• Inaccurately recording transactions in journals and accounts.

– Physical controls include transaction authorization, accounting records,

pre-numbered documents, special journals, subsidiary ledgers,
general ledger control accounts, files and independent verification:
• Shipping department reconciles goods being shipped against
packing slip to ensure customer is receiving correct items and
quantity.
• Billing function reconciles original sales order with shipping notice
to ensure bills are correct and sales are recorded properly.
• GL function reconciles journal vouchers and summary reports
prepared independently in different functional areas before posting
to control accounts.
– IT controls include automated postings and file backups.
• Misappropriation of cash receipts and inventory.
– Physical controls include transaction authorization, supervision (especially
in the mail room), access controls and segregation of duties:
• Cash receipts function should be separate from the AR function.
• Cash receipts clerk should not have access to GL cash.
• Personnel with physical custody of inventory should not update
records.
– IT controls include multilevel security.
• Unauthorized access to accounting records and reports.
– Motives include attempt to create a fraud, data theft and malicious acts.
– Physical controls include access controls and segregation of duties such
that the perpetration of a fraud requires collusion.
– IT controls include passwords and multilevel security.

Physical Systems: Multilevel Security

• Employs programmed techniques that permit simultaneous access to a central

system by many users with different access privileges.
– Users are prevented from obtaining information for which they lack
authorization.
• Two common multilevel security methods:
– Access control list (ACL) method assigns privileges directly to
individuals which is burdensome in large organizations.
– Role-based access control (RBAC) creates standard tasks called
roles that are assigned specific privileges.
• Once a role is created, individuals are assigned to it.
• Easy to add or delete roles as job responsibilities change.

Physical Systems: Point-of-Sale (POS) Systems

• POS systems used extensively in retail establishments.

– Customers pick items from shelves and take them to a cashier.
• Clerk scans the Universal product code (UPC) of items.
– Price and description retrieved from inventory file.
 – Inventory levels are updated and reordered as needed.
• System automatically calculates taxes, discounts and total.
– Non-cash payments are approved via online connection.
• At shift end, money and receipts reconciled to the internal cash register tape with
cash over and shorts accounts for.
• Cash receipts clerk prepares deposit slip for total daily cash receipts and batch
program posts entry to the GL.

Physical Systems: POS Control Issues

• Authorization:
– Clerk should match customer signature with credit card.
• Supervision:
– Surveillance cameras and floor security help prevent shoplifting and
employee theft.
• Access Control:
– Separate cash drawers, locked showcases and magnetic tags attached to
merchandise help control theft.
• Accounting records:
– Only supervisors should access internal cash register tapes.
• Independent verification:
– Cash drawers should be reconciled to internal register tapes.

Physical Systems: Reengineering

• Electronic data interchange (EDI) expedites transactions.

– Customer’s computer automatically orders inventory as needed.
– Seller processes order with little or no human involvement.
– Binding terms specified in a trading partner agreement.
– Control problems include ensuring only valid transactions are processed
and that accounting records are not compromised.
• Doing business on the Internet involves both business-to-business (B2B) and
business-to-consumer (B2C) transactions.
– Opens the door to thousands of business partners without formal trading
agreements.
– Risks include threats from computer hackers, viruses and transaction
fraud.