136     PART I        Overview of Accounting Information Systems

                             Objective 2. Responsibility for the custody of assets should be separate from the record-keeping
                             responsibility. For example, the department that has physical custody of finished goods inventory (the
                             warehouse) should not keep the official inventory records. Accounting for finished goods inventory is
                             performed by inventory control, an accounting function. When a single individual or department has
                             responsibility for both asset custody and record keeping, the potential for fraud exists. Assets can be
                             stolen or lost and the accounting records falsified to hide the event.

                             Objective 3. The organization should be structured so that a successful fraud requires collusion
                             between two or more individuals with incompatible responsibilities. For example, no individual should
                             have sufficient access to accounting records to perpetrate a fraud. Thus, journals, subsidiary ledgers,
                             and the general ledger are maintained separately. For most people, the thought of approaching another
                             employee with the proposal to collude in a fraud presents an insurmountable psychological barrier. The
                             fear of rejection and subsequent disciplinary action discourages solicitations of this sort. However, when
                             employees with incompatible responsibilities work together daily in close quarters, the resulting famili-
                             arity tends to erode this barrier. For this reason, the segregation of incompatible tasks should be physi-
                             cal as well as organizational. Indeed, concern about personal familiarity on the job is the justification
                             for establishing rules prohibiting nepotism.

                         SUPERVISION. Implementing adequate segregation of duties requires that a firm employ a sufficiently
                         large number of employees. Achieving adequate segregation of duties often presents difficulties for small
                         organizations. Obviously, it is impossible to separate five incompatible tasks among three employees.
                         Therefore, in small organizations or in functional areas that lack sufficient personnel, management must
                         compensate for the absence of segregation controls with close supervision. For this reason, supervision is
                         often called a compensating control.
                           An underlying assumption of supervision control is that the firm employs competent and trustworthy
                         personnel. Obviously, no company could function for long on the alternative assumption that its employ-
                         ees are incompetent and dishonest. The competent and trustworthy employee assumption promotes super-
                         visory efficiency. Firms can thus establish a managerial span of control whereby a single manager
                         supervises several employees. In manual systems, maintaining a span of control tends to be straightfor-
                         ward because both manager and employees are at the same physical location.

                         ACCOUNTING RECORDS. The accounting records of an organization consist of source documents,
                         journals, and ledgers. These records capture the economic essence of transactions and provide an audit
                         trail of economic events. The audit trail enables the auditor to trace any transaction through all phases of
                         its processing from the initiation of the event to the financial statements. Organizations must maintain
                         audit trails for two reasons. First, this information is needed for conducting day-to-day operations. The
                         audit trail helps employees respond to customer inquiries by showing the current status of transactions in
                         process. Second, the audit trail plays an essential role in the financial audit of the firm. It enables external
                         (and internal) auditors to verify selected transactions by tracing them from the financial statements to the
                         ledger accounts, to the journals, to the source documents, and back to their original source. For reasons of
                         both practical expedience and legal obligation, business organizations must maintain sufficient account-
                         ing records to preserve their audit trails.

                         ACCESS CONTROL. The purpose of access controls is to ensure that only authorized personnel have
                         access to the firm’s assets. Unauthorized access exposes assets to misappropriation, damage, and theft.
                         Therefore, access controls play an important role in safeguarding assets. Access to assets can be direct or
                         indirect. Physical security devices, such as locks, safes, fences, and electronic and infrared alarm systems,
                         control against direct access. Indirect access to assets is achieved by gaining access to the records and
                         documents that control the use, ownership, and disposition of the asset. For example, an individual with
                         access to all the relevant accounting records can destroy the audit trail that describes a particular sales
                         transaction. Thus, by removing the records of the transaction, including the accounts receivable balance,
                         the sale may never be billed and the firm will never receive payment for the items sold. The access