Case13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business b, Discusses the contiol implications. Refer to Table 13. Week, Forbes, Fortune, CIO, etc.) to find an article about an and explain how the new procedure changes the threats innovative use of IT that can be used fo improve one or more and appropriate control procedures for mitigating those activities in the expenditure cycle, Write a report that: threats. a. Explains how IT can be used to change expenditure cycle396 PART III + ACCOUNTING INFORMATION SYSTEMS APPLICATIONS TABLE 13-2 Threats and Controls in the Expenditure Cycle Activity Threat Controls (first number refers to the corresponding threat) General sues 1. Inaccurate or invalid master data 11 Data processing integrity controls throughout 2: Unauthorized disclosure of sensitive 1.2 Restriction of acess to master data entire information 1.3 Review of all changes to master data expenditure 3. Loss or destrction of data 2.1 Access controls cycle 4, Poor performance 2.2 Eneryption 3.1 Backup and disaster recovery procedures 4.1 Managerial reports Inaccurate inventory records ‘5.1. Perpetual inventory system Purchasing items not needed 5.2 Bar coding or RFID tags Purchasing at inflated prices ‘5.3 Periodic physical counts of inventory . Purchasing goods of inferior quality 6.1 Perpetual inventory system ‘Uneeliable suppliers 62 Review and approval of purchase requisitions Purchasing from unauthorized 63 Centralized purchasing function suppliers 7.1 Price lists 11, Kickbacks 7.2 Competitive bidding 7.3 Review of purchase orders 74 Budgets 8.1 Purchasing only from approved suppliers 82 Review and approval of purchases from new suppliers 83 Holding purchasing managers responsible for rework and scrap costs 84 Tracking and monitoring product quality by supplier 9.1. Requiring suppliers to possess quality cectification e.g., IS 9000) 9.2 Collecting and monitoring supplier delivery performance data 10.1 Maintaining alist of approved suppliers and configuring the system to permit purchase orders only to approved suppliers 102 Review and approval of purchases from new suppliers 103 EDI-specfic controls (access, review of orders, encryption, policy) 11.1 Reguiring purchasing agents to disclose financial and personal interests in suppliers 1.2 Training employees in how to respond to offers of gifts from supplies 113 Job rotation and mandatory vacations 11.4 Supplier audits Receiving 12, Accepting unordered items 12.1. Requiring existence of approved purchase order prior to accepting 15. Mistakes in counting. any delivery 4. Verifying receipt of services 13.1 Do not inform receiving employees about quantity ordered 15. Theft of inventory 13.2 Require receiving employees to sign receiving report 133 Incentives 1344 Document transfer of goods 1 inventory 13.5 Use of bar-codes and RFID tags 13.6 Configuration of the ERP system to flag discrepancies between received and ordered quantities that exceed tolerance threshold for investigation 14.1 Budgetary controls 14.2 Audits 15.1 Restriction of physical access to inventory 15.2 Documentation of all transfers of inventory between receiving and inventory employees 15.3 Periodic physical counts of inventory and reconciliation to recorded quantities 15.4 Segregation of duties: custody of inventory versus receiving Approving 16, Errors in supplier invoices 16.1 Vettication of invoice accuracy supplier 17. Mistakes in posting to accounts 16.2 Requiring detailed receipts for procurement card purchases invoices payable 163 ERS 164 Restriction of access to supplier master data 16.5 Verification of freight bill nd use of approved delivery channels 17.1 Data entry edit controls 17.2 Reconciliation of detailed accounts payable records with the general ledger control account Ordering.LLL CHAPTER 13 + THE EXPENDITURE CYCLE: PURCHASING TO CASH DISBURSEMENTS. TABLE 13-2 Continued eee Activity Threat Cash 18, Failure to take advantage of 18.1 disbursements discounts for prompt payment 182 19. Paying for items not received 19.1 20. Duplicate payments 21. Theft of cash 19.2 22. Check alteration 193 23. Cash flow problems 194 20.1 20.2, 203 211 212 213 214 aus 216 217 218 219 21.10 Controls (first number refers to the corresponding threat) Filing of invoices by due date for discounts Cash flow budgets Requiring that all supplier invoices be matched to supporting docu ‘ments that are acknowledged by both receiving and inventory control Budgets (for services) Requiring receipts for travel expenses Use of corporate credit cards for travel experises Requiring a complete voucher package for all payments, Policy to pay only from original copies of supplier invoices Cancelling all supporting documents when payment is made Physical security of blank checks and check signing machine Periodic accounting of all sequentially numbered checks by cashier ‘Access controls to EFT terminals Use of dedicated computer and browser for online banking ACH blocks on accounts not used for payments Separation of check-writing function from accounts payeble Requiring dul signatures on checks greater than a specific amount ‘Regular reconciliation of bank account with recorded amounts by someone independent of cash disbursements procedures Restriction of access to supplier master file Limiting the number of employees with ability to ereate one-time sup 397 pliers and to process invoices from one-time suppliers 21.11 Running pety cash as an imprest fund 21.12 Sumprse audits of petty cash fund 22.1 Check protection machines 22.2 Useof special inks and papers 22.3 “Positive Pay" arrangements with banks 23.1 Cashflow budget eer EE ————————e NOSES by preferred suppliers. Table 13-2 shows that one way to mitigate the risk ofthis threat sto con- figure the system to employ strong access controls that limit who can view such information It is also important to configure the system to limit employees" ability to use the system's builtin query capabilities to specific tables and fields. In addltion, sensitive data should be encrypted in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information, Information exchanged with suppliers over the Internet should also be enerypted during transmission. ‘As Table 13-2 shows, a third general threat in the expenditure eycle concerns the loss or destruction of master data, The best way to mitigate the risk of ths threat isto employ the backup and disaster recovery procedures that were discussed in Chapter 10. A best practice isto imple- ‘ment the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be ‘maintained as an online backup to the production system to provide near real-time recovery. ‘Accurate master data enable management to better use an ERP system's extensive reporting, capabilities to monitor performance. Because inventory represents a sizable investment of work- ing capita, reports that help manage inventory are especially valuable, A key measure to evalu- ate inventory management is inventory tumover, which isthe ratio of cost of goods sold divided by inventory on hand, Consider the following example: annual sales are $500 million, and annual cost of goods sold total $360 million. An inventory turnover ratio of 1 means that the | ‘company is effectively carrying a year’s supply of inventory tying up $360 million, Improving the inventory turnover ratio to 3 would reduce that unprofitable investment to $120 milion, thereby freeing up $240 million that could be used for other purposes. Accountants need to understand how business activities are performed in order to design other reports that can help management better manage inventory. For example, itis useful to ‘monitor the percentage of requisitions that are filled from inventory on hand. For critica items, this should be close to 100% to avoid stockouts and delays in filling customer orders. For most | ee