Chapter 5 Discussion Write-Up
ACC3900-006 Accounting Information Systems
Tapley-Morgan
Describe business rules to effect controls over sales and collections
Business rules need to show who controls what and allow for separation of duties and restricted
access to information. For example, social security numbers should never be accessible to anyone who
does not need them for their jobs, including any IT personnel repairing the system. The person receiving
the cash should not be the one recording the receipt of the cash. Items should be shipped after the
customer selects the order, not before. Inventory must be regularly updated. Business rules dictate
internal control. Application controls, for example, support data integrity and create an audit trail.
Invoices are assigned numbers specific to their place in the organization to ensure their validity,
wholeness, and accuracy. Access controls prescribe who can modify or see records in a system. COSO
names approvals, authorizations, reconciliations, reviews of operating performance, security of assets,
and segregation of duties as examples of internal controls. Business rules are about what to do in
various specified circumstances. Internal controls can be detective, preventative, or corrective.
Detective controls detect fraudulent activity and other breaches of business rules. Preventative controls
attempt to prevent or mitigate things. Corrective controls correct the situation after the fact. Data
backups are corrective internal controls. Preventative internal controls can include informal business
rules such as fostering job satisfaction to discourage embezzlement by paying employees well and
letting them know that they are appreciated. They can also be extremely formal such as separation of
duties (Chang, Richardson, and Smith, 2018).
Programming and system design and machine-operating must be separate duties. The audit
program specifies the audit procedures. The collections process is audited according to business rules
(Willingham and Carmichael, 1971.) To illustrate some uses of business rules in the internal control
process, below is an extract from pages 455-461 of “A Business Rules Viewpoint on Risk and Compliance
Management,” a conference paper by Martijn Zoet, Johan Versendaal, and Pascal Ravesteyn:
“Organization 2 is a multi-site corporation that produces and sells goods to three distinct customer
types: government institutions, wholesalers, and specialists. To provide flexibility to its customers
organization 2 allows orders to be placed by a range of media namely electronic data interchange,
contracts, letters, email, and phone. Electronic data interchange orders are automatically forwarded to
the appropriate production department while all other are put into the sales system by a sales
employee. Beginning January 2008, the manager of the sales department and the board, notices a steep
increase in complaints by its customers. They state that the goods they get delivered are not the goods
they ordered. This situation is depicted in table 3.
‘Results of incorrect entered sales orders are dissatisfied customers and financial losses.
Therefore, a solution was needed effected immediately. Analyzing this situation leads to the following
instantiation of our meta-model. The concern ‘incorrect sales orders’ is a responsibility of the sales
manager who is the process owner of the sales process. Based on his concern the following goal was
stated, ‘decrease errors in sales orders.’ The business rule defined to realize this goal was ‘every sales
order must be checked for completeness and correctness before being sent to production.’ To realize
the business rule the following requirement has been defined ‘introduce additional check in current
process.’ The actual implementation mechanism was the so-called ‘four eyes’ principle meaning that an
additional sales employee checked every order before send to the appropriate production department.
The implementation mechanism partly solved the problem but also caused a huge overhead as every
order was checked by two sales employees. Therefore, the sales manager requested a change regarding
the implementation mechanism. It must be changed from a human actor to a build-in check in the sales
system. When using the meta-model to describe this situation it means that only the instantiation of the
implementation mechanisms concept changes, this is depicted in table 4 under timestamp 2. While the
number of complaints decreased customers were still complaining. After analysis, the sales manager
concluded that still a small part of the sales orders was incomplete or incorrect but also that customers
received newer version of products they ordered. For example, a customer ordered technical
component version 1.0 while getting technical component version 1.1. After consulting different
managers of production departments, the following conclusion was stated: Customers ordering version
1.0 of a product which has already been discontinued receive version 1.1 (according to company policy)
although they do not want to. Plotting this situation onto our meta-model means a refinement of the
original requirements: check completeness and correctness of order and check product assembly
possibilities. The second requirement entails that before the order is sent to production a check must
occur whether the order can (still) be produced. The mechanism chosen to implement the requirement
is the sales system.”
Other examples of internal controls stemming from business rules are validity checks and closedloop verifications to ensure that the account being updated is the correct one. Field checks can be
implemented to make sure that numbers are entered into accounts instead of letters where the
numbers go. When customer payments are processed in batches, the sum of the customer payments
should equal accounts receivable. The billing system can be checked by making sure that the sum of the
customer payments is equal to the change in the total customer account balances. The number of
updates can be compared to the number of checks received if the business works in checks, and those
reconciliations must be done by someone other than the person involved in processing the transactions
to prevent fraud and to make it easier to catch mistakes. Remittance lists can be used in the cash
collections process to match the source of remittances to the applicable invoices, allowing the cashier to
not be the recorder of the transaction. One way to accomplish that is to mail two copies of the invoice
to the customer, asking that the customer send one back with the payment. When that remittance is
received, the remittance is then sent to accounts receivable, separate from the cash, which is sent to the
cashier, establishing to mutually independent control checks. Monthly statements to customers may
also contribute to internal control if the customer notices that their accounts were not credited, serving
as a detective measure against lapping. Cash-flow budgeting is yet another of the many internal control
procedures influenced by business rules. Customers can be incentivized to inform the business if they do
not get a receipt or get a discount that appears to be unaccounted for (Romney and Steinbart, 2012).
Sales and collections activities are the activities surrounding selling products and
services, maintaining customer records, billing customers, recording payments from
customers, and managing accounts receivable (e.g. aging). Sales and collections activities
affect cost of goods sold and inventory for companies that sell merchandise. Receiving an
order, providing a quote, preparing products, delivering orders, sending an invoice, and
receiving payment are examples of sales and collections activities. A quote is a
description of the product. Sales are usually an exchange of a product or service for cash
or credit. There is also a sales tax that the seller is responsible for collecting in the United
States.
Cash has a debit normal balance. Accounts receivable and notes receivable also have
debit normal balances. Sales revenue has a debit normal balance. Revenue is recognized
when it is earned, even if that is not when cash is collected. In the meantime, the notes
receivables earn interest if applicable. Accounts receivables are collected in under one
year and thus do not earn interest under customary trade terms. If a customer pays in
cash, cash is debited. When a customer pays on credit, then the account or note receivable
account is credited and cash is debited. Revenue is recognized at the point of sale or the
point where control is surrendered to the customer.
If the customer takes ownership at shipping point, then the inventory is no longer
considered inventory at shipping point. But, if the customer does not take ownership until
the item is delivered, then the item stays on the books as inventory until ownership is
surrendered before being moved to cost of goods sold on the books. Handling the
corresponding accounts would also fall under the category of sales and collections
activities (Chang, Smith, and Richardson, 2018).
Since a picture is worth a thousand words, below are some pictures I took of pages
from Accounting Information Systems (Twelfth Edition) by Marshal B. Romney and Paul John
Steinbart, which was printed in 2012:
Works Cited:
Richardson R., Chang C., & Smith R. 2018. Accounting Information Systems, Second Edition.
New York, NY: McGraw-Hill Education
Carmichaels, D., R. and Willingham, J., J. 1971. Auditing Concepts and Methods. New York,
New York. McGraw-Hill Education.
Ravesten, P., Versendaal, J., and Zoeit, M. 2011. “A Business Rules Viewpoint on Risk and
Compliance Management.” The 24th Bled eConference. June 12, 2011. Bled, Slovenia.
Romney, M. B. and Steibart, P. J. 2012. Accounting Information Systems. New York, New York.
McGraw-Hill Education.
Agreed. UML diagrams can be useful. Those show multiplicities and can incorporate type
images to show guidelines, constraints, and descriptive information pertaining to the resources,
events, and/or agents.
Another type of modeling is BPMN. Interaction between participants in BPMN is known as
choreography. Sequences of activities within pools are referred to as orchestrations. Message
flows represent the actions. Pools include the start and the finish. Message flows delineate the
choreography. Lanes show responsibility. Subprocesses demonstrate exceptions to the normal
process flow. Intermediate error events can be attached to show that the process ends when it
would normally continue were the error condition not met. Intermediate boundary timer events
can show delays.
Works Cited:
Richardson R., Chang C., & Smith R. 2018. Accounting Information Systems, Second Edition.
New York, NY: McGraw-Hill Education