System Objectives
There are several financial systems in a business organisation.
Each system has objectives for what it is intended to do and policies and procedures for how it should do it.
Each system would have policies and procedures to ensure these objectives are achieved.
Accounting System Activities
Transaction Processing System (TPS)
A transaction processing system (TPS) is the foundation of all financial systems. It records all the financial transactions of the company.
Aspects of a TPS include:
A TPS will record and collate information as part of an accounting package that will analyse the data into useful information for users.
A TPS would involve using codes to identify accounts, transactions, and other items.
A TPS should be capable of handling the company’s transaction volume quickly and accurately and may have automation to minimise errors.
A TPS can quickly report summary information for management to use.
Key Point
The processes described in this chapter occur within a computerised accounting system.
Raising a transaction, authorisation, recording, and communication are performed electronically.
Documents mentioned are raised and maintained digitally.
Purchasing
Purchasing processes transactions with suppliers.Purchasing Objectives
The system’s main objective is to record purchases and pay suppliers the money they are owed for items purchased from them.
Purchasing Policies
Purchasing Procedures
The primary purchasing procedures are as follows:
Payments are recorded both in the individual account for the supplier and also in accounts for recording total cash payments and total amounts paid to suppliers.
When handling purchasing transactions, the accounts department will do checks, such as:
Check that the items were ordered and received before payment.
Unless the supplier requires payment in advance, an organisation should only pay for purchases once it has received the goods.
Check the purchase invoice details against the goods received note
Another policy requirement may be that the organisation should not pay for anything until it has checked that the details in the invoice from the supplier match the details of the items purchased and received.
Determine the most favourable time to pay
Suppliers usually allow a period of credit to pay after the invoice has been delivered; the payment should be made at the time most advantageous to the company.
Sales Invoicing
Sales invoicing processes transactions with customers.
Sales Invoicing Objectives
The main objective of a sales invoicing system should be to send invoices to customers for items they have purchased and record payments received.
Sales Invoicing Policies
Sales Invoicing Procedures
Other procedures include:
Providing the accounts department with details of all goods or services supplied (in the form of customer orders and delivery notes) to send invoices to customers promptly.
When payments are received, match them with the invoice to record that they have been paid.
Keeping a record of customer invoices and payments received in a system of accounts (bookkeeping).
Activity 1
Match the procedure to the purchases or sales system.
Procedure
System
(purchases or sales)
Matching the payment received from a customer against the invoice
Authorising payment for goods that have been received
Checking the invoice against the details of the goods received
Notify a supplier that payment for their goods has been made
Recording the payment received from a customer in the accounting system
Payroll
The main objective of a payroll system should be to pay employees their wages or salaries in full and on time, having made any required deductions first, such as for income tax.
This includes the proper recording and maintenance of standing data (employee details such as name, income tax and identification numbers, etc.) and variable data (work records, payroll, etc.)
A payroll system depends on maintaining accurate records of all the employees in the organisation, including their wage rates or salaries and their bank details (unless wages are paid in cash).
The records will need constant updating as employees retire or leave and new employees join.
Records also need to be updated for changes in pay rates and possibly for details of absence from work.
When employees are paid an hourly rate for their hours, there must be procedures for recording time worked, including overtime.
The hours worked need to be input into the payroll system each week.
The amount payable to each employee must be calculated on the appropriate day of the week or month.
Pay is calculated as the total amount earned, together with deductions for payments such as payment of tax on earnings to the government (income tax), leaving a net amount to be paid to the employee.
The payments are then made to the employees, preferably through their bank account and not in cash.
The employee is notified of the amount paid and supporting details in a payslip. Amounts deducted are paid as appropriate – for example, income tax deducted from the earnings is paid to the government at the proper time.
The deductions and payments are recorded in the accounting system as total wages and salaries, bank or cash payments to employees, and deductions taken from gross wages and salaries.
Credit Control
Granting credit is a common business practice, especially where the customer is another business organisation.
Credit Control Objective
The main objective of a credit control system is to allow customers time to pay for what they have purchased – to give them credit. An organisation may achieve higher sales revenue by providing customers credit.
Several policies can enable a credit control system to achieve this objective.
Credit Control Policies
A system is needed for deciding how much credit a customer should be allowed to maximise profits and minimise customer default risk.
Customers must be monitored for how long they take before paying and how much they owe. Ensure an appropriate amount of credit is granted to customers.
Pursue payments accurately and promptly.
Ensure credit is granted only to deserving customers.
Maintain accurate receivables records.
Maximise profitability while minimising exposure to customer default risk.
Credit Control Procedures
Procedures should be established to identify customers who pay late and persuade them to pay what they owe as soon as possible.
The organisation must make a policy decision about how much credit it is prepared to allow its customers. Allowing credit means investing in working capital – amounts receivable.
This ties up funds and cash, and the organisation should only grant credit that it can safely finance. The amount of credit may be influenced by how much money the company has, as allowing credit will affect the company’s cash flow.
However, unless customers are allowed credit, they may prefer to buy from another organisation which does allow credit.
Within the total credit limit that has been decided, the organisation should decide on a system and procedures for determining how much credit can be allowed to individual customers.
The credit limit defines the maximum amount customers are allowed to owe, depending on how much they purchase. A system of different credit ratings may be used for customers, and customers with a good credit rating are allowed more credit than those with a poor rating.
Credit terms relate to the conditions the customers are allowed to borrow. For example, the organisation may decide on the same credit policy (terms) for all customers, such as payment required within 30 days of the date of the sales invoice, or the terms may vary between individual customers depending on their payment history.
Before selling to a customer, it may be necessary to check that the customer is allowed the additional credit. This may require a check with someone in the credit control section, online or by telephone, to confirm that the credit the customer is asking for is acceptable.
Another policy requirement may be to check that customers pay what they owe at the agreed time. If customers are late with their payment, there should be procedures to chase them to collect the money owed.
Send a reminder to the customer, informing the customer about the amount owed and asking for payment of the overdue amount.
If customers still do not pay, credit control staff may call the customer directly to ask for payment. Making more than one phone call may be necessary to persuade a customer to pay.
If a customer still fails to make payment, the organisation has several options, which depend on the company’s policy on overdue payments::
Write off the amount owed from the accounts. This means that the company accepts that they will never be paid.
Sell the amount owed to a debt collection agency at a discount to its face value. This means the company will get a proportion of its money back.
Take legal action against the customer to obtain payment through the courts.
In this instance, the company has to consider whether the customer can pay and the risk and expense involved in going through the court system.
In each case, accounts staff should update the customer’s credit rating in the organisation’s records.
Cash and Working Capital Management
The cash and working capital management system is usually a responsibility of the treasury section in large business organisations.
Working capital management is linked to cash management because cash is tied up in inventory and amounts receivable from customers. The organisation has paid money to acquire inventory and to turn it into goods or services for customers, but it doesn’t get any cash back until the customers eventually pay.
Objectives
The main objective is to ensure that the business organisation has enough cash to meet its operational requirements and can make payments for what it owes in full and on time.
Policies
Ensure sufficient cash is available to meet obligations as they fall due.
Ensure an optimum level of working capital for operations.
Procedures
An essential requirement of cash management is to make short-term cash budgets or forecasts of expected cash receipts and payments for the next week or month.
If an organisation expects a cash shortage, it can take measures in advance to deal with the problem – such as asking the bank for a short-term loan or delaying planned payments to suppliers.
It is also vital to monitor actual cash flows and money in the bank.
If cash balances are lower than planned, an organisation should take urgent measures – such as asking the bank for an urgent loan or delaying supplier payments.
The amount of inventory and amounts receivable from customers (receivables) should be monitored.
When the time between obtaining inventory and using or selling it gets longer, and when customers take longer on average to pay what they owe, action reports can be sent to the purchasing department, manufacturing department, sales department or credit control section.
Action reports would notify managers responsible that action may need to be taken.
The quantity of inventory held should be monitored to ensure it is not incurring excessive holding or obsolescence costs.
Manage payments to suppliers
An organisation can improve its cash position by delaying supplier payments if necessary. However, this should be a last resort. Late payments to suppliers may create ill will and affect the ability of the organisation to obtain more credit from suppliers in the future.
Weaknesses, Errors, and Deficiencies
Financial systems may have weaknesses that lead to risks affecting business operations. These include:
Physical risks, such as poor security for liquid assets, leading to misappropriation of assets such as cash.
Digital risks, such as inadequate firewalls and insecure passwords, leading to data breaches, loss of data integrity, and external threats like ransomware.
Operational risks, such as lack of capacity to process the transaction volume, leading to backlogs and outdated information.
Other control risks, such as the lack of sufficient segregation of duties and crosschecks, leading to possible fraud and unresolved errors.
Weaknesses and errors in accounting systems do not have to be deliberate and do not necessarily affect a company’s financial systems. However, companies should always take steps to prevent or resolve them to avoid uncontrolled future losses.
Sources of Weaknesses and Potential Errors
Weakness
Description
Human error
A significant cause of errors in accounting systems is unintentional mistakes by people. People can forget to do something, do something incorrectly, or misunderstand what they have been asked to do.
Fraud
A deliberate criminal act by an employee to obtain financial benefit from an employer is called fraud.
Computer system failure
Computer systems may fail, for example, due to hardware failure or a cyber-attack.
Poor procedures
There may be unsatisfactory or no procedures for dealing with unusual circumstances, such as a partial payment from a customer.
Inefficient systems
An accounting system may be inefficient.
For example, an accounting system with manually-kept books will be less efficient at dealing with a large volume of transactions than a computerised system.
Errors and fraud often occur due to a combination of several deficiencies.
For example, a junior accountant may be expected to record a payment from an important customer. The computer system is not working when he tries to do this task, which he then forgets to do later. The failure to record the payment can be attributed to poor procedures, machine breakdown and human error combined.
Example
For what reasons might employees in an accounts office unintentionally make mistakes or be inefficient in the work that they are doing?
Answer:
They are not trained to do the work or lack the knowledge and skill.
They are not adequately supervised: employees cannot ask for guidance, and their mistakes are not seen. Poor supervision may also encourage employees to waste time and do things slowly.
They have too much work to do and make mistakes in a hurry or do not complete everything they should in the required time.
They forget to do something or do something without first asking for the required permission.
They are careless.
The possibility of errors and inefficiencies is vast, especially in large organisations with more people, many different activities and many more transactions to process.
When problems have been identified within a system, it is often possible to take measures to deal with them. For example, old equipment can be replaced with more modern items. Errors by employees may be reduced by giving them relevant training and improving supervision.
Ideally, errors and inefficiencies should be prevented. But if they do occur, they should be detected and corrected. There should be an established system for dealing with this. In business organisations, such systems are known as internal control systems.
Definition of Internal Control
Definitions
Internal control – The process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to:
reliability of financial reporting;
effectiveness and efficiency of operations; and
compliance with applicable laws and regulations.
IAASB Handbook
Control activities – Policies and procedures that help ensure management directives are carried out.
An internal control system includes activities to prevent inefficiencies, errors or fraud. It also includes other elements, such as procedures for identifying control risks and assessing their seriousness.
The size of an internal controls system and the number and type of controls and checks it contains varies with the size and complexity of the organisation.
Control Objectives
Internal control should enable an organisation to achieve several objectives, including helping the organisation secure reasonable assurance that it can meet its goals.
Examples of control objectives include:
Internal controls should ensure the orderly and efficient conduct of the business and its operations.
Internal controls should provide for the safeguarding of assets from loss or damage.
There should be financial controls, for example, to prevent the theft of cash from the business.
Internal controls should reduce the risk of losses or errors due to unintentional error or deliberate fraud
Internal controls should also ensure the accuracy and completeness of the organisation’s accounting records
Controls should be in place to ensure the timely preparation of reliable financial information, including the annual financial statements
CAVE Mnemonic
The CAVE mnemonic can be used to remember the general control objectives of a financial accounting system, which is to ensure:
Internal Check
An internal check is a control activity (segregation of duties). It is a procedure or series of procedures that:
ensures that the same individual does not carry out a procedure from start to finish so that
the work of each individual is subject to an independent check by another individual.
An example would be a banking process, where one person collects all the cheques together, and another lists them and creates a banking record for posting in the accounts.
Relationship between Internal Controls and Internal Check
Importance of Internal Financial Controls
Consequences of Internal Financial Control Deficiencies
If internal financial controls are not adequate, the following might happen:
Undetected fraud may occur.
Accounting records might contain errors or omissions, so it isn’t easy to reflect what transactions have taken place.
Employees are not paid the correct amount they are owed in wages or salary, affecting morale.
The business may run out of cash, increasing default risk.
It will be impossible to prepare reliable financial statements for presenting to management and shareholders.
Limitations of Internal Financial Controls
Controls are essential, but even within a system of financial controls, there may be weaknesses. Internal financial controls should be designed as well as possible and implemented as effectively as possible. Even so, control failures can occur.
Limitation
Reasonable but not absolute assurance
Internal control can provide reasonable assurance about the reliability of financial reporting, the efficiency and effectiveness of operations and compliance with laws and regulations, but it cannot provide absolute assurance. Control weaknesses and failures may occur.
Collusion
An internal check may provide for one person’s work to act as a check on the accuracy – and honesty – of someone else’s work.
But the two individuals may collude together to commit a dishonest act. The internal check will be ineffective if this happens.
Weak or ineffective controls
Some controls may be poorly designed and, as a result, fail to fulfil their intended control purpose.
Operational errors with controls
Controls may be ineffective because they are not used correctly, perhaps because an individual does not understand what the control is for or fails to take action when a warning sign is given.
Overriding controls
Controls may be ineffective because a manager chooses to override the control – ignore it – and do something that the control is intended to prevent.
Problems with small size
Controls may not be possible because the organisation is too small.
For example, internal checks can be created by segregating tasks or duties so that the work of one person can act as a check on the work of another.
This would be impractical or too expensive for a small business with only a few employees.
So internal controls, including internal financial controls, must be designed and implemented as well as possible, but they can never provide complete assurance that nothing will go wrong.
It is also important to note that internal controls must be cost-effective – the costs of internal controls must not outweigh the benefits.
Responsibilities for Internal Control
The responsibilities for the effectiveness of a system of internal control within a business, including financial controls, lie with those charged with governance (board of directors) and management:
Responsible party
Board of directors
The board has ultimate responsibility for the effectiveness of a company’s internal controls.
The board of directors is responsible, as agents of the shareholders, for what happens to the company. The board is ultimately responsible for ensuring that there is an effective system of internal control in place.
They will have to delegate detailed work to management, but they can’t avoid their responsibility. They need to check how effectively management is providing internal financial control.
Management
Management is responsible for all the operations in a business, and that includes the finance and accounting system.
If there are weaknesses in the internal control system, management should identify them and try to correct them.
Although the board of directors is ultimately responsible and the board needs to monitor what management is doing, management has the detailed task of creating an effective internal control system.
Individuals (employees)
Individuals are expected to follow the required procedures for their work, and there will be controls – such as job descriptions, training, and appraisals – within their work.
They should also be expected to correct mistakes that they find or report them to their supervisor or manager.
Role of Internal and External Auditors
Although internal and external auditors are essential to maintaining an effective internal control system, they are not responsible for their effectiveness.
Auditor
Role
Internal auditor
Internal auditors are not responsible for the effectiveness of internal controls.
They can investigate procedures and check records and advise the board of directors, the audit committee and management about weaknesses and control failures they find.
External auditor
External auditors are not responsible for the effectiveness of internal controls.
They may identify weaknesses or failures in internal financial controls that they come across during their audit work.
If they do, they should inform management, the board of directors, or the audit committee.
 Internal Control System Elements
An internal control system can be described as having five elements:
Internal control element
Control environment
The control environment refers to the culture and leadership related to control provided within the organisation by its directors and managers and the awareness of employees about the importance of control.
Assessment of risks
To apply controls, it is first necessary to recognise the risks and their seriousness.
The most severe risks require the most urgent action. Suitable controls should be considered for all significant risks.
Information and communication
There must be an adequate system for communicating information in a form and within a time frame to enable individuals to perform their control responsibilities and take suitable control actions.
Individuals need to know, for example, when something has gone wrong so that they are fully aware of the problem and the need to do something to deal with it.
Control activities
The system must include sufficient controls so that, taken together, they achieve the objectives of the control system – such as the preparation of reliable financial statements. Controls reduce the likelihood of errors happening.
Monitoring
The control system should be regularly monitored to assess its quality and whether it effectively achieves its objectives.
The Control Environment
The control environment refers to the governance and management of control and the attitudes of people in the organisation towards control.
There are several related aspects of a control environment.
Integrity and ethical values influence the effectiveness of how controls are designed and applied in practice.
Ethical leadership must come from the board of directors and senior management.
Senior management must be committed to appointing individuals to perform tasks only if they have the competence to do the work with the required skills or knowledge.
The control system should involve the people at the top of the organisation.
For example, the board of directors should be actively engaged in monitoring the effectiveness of the internal control system, possibly through its audit committee.
Management should have a constructive and supportive attitude towards the importance of financial reporting and the accounting system.
The control environment’s effectiveness is affected by how authority and responsibility for tasks are assigned to individuals and also on the hierarchy for authorisation and reporting.
Types of Internal Control Activities
An internal control activity is a policy or procedure that helps to ensure that operations are carried out in the way intended by management.
Internal financial controls ensure that accounting records are accurately maintained and that the financial statements produced from those records give a true and fair view of the business’s financial performance and financial position.
Control activity
Segregation of duties
This is an internal check.
With the segregation of duties, tasks are divided between two or more individuals so that no one person performs the entire job.
In addition, the work done by one person may automatically act as a check on the accuracy of work done by someone else.
For purchasing a piece of machinery, the different tasks of authorising the purchase of an item of expenditure, recording the spending, and maintaining custody of the machinery, may be segregated between individuals.
Authorisation of transactions
Some transactions may require specific authorisation by someone with the necessary authority to allow the transaction to go ahead.
Typically, transactions involving spending money to purchase new assets require authorisation from a manager with the necessary authority.
Similarly, an authorisation may be required for a decision to allow a customer to pay a discounted price for goods because they are slightly damaged.
Within a large organisation, there will be different authorisation levels – a manager will have a maximum limit on the amount they can authorise for spending, according to their seniority in the management hierarchy.
The purchase of the machinery must receive authorisation from the individual with the required authority.
The sales manager’s authorisation with the appropriate authority is needed to grant customers discounts.
Reconciliations of totals
Accounting systems can use reconciliation systems to check the completeness and accuracy of accounting records.
The general ledger in an accounting system records all transactions twice, in each of two different accounts: one account as a ‘debit’ value or entry and the second account as a ‘credit’ entry of equal value.
The record’s accuracy can be checked at any time by checking that the total debit values in the accounts in the general ledger equal the total credit values.
If these totals are not the same, one or more errors have been made in the accounting records.
Supervision of operations
Control can be achieved by supervising the work of others.
A supervisor can watch over the work that individuals are doing, provide advice and guidance, and correct errors by individuals that the supervisor detects.
A supervisor may check samples of the subordinate’s work.
A supervisor may observe how the subordinate performs a task.
Management review
Control can be achieved through performance reviews by management.
Management may receive regular performance reports, which provide information about actual and expected performance for various key performance indicators (KPIs)
Any significant differences between actual and expected results can be investigated to discover the cause, and any suitable control measures can be taken to deal with faults.
Production managers view a production report to examine the output’s average cost and production time.
An incident and fault report is examined by management to identify issues that have occurred with internal controls and take corrective action.
Physical safeguards
Valuable assets should be suitably protected from theft, loss or damage. So an office may be securely locked at all times to protect its valuable items (such as computers, printers and other technology) as well as any sources of confidential information.
An office should be securely locked at all times to protect its valuable items as well as any sources of confidential information.
The main types of internal control can also be summarised using the acronym ACCA MAPS, as follows:
Physical controls,
Every internal control measure should have a purpose. Effective internal control is a control that achieves its intended purpose.
Activity 2
Determine the appropriate control activity for the control weakness.
Control weakness
Office workers carry out cash sale transactions alone, and there are concerns that errors in recording the cash may go undetected.
Spending by office staff on stationery items seems excessive. Office staff order new supplies of stationery whenever they think they need some.
A foreign exchange trading company is concerned about unauthorised access to the trading room.
Staff often make errors in processing sales invoice transactions because they do not understand the procedures for agreeing to price discounts and credit terms with customers.
Preventive, Detective, and Corrective Controls
Internal controls can be classified according to their intended purpose.
Purpose
Prevent
Prevent an error or failure from happening.
Using a safe or strong box to hold valuable items prevent the items from being stolen or lost.
Detect
Detect an error when it happens or after it has happened.
A performance report compares actual results in a recent period with what was planned or expected. It feeds information about the difference (or variance) to management for investigation and control action.
Correct
Correct a failure or error that has occurred and has been detected.
A sales invoicing system may detect a delinquent receivable and produce automatically send a payment reminder letter to the customer.
Activity 3
Determine if the control activity’s purpose is to prevent or detect:
Purpose (prevent or detect)
Newly-appointed accounts staff are given thorough training in bookkeeping routines before starting their job.
The records in a company’s ‘cash book’ (a part of its bookkeeping system for recording banking transactions) are checked against and reconciled to bank statements received from the company’s bank.
A senior manager’s authorisation is needed for all spending on items costing more than $1,000.
There is a rule that payments to suppliers cannot be made unless a copy of the purchase order and goods received note is attached to the purchase invoice.
A cinema checks the number of tickets sold and their prices against the payments received from customers at the cinema.
Improving Internal Controls
Internal control systems are likely to be flawed. They cannot eliminate the possibility that errors or fraud may happen or may not be detected. Circumstances are constantly changing too, so previously appropriate controls may now be insufficient because things are different from how they used to be.
For example, a company may have long-established procedures for handling and banking customer payments by cheque. But if all customers now pay by card or electronic bank transfer, these controls are no longer useful or relevant.
Suggestions for improvement are:
Improvement
Embedded controls
Internal controls should be mandatory for performing a task or transaction.
If the control is embedded in the procedure, there is no risk that it will be overlooked and ignored.
The authorisation requirement for purchases above a threshold limit must be fulfilled before a purchase order can be created.
Automated controls
For controls where human judgement is not required, automated controls by a computer are likely to be more reliable than controls by humans. As a general rule, computers make fewer mistakes than people.
An accounting system will automatically reject an unbalanced transaction from being entered.
External monitoring of controls
There should also be regular external monitoring of control arrangements and internal controls.
Internal auditors can fulfil this function, although only some organisations have an internal audit function.
External auditors may also report on internal control weaknesses they identify during their annual audit work.
Internal auditors conduct periodic tests of internal controls for sales invoicing, looking at the appropriate authorisation of credit and timely recording of sales.
Resilient internal controls should be embedded in the company’s processes and procedures so that they cannot be avoided or got around. They should be automated to increase reliability (machines make fewer mistakes than humans). They should be externally monitored to ensure that the controls are in place and effective.
A lack of robust internal controls might result in inaccurate or incomplete records that can’t be trusted by management or the board. This would increase the possibility of fraud going undetected.
