GSLC 8 April 2020

1. Risks, exposures and internal controls in the sales process

Risks/Threats/Weakness of Exposures/Impact to the Recommended Internal

IC company controls

1 Discounts granted by Loss of revenues and 1. Give training to

salespeople are too high profit margin salespeople so they can

make decisions that don't
hurt the company when
giving discounts to
consumers.
2. Set a maximum limit for
giving discounts to
consumers, for example,
a maximum discount of
50% to customer.

2 Use of incorrect sales prices Loss of revenues and 1. Use of bar codes or RFID

profit margin to input the price.

2. Restriction of access to
pricing data, so that not
everyone can change the
price data and cause
errors in the price data.

3 Shop within a shop Loss of profit margin 1. Segregation of duties

between sales and
purchasing department.
2. Make a clear
communication of sales
procedures to customers,
with deliveries always
 taking place via the
warehouse.

4 Shifting of sales transactions (Too) high bonus contract 1. Segregation of duties

between periods due to costs between sales

bonus contracts department and

accounting department.

5 Sales transactions in foreign Exchange rate losses 1. Use the mechanism of

currencies derivative transactions

for transactions in
foreign currencies.

6 Credit sales to Losses on sales 1. Surveying the ability of

noncreditworthy customers consumers to pay, for

example through 5C
analysis.
2. Setting credit limits and
prioritizing costumers
who have a good history
of credit making.

7 High accounts receivable High financing costs 1. Data entry controls.

position 2. Reconciliation of batch

totals.
3. Mailing of monthly
statements to customers.

8 Failure to bill customers Loss of assets and profit 1. Separation of billing and

margin shipping function.

2. Periodic reconciliation of
invoices of sales orders,
picking tickets, and
shipping documents.

2.
 Risks/Threats/Weakness of IC
1) Credit sales made to
customers who represent poor
credit risks
2) Unrecorded or unbilled
shipments
3) Errors in preparing sales
invoices
4) Incorrect posting of sales to
accounts receivable records
5) Posting of revenues to
Exposures/Impact to the
company
1) Losses from bad debts
2) Losses of revenue;
overstatement of inventory
and understatement of
accounts receivable in the
balance sheet
3) Alienation of customers and
possible loss of future sales;
losses of revenue
4) Incorrect balances in
accounts receivable and
general ledger account records
5) Overstatement of revenue
Recommended Internal
Controls
1) Credit limits.
2) Specific authorization to
approve sales to new
customer or sales the exceed a
customer’s credit limit.
3) Aging of account receivable.
1) Reconciliation between the
amount of goods that came
out and the existing sales
documents.
2) Use ERP to integrate the
sales department and the
shipping department.
1) Configuration of system to
automatically enter pricing
data.
2) Restriction of access to
pricing master data.
3) Data entry edit controls.
4) Reconciliation of shipping
documents (picking tickets,
bills of lading, and packing list)
to sales invoices.
1) Data entry controls.
2) Reconciliation of batch
totals.
3) Mailing of monthly
statements to customers.
1) Data entry controls.
wrong accounting periods,
such as premature booking of
revenues
6) Fictitious credit sales to
nonexistent customers
7) Accessing of accounts
receivable, merchandise
inventory, and other records
by unauthorized persons
8) Use of stolen credit cards to
place orders via the Web
in one year (year of premature
booking) and understatement
of revenue in the next
6) Overstatement of revenues
and accounts receivable
7) Loss of security over such
records, with possibly
detrimental use made of the
data accessed
8) Loss of shipped goods for
which payments will not be
received
2) Use a computerized
recording system to record
sales transactions that occur.
3) Using a real-time recording
system so that the recording is
done immediately when a
purchase transaction occurs by
the customer.
1) Do a customer survey first
before deciding to give credit
through 5C analysis.
2) Meet customers face-to-
face first before approving a
credit application.
3) Reviewing the location of
the business before approving
the loan if the applicant is
from a company or shop.
1) Restriction of access to
database.
2) Use a password that is only
notified to those who are
authorized with the data.
3) Use user ID to access data
so companies can track
employees who access data.
1) Require each credit card
user to input personal data,
such as name, place and date
of birth, and biological
mother's maiden name.
 3. List all the documents created in Manual Sales Order Processing, describe the
department creating it, how many copies are created, to which departments the
copies are distributed, and for what is the copy of the document will be used by the
recipient. Be complete.
Answer:
a. Sales order form (3 copies) is made by sales department. The document is made
to record the goods ordered or purchased by customers. It is made to capture
the essential details of customer order. The first copy will be saved as an archive,
second copy will be sent back the customer as a picking list, and the third copy
will be distributed to credit department if the customer buy the goods on credit.
b. Credit approval (2 copies) is made by credit department. The document is made
as a statement of approval of credit applications submitted by customers, in case
they buy the goods on credit. The first copy is distributed to the sales
department in order to be used to prepare the picking list and the second copy is
distributed to accounting department in order to be used to record account
receivable.
c. Picking list (1 copy) is made by sales department. This is the copy of sales order
which is sent to the warehouse as a warrant to the warehouse to prepare goods
ordered by customer. This document is distributed to the warehouse.
d. Stock release or picking ticket (3 copies) is made by warehouse. The document is
made to adjust the stock which is recorded at the warehouse. The first copy is
archived by warehouse, the second copy is distributed to the shipping
department, and the third copy is distributed to accounting department.
e. Packing slip (1 copy) is made by shipping department. The document is made as a
duplicate of sales orders that are included with the package of goods to be sent
to customer. This document is distributed to the customer.
f. Shipping notice (1 copy) is made by shipping department. The document is made
as a guarantee that the company has sent the goods ordered by customers.
Hence, this document is made to prevent the company from billing the customer
for goods that the company have not sent. It is verified by shipping department
and then sent to the billing department.
 g. Sales invoice (2 copies) is made by billing department. The document is made as
a means of collecting account receivable from customer. The second copy is sent
to the customer while the first copy is kept as an archive.
h. Remitance advice (1 copy) is made by billing department. The document is made
as a receipt or proof of receipt of payment by customer and it is sent to the
accounting department.
i. Ledger copy (2 copies) is made by accouting department. The document is made
to record sales, account receivable, and cash receipt from customer. The first
copy is distributed to manager and the second copy will be archived.

4. List the threats in Sales and Cash Collection Cycle? Why the threats are happened,
what are the impacts to the company and how to control the threats?
Answer:
a. Poor performance, caused by communication and cooperation that are less
effective between departments in the company. For example, the slow
processing of customer orders, the slow delivery process, and the process of
collecting receivables that are less effective. Impact to company: can result in
reduced customer satisfaction and can have an impact on the decline in the
company's profit margin. To control the threat, accountants should use their
knowledge about the underlying business processes to design innovative
reports.
b. Incomplete/ inaccurate orders, caused by marketing that is not thorough when
recording orders, errors in the data of goods in the company (eg errors in prices
and types of goods) company systems that have not been integrated so that it is
difficult to record customer orders in full. Impact to company: inefficiencies in
company sales operation (someone will have to call the customer to reenter the
order, so he order will be delayed for processing) and caused customer
unsatisfaction due to these efficiencies, so it can affect the future sales to
customer. To control the threat, the company could implement ERP systems
which use a variety of data entry edit controls, restrict access to the database to
prevent unauthorized changes that could destroy the data.
c. Invalid orders, caused by a lack of legitimacy of orders. For example, it is too
easy for a company to trust the customer so that it doesn't make a written
statement about the order. Impact to company: wasted time and money to ship
and receive them back. To control the threat, the company could establish the
legitimacy of customer’s order by the customer’s signature.
d. Uncollectible accounts, caused by lack of proper authorization for each credit
sales and lack of customer analysis through 5C analysis when they want to apply
credit. Impact to company: it can reduce the revenue that should have been
received and increase the burden through the uncollectible receivables. To
control this threat, the company could set the credit limit for each customer and
make accounts receivable aging report to monitor the accounts receivable.
e. Stockouts or excess inventory, caused by lack of monitoring of the amount of
inventory in the warehouse, errors in recording inventory by warehouse officers,
and non-routine recording of the amount of inventory. Impact to company:
customer order making will be delayed or even canceled when out of stock.
Conversely, excess inventory will make carrying costs increase and reduce the
revenue that should be received by the company. To control this threat,
company could implement perpetual inventory record, give training to
warehouse officers, and periodic physical counts of inventory.
f. Picking the wrong items or quantity, caused by error in warehouse when picking
goods to be packing. Impact to company: reduce the revenue and it can cause
customer unsatisfaction when the number of goods sent is less than the number
of goods ordered. To control this threat, company could use automated
warehousing technologies (such as bar-code and RFID) and use the system to
automatically compare the items and quantity picked by warehouse officer with
the sales order.
g. Theft of inventory, caused by lack of monitoring goods in warehouse. Impact to
company: reduce the company revenue and also can cause delay in makin of
customer order because of lack of inventory in warehouse. To control this
threat, company could use RFID and bar-code technology, make restriction of
physical access to inventory, and make documentation of all inventory transfers.
 h. Failure to bill cutomers, caused by employee error when doing accounts
receivable recap. Impact to company: reduce the company profit. To control this
threat, company could separate billing and shipping functions and do a periodic
reconciliation of invoices with sales orders, picking tickets, and shipping
documents.

i. Billing errors, caused by the inaccuracy of officers in the billing department when
inputting the total price of customer orders. Impact to company: overbilling can
result in customer dissatisfaction and underbilling results in the loss of assets.
The company can control this threat by having the system retrieve the
appropriate data from the pricing master file and by resticting the ability of
employees to make changes to the data.

Case 1 Spice Is Right Imports (Stand-Alone PC-Based Accounting System)

Spice Is Right was established in 1990 in Boston where they began importing exotic spices
and cooking sauces from India and China. They distribute these specialty foods to ethnic
food shops, cafes, and restaurants across the country. In addition to their Boston
headquarters and warehouse, the company has a distribution center in Elizabeth, New
Jersey. Spice Is Right currently employs over 100 people, has dozens of suppliers, and trades
in hundreds of ethnic and exotic foods from all over the world.

Recently Spice Is Right has been receiving complaints from customers and suppliers about
billing, shipping, and payment errors. Management believes that these complaints stem, in
part, from an antiquated computer system. Spice’s current information system includes
manual procedures supported by independent (non-networked) PCs in each department,
which cannot communicate with each other. Document flow between the departments is
entirely in hard-copy form. The following is a description of their revenue cycle at the
Boston headquarters office.

Sales Procedures
Spice Is Right’s revenue cycle begins when a customer places an order with a sales
representative by phone or fax. A sales department employee enters the customer order
into a standard sales order format using a word processor installed on a PC to produces six
documents: three copies of sales orders, a stock release, a shipping notice, and a packing
slip. The accounting department receives a copy of the sales order, the warehouse receives
the stock release and a copy of the sales order, and the shipping department receives a
shipping notice and packing slip. The sales clerk files a copy of the sales order in the
department.

Upon receipt of the sales order, the accounting department clerk manually prepares an
invoice and sends it to the customer. Using data from the sales order the clerk then enters
the sale in the department PC and records the sale in the sales journal and in the AR
subsidiary ledger. At the end of the day the clerk prepares a hard-copy sales journal
voucher, which is sent to the general ledger department.

The warehouse receives a copy of the sales order and stock release. A warehouse employee
picks the product and sends it to the shipping department along with the stock release. A
warehouse clerk updates the inventory records on the warehouse PC and files the sales
order in the warehouse. At the end of the day the clerk prepares a hard copy AR account
summary and sends it to the general ledger department.

The shipping department receives a shipping notice and packing slip from the sales
department. The shipping notice is filed. Upon receipt of the stock release, the shipping
clerk prepares the two copies of a bill of lading using a word processor. The bills of lading
and the packing slip are sent with the product to the carrier. The clerk then files the stock
release in the department.

The general ledger clerk posts the journal voucher and inventory summary to the general
ledger, which is stored on the department PC, the clerk then files these documents in the
general ledger department.

Cash Receipts Procedure

The mail room has five employees who open and sort all mail. Each employee has two bins,
one for remittance advices and one for checks. Before separating the two documents and
putting them in their respective bins, the clerks reconcile the amounts on the checks and
remittance advices.

The remittance advices are sent to the accounting department where a clerk records each
remittance advice on a remittance list. The remittance list is then sent to the cash receipts
department. Using the remittance advices, the accounting clerk updates the customer
accounts receivable on the department PC and files the advice in the department. At the
end of the day the clerk prepares an account summery on the PC. A hard copy of the
summary is sent to the general ledger department.

The mail room clerk sends the checks to the cash receipts department, where a clerk
endorses each check with the words ‘‘For Deposit Only.’’ Next the clerk reconciles the
checks with the remittance list and records the cash receipts in the cash receipts journal on
the department PC. Finally, the clerk prepares a deposit slip and sends it and the checks to
the bank.

The general ledger posts the accounts receivable summary to general ledger and files it in
the general ledger department.

Required:

1. Identify at least 7 the internal control weaknesses in the system. Use the 6 physical
control activities specified in SAS 78/COSO for your analysis. Organize your answer as
follows :
Weaknesses of What will happen to the Recommended improvement
Internal Control company (risks) to the Internal Control
The computer system Transaction recording Using ERP for the computer
which use in Spice is process is less effective system to integrate all data
Rights has not been and efficient, so that the from each department in the
integrated. customer order or the company.
customer order making
could be delayed for
 processing.
Document flow Delivery of document is Use soft-copy form for
between the less effective and the documents and send them
department is entirely document can also be via email to reduce the time
in hard-copy form. scattered during the wasted to transfer the
transfer process. document between the
Moreover, the company is departments.
required cost to print the
documents and storage
place or storage room to
store those documents.
There is still a manual The process of preparing is Using the application to
process in preparing may take a long time to do prepare and create the
the required and it may also be necessary documents, so that
document. For inaccuracies when staff only need to input data
example, the inputting data to the into the format that has been
accounting clerk related documents. provided and results in
prepares the invoice increased effectiveness in the
manually instead of process of making
using a specialized documents.
application.
Inadequate There may be an error in Use the appropriate
applications to the format of the application and is specifically
improve effectiveness document and it is also devoted to making the
and efficiency in the less effecttive to prepare relevant documents. The
revenue cycle. For the document, so that the company can also provide
example, the sales order processing could be training to employees in
department is using longer than it should be. advance so that they can
word processor to operate the application
make sales order correctly.
instead of using
application which is
devoted to make sales
 order.
Stock recap which is There may be inaucuracy Use bar-code or RFID to
done manually and not when calculating the automatically scan or identify
yet computerized. remaining amount of stock the specific goods which have
of goods which can result been sold or came out from
in stockout or excess the warehouse.
inventory.
There is no monitoring There could be a mistake Increase the monitoring of
process by each when entering and supervisor to prevent fraud
department iputting the required data, and error when inputting or
supervisor. or even fraud can occur reparing document. Besides,
when inputting data, the company can use
making documents, and computer system to monitor
shipping the goods. the work of staff.
There is no Mistakes can occur when Separate tasks between
segregation of duties reconciling remittance employees who reconcile and
between the recipients advice and checks, so that examine checks and
and examiners of errors can occur in the remittance services. In
remittance advices and cash receipt procedures. addition, companies can also
checks between mail use a computer system to
room officers. automatically separate
checks and remittance advice
from mail room.

2. Identify and explain at least 3 the internal control strengths in the system.
a. The flow of documents in the form of hard-copy can really
ensure that the recipient has received and signed the document.
b. Data flow in the form of hard-copy, which means that the
process of document flow between departments is done manually, has the
advantage that the process of sending documents between departments is not
dependent on the signal. So, if the network is offline, experiencing problems, or
even lights out, the process of sending the document can still run normally.
c. Hard copy documents tend to be difficult to modify. It can also
be read immediately without using any software to read the document.

Case 2
When you go to a movie theater, you buy a prenumbered ticket from the cashier. This
ticket is handed to another person at the entrance to the movie. What kinds of
irregularities is the theater trying to prevent? What controls is it using to prevent these
irregularities? What remaining risks or exposures can you identify?
Answer:
a. The irregularities which want to be prevented by the theater are:
- Prenumbered tickets are used to prevent fraud by cashiers. For example, if the
cinema sells tickets without a previous number, it is likely that the cashier will
pocket money from customers without giving them tickets. It is also possible if
the cashier commits fraud by selling the ticket to another customer.
- Preventing manipulation of recording cinema tickets sold by cashiers. By using
prenumbered tickets, the supervisor will easily supervise the number of tickets
sold during the day.
- Prevent the use of tickets for the personal interests of the cashier, for example
the ticket is given to the cashier's family member or friend of the cashier.
b. The control using to prevent those irregularities:
- Reconcile the number of tickets which have been sold with the amount of cash
which is at the cashier.
c. The remaining risks or exposures which may still occur:
- The cashier can work with visitors to commit fraud by selling the ticket to others
and sharing the profits.
- Cashiers can work together with visitors and allow them to enter the theater
without buying a ticket.
- The cashier can work with visitors where visitors only need to pay half the price
but do not get a ticket, and then the ticket is sold to other visitors.
 CASE 3
Some restaurants use customer checks with prenumbered sequence codes. Each food
server uses these checks to write up customer orders. Food servers are told not to
destroy any customer checks; if a mistake is made, they are to void that check and write
a new one. All voided checks are to be turned in to the manager daily. How does this
policy help the restaurant control cash receipts?
Answer:
The purpose of giving a number to a check is to make it easier the restaurant is audited
by the auditor. The restaurant does not discard the wrong check to avoid missing a
number in the process of making a check. Moreover, having missed numbers can make it
difficult for the restaurant to be audited, especially if the restaurant cannot provide a
reasonable explanation regarding it. The canceled check is returned to the manager to
be given a sign that the check has experienced a cancellation or error.

IS Journals
Please read the journals and Evaluate how effective the control
systems are in the banking sector.
The bank has been effective in controlling the system to prevent fraud and error reduction
control. This can be proven from table 12, it can be seen that the banks surveyed had a p
value of less than 0,05 and a Z value of more than 1,96. This shows that the bank already
has effective fraud and error reduction control.

Conversely, the surveyed banks have poor control over physical access, logical access, data
security, standard documentation, disaster recovery, internet, communication and e-
control, and output security. This can be seen through the conclusions in table 12, where
the p value for all aspects mentioned above is greater than 0.05 and has a Z value of more
than 1.96.

Supposedly, a bank has good control over all aspects that exist. Not only from the aspect of
fraud control and error reduction, but also from the aspects of physical access, logical
access, data security, standard documentation, disaster recovery, internet, communication
and e-control, and output security. If banks are able to have good control over all aspects,
then fraud, errors, and threats to the banking system should be minimized.

In addition, in the system control process, it is also necessary to have a common thought
between the IT department and auditor so that the control and monitor process can run
well. This has been fulfilled by the surveyed bank and can be proven through Chi test data.

In conclusion, there is still no effective system control in the banking sector, because most
banks tend to only focus on fraud and error reduction control, but tend to ignore controls
on physical access, logical access, data security, standard.