Case13-1 Research Project: Impact of Information Technology
on Expenditure Cycle Activities, Threats, and Controls
Search popular business and technology magazines (Business b, Discusses the contiol implications. Refer to Table 13.
Week, Forbes, Fortune, CIO, etc.) to find an article about an and explain how the new procedure changes the threats
innovative use of IT that can be used fo improve one or more and appropriate control procedures for mitigating those
activities in the expenditure cycle, Write a report that: threats.
a. Explains how IT can be used to change expenditure cycle396 PART III + ACCOUNTING INFORMATION SYSTEMS APPLICATIONS
TABLE 13-2 Threats and Controls in the Expenditure Cycle
Activity Threat Controls (first number refers to the corresponding threat)
General sues 1. Inaccurate or invalid master data 11 Data processing integrity controls
throughout 2: Unauthorized disclosure of sensitive 1.2 Restriction of acess to master data
entire information 1.3 Review of all changes to master data
expenditure 3. Loss or destrction of data 2.1 Access controls
cycle 4, Poor performance 2.2 Eneryption
3.1 Backup and disaster recovery procedures
4.1 Managerial reports
Inaccurate inventory records ‘5.1. Perpetual inventory system
Purchasing items not needed 5.2 Bar coding or RFID tags
Purchasing at inflated prices ‘5.3 Periodic physical counts of inventory
. Purchasing goods of inferior quality 6.1 Perpetual inventory system
‘Uneeliable suppliers 62 Review and approval of purchase requisitions
Purchasing from unauthorized 63 Centralized purchasing function
suppliers 7.1 Price lists
11, Kickbacks 7.2 Competitive bidding
7.3 Review of purchase orders
74 Budgets
8.1 Purchasing only from approved suppliers
82 Review and approval of purchases from new suppliers
83 Holding purchasing managers responsible for rework and scrap costs
84 Tracking and monitoring product quality by supplier
9.1. Requiring suppliers to possess quality cectification e.g., IS 9000)
9.2 Collecting and monitoring supplier delivery performance data
10.1 Maintaining alist of approved suppliers and configuring the system to
permit purchase orders only to approved suppliers
102 Review and approval of purchases from new suppliers
103 EDI-specfic controls (access, review of orders, encryption, policy)
11.1 Reguiring purchasing agents to disclose financial and personal interests
in suppliers
1.2 Training employees in how to respond to offers of gifts from supplies
113 Job rotation and mandatory vacations
11.4 Supplier audits
Receiving 12, Accepting unordered items 12.1. Requiring existence of approved purchase order prior to accepting
15. Mistakes in counting. any delivery
4. Verifying receipt of services 13.1 Do not inform receiving employees about quantity ordered
15. Theft of inventory 13.2 Require receiving employees to sign receiving report
133 Incentives
1344 Document transfer of goods 1 inventory
13.5 Use of bar-codes and RFID tags
13.6 Configuration of the ERP system to flag discrepancies between
received and ordered quantities that exceed tolerance threshold for
investigation
14.1 Budgetary controls
14.2 Audits
15.1 Restriction of physical access to inventory
15.2 Documentation of all transfers of inventory between receiving and
inventory employees
15.3 Periodic physical counts of inventory and reconciliation to recorded
quantities
15.4 Segregation of duties: custody of inventory versus receiving
Approving 16, Errors in supplier invoices 16.1 Vettication of invoice accuracy
supplier 17. Mistakes in posting to accounts 16.2 Requiring detailed receipts for procurement card purchases
invoices payable 163 ERS
164 Restriction of access to supplier master data
16.5 Verification of freight bill nd use of approved delivery channels
17.1 Data entry edit controls
17.2 Reconciliation of detailed accounts payable records with the general
ledger control account
Ordering.LLL
CHAPTER 13 + THE EXPENDITURE CYCLE: PURCHASING TO CASH DISBURSEMENTS.
TABLE 13-2 Continued
eee
Activity Threat
Cash 18, Failure to take advantage of 18.1
disbursements discounts for prompt payment 182
19. Paying for items not received 19.1
20. Duplicate payments
21. Theft of cash 19.2
22. Check alteration 193
23. Cash flow problems 194
20.1
20.2,
203
211
212
213
214
aus
216
217
218
219
21.10
Controls (first number refers to the corresponding threat)
Filing of invoices by due date for discounts
Cash flow budgets
Requiring that all supplier invoices be matched to supporting docu
‘ments that are acknowledged by both receiving and inventory control
Budgets (for services)
Requiring receipts for travel expenses
Use of corporate credit cards for travel experises
Requiring a complete voucher package for all payments,
Policy to pay only from original copies of supplier invoices
Cancelling all supporting documents when payment is made
Physical security of blank checks and check signing machine
Periodic accounting of all sequentially numbered checks by cashier
‘Access controls to EFT terminals
Use of dedicated computer and browser for online banking
ACH blocks on accounts not used for payments
Separation of check-writing function from accounts payeble
Requiring dul signatures on checks greater than a specific amount
‘Regular reconciliation of bank account with recorded amounts by
someone independent of cash disbursements procedures
Restriction of access to supplier master file
Limiting the number of employees with ability to ereate one-time sup
397
pliers and to process invoices from one-time suppliers
21.11 Running pety cash as an imprest fund
21.12 Sumprse audits of petty cash fund
22.1 Check protection machines
22.2 Useof special inks and papers
22.3 “Positive Pay" arrangements with banks
23.1 Cashflow budget
eer EE ————————e NOSES
by preferred suppliers. Table 13-2 shows that one way to mitigate the risk ofthis threat sto con-
figure the system to employ strong access controls that limit who can view such information It
is also important to configure the system to limit employees" ability to use the system's builtin
query capabilities to specific tables and fields. In addltion, sensitive data should be encrypted in
storage to prevent IT employees who do not have access to the ERP system from using operating
system utilities to view sensitive information, Information exchanged with suppliers over the
Internet should also be enerypted during transmission.
‘As Table 13-2 shows, a third general threat in the expenditure eycle concerns the loss or
destruction of master data, The best way to mitigate the risk of ths threat isto employ the backup
and disaster recovery procedures that were discussed in Chapter 10. A best practice isto imple-
‘ment the ERP system as three separate instances. One instance, referred to as production, is used
to process daily activity. A second is used for testing and development. A third instance should be
‘maintained as an online backup to the production system to provide near real-time recovery.
‘Accurate master data enable management to better use an ERP system's extensive reporting,
capabilities to monitor performance. Because inventory represents a sizable investment of work-
ing capita, reports that help manage inventory are especially valuable, A key measure to evalu-
ate inventory management is inventory tumover, which isthe ratio of cost of goods sold divided
by inventory on hand, Consider the following example: annual sales are $500 million, and annual
cost of goods sold total $360 million. An inventory turnover ratio of 1 means that the | ‘company is
effectively carrying a year’s supply of inventory tying up $360 million, Improving the inventory
turnover ratio to 3 would reduce that unprofitable investment to $120 milion, thereby freeing up
$240 million that could be used for other purposes.
Accountants need to understand how business activities are performed in order to design
other reports that can help management better manage inventory. For example, itis useful to
‘monitor the percentage of requisitions that are filled from inventory on hand. For critica items,
this should be close to 100% to avoid stockouts and delays in filling customer orders. For most
| ee