Final Study Guide
Popular in Accounting Information Systems
Popular in Department
This 32 page Study Guide was uploaded by Lauren95 on Friday April 29, 2016. The Study Guide belongs to ACC 375 at Pace University taught by Dr. Farrell in Spring 2016. Since its upload, it has received 36 views.
Reviews for Final Study Guide
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 04/29/16
Chapter 5 – Fraud Examination and Fraud Management Fraud examination and fraud investigation interchangeably refer to the application of accounting and other specialized skills to the prevention, detection, investigation, correction, and reporting of fraud. o Fraud examination can apply to any type of fraud relating to an organization. Forensic accounting is an area within accounting that applies specialized skills to actual or potential legal matters. Fraud management is a process that involves several closely related phases: o Prevention At the most basic level, fraud prevention within the organization is a matter of good internal control. Specialized Information Security Management Systems Confidentiality: Data are available only to authorized persons. Integrity: Data are accurate and complete. Availability: Data are available when and where needed. Fraud prevention is part of the Enterprise Risk Management (ERM) process Optimal fraud prevention requires much more than simply implementing control checklists that contains items such as firewalls, anti-virus software, and so on. Starts with threats and vulnerabilities and ends with implementing corresponding risk based controls. o Detection Fraud detection is part of the larger group of processes that include fraud prevention, investigation, correction, reporting, and recovery. Fraud detection involves identifying indicators of fraud that suggest a need for further investigation. Fraud indicators can be individual indicators or composite indicators. Red flags include events such as a mismatch in an inventory count, a cash register that doesn’t balance, a suspicious invoice, etc. Composite indicators are typically based on combining multiple individual indicators that when viewed one at a time might not signal possible fraud. o Risk scores Ex: FICO Data driven fraud detection involves the formal analysis of large sets of data in search for fraud indicators. o Includes basic tips, incidents of internal control violations, security breaches, and pattern data. Pattern data tend to indicate fraud when various data items are considered jointly. Include risk scores Fraud detection software and services sometimes used sophisticated statistical techniques such as logistic regression, decision trees, and time series analysis. Content and text analysis analyze the content of documents and conversations to identify possible fraud indicators. Benford analysis exploits an interesting patters relating to the first digit of numbers appearing in a random data set. A Type I error occurs when a fraud indicator falsely signals fraud. Result in unnecessary fraud investigations. A Type II error occurs when a fraud indicator fails to signal fraud. Results in frauds escaping detection. The goal is to minimize total fraud costs defined as follows: Total fraud costs = costs of prevention + costs of investigation + cost of detection + cost of losses o Investigation The process of systematically gathering and reviewing evidence for the purpose of documenting the presence or absence of fraud. Four phases: The fraud engagement process. This phase begins with a fraud indicator and the investigators first contact with the case, and ends with the launching of an investigation. The evidence collection process. This phase includes various steps in which evidence is collected in support of the scope and objectives of the investigation. The investigation reporting process. The phase involves documenting and summarizing the results of the fraud investigation. The loss recovery process. This phase includes events such as enabling civil and criminal litigation, resolving tax issues, and collecting insurance. The fraud engagement process: Create and review an incident report. Conduct the initial notifications and evaluations. Consider legal issues. Evaluate the loss mitigation and recovery considerations. Define the scope, objectives, and costs of the investigation; and Create an engagement letter or memorandum. A financial incident report can be anything from a red flag to a formal report written by a responsible person. Doesn’t always lead to an investigation. They can take on legal significance Evidence is anything that relates to the truth or falsity of an assertion made in an investigation or legal proceeding. The principle of prediction requires investigations be started or continued only when there is a reasonable basis to do so. Without prediction, there is no clear fraud to investigate, and the issue become one of either detection or simply fishing for fraud. Investigators collect three types of evidence: Physical and Document evidence o Fingerprints, trace evidence, and forged or incriminating documents. o Physical evidence is usually obtained at the crime scene. o Document evidence is typically collected by fraud investigators and includes a wide range of items such as personnel files, resumes, public records, tax returns, credit files, credit applications, vehicle records, accounting records etc. o Subpoena is an order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony. o Search warrant is a court order that authorizes law enforcement officials to search for and seize evidence. o Tracing involves beginning with a source document and following the relate transaction through the entire accounting cycle. o Vouching is the same as tracing but works in reverse: it begins with numbers in accounts and follows them backward to the source documents. o Questioned documents are when the documents authenticity or authorship is in question. o Document examiners specialize in analyzing questioned documents. Observation evidence o Monitoring suspects o Observation involves the use of the sense to assess the behavior of persons and other activities such as business processes. o Invigilation is an observation technique. This involves observing a suspects behavior before, during, and after an announced investigation. Interview evidence o Results of interviews o They begin with those furthest from the prime suspect and work their way to the prime suspect. o Always prepare for the interview. Fraud triangle: opportunity, pressure, and rationalization. o Introductory questions seek to establish rapport, seek the interviewee’s cooperation, and seek to observe the demeanor of suspects when they are asked non-sensitive questions and non-incrimination questions. o The process of carefully observing suspects under each condition is called calibration. o Informational questions seek information relevant to the investigation. o Concluding questions focuses on thanking the interviewee for his cooperation, confirming information provided by the interviewee as part of the interview, seeking any additional information that the interviewee may want to volunteer, and seeking the interviewee’s continued cooperation in the future. o Verbal cues can include things like evasiveness, hesitation, inconsistencies, and vagueness in answering questions. o Nonverbal cues can include things like body language and eye movements. o Once the suspect confesses, they should be handed a written confession to sign. Order of Collection of Evidence Physical and document evidence is collected, then observations are conducted, and finally the interviews are conducted. o Reporting Prepare a report that is a conclusion of the investigation. Reports are used for various purposes, such as to justify tax deductions for fraud loss, to justify firing an employee in possible litigation relating to the firing, to justify civil or criminal litigation relating to the fraud etc. Contains sections: for whom the report was prepared, contain background information relating to the case, an executive summary, the scope and objectives of the investigation, a description of the fraud investigation team, and the methods used, and the findings and recommendations resulting from the investigation. o Litigation and Recovery Loss recovery options include accepting the loss, collecting insurance if available, and pursuing the perpetrator in court. Expert consultants provide expert opinions and analyze to attorneys under the umbrella of attorney-client privilege. o Not subject to discovery. Discovery is the process in which opposing parties can require each other and relevant parties to produce out-of-court evidence. o Granted special consideration in court proceedings. o Permitted to state opinions and conclusions based on facts admitted into evidence and other information on which they choose to reasonably rely. o Must demonstrate expert qualifications: Degrees, certifications, publications, training, and experience. Financial statement fraud is the intentional misrepresentation (either by commission or omission) of any information included as part of a financial statement or report. Earnings management refers to management acting within generally accounting principles (GAAP) to produce financials reports in a way that some might consider biased or unethical. Managers commit financial statement fraud either as a way of boosting financial performance or as a way of hiding theft, bribery, or other illegal activities. Prevention of financial statement fraud: o Good internal control o Good corporate governance. CEO/CFO, Board of Directors, audit committee, internal auditor, external auditor, and the public oversight board. Revenue Cycle Fraud o Collection of cash favorite target. o Sales skimming schemes involve an employee pocketing cash but not recording its collection. The employee might give the customer a forged receipt or no receipt at all. o Robbing the cash register cash register receipts are not reconciled with sales receipts per each individual cash register, the employee is free to rob the cash register. o Swapping checks for cash removing cash from the cash register and replacing it with bogus checks. o Shortchanging the customer - cashier uses a distraction or deception in order to pocket part of the change due to the customer. o Stealing cash in the mailroom o Stealing cash in transmission when cash exchanges hands, some of it can get “lost”. o Lapping of accounts receivable bookkeeper for accounts receivable are also handling incoming payments for customer accounts. o Short bank deposits person who makes bank deposits can fail to deposit all the funds. o Noncustodial theft of cash Check washing involves using chemicals to remove checks payment details and then adding new details for the payee, date, or amount of payment. Check laundering involves using a stolen customer check to make a payment on account. Expenditure Cycle Fraud o Improper purchases, payments, and payroll-related payments and activities. o Big rigging funds – a dishonest purchasing agent might purchase from a friend or relative even though doing so is not in the nest interest of the company. o Kickback frauds – a dishonest purchasing manager might accept secret payment or favors in exchange for favoring a particular vendor. o Theft of petty cash o Abuse of company credit cards o Theft of company checks o Fraudulent returns – Employees can return properly purchased goods in exchange for cash then convert the cash to personal use. o Theft of inventory and other assets o Payroll fraud Production Cycle Fraud o Involve the misappropriation of waste, scrap, and spoiled goods. o Short shipments the vendor ships fewer than the ordered amount of goods but bills for the amount ordered. o Substandard or defective goods the vendor can only get away with this scheme is the buyer does not properly inspect incoming goods, and/or trace returns from customers back to vendors. o Balance due billing Bills the buyer for the balance due on account and not for specific invoices. o Fraudulent cost-plus billing vendors bill customers for the vendor’s costs plus a markup. Computer forensics is the application of computer science to computer related matters that might come before a court. o (1) identify perpetrators of crimes or undesirable behavior o (2) locate missing or hidden data o (3) Reconstruct damaged files and databases. A variety of issues relating to obtaining and preserving evidence were discussed. o These include problems with deleted files and whether or not to “pull the plug” – to cut power to a computer that potentially possesses evidence. o The investigator might seek to finds the physical location associated with a computer device that is used to communicate over the internet. o This is normally accomplished through analysis of the IP address. IP tracing is not a foolproof method. Hackers use various services to hide their real IP addresses. o Cracking venerable programs, passwords, and encryption keys simply requires use of one of the many programs sold on the market for that purpose. Chapter 6 – Information Security Information security involves protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: o Confidentiality: preserving authorized restrictions on access and disclosure, including means from protecting personal privacy and proprietary information. o Integrity: guarding against improper information modification or destruction, and ensuring information nonrepudiation and authenticity, o Availability: ensuring timely and reliable access to and use of information. The term information security (computer security) is a broad concept that deals with the security of all information in the organization, regardless of whether it is computerized or not. The information security management system (ISMS) is an organizational internal control process that controls the special risks associated with information within the organization. o Confidentiality o Integrity o Availability of information ISMS typically has the basic elements of any information system: o Hardware o Databases o Procedures o Reports Information security management system is part of the larger enterprise risk management (ERM) process. o ERM is the process by which management balances risk versus opportunities. Information security systems are developed by applying the established methods of system analysis: o Design o Implementations o Operation, evaluation, and control Life-Cycle Phase: o System analysis Analyze system vulnerabilities in terms of relevant threats and their associated loss exposures. o System design Design security measures and contingency plans to control the identified loss exposures. o Systems implementation Implement the security measures as designed. o Systems operation, evaluation, and control Operate the system and assess its effectiveness and efficiency. Make changes as circumstances require. Security System o Phase 1: produce a vulnerability and threat analysis report. o Phase 2: design a comprehensive set of risk-control measures, including both security measures to prevent loss and contingency plans to deal with losses should they occur. o All phases are referred to as information system risk management. Process of assessing and controlling information risk systems. ISO 27001 uses the terms planning, doing, checking, and acting. o Planning corresponds to analysis and design. o Doing corresponds to implementation and operation o Checking and acting correspond to evaluation and control. Information security system must be managed by a chief security office (CSO). o Report directly to the Board of Directors to maintain complete independence. o CSO should present reports to the Board of Directors for approval. Life-Cycle Phases: o Systems analysis A summary of all relevant loss exposures. o Systems design Detailed plans for controlling and managing losses, including a complete security budget. o Systems implementation, systems operation, evaluation, and control Specifies on security systems performance, including an itemization of losses and security breaches, an analysis of compliance, and costs of operating the security system Quantitative approach to risk assessment – each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence. Qualitative approach to risk assessment – lists out the systems vulnerabilities and threats, subjectively ranking them in order of their contribution to the company’s total loss exposures. o Business interruption o Loss of software o Loss of data o Loss of hardware o Loss of facilities o Loss of reputation Vulnerability is a weakness in a system. Threat is a potential exploitation of a vulnerability. o Active vs Passive Threats Active threats include information system fraud and computer sabotage. Passive threats include system faults, as well as natural disasters. System faults represent component equipment failures such as disk failures and power outages. System personnel include computer maintenance persons, programmers, operators, information systems administrative personnel, and data control clerks. Maintenance persons install hardware and software, repair hardware, and correct minor errors in software. System programmers often write programs to modify and extend the network, network operating systems, workstations, and so on. Network operators are individuals who oversee and monitor the immediate operation of the computer and communications network. Information systems administrative personnel – the systems supervisor is in the position of trust. This person normally has access to security secrets, files, programs, etc. Data control clerks are people responsible for the manual and automated inputting of data into the computer. Users are composed of heterogeneous groups and people and can be distinguished from others because of their functional area does not lie in the data processing or information technology. Intruder – anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization. Hackers – intruders who use electronic and other means to break into or attack information systems for fun, challenge, profit, or other nefarious motives. White hat hackers probe systems for weaknesses in order to help with security. Black hat hackers attack systems for illegitimate reasons. Pretexting is a form of social engineering in which the perpetrator impersonates another person, usually in a phone call or other electronic communication. Phishing is another form of social engineering. o Aims to trick victims into giving passwords, money, or other valuable assets directly to the perpetrator. Malware (malicious software) describes software that is malicious. Trojan horse describes malware that either is contained within benign software or is masquerading as benign software. Keyboard loggers secretly record and transmit to the hacker all the victims’ keystrokes. Backdoor is a method of covertly eluding normal authentication procedures while accessing a computer system. Botnet is a collection of computers that are infected with malware and controlled by a hacker. Denial-of-service attacks involve flooding the victim with such enormous amounts of illegitimate network traffic that the victims become so overloaded they ca no longer process legitimate information. Virus are designed to replicate themselves and thus spread throughout a computer or a network. Spyware is covertly installed on a victim’s computer and then collects and relays to the perpetrator personal information about the victim. Adware is software that displays advertisements. Worm is malware that silently spreads from one computer to another over a network. A distributed DoS attack is a DoS attack that is distributed over many different nodes on the internet or other network. Shoulder surfing involves the surreptitious direct observation of confidential information. Dumpster diving involves sifting through garbage to find confidential information such as discarded bank statements, department store bills, utility bills, and tax returns. A cloned cell phone is an exact and illegitimate copy of another cell phone. o Intercept text messages sent to and from the counterpart phone. o Intercept voice calls also An exploit occurs when a hacker takes advantage of a bug, glitch, or other software or hardware vulnerability to access the software or hardware, or related data or other resources in an unauthorized manor. Code injection involves tricking a computer program into accepting and running software supplied to a user. Vulnerability scanner remotely scan networked computers, searching for responses on open ports connected to software that has a known vulnerability. Methods of Attach by information system personnel and users: o Input manipulation – least amount of technical skill. o Program alteration – requires programing skills that are only possessed by only a limited number of people. o Direct file alteration – individuals find ways to bypass the normal process for imputing data into computerized information, and by doing so directly access and pilfer information from or alter computer files. o Data theft o Sabotage – destruction of a computer or software. o Misappropriation or theft of information resources – use companies resources for their personal use or their own business. Layered approach to access control involves erecting multiple layers of controls that spate the would-be perpetrator from his or her potential targets. Site-access controls is to physically separate unauthorized individuals from information systems resources. Software piracy is the illegal copying and distributing of copyrighted software. System access controls is to authenticate users by using means such as user IDs, passwords, IP addresses, and hardware devices. File-access controls prevent unauthorized access to data and program files. Virtualization involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine. The individual operating system instances run under the control of a “master program” called a hypervisor Grid computing involves clusters of interlinked computers that share common workloads. Risk management concerns prevention and contingency planning. A cold site is an alternate computing site that contains the wiring form computers but no equipment. A hot site is an alternate site that contains the wiring and the equipment as well. A business continuity plan is a strategy to mitigate disruption to business operations in the event of a disaster. Chapter 7 – Electronic Data Processing Systems Inputs are based on hand written or typed paper documents. o These manually prepared documents are collected and forwarded to the data processing department for error checking and processing. Source Documents – such as customer orders, sales slips, invoices, purchase orders, and employee time cards, are the physical evidence of inputs into the transaction processing system. o They have several purposes: Capture data Facilitate operations by communicating data and authorizing another operation in process Standardize operations by indicating what data require recording and what actions need to be taken Provide a permanent file for future analysis, if the documents are retained Source documents should be standard forms that are carefully designed for ease of use and accurate data capture. Errors that might occur during manual preparation can be minimized if the source document is well designed and easy to understand. Completed source documents are collected periodically and transferred to the data processing department for entry into the computer system. Batch control totals and data transfer registers are fundamental controls over data transfer between user departments and data processing. The absence or inadequacy of procedures for the control of data transmitted between user departments and the data processing department is a significant control weakness as it presents an opportunity for unauthorized and/or fraudulent transactions to be introduced into the processing system. The use of batch control over the entire data processing input-process-output sequence is fundamental to organizational independence. Proof and control function should be performed outside the data processing department. Original source documents should be retained for a period of time sufficient to facilitate error correction. Procedures should be designed to ensure that source documents are not processed more than once. Input document control form – documents batch control totals for batches of input data transmitted between user departments and the data processing department. o Document counts is a simple form of batch control. o The term “record” is synonymous with document. A record count is the same as a document count To document and/or record counts, batch controls may be taken for all or several numeric fields in the original data file. The input document control form may be dated and time-stamped, and the batch should be checked to ensure that it is complete and consistent with control procedures. o Information in the input document control form typically is entered into a data transfer log (register) to provide a control over the disposition and use of these data. o Batch control totals are fundamental Use of Batch Control Totals: o User departments develop control totals over batches of input and the forward the batches of documents along with an input document control form to the data processing department. o The input control form is logged in the data processing department and then balanced to the output control totals that are developed during the processing of the batch of input. o The output is returned to the user department, where it is batch-balanced to the batch totals on the input document control form. Data Entry: o After the source documents such as invoices are received by data processing, they are manually key- transcribed or keyed (Ex: typed) using a data terminal or personal computer and then stored on a disk. o Next, the input file is key-verified. o Key verification is a control procedure that detects error in the keying operations. o Visual verification is when someone compares the source documents with a printout or screen image of the key-transcribed file. o Program data editing is a software technique used to screen data for errors prior to processing. It should be in addition to verification for several reasons: Input errors can occur that will pass verification Incorrect recognition of a character on a source document is one possibility The simple omission of a necessary input item by the individual preparing the source document is another, The volume of data in EDP operations, coupled with the facts that once data are entered into the system they may be used without reconversion, necessitates a methodologic screening of all input data. Program Data Editing Techniques: o Data editing routines may be applied to each of the basic data structures – characters, fields, records, and files o Most basic editing technique ensures that all data fields contain only valid characters. o After data items have been edited at a character level, they can be checked for reasonableness. One way to do this is to establish a table file that contains a list of acceptable values for each field. Table lookup – comparing the actual value of each field with the acceptable values in the table. o Numeric codes are exact numbers that are either valid or invalid. To check these use a limit test Limit test – verifying that the numeric data is within these ranges requires a check only against the extreme values of the range – specifically, the upper and the lower limit of acceptable values. A check digit is an extra, redundant digit added to a code number. It is computed by applying mathematical calculations to the individual digits in a code number in such a way as to generate a result that is a single digit. o Continuous operations auditing – the use of programmed edit tests to discriminate between acceptable and non-acceptable data values so that some items are either held in suspense of processing unit audited or collected for audit after processing. o A valid code check is a particular type of table lookup in which the table file consists of valid codes. Electronic input systems (Online input systems) transactions are input directly into the computer system and the need for keying in of paper source documents is eliminated. o Higher degree of automation Transaction logs (transaction registers) are created by logging all inputs to a special file that automatically contains tags to identify transactions. Tagging means that additional audit oriented information is included with original transaction data. The Processing System: o Processing involves the manipulation of files. o A file is a collection of records that are related by some attributes. o A record is an organized collection of fields that are grouped for processing. o Fields contain data such as numbers, amounts, or alphabetic characters such as a name. o A transaction file is a collection of transaction input data. o A master file contains data that are permanent or of continuing interest. o A sales journal is a chronological record of sales on account transactions. (also called transaction file) o The process of posting sales to the account receivable ledger summarizes sakes to an individual customer. o Processing converts data into information. o Once the data have been processed to update master files, they are no longer of direct interest to management. o Transaction files must be saved to maintain an audit trail. o A reference file (table file) contains data that are necessary to support data processing. These files are not transaction files, they are not modified as a result of processing transactions. Sorting is a processing operation that arranges items in a predetermined order. Merging is a processing operation that combines two or more files that are already arranged in the same order into a single file that contains all of the records from these files. Updating is a process operation that applies changes pertaining to the records in a file to the file itself, producing a new file that reflects all of the changes. In batch processing systems transactions are processed periodically in batches. o Example Payroll o Batch processing can be performed with either sequential or random access file updating. Sequential File Updating: o Preparing the transaction file – additional data editing and validation are performed. Then the records in the transaction file are sorted into the same sequence as the master file. o Updating the master file – the records in both the transaction and master files are read one by one, matched, and written to a new master file that reflects the desired updates. o Updating the general ledger – reflects changes in master files. o Preparing general ledger reports Trial balance and others are produced. Son-Father-Grandfather retention – retaining the old master (father) and the transaction file for back up over the new master file (son). Each version of the master file being a generation. o Seven generations of back up files may be kept. The journal voucher format is similar in most organizations and includes the journal voucher number and date, the control and subaccounts, and the debit and credit amounts. Journal vouchers are used to build a journal voucher file (the transaction file) Computer processing of accounting data typically is a two-step procedure o (1) Produce preliminary reports, these are forwarded to the accounting department to review and audit relative to the journal voucher listings and the general ledger listing. o (2) A run that produces the final listings and financial schedules. Line coding is a procedural step typically accomplished by a table-lookup (matching) process between updated general ledger file and a line-coding table file. o Table files function as reference files. General ledger system: o Journal voucher in sequence o Journal voucher within general account o General ledger by account o General ledger summary o Working trial balance With random access updating it is not necessary to sort the transaction file into the same order as the master file and there is no need to generate a new master file. Individual records are read one by one from the transaction file and used to update the related records in the master file in place. Random access file steps: o A record is read from the transaction file o The key value of the transaction record is used to randomly access the related record in the master file o The record in the master file is updated in memory and then rewritten back to the date file. The control file is summary of the account receivable file by file type of account. A file-control summary report is generated, reviewed, and approved by management prior to the processing of daily cash remittances. A security application verifies that the operator is an authorized user of the system and that his or her personal profile of clearances includes the transaction he or she has requested. The terminal operator enters from the remittance advice the invoice number and check amount as an individual line item for as many lines as the terminal is capable of displaying. Real time processing transactions are processed immediately. Online, real time systems (OLRS) process transactions immediately after they are input and can provide immediate output to users. Transactions are not accumulated into batches but rather they are applied immediately to update the master file using random-access file updating. Immediate processing is the primary characteristic of OLRS. In inquiry/response systems users do not input data for processing; rather they only request information. o Provide users with quick responses In data entry systems users interactively input data. File processing systems differ from data entry systems in that they go one step further and immediately process the data against the relevant master files. In full processing systems (transaction processing systems) users also interactively input transactions. Three technologies make extended supply chain systems feasible: o POS (point of sale) Input sales data into the computer system for processing immediately at the time and point of sale. o Bar coding for automatic identification Machine readable bar codes and scanner technology are critical components of real time retail sales systems. o EDI (electronic data interchange) Is the direct computer to computer exchange of business documents via a communications network. Seven steps to the transaction processing in EDI-based sales systems: o Send customer electronic catalog o Forecast customers sales order o Receive and translate incoming order o Send acknowledgement o Send order to inventory or production o Transmit advance shipping notice o Ship goods Output controls are designed to check that processing results in valid output and that outputs are distributed properly. Output distribution register is maintained to control the disposition of reports. Chapter 8 – Revenue Cycle The sales business process is the primary revenue cycle application in many organizations. The sales business process includes: o Inquiry (optional) The sales business process often begins when a potential customer makes an inquiry or requests a quotation. Some companies make a quotation mandatory. A quotation is a document that is prepared and sent to a potential customer to inform him or her of product prices, product availability, and delivery information. This is prepared when a potential customer has made a fairly specific request for details concerning a potential order. An inquiry is similar to a quotation, but an inquiry does not contain delivery information. o Contact creation (optional) Some companies require that contracts (legal agreements) be prepared before selling to customers as a matter of company policy. A contact is an outline agreement to provide goods or services to a customer. Specifies quantities and a general time frame for deliveries. Specific order details such as delivery dates and prices. A contract to provide goods over a period of time is sometimes called a blank order. o Order entry Order entry prepares the sales order document. The order-entry activity is essentially the same whether it is the first activity in the same business process or occurs subsequent to inquiry, contract preparation, or both. Document called a release order (call-off) may be prepared rather than a sales order, but information in these documents would be similar. Order entry usually involves pricing and availability checking. Pricing an order involves knowing the current prices of products or services, any surcharges that may apply, any discounts that may apply, and shipping costs. Enterprise resource planning (ERP) information systems enable the implementation of sophisticated and flexible customer-specific and material-specific pricing procedures in the order entry business process. Customer-specific procedures can be a significant competitive advantage in that the company can offer customers highly customized service. An order is usually blocked if a customer exceeds their credit limit. Blocked orders are listed for review by the credit department. If the goods aren’t available: The customer may wish to cancel the order. Partial delivery of the order only if the customer is willing to accept partial shipment. Hold order until all the goods are available if the customer is willing to extend the requested delivery date. o Shipping Shipping activity is initiated with the preparation of a shipping document called a delivery. A delivery document is created to arrange for the delivery of goods to the customer. All the information that is required to prepare and deliver the goods to the customer is contained in the delivery. The ERP automatically copies this information into the delivery. The ERP might preform additional checks at this point to ensure quality. Delivery documents are processed to prepare a schedule for shipping. This schedule is based on customers requested delivery dates. Actual shipment of goods out of inventory requires picking the order, packing the order, and shipment. o Picking fills the order and involves the selection of goods from the plant or warehouse to be prepared for shipment. o Packing involves packaging of the goods in the order for shipment and loading the shipment onto vehicles for transportation to the customer. A packing list is prepared to guide picking activities. A packing list is prepared for each shipment, and a copy is usually included in the shipment to document what has been shipped. A bill of lading is prepared to document the loading of goods onto vehicles for transportation to the customer. Shipping personnel post a goods issue notice (shipping advice) when goods have been shipped. o Billing Deliveries are included in the billing work schedule and are invoiced. An invoice for the shipment is prepared and issued to the customer. This is the end of the sales business process. The goods are shipped before the customer is invoiced. Invoices are forwarded to accounts receivable processing to await payment by the customer. Inquiry and contact creation are optional in a business. Sometimes they might not even occur. Orders are created when a customer – a sold-to party – requests good or services from a firm. Customer master records (files) contain all the information that pertains to a customer. o They have to be created before processing sales orders because the information in customer master records is used in sales order processing. o SAP ERP requires four types of master files: Sold-to-customer records When a customer has different locations for receiving, shipment, and/or payment, the information in these records can be changed as necessary. When a new sold-to-customer master file is created, the other three master records are created automatically using the same information. Records that must be linked to the sol-to-customer master records is known as partnering. Ship-to-customer records Bill-to-customer records Payee-customer records o Create a customer master record: Create customer: Initial Screen Uniquely identify the customer master file. Assigned internally or externally. Customer numbers are assigned externally when the person who is inputting the data selects the number. Internal assignment is performed automatically by SAP ERP, which assigns the next number in a sequence. A sales area is identified by three required fields: sales organization, distribution channel, and division. o Sales organization is the company unit that is responsible for the sale. o Distribution channel includes direct sales, retail sale, and wholesale. o Division is a code the identifies a subgroup in the sales organization. Create customer: Address Screen This section is primarily text. Field is used to input a phrase that can be can be used to search for the company when the company number is required for input. o Input fields are provided for street, post office box, city etc. These inputs are necessary. Create customer: Control Data Screen The transport zone field is the only required field. It identifies the regional zone where the ship- to party is located. Create Customer: Marketing Screen Input statistical and demographic data concerning the customer. Create Customer: Payment Transactions Screen This screen is used to input the customer’s banking information. Create Customer: Unloading Points Screen This screen is used to input where the customer unloads received goods and the customer’s factory calendar, which specifies what days and hours the customer accepts deliveries. Create Customer: Foreign Trade Screen Used for data relating to export controls. Create Customer: Contact Person Screen Used for data relating to a contact person or persons. Fields are provided for name, telephone number, form of address etc. Create Customer: Account Management Screen Used to specify account reconciliation data. A reconciliation account is a general ledger account that is updated parallel to account receivable postings. It is a control account used for reconciliation. Create Customer: Payment Transaction Screen This screen collects data for payment transactions, including automatic payment transactions. The payment terms field specifies cash discount terms and the payment periods that comprise overall terms of payment. Create Customer: Correspondence Screen A dunning procedure is the action taken to collect payments from customers who are late in making payments on their accounts. Create Customer: Insurance Screen The screen is used to input data relating to export credit insurance. Create Customer: Sales Screen This screen is used to identify areas within the company that are responsible to the customer. Data is entered for geographic sales region or district, sales office, sales group etc. Pricing procedure which is a SAP ERP term for the type and sequence of pricing conditions used to price a sales order. Price list type – wholesale vs retail The product proposal number field is used for defaulting products into the customers’ orders if the customer routinely orders the same products. Create Customer: Shipping Screen Specify shipping details. A shipping conditions code is input to select general shipping strategy from those that have been defined by the company. Create Customer: Billing Screen Used to input data concerning billing. Create Customer: Taxes Screen This is used to input data concerning the customer’s tax liability. Create Customer: Output Screen Used to change the default output specifications for various documents that can be produced for the customer. Create Customer: Partner Functions Screen When a sold-to-customer record is created, SAP ERP automatically creates bill-to, payer, and ship-to master records for the same customer using the same information. A dummy is used for a one-time or infrequent customers. Standard order processing is a term that describes the sales business process in which customer orders are filled from an inventory of finished goods. o A quotation must first be issued to the customer. If there is no quotation, then an order is created when a customer requests delivery of goods or services. A standard sales order contains information about prices, qualities, and dates. After an order has been created and processed, a delivery document is created. Standard Order Processing o Create Sales Order: Initial Screen This is used it input information for the sales area. There are three mandatory fields: Sales organization field identifies the unit responsible for the sale. Distribution channel field classifies the order as direct sales, retail sale, or wholesale. Division code field is used to identify a subgroup in the sales organization. A query is a request for information in a database. The order-entry function initiates the processing of the customer orders with the preparation of the sales order document. o The sales order contains descriptions of the products ordered, their prices, and descriptive data. o The sales order is primarily an internal document. The invoice, or bill, is a separate document that is usually prepared after the goods have been shipped and notice of shipment is forwarded to billing. Inventory picks the order as described on a picking list. o The picking list is prepared from the delivery document that is prepared by the order database process the approved order. o Inventory records are updated to reflect the actual quantities picked and to be forwarded to shipping. Shipping accepts the order for shipment after matching the order as described on the picking list that accompanies the goods to the order database. The order information contained in the packing list is prepared independently because it is based on the orders prepared by the order-entry function and approved by the credit function. Shipping documentation is prepared, and the order database is updated for the shipment. Shipping typically prepares a bill of lading for the delivery. A bill of lading is the documentation exchanged between a shipper and a carrier. The customer purchase order, the sales order, and the shipping report are necessary to process a completed sales transaction. Billing completes the order process by preparing invoices for orders that appear on the billing list The billing list is prepared from the information concerning orders that have been shipped to customers. Billing verifies the order and prepares the invoice. A journal voucher is prepared to summarize sales, and this information is forwarded to the general ledger function for posting to the general ledger. The distinction between billing and accounts receivable is important to maintain separation of functions. o Billing is responsible for invoicing individual orders. o Accounts receivable posts invoices prepared by billing to the accounts receivable ledger. o Billing does not have access to the financial records ( the accounts receivable ledger) The Sarbanes-Oxley Act of 2002 requires that companies maintain an adequate internal control structure over the business processes that support financial reporting. Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. Risk assessment of the sales business process will be necessary for compliance with SOX Risk assessment should evaluate whether the company’s controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of these controls. The customer account management business process includes accounts receivable processing through the collection of customer payments on account. Accounts receivable represents the money owed by customers for merchandise sold or services rendered on account. Accounts receivable often represents the majority of an organizations working credit Accounts Receivable Procedure: o A subsidiary ledger of individual accounts is maintained, with a control account in the general ledger. o Remittance advices are routed from the cash receipts function o Credit memos and other invoice adjustments are routed to the A/R department from the billing department. o Debits and credits are posted to the individual accounts. o An aging schedule (aged trial balance) reports outstanding customer account balances classified by their “age”. Two basic approaches to an A/R application: o Open item processing – a separate record is maintained in the accounts receivable system for each of the customer’s unpaid invoices. Maintains a complete invoice history that supports inquiry into any invoice and supports detail or summary sales analysis. o Balance-forward processing – a customer’s remittances are applied against the customers total outstanding balance rather than against the customer’s individual invoices. The total amount due from a customer is the total of all invoices due from the customer, and the payments are simply applied against their totals. o A cycle billing plan – the processing of A/R is subdivided by alphabet or account number in order to distribute the preparation of statements over the working days of the month. o Factoring – the selling of accounts receivable at a discount to a collection agency. Separation of functions: o Cash receipts Customer remittance slips are forwarded to the A/R for posting from cash receipts. A/R does not have access to the cash or checks that accompany customer remittances. o Billing Invoices, credit memos, and other invoice adjustments are routed to account receivable for posting to the customer accounts. Billing does not have access to the A/R records. o Accounts Receivable A/R is responsible for maintaining the subsidiary account receivable ledger. o Credit Approval of sales returns and allowances and other adjustments to customer accounts, the review and approval of the aged trial balance to ascertain the creditworthiness of customers, and the initiation of write off memos to charge accounts to bad-debt expense. o General Ledger Maintains the A/R control account. Sales Returns and Allowances o Allowances occur when, because of damaged merchandise, shortages in shipments, clerical errors, or the like, the customer and the seller agree to reduce the amount owed by the customer. o After an allowance has been authorized and approved, billing issues a credit memo to document the reduction to the customer’s account. o A sales return occurs when a customer actually returns goods that have been shipped. Separation of functions is essential in a business process to write-off accounts receivable. o Done with an aged trial balance. Cash Received on Account Business Process: o Used when there is an existing customer account balance. o Customer payments should always be acknowledged o Customer remittances on account are received in the mailroom A remittance list that documents the payments received is prepared. o Checks received from the mailroom are combined with cash receipts from cash sales and a deposit slip is prepared. o The remittance advices are posted to A/R ledger. o The journal voucher from cash receipts and the control total received from A/R are compared o The bank accepts the deposit and validates a copy of the deposit slip o Internal audit receives the periodic bank statement Lock-box deposit system – Customer remittances are sent directly to a bank and are credited to a company’s account before they are posted to customer accounts. o Reduces float by having the checks deposited to a firms account before the firm processes them. Float – the time between the signing of the payment check by the customer and the moment the firm has use of the funds. Customer audit is a general term used to describe procedures in which the customer acts as a control over the initial documentation of a transaction. Professional shoppers are people hired to purchase goods in a retail environment for the specific purpose of observing the recording of transactions. Imprest techniques are used to control cash receipts in the same manner that they are used to control petty cash disbursements. Chapter 9 – Procurement and Human Resource Business Process Procurement (Purchasing) is the business process of selecting a source, ordering, and acquiring goods or services. o The goods or services might be obtained internally if the goods are produced by another entity in the company. The general steps for the procurement process are: o Requirement determination A purchase requisition is an internal document created to request the procurement of so
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'