Accounting Information System Comprehensive Project

Reminders:

  • BGS is a one-store “mom and pop” type of business.  It has a limited budget, so you should not recommend controls that are too expensive for that type of business to implement.  Think about affordability and the trade-off between cost and benefit when choosing controls.
  • Similarly, you should not over-rely on technology to solve all problems.  It’s too costly for this type of organization, and leads to its own problems.  The case states that BGS is going to implement a new system; this new system, to fit BGS, will be small and have some basic technology, but will not have anywhere near the capabilities of larger systems.  A mix of both manual controls and simpler technology controls is more reasonable.
  • As in part (b), you should not recommend additional employees be hired or existing employees take on responsibilities that are inconsistent with their positions in the company (and duties you assign them in part (b)).
  • You can’t recommend controls that already exist in the case; you aren’t adding value by doing this.  Your task is to recommend additional controls for each control objective.  (Many times having a mix of controls for each objective makes sense, as we discussed in class.)
  • Also, you can’t use identical controls for more than one objective, although you can use similar types of controls.  For example, you can use segregation of duties once for purchasing/receiving and once for disbursements, because the duties you recommend to be segregated are different.  You should use different controls for the other control objectives, however.

Guidance:

  • Make sure you read the control objectives carefully and understand what each one implies (and what each does not imply).  Restate the objective in plain English as specifically as possible.  For instance, for the occurrence objective “Recorded purchases are for goods actually received,” restate it as:  “Office Administrators only record journal entries when the company has actually received goods.”  This should help you to identify the right risks and controls.  [Note also what this objective does not imply; for instance, “received goods” is not the same as “received ordered goods” – the authorization objective covers the “ordered” part.]
  • When we covered controls, we took a certain approach that I recommend you take in part (c).  Specifically, I’ve given you a list of control objectives.  For each control, first find a risk that would impact the achievement of that goal.  What bad thing(s) could happen, based on your knowledge of how BGS works (from parts (a) and (b)), that may threaten the information’s reliability for that objective?
  • Then, once you’ve determined the each risk, choose a control that would help either prevent, detect, or correct to help minimize the risk’s potential impact on reliable information.  I noticed, in grading homework assignment 5, that most all students focused mainly on preventive controls, and not much on detective or corrective controls.  Note that you’re not limited to using preventive controls; you can use any of the three types for each control you choose.