and are therefore
initiated by either the sales department or the warehouse avoiding unauthorized production. These
production orders also specify the allowed use of resources and time

4.0 Raw materials release

Raw materials may only be released from the warehouse when they are authorized to do so by a
materials requisition. This requisition specifies the types and quantities of raw materials required for
a specific production order

5.0 Production and production records

The actual production activities are recorded within a production report which needs to be
authorized by the production manager. Using this report one can keep track of the process and see
whether appropriate resources are used. Large production processes are usually subdivided into
sequential stages

6.0 Post-calculation
The post-calculation is compared with the pre-calculation to evaluate production efficiency,
reliability of production standards and the fairness of cost prices. However both calculations need to
be performed by different departments (separation of duties). This step does require the information
to be complete

The logical data flow diagram of the whole production process is shown on page 185
 Chapter 10 The Sales Process

10.1 Risks, Exposures and Internal Controls

The risks that can occur within the sales process and the respective internal controls are summarized
within the table below:
Risk Exposure Internal Controls
Discounts granted by Loss of revenues and - Management guidelines for allowing discounts (discount tables)
salespeople are too profit margin - Sample-based detailed checks on allowed discounts by controller
high - Analytical review of discounts granted by salespeople
Use of incorrect Loss of revenues and - Use of fixed price lists and fixed discount percentages
sales prices profit margin - Sample-based detailed checks on sales prices by controller
Analytical review of sales prices billed by salespeople
Shop within a shop Loss of profit margin - Segregation of duties between sales and purchasing
- Clear communication of sales procedures to customers, with deliveries
always taking place via the warehouse
Shifting of sales (Too) high bonus - Segregation of duties between sales department (authorization) and
transactions contract costs accounting department (recording)
between periods due
to bonus contracts
Sales transactions in Exchange rate losses - Reduction of exchange rate risk by engaging in forward transactions
foreign currencies
Credit sales to Losses on sales - Assessment of customer creditworthiness preferably not by sales
noncreditworthy department but by separate credit department
customers - Adequate recording of accounts receivable by accounting department
- Checking compliance with organization’s credit policy
High accounts High financing costs - Periodic ageing of accounts receivable, subsequent active dunning of
receivable position the related debtors by the accounts receivable department
- Prompt billing and stimulating customers to pay on time (discounts)
- Short payment terms
Failure to bill Loss of assets and - Segregation of duties between initiation of billing (sales department)
customers profit margin and release of goods (warehouse)
- Automatic sequential numbering of bills of lading and periodic
reconciliation of bills of lading with invoices and a pre-billing system

10.2 The Stages in the Sales Process

The sales process consists of four stages as shown in the figure below. Each of these steps contain
their own decision-making problems:

1.0 Preparing offers / Order receipt and acceptance

The first step occurs when either the sales department approaches potential customers (1.1) or
when customers approach the company (1.2). Either way three questions need to be asked:
1. Can we deliver the products on time?
2. At what prices and what conditions can the offer / order be delivered?
3. Is the customer creditworthy? (Page 192)
2.0 Billing
Several billing systems can be distinguished:
1. Pre-billing, where invoices are created based on approved sales orders
2. Post-billing, where invoices are created after goods have been prepared for shipment
3. Interim-billing, where invoices are created at order acceptance, together with a picking ticket
The choice between these billing systems is based on the availability of information necessary to
create the invoices, as well as the custom of the industry

3.0 Picking and shipping

This task occurs at the warehouse and shipping departments and is a custody function, meaning that
goods can only enter or exit these departments when this is authorized. This authorization is done
when an invoice or picking ticket is received

4.0 Accounts receivable / cash sales

The final step involves a distinction between credit sales and sales that are paid for immediately.
While the latter involves controls which ensure that sales are paid for and recorded correctly while
avoiding theft, the former is more complicated and is generally concerned with doubtful debt

Doubtful debt
Accounts receivable items that are difficult to collect or even uncollectable are called doubtful accounts. For
such accounts provisions need to be made. Two methods to do so exist:
1. The static approach where at a specific moment in time, the associated risk is expressed as a
percentage of the amount owed and the resulting amount is added as a provision
2. The dynamic approach where a small percentage (0,5-1%) of the revenues obtained from a debtor
is added to the provision of doubtful accounts
The static approach is generally used for large debtors (20% of debtors that collectively account for 80% of
the annual revenues), while the dynamic approach is used for the other debtors

The logical data flow diagram of the whole sales process is shown on page 199
Chapter 11 Secondary Processes

There are four secondary processes, which all consist of several steps. These and the respective
internal controls are summarized in the table below

Secondary Processes
Human Resource Management
Recruitment and selection - Use of a personnel plan which explains the need for employees and the
requirements
- Establish screening criteria
- Create a personnel file for each employee
Education and training - Authorization of training and recording in the personnel files
Task assignment - Allocate tasks based on information within the personnel files
Performance evaluation - Provide periodic feedback on performance
- Create a proper reward and punishment system
Remuneration - Create a proper remuneration system depending on the type of job
Termination - Establish procedures for termination
Investment in Fixed Assets
Investment need - Base investment decisions on a formal investment plan
- Budget overruns should be authorized by management
Investment analysis and decision - Investment possibilities should be documented
- Information on the investment amount, expected cash flows and the
economic useful life should be provided
Delivery, operation & payment - Establish an investment budget and guidelines
Disinvestment - The decision should be made by an authorized function
- Needs to be documented in the general ledger
Cash Management
Receiving cash and making - Cash received needs to be counted (automated)
payments - Amount should be compared with control totals
- Separation of duties between cash custody, recording and authorization
Cash custody - Can only be done when authorized to do so
- All transactions should be recorded
Safeguarding the value of the - Establish guidelines specifying the financial risk that treasury is allowed to
cash position take
Accounting and General Ledger Process
Collection and categorization of - All collected information should thoroughly be recorded in the
financial transaction data appropriate accounts
Recording and processing - Use of self-checks when entering data
financial transaction data - Emphasize independence
Information provision - IS need to be designed to provide periodic reports
Chapter 12 Typology of Organizations

The typology of organizations provides a framework to help classify organizations or parts of

organizations in such a way that for each type a set of standard internal control measures can be
derived. The different typologies are listed in the table below:
Classification
Organizations Trade organizations Cash sales
with a dominant Credit sales
flow of goods Production organizations Production to stock
Mass customization
Agrarian and extractive organizations
Production to order
Organizations Service organizations with a Limited flow of own goods
without a limited flow of goods Limited flow of goods owned by third parties
dominant flow of Service organizations that put Disposition of specific space
goods space and electronic capacity Disposition of specific electronic capacity
at their customers’ disposal Disposition of nonspecific space
Service organizations that put Selling man hours
knowledge and skills at their Deployment of intellectual property
customers’ disposal Sale of financial products
Governmental and other not-for-profit organizations

It is important to note that the above types of firms are ordered, based on the clarity of the flow of
goods / services. The more one moves down in this table, the more unclear the flow of the revenue-
base becomes. It is for example more difficult to follow the sale of space, than the flow of a cash sale