Sales order processing and internal controls.

Muzorewa, Susan ; Rao, Arundhati

CASE DESCRIPTION

In this case the students will be presented with a change in marketing strategy that will result in high growth in sales. The students are required to analyze the financial information and assist in the designing and developing an effective system to support the company's internal control objectives. The student is required to make an assessment of the inherent risks and exposures associated with the operations of the organization and design adequate internal controls. The case intentionally avoids any lengthy discussion of the marketing strategies. This case is written primarily for accounting majors in an undergraduate business program. It is suited for students who have already been exposed to the introductory accounting, finance and management courses. It can be taught in an introductory Accounting Information Systems course or an upper level accounting class after at least a brief discussion of accounting information systems. The case could also be taught at the graduate level to business students who need to understand and support the accountants in designing and enforcing internal control issues. The case can be assigned as an individual project or as a group project. The case can be tailored to meet the time constrains of any class schedule.

CASE SYNOPSIS

BodyBrace Inc, located in Richmond, Virginia manufactures and sells customized compressive sportswear that reduces injury, enhances physical performance and athletic longevity in the human body. Unfortunately the company has not realized the growth it had anticipated 10 years ago at inception. Based on the recommendations of a marketing consultant, Mr. Davis the founder and CEO of the company has decided to expand from customized to mass production of the sportswear. A proposed change in the marketing strategy is expected to result in rapid growth in sales. However, this will require a large infusion of cash from a creditor. The company is looking for funding from a bank to finance the expansion. Every bank approached thus far wants assurance that a well designed accounting system will be in place soon. BodyBrace now needs to establish an effective Accounting System to enable it to keep track of its activities as well as establish a sound internal control system to ensure the integrity and reliability of its financial statements and other data. The case encourages students to apply the internal control guidelines laid down in Statement of Auditing Standards (SAS) No. 78 and use data flow diagrams (DFDs) to explain the sales order process.

INSTRUCTOR'S NOTES

Research Methods

This is a field-based research case. The case utilizes information from a private firm's internal documents. At the request of the business the names of both firm and individuals involved have been altered to protect their privacy. Some of BodyBrace's financial information was also altered at the firm's request.

Learning Objectives

The learning objectives of this case are to place the subject of accounting information system and internal controls in perspective for accounting students, accountants and entrepreneurs and to highlight the important role the accounting function plays as the suppliers of financial information for the rest of the organization. The students will have an opportunity to synthesize and integrate the record keeping knowledge acquired in accounting principles into a business perspective. The case requires students to recognize the various types of transactions that will be processed and the basic accounting records used in an organization. This case focuses on the types of information needed to trigger events and not necessarily on the type of technology used. To that end the objectives of this case are:

1. To help students understand the importance and structure of internal controls as defined by the Statement of Auditing Standards (SAS) No 78, Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55.

2. To help students gain a broader understanding of the importance of the accounting function.

3. To highlight the accountant's role as designer, user and auditor of an Accounting Information System and its importance in achieving sound internal controls for the organization.

IMPLEMENTATION GUIDELINES

The Three Stage Learning Process by Mauffette-Leenders, Erskine & Leenders, (2005) is recommended. The recommendation is that the students first prepare for the case individually, next discuss it in small groups and finally discuss the case as a class. This process would assure effective learning. When assigning the case for individual preparation, the students should be instructed to:

1. become familiar with the Statement of Auditing Standards (SAS) No.78

2. identify the modules of an accounting information systems

3. prepare data flow diagrams and

4. understand various control activities, as this information will help them justify the policies and procedures they design.

While this case is not on ethics and fraud, it would behoove the instructor to spend at least 10 to 15 minutes discussing the broad issues relating to business ethics. This should engage the students in a manner that will allow them to actively participate and appreciate the importance of their role in designing the system. Divide the class into smaller groups to allow students to discuss their own experiences with internal control issues as well as get a better understanding of the case and issues in internal control. Groups can be assigned to discuss and design the whole system or can be assigned to design different modules. The final stage is the class discussion where each group presents and justifies its own system design. Each group should be given at least 15 minutes to make their presentation. While this case discusses the sales order cycle in detail the students can also design the other business cycles.

Internal Controls

A fundamental aspect of management's stewardship responsibility is to provide the owners with reasonable assurance that the business has adequate controls in place and provide reliable financial information on a timely basis. An adequate system of internal controls is necessary to management's discharge of these obligations. With increasing number of large corporate failures there is now a greater demand for more oversight; auditors are now required to audit the internal controls established by management. This is applies to smaller companies as well. Thus if an organization's financial statements are audited by an independent certified public accountant, the accountant has to make an assessment on the adequacy of internal controls. Almost all organizations that need some form of financing from a financial institution are required to present financial statements reviewed or audited by an independent auditor. Thus a firm may not be able to secure financing for growth and expansion if it cannot present financial statements that have been audited by an independent auditor. This underscores the need for a well designed accounting information system.

The objective of establishing and maintaining an adequate system of appropriate internal controls is to ensure the integrity and reliability of financial statements. The Sarbanes Oxley (SOX) Act of 2002 was passed by Congress in response to the public's outcry for integrity and transparency in financial reporting following the discovery of massive accounting irregularities by major corporations. Section 404 of the Act requires CEOs and CFOs of public companies to certify the adequacy of their internal control systems. Auditors of privately held companies are also making the same demands with regards to the demonstration of the adequacy of internal controls and greater disclosure. A major link between economic theory and contemporary accounting thought is the argument that a firm's commitment to greater disclosure lowers its cost of capital. By establishing adequate internal controls, BodyBrace will have greater disclosure and transparency which should enable it to obtain the necessary line of credit from a local bank at a favorable interest rate.

The Role of the Accountant

Since much of the internal control system relates directly to transaction processing, accountants are key participants in ensuring control adequacy. The need to produce reliable accounting information places the accounting function in a unique position within an organization; it does not affect the revenue generation process directly but provides all the information usually in the form of reports to support revenue generation as well as all the other functions of the organization.

Accountants are involved in information systems in three ways as system designers, system users, and system auditors. They should actively participate in the designing of accounting information systems by providing the conceptual framework. As conceptual system designers accountants must determine the information needs and sources and specify the accounting rules and procedures to be used and the internal control activities required. As end users accountants must comply with as well as enforce the company accounting policies and procedures. They must also produce the reports required by the organization. In providing attestation services, the accountant must evaluate the components of the accounting information systems to establish the degree of compliance with organizational policies and procedures and internal control standards.

The purpose of establishing and maintaining a system of appropriate internal controls is to ensure the integrity and reliability of organization data. Because much of the internal control system relates to the transaction processing, a well designed accounting information systems is central to ensuring these controls. Fundamental objectives of accounting information systems are to support the stewardship function of management, support management decision-making, and support the firm's day-to-day operations. To that end the objective of the case is for the student to develop an accounting information systems system that establishes and maintains an adequate internal control system for BodyBrace Inc.

DISCUSSION QUESTIONS

1. What financial statements, summary, exception and interim reports are produced by an accounting system?

2. What are the four broad objectives of an internal control system?

3. What are the five components of internal control as defined in SAS No. 78 and briefly discuss some elements of the components as they relate to BodyBrace' operations?

4. Identify the six control activities classifying each control procedure within the SAS No. 78 Framework. Identify the areas where these controls would be required for BodyBrace's operations.

5. Identify the transactions that will be performed in the sales order processing at BodyBrace Inc. Specify the departments involved, the documents that will provide the audit trail, support the internal control objective as well as enable financial reporting. Identify the risks associated with the transactions and recommend the controls that reduce the risk.

6. Draw a context, physical and logical DFD to graphically explain the sales order process

ANSWERS TO DISCUSSION QUESTIONS

1. What financial statements, interim, summary, and exception reports are produced by an accounting system?

The basic financial statements produced annually by accounting system are the Income Statement, Statement of Changes in Owner's Equity, Balance Sheet and Statement of Cash Flows. For publicly traded companies these statements have to be audited once a year. The same statements are produced more frequently for internal use only, usually on a monthly or quarterly basis; they are referred to as interim statements. In addition various budgets should be prepared and used for variance analysis and control. A variety of summary reports could be produced for specific needs, e.g., inventory reports, cash report, employee report: commission reports, sales history by employee report, etc. An exception report is produced when an item requires special attention, e.g., customer orders exceed pre-approved credit limit.

2. What are the four broad objectives of an internal control system?

The internal control system comprises of policies, practices, and procedures employed by an organization to achieve four broad objectives:

Physical Controls:

1. To safeguard assets of the firm.

2. To ensure the accuracy and reliability of accounting records and information.

Operational Controls:

3. To promote efficiency in the firm's operations.

4. To measure compliance with management's prescribed policies and procedures.

3. What are the five components of internal control as defined in SAS No. 78 and briefly discuss some elements of the components as they relate to BodyBrace' operations?

The five components of internal control as defined in SAS 78 are the control environment, risk assessment, information and communication, monitoring and control activities.

a. The Control Environment: The control environment sets the tone for all the other control components. Some of the elements of the control environment are the structure of the organization, the integrity and ethical values of management and the organization's policies and procedures for managing human resources. Mr. Davis's attitude towards the internal controls will set the tone for the control environment at BodyBrace Inc. A code of ethical standards should be established which will guide management and staff in their operations. The code should address, among other things, issues such as bribery, falsification of financial or performance data and confidentiality of customer and company information. It would be advisable if BodyBrace bonded all its employees. Of particular importance in designing the accounting information systems for BodyBrace is management's policy for compensation which are based on base salary plus commission on sales. All sales must be real transactions.

b. Risk Assessment: An organization must identify and manage the risks inherent to its operations especially as they relate to financial reporting. Hall (2010) identifies the following risks as relevant to financial reporting: changes in operating environment, new or reengineered operating systems or technologies that impact transaction processing, new personnel that hold different or inadequate understanding of internal control, significant and rapid company growth, introduction of new product lines with which the organization has little experience, entry into foreign markets and adoption of new accounting principles. Most of these risks are relevant to BodyBrace Inc. For BodyBrace all processes and systems are new as the organization has little experience in handling the operations. The projected rapid expansion brings its own challenges, as sales have to be processed in a timely manner; all employees will be newly hired and there is no established procedure in place right now. The company needs to establish clear policies and procedures to guide personnel. Properly structured training programs will also be key to the personnel's ability to quickly learn the system so as to achieve the desired operational results. Procedure manuals must be developed to provide workers with continuing guidance on how to carry out the day-to-day operations. Management needs an orientation on how the system works and how to use and interpret the reports. Supervisors need to understand the system, its functions, and its impact on the jobs of the people they supervise. They should also be familiar with the methods of data input, file maintenance, and troubleshooting. All the employees will need thorough training in validating the data input, maintaining files and generating output documents.

c. Information and Communication. The quality of information generated by an organization's information system impacts management's ability to make the appropriate decisions and take action for the organization in a timely manner. BodyBrace's accounting information system should consist of methods that accurately identify, analyze, classify, and record the transactions in a manner that allows the organization to prepare reliable financial statements. All types of information on sales are crucial to BodyBrace especially to the marketing department which needs this information to assess the success of its marketing strategies. BodyBrace must be able to compare projected sales with actual sales in a real time so as to adjust the marketing strategies as needed. The other information that should be captured for improved operations is the customer demographics, customer satisfaction with order processing, sales returns, inventory levels, as well as the order turnaround time.

d. Monitoring: Internal control systems must be monitored and tested for adequacy and compliance with intended policies. Rigorous evaluation of the effectiveness of the company's internal control system must be performed on a continuous basis by reviewing the activities to determine whether prescribed internal controls are being followed. Any weakness detected in the system must be reported for improvement.

e. Control activities can be grouped into two distinct categories, computer controls and physical controls.

i. Computer Controls. Computer relates specifically to the Information Technology and falls into two broad groups: general controls and application controls. General controls pertain to entity-wide concerns such as controls at data center, organization databases, systems development, and program maintenance. Application controls ensure the integrity of specific systems such order processing, accounts payable, and payroll applications.

ii. Physical Controls. This class of controls relates primarily to the human activities employed in accounting systems. These activities may be purely manual, such as physical custody of assets, or they may involve the use of computers to record transactions or updating accounts. Physical controls also relate to the human activities that initiate all systems, regardless of sophistication.

4. Identify the six control activities classifying each control procedure within the SAS No. 78 Framework. Identify the areas where these controls would be required in BodyBrace's operations.

The six categories of control activities are transaction authorization, segregation of duties, supervision, accounting records, access control, and independent verification.

a. Transaction Authorization. All transactions processed by the information system are to be authorized in accordance with management's objectives. Authorizations may be general or specific. General authority is granted to operations personnel to perform day-to-day operations. Specific authorizations deal with case-by-case decisions associated with non-routine transactions like the purchase of furniture or other item over a certain amount of money.

b. Segregation of Duties. Segregation of duties is indispensable in any system of internal controls. The principle for segregation is that the work of one employee should provide a reliable basis for evaluating the work of another employee.

Three objectives of segregation of duties are as follows:

i. The segregation of duties should be such that the authorization for a transaction is separate from the processing of the transaction. For example sales representatives should not be the ones to act as credit approval managers, and the purchase department should not initiate purchases until authorized by the inventory control department. This should not be a problem for BodyBrace as all transactions are paid for by the customers with credit cards; BodyBrace employees do not have to worry about approving a customer's credit. However, an employee who does not take handle customer orders should reconcile the daily credit card transactions with the bank records to identify any discrepancies as soon as they may occur.

ii. Responsibility for the custody of assets should be separate from the record keeping responsibility. Assets can be stolen or lost and the accounting records falsified to hide fraud when a single individual or department has responsibility for both asset custody and record keeping. For example the department that has the physical custody of the inventory (warehouse) should not keep the official inventory records. Customer data is another asset that needs to be safeguarded; both hard copies as well as computer records.

iii. The organization should be structured so that a successful fraudulent activity requires collusion between two or more individuals with incompatible ties. No single individual should have sufficient access to records to perpetrate fraud. When employees with incompatible tasks work together in close physical spaces, familiarity may allow them to engage in collusion. BodyBrace needs to pay special attention to this aspect, as all operations will be carried out from the same warehouse. Where physical segregation is not possible organizational segregation should be implemented.

c. Supervision. Implementing adequate segregation of duties requires that a firm employ a sufficiently large number of employees. Achieving adequate segregation of duties often presents difficulties for small organizations. Initially BodyBrace may lack sufficient personnel to segregate all functions; therefore close supervision will be required.

d. Accounting Records. The accounting records of an organization consist of the source documents, journals, and ledgers that provide evidence that the transactions and events have occurred. These records provide an audit trail of the economic events of the organization. Organizations must maintain audit trails for two reasons. First the audit trail enables the auditor to trace any transaction through all the phases of its processing from the initiation of the event to the financial statements. Second, this information is needed for conducting day-today operations by helping employees respond to inquiries and showing the current status of transactions in process. Thus for practical expedience and legal obligation business organizations must maintain sufficient accounting records to preserve their audit trails. BodyBrace needs to employ appropriate filing systems from the beginning to efficiently maintain all its accounting records. The company can invest in a system that can scan all its documents. All documents should be prenumbered and accounted for to prevent transactions from being recorded twice or not being recorded at all. Source documents should be forwarded to the accounting department to help ensure timely recording of the transaction and event.

e. Access Control. Access controls play an important part in safeguarding assets and its purpose is to ensure that only authorized personnel have access to the firm's assets. Unauthorized access exposes assets to misappropriation, damage, and theft. Access to assets can be direct or indirect. Physical security devices, such as locks, safes, fences, and electronic and infrared alarm systems control against direct access. Indirect access to assets is achieved by gaining access to the records and documents that control the use, ownership and disposition of the asset.

f. Independent Verification. The principle of independent verification involves the review, comparison, and reconciliation of data prepared by employees to compare recorded accountability with existing assets. The objective of the independent checks is to identify errors and misrepresentations. Examples of independent verifications include:

i. Performing physical count of assets and comparing it with accounting records.

ii. Reconciling subsidiary accounts with control accounts.

iii. Reviewing management reports (both computer and manually generated) that summarize business activity.

iv. Reconciling by an independent person of the deposits to bank account per books with the bank statement, done on a daily basis.

For maximum benefit, independent verification should be done periodically and occasionally on a surprise basis. The verification must be done by someone who is independent of the personnel responsible for the information. Discrepancies and exceptions should be reported to management who should take corrective action immediately.

5. Identify the transactions that will be performed in the sales order processing at BodyBrace Inc. Specify the departments involved, the documents that will provide the audit trail, support the internal control objective as well as enable financial reporting. Identify the risks associated with the transactions and recommend the controls that reduce the risk.

To accomplish BodyBrace's objective with regards to a sound system of internal controls the organization needs an accounting information systems that accurately captures and records the transactions of the firm and its financial position. The system should be integrated to allow real time entry of transactions and updating of all related accounts. Integration allows sub systems to receive data as input from one system and provide information as output to another sub system. These modules support management by providing regular summary reports, exception, and ad hoc reports necessary for decision making. As with any system of internal controls however, the limitations or premises are that the costs of establishing control procedures should not exceed the expected benefit.

a. A sales order processing module--routinely records the sales orders and provides data to other systems that will fill the orders, maintain inventory and bill the customers. Input is the customers' information including name, address, account number, as well as the type and quantity of the merchandise requested. Output is the copy of the sales order to warehouse authorizing the release of inventory and copies to billing and shipping departments for independent verification. Update to sales journal. The system should allow sales clerk to

i. immediately verify customer credit limit and inventory levels.

ii. accurately calculate prices, totals, discounts, and taxes on the order.

iii. track sales made by each sales representative and provides input to the payroll subsystem so that the sales representative's commissions can be calculated.

Authorization: A picking slip is delivered to the warehouse to authorize release of the inventory.

Segregation of Duties: Authorizes release of items but does not have physical custody of the inventory.

Accounting Records: When credit is approved, the sales information is sent to the warehouse, and the shipping departments.

b. Process payment. The process discussed here is an automated processing system. Input is the credit card information received from the customers. The sales clerk collects the necessary information and processes the payment immediately which will result in the bank making a deposit into BodyBrace's account immediately. Output is a confirmation code generated by the credit card processing company that is sent to the customer on the invoice stating payment has been received. Segregation of duties--Clerk who collects the credit card information does not maintain the cash account and does not receive or reconcile the bank statement. Supervision: Although credit card information is never printed on the invoice it is stored on the company's database for future transactions. This data should be encrypted and for additional safety the sales clerk who collect and process the credit card information must be bonded.

Accounting records: Credit card processing codes for each transaction provide audit trail.

Independent Verification: Bank reconciliation should be performed daily by person who does not process the sales.

6. Draw a context, physical and logical DFD depicting the sales order process.

Data flow diagrams (DFDs) are used by system developers as a tool for analyzing an existing system or a planning aid for creating a new system. In the case of Body Brace Inc., DFDs will help Mr. Davis and his employees visualize the sale order process and decide on the staffing needs of the various processes. A context DFD provides an overview of the system. A physical DFD focuses on the physical entities involved in the system as well as tangible documents that flow through the system. A logical DFD focuses on the task of the physical entities identified in the physical DFD. A well designed system with the aid of DFDs efficiently allocates the resources of a business.

[ILLUSTRATION OMITTED]

[ILLUSTRATION OMITTED]

[ILLUSTRATION OMITTED]

REFERENCES

Hall, J. A. (2010). Accounting Information Systems (7th Edition). South-Western Cengage Learning. Mauffette-Leenders, L.A., Erskine, J. A. & Leenders M. R., (2005). Learning With Cases (3rd Edition). Ivey Publishing, Ontario, Canada.

Statement on Auditing Standards No. 78: Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55.

Susan Muzorewa, Delaware State University

Arundhati Rao, Towson University