Page 164 - Accounting Information Systems
P. 164
CHAPTE R 3 Ethics, Fraud, and Internal Control 135
PHYSICAL CONTROLS. This class of controls relates primarily to the human activities employed in
accounting systems. These activities may be purely manual, such as the physical custody of assets, or they
may involve the physical use of computers to record transactions or update accounts. Physical controls do
not relate to the computer logic that actually performs accounting tasks. Rather, they relate to the human
activities that trigger and utilize the results of those tasks. In other words, physical controls focus on peo-
ple, but are not restricted to an environment in which clerks update paper accounts with pen and ink. Virtu-
ally all systems, regardless of their sophistication, employ human activities that need to be controlled.
Our discussion will address the issues pertaining to six categories of physical control activities: trans-
action authorization, segregation of duties, supervision, accounting records, access control, and indepen-
dent verification.
TRANSACTION AUTHORIZATION. The purpose of transaction authorization is to ensure that all
material transactions processed by the information system are valid and in accordance with management’s
objectives. Authorizations may be general or specific. General authority is granted to operations person-
nel to perform day-to-day operations. An example of general authorization is the procedure to authorize
the purchase of inventories from a designated vendor only when inventory levels fall to their predeter-
mined reorder points. This is called a programmed procedure (not necessarily in the computer sense of
the word) in which the decision rules are specified in advance, and no additional approvals are required.
On the other hand, specific authorizations deal with case-by-case decisions associated with nonroutine
transactions. An example of this is the decision to extend a particular customer’s credit limit beyond the
normal amount. Specific authority is usually a management responsibility.
SEGREGATION OF DUTIES. One of the most important control activities is the segregation of em-
ployee duties to minimize incompatible functions. Segregation of duties can take many forms, depending
on the specific duties to be controlled. However, the following three objectives provide general guidelines
applicable to most organizations. These objectives are illustrated in Figure 3-4.
Objective 1. The segregation of duties should be such that the authorization for a transaction is sepa-
rate from the processing of the transaction. For example, the purchasing department should not initiate
purchases until the inventory control department gives authorization. This separation of tasks is a con-
trol to prevent individuals from purchasing unnecessary inventory.
FI G U R E
3-4 SEGREGATION OF DUTIES OBJECTIVES
TRANSACTION
Control Objective 1 Authorization Processing
Control Objective 2 Authorization Custody Recording
Subsidiary General
Control Objective 3 Journals
Ledgers Ledger
