Financial Reporting and Management Reporting Systems:Controlling the FRS
Controlling the FRS
Sarbanes-Oxley legislation requires that management design and implement controls over the financial reporting process. This includes the transaction processing systems that feed data into the FRS. In previous chapters we studied control techniques necessary for the various transaction systems. Here we will examine only the controls that relate to the FRS. The potential risks to the FRS include:
1. A defective audit trail.
2. Unauthorized access to the general ledger.
3. GL accounts that are out of balance with subsidiary accounts.
4. Incorrect GL account balances because of unauthorized or incorrect journal vouchers.
If not controlled, these risks may result in misstated financial statements and other reports, thus mis- leading users of this information. The potential consequences are litigation, significant financial loss for the firm, and sanctions specified by SOX legislation.
SAS 78/COSO CONTROL ISSUES
This discussion of FRS physical controls will follow the SAS 78/COSO framework, which by now is familiar to you.
Transaction Authorization
The journal voucher is the document that authorizes an entry to the general ledger. Journal vouchers have numerous sources, such as the cash receipts processing, sales order processing, and the financial reporting group. It is vital to the integrity of the accounting records that the journal vouchers be properly authorized by a responsible manager at the source department.
Segregation of Duties
In previous chapters, we have seen how the general ledger provides verification control for the accounting process. To do so, the task of updating the general ledger must be separate from all accounting and asset custody responsibility within the organization. Therefore, individuals with access authority to GL accounts should not:
1. Have record-keeping responsibility for special journals or subsidiary ledgers.
2. Prepare journal vouchers.
3. Have custody of physical assets.
Notice that in Figure 8-5 transactions are authorized, processed, and posted directly to the general ledger. To compensate for this potential risk, the system should provide end users and GL departments with detailed listings of journal voucher and account activity reports. These documents advise users of the automated actions taken by the system so that errors and unusual events, which warrant investigation, can be identified.
Access Controls
Unauthorized access to the GL accounts can result in errors, fraud, and misrepresentations in financial statements. SOX legislation explicitly addresses this area of risk by requiring organizations to implement controls that limit database access to authorized individuals only. A number of IT general controls designed to serve this purpose are presented in Chapter 16.
Accounting Records
The audit trail is a record of the path that a transaction takes through the input, processing, and output phases of transaction processing. This involves a network of documents, journals, and ledgers designed to ensure that a transaction can be accurately traced through the system from initiation to final disposition.
An audit trail facilitates error prevention and correction when the data files are conveniently and logically organized. Also, the general ledger and other files that constitute the audit trail should be detailed and rich enough to (1) provide the ability to answer inquiries, for example, from customers or vendors;
(2) be able to reconstruct files if they are completely or partially destroyed; (3) provide historical data required by auditors; (4) fulfill government regulations; and (5) provide a means for preventing, detecting, and correcting errors.
Independent Verification
In previous chapters we have portrayed the general ledger function as an independent verification step within the accounting information system. The FRS produces two operational reports—journal voucher listing and the GL change report—that provide proof of the accuracy of this process. The journal voucher listing provides relevant details about each journal voucher posted to the GL. The general ledger change report presents the effects of journal voucher postings to the GL accounts. Figures 8-12 and 8-13 present examples of these reports.
INTERNAL CONTROL IMPLICATIONS OF XBRL
Although the potential benefits of XBRL and associated Web technologies have been extensively researched, less attention has been given to the potential control implications of using XBRL. There are three areas of specific concern, which are discussed here.
TAXONOMY CREATION. Taxonomy may be generated incorrectly, which results in an incorrect mapping between data and taxonomy elements that could result in material misrepresentation of financial data. Controls must be designed and put in place to ensure the correct generation of XBRL taxonomies.
TAXONOMY MAPPING ERROR. The process of mapping the internal database accounts to the taxonomy tags needs to be controlled. Correctly generated XBRL tags may be incorrectly assigned to internal database accounts resulting in material misrepresentation of financial data.
VALIDATION OF INSTANCE DOCUMENTS. As noted, once the mapping is complete and tags have been stored in the internal database, XBRL instance documents (reports) can be generated. Independent verification procedures need to be established to validate the instance documents to ensure that appropriate taxonomy and tags have been applied before posting to a Web server.
Comments
Post a Comment