St. James Clothiers Evaluation of Manual and IT-Based Sales Accounting System Risks Copy Right: Anthony Butka Ralph Avallone Hong-Ming Yen Executive Summary Case Synopsis We meet Sally St. James of St. James Clothiers who has a retail clothing store in Tennesse. Sally has decided to abandon her manual sales entry system and convert to a more sophisticated IT-based application. As the audit engagement team we have been asked to review narratives of former years and then draft a narrative for the new system. We will address the weaknesses of having a manual based sales entry system.
We will discuss how switching to an IT-based will take care of some of those weaknesses. We will then talk about some of the new risks that Sally St. James will encounter with the IT-based sales system. Finally we will make some recommendations on how to make the conversion process a successful one. Problems 5. 4. 1 Upon review of St. James several risk factors have been identified due to their manual operations system. The highlighted risk areas pose a risk to the income statement and balance sheet. The accounts that are most likely to be impacted are the cash balance and inventory balance.
However cost of goods sold, taxes, sales revenue, compensation, amongst otherwise are all impacted as well. One risk intangible that is not discussed is the risk of losing customers due to a poor reputation and customer service. a. The fact that the cashier manually records the clerks name, product number, quantity sold, and sales price on a pre-numbered ticket indicate a potential misstatement in all these categories as the cashier may make an error or intentionally record the wrong sales information. The clerk also has the ability to alter the actual sales amount driving potential misstatement in the income statement and balance sheet. . For special items, the cashier refers to newspaper clippings of advertisements, in store sale signs, or will ask the salesperson for the price. The material misstatement likely to occur due to customers moving signs or salespeople having control of price of items which they sell imposes a risk to St. James as there is no reputable source to determine the actual price. c. A risk to the cash on hand at the point of sale is threatened by the fact that the draw can be opened by pressing the “Total” button on the register.
This means that anybody can open the register and physically remove the contents of the draw. d. A sales transaction generates two receipts, one is given to the customer and the other is locked in the register. No one except the store accountant can unlock the tape from the register. If the accountant has access to the only store record of a sales transaction, it presents the potential for the accountant and manager to collude and skim cash from the register in order to match the altered receipts for that day. e.
At times when the store is busy, a sales clerk will assist the cashier with check outs. However, by putting a clerk at the Point of Sale runs the risk of being able to identify who’s recording which transaction. Similar to the risk we see in steps a and b. f. The cashier processes sales returns by completing a sales ticket using negative amounts. However it’s possible that fictitious tickets could be created in order to record and take money out of the register. g. John Thornberge the store manager counts the cash each night and prepares a deposit slip and then compares to accountants record.
Similar to the risk in step d, the store manager and accountant could work together in order to display something other than what actually occurred. 5. 4. 2 After review of the manual system, we the auditors then discussed the impacts of the new IT system features and how they might mitigate all the risks that we previously addressed. a. When the product prices are stored in a computer, the system will automatically calculate the tax, total quantity, and price. Here no manual errors are possible, the cashier just has to scan the proper tag, and indicate who the clerk was. . The software program will totally mitigate this risk as there will be a master price sheet for the products and therefore no need to reconcile with other clerks or newspapers will be necessary. c. The new computer system will require codes which will identify who is using the register and segregate duties by allowing certain transactions based on the user identified at the register via their pin. Now the computer can split reports of who entered what transaction into the register and therefore be able to hold the appropriate parties responsible. . This will not be possible in the computer as it will download reports and send a read only copy to the accountant, this way there’s no way the accountant can hide or change sales transactions and no need for the accountant to be physically present. e. The new system will allow the sales clerks to help, the pin used at computer will now identify who handled which transactions and a report can be downloaded later in order to monitor a particular clerks transaction history. f. Now with the new IT system, only identified employees can process returns.
The computer system will match the return of the item with the original transaction which will avoid discrepancies. g. Without the ability to see physical store receipts, no alteration can be made and the deposit slip must match the computers sales amount or else an exception report is sent to the owner. 5. 4. 3 The use of an IT-based sales system generally will solve a lot of the manual sales accounting system misstatements, but it also creates other potential risks for material misstatements in the following ways: a. Managers or employees may still inaccurately process data.
This may happen especially when installing the new IT technology as nobody will have any prior experience with it. The mistake can be discovered after an accounting cycle or even longer. b. IT-based sales systems still pose a risk of manager fraud. People who can figure out a way to access the store manager’s PC can easily change the data, which includes the recording of unauthorized or nonexistent transactions or inaccurate recordings of transactions. c. Where multiple users may access a common database, a lack of control at a single user entry point may compromise the security of the entire database. . If an IT personnel or user has access to that manager’s PC, he or she may change the computer program to achieve their assigned duties or personal goal. e. Reliance on IT-based sales system can cause misstatements if the appropriate personnel forgets to make any necessary changes to the system. For instant, what if the manager forgets to adjust any discount prices back to there normal selling price? This can hurt profits and since the sales clerks are no longer looking at advertising coupons, they most likely won’t notice that the price should be higher. f.
Even computerized sales system can make a misstatement when there is inappropriate manual intervention. For example, an employee may key in promotion code and give out discount to someone who is not qualified. g. The most dangerous part of having an IT-based sales system is the potential risk of loss of data. It could be caused by your hard drive burning out, your computer catching a virus, fire, flood, etc. Failure to have appropriate backups such as virtual storage or even periodic manual records kept can leave you in the dark on where your business stands if you lose the data. . 4. 4 Completing such a risk management process is extremely important in today’s advanced technological world. It is important that management understand what risks exist in their IT environment, and how those risks can be reduced or even eliminated. Some suggestions to the list on 5. 4. 3 are, a. To reduce the risk of inaccurately operating the system, employees including managers and even Sally St. James have to have a certain degree of understanding of how to use the new system.
Sally and the managers may need to know more about maintenance and storing an extra copy of data to prevent the risk of losing the data. b. To prevent manager fraud, cross-training and a period of time rotation should be required especially to those people who are solely responsible for a specific set of duties. c. Remote access and documentation of procedures and practices can prevent employee fraud. d. A policy of retesting software before deployment is required. e. Checking the system regularly can reduce the risk of unintentional mistakes. f.
Automatic anti-virus software updates and frequent back ups are necessary steps for preventing network attacks. g. Periodically compare electronic data to paper (or off-line) data. Conclusion While switching from a manual sales entry system to an IT based one might seem like a good idea, a lot of time and effort needs to be put in to make the conversion a successful one. An IT-based system might resolve or mitigate many of the risks associated with a manual based system but it is not a panacea for all of their accounting concerns relating to fraud or misstatement.
As mentioned throughout the paper, new risks may arise from converting both in the nascent stage as well as once everything has gotten up and running. There will need to be different steps taken at different levels of the conversion to ensure all goes smoothly. For instance, proper training at the beginning to become familiar with the system. Then reevaluating the system to see if new risks arise and then working towards a solution of how to try and lower those risks. Sally St.
James will need to be heavily involved at the beginning in order to make sure that people are trained and that she feels the measures put in place will give her reasonable assurance that the accountant and manager will not be able to collude as the IT-based system will give them a lot of power. What seems like a great idea from the surface still requires a lot of work to ensure it will be beneficial to the company. References Messier, William. Glover, Steven. Prawitt, Douglas F. Auditing & Assurance Services-A Systematic Approach . McGraw-Hill Irwin. Seventh Edition. 2009.