Business Processes - Risks and Controls
- Suitable controls should be implemented to meet the requirements of the control objectives. These controls can be manual, automated or semi-automated provided the risk is mitigated. In computer systems, controls should be checked at three levels, namely Configuration, Master & Transaction level.
·Configuration
- Configuration refers to the way a software system is set up. When any software is installed, values for various parameters should be set up (configured) as per policies and business process work flow and business process rules of the enterprise. The various modules of the enterprise such as Purchase, Sales, Inventory, Finance, User Access etc. have to be configured.
- Some examples of configuration are given below:
- User activation and deactivation
- User Access & privileges - Configuration & its management
- Password Management
·Masters
- The masters are set up first time during installation and these are changed whenever the business process rules or parameters are changed.
Examples are Vendor Master, Customer Master, Material Master, Accounts Master, Employee Master etc.
Any changes to these data have to be authorized by appropriate personnel and these are logged and captured in exception reports.
For example
- Some examples of masters are:
- Vendor Master:Name, Address, GST No. Telephone No., bank account details, etc.
- Customer Master:Name, Address, GST No. Telephone No., bank account details, etc.
- Material Master: Material type, Material description, Unit of measure, etc.
- Employee Master: Employee name, Address, designation, PAN, salary details, etc.
·Transactions
- Transactions refer to the actual transactions entered through menus and functions in the application software, through which all transactions for specific modules are initiated, authorized or approved. For example:
- Sales transactions
- Purchase transactions
- Stock transfer transactions
- Journal entries
- Payment transaction
Download