Chapter 5 Discussion Write-Up ACC3900-006 Accounting Information Systems Tapley-Morgan Describe business rules to effect controls over sales and collections Business rules need to show who controls what and allow for separation of duties and restricted access to information. For example, social security numbers should never be accessible to anyone who does not need them for their jobs, including any IT personnel repairing the system. The person receiving the cash should not be the one recording the receipt of the cash. Items should be shipped after the customer selects the order, not before. Inventory must be regularly updated. Business rules dictate internal control. Application controls, for example, support data integrity and create an audit trail. Invoices are assigned numbers specific to their place in the organization to ensure their validity, wholeness, and accuracy. Access controls prescribe who can modify or see records in a system. COSO names approvals, authorizations, reconciliations, reviews of operating performance, security of assets, and segregation of duties as examples of internal controls. Business rules are about what to do in various specified circumstances. Internal controls can be detective, preventative, or corrective. Detective controls detect fraudulent activity and other breaches of business rules. Preventative controls attempt to prevent or mitigate things. Corrective controls correct the situation after the fact. Data backups are corrective internal controls. Preventative internal controls can include informal business rules such as fostering job satisfaction to discourage embezzlement by paying employees well and letting them know that they are appreciated. They can also be extremely formal such as separation of duties (Chang, Richardson, and Smith, 2018). Programming and system design and machine-operating must be separate duties. The audit program specifies the audit procedures. The collections process is audited according to business rules (Willingham and Carmichael, 1971.) To illustrate some uses of business rules in the internal control process, below is an extract from pages 455-461 of “A Business Rules Viewpoint on Risk and Compliance Management,” a conference paper by Martijn Zoet, Johan Versendaal, and Pascal Ravesteyn: “Organization 2 is a multi-site corporation that produces and sells goods to three distinct customer types: government institutions, wholesalers, and specialists. To provide flexibility to its customers organization 2 allows orders to be placed by a range of media namely electronic data interchange, contracts, letters, email, and phone. Electronic data interchange orders are automatically forwarded to the appropriate production department while all other are put into the sales system by a sales employee. Beginning January 2008, the manager of the sales department and the board, notices a steep increase in complaints by its customers. They state that the goods they get delivered are not the goods they ordered. This situation is depicted in table 3. ‘Results of incorrect entered sales orders are dissatisfied customers and financial losses. Therefore, a solution was needed effected immediately. Analyzing this situation leads to the following instantiation of our meta-model. The concern ‘incorrect sales orders’ is a responsibility of the sales manager who is the process owner of the sales process. Based on his concern the following goal was stated, ‘decrease errors in sales orders.’ The business rule defined to realize this goal was ‘every sales order must be checked for completeness and correctness before being sent to production.’ To realize the business rule the following requirement has been defined ‘introduce additional check in current process.’ The actual implementation mechanism was the so-called ‘four eyes’ principle meaning that an additional sales employee checked every order before send to the appropriate production department. The implementation mechanism partly solved the problem but also caused a huge overhead as every order was checked by two sales employees. Therefore, the sales manager requested a change regarding the implementation mechanism. It must be changed from a human actor to a build-in check in the sales system. When using the meta-model to describe this situation it means that only the instantiation of the implementation mechanisms concept changes, this is depicted in table 4 under timestamp 2. While the number of complaints decreased customers were still complaining. After analysis, the sales manager concluded that still a small part of the sales orders was incomplete or incorrect but also that customers received newer version of products they ordered. For example, a customer ordered technical component version 1.0 while getting technical component version 1.1. After consulting different managers of production departments, the following conclusion was stated: Customers ordering version 1.0 of a product which has already been discontinued receive version 1.1 (according to company policy) although they do not want to. Plotting this situation onto our meta-model means a refinement of the original requirements: check completeness and correctness of order and check product assembly possibilities. The second requirement entails that before the order is sent to production a check must occur whether the order can (still) be produced. The mechanism chosen to implement the requirement is the sales system.” Other examples of internal controls stemming from business rules are validity checks and closedloop verifications to ensure that the account being updated is the correct one. Field checks can be implemented to make sure that numbers are entered into accounts instead of letters where the numbers go. When customer payments are processed in batches, the sum of the customer payments should equal accounts receivable. The billing system can be checked by making sure that the sum of the customer payments is equal to the change in the total customer account balances. The number of updates can be compared to the number of checks received if the business works in checks, and those reconciliations must be done by someone other than the person involved in processing the transactions to prevent fraud and to make it easier to catch mistakes. Remittance lists can be used in the cash collections process to match the source of remittances to the applicable invoices, allowing the cashier to not be the recorder of the transaction. One way to accomplish that is to mail two copies of the invoice to the customer, asking that the customer send one back with the payment. When that remittance is received, the remittance is then sent to accounts receivable, separate from the cash, which is sent to the cashier, establishing to mutually independent control checks. Monthly statements to customers may also contribute to internal control if the customer notices that their accounts were not credited, serving as a detective measure against lapping. Cash-flow budgeting is yet another of the many internal control procedures influenced by business rules. Customers can be incentivized to inform the business if they do not get a receipt or get a discount that appears to be unaccounted for (Romney and Steinbart, 2012). Sales and collections activities are the activities surrounding selling products and services, maintaining customer records, billing customers, recording payments from customers, and managing accounts receivable (e.g. aging). Sales and collections activities affect cost of goods sold and inventory for companies that sell merchandise. Receiving an order, providing a quote, preparing products, delivering orders, sending an invoice, and receiving payment are examples of sales and collections activities. A quote is a description of the product. Sales are usually an exchange of a product or service for cash or credit. There is also a sales tax that the seller is responsible for collecting in the United States. Cash has a debit normal balance. Accounts receivable and notes receivable also have debit normal balances. Sales revenue has a debit normal balance. Revenue is recognized when it is earned, even if that is not when cash is collected. In the meantime, the notes receivables earn interest if applicable. Accounts receivables are collected in under one year and thus do not earn interest under customary trade terms. If a customer pays in cash, cash is debited. When a customer pays on credit, then the account or note receivable account is credited and cash is debited. Revenue is recognized at the point of sale or the point where control is surrendered to the customer. If the customer takes ownership at shipping point, then the inventory is no longer considered inventory at shipping point. But, if the customer does not take ownership until the item is delivered, then the item stays on the books as inventory until ownership is surrendered before being moved to cost of goods sold on the books. Handling the corresponding accounts would also fall under the category of sales and collections activities (Chang, Smith, and Richardson, 2018). Since a picture is worth a thousand words, below are some pictures I took of pages from Accounting Information Systems (Twelfth Edition) by Marshal B. Romney and Paul John Steinbart, which was printed in 2012: Works Cited: Richardson R., Chang C., & Smith R. 2018. Accounting Information Systems, Second Edition. New York, NY: McGraw-Hill Education Carmichaels, D., R. and Willingham, J., J. 1971. Auditing Concepts and Methods. New York, New York. McGraw-Hill Education. Ravesten, P., Versendaal, J., and Zoeit, M. 2011. “A Business Rules Viewpoint on Risk and Compliance Management.” The 24th Bled eConference. June 12, 2011. Bled, Slovenia. Romney, M. B. and Steibart, P. J. 2012. Accounting Information Systems. New York, New York. McGraw-Hill Education. Agreed. UML diagrams can be useful. Those show multiplicities and can incorporate type images to show guidelines, constraints, and descriptive information pertaining to the resources, events, and/or agents. Another type of modeling is BPMN. Interaction between participants in BPMN is known as choreography. Sequences of activities within pools are referred to as orchestrations. Message flows represent the actions. Pools include the start and the finish. Message flows delineate the choreography. Lanes show responsibility. Subprocesses demonstrate exceptions to the normal process flow. Intermediate error events can be attached to show that the process ends when it would normally continue were the error condition not met. Intermediate boundary timer events can show delays. Works Cited: Richardson R., Chang C., & Smith R. 2018. Accounting Information Systems, Second Edition. New York, NY: McGraw-Hill Education