Access Controls
Access controls prevent and detect unauthorized and illegal access to the firm’s assets.Inventories and cash are the physical assets of the revenue cycle. Traditional techniques used to limit access to these assets include the following:
• Using warehouse security, such as fences, alarms, and guards
• Depositing cash daily in the bank
• Using a safe or night deposit box for cash
• Locking cash drawers and safes in the cash receipts department
Controlling access to accounting records is no less important. An individual with unrestricted access to data can manipulate the physical assets of the firm and cause financial statements to be materially misstated. Accounting files stored on magnetic media are particularly vulnerable to unauthorized access, whether its cause is accidental, an act of malice by a disgruntled employee, or an attempt at fraud. The following are examples of risks specific to the revenue cycle:
1. An individual with access to the AR subsidiary ledger could remove his or her account (or someone else’s) from the books. With no record of the account, the firm would not send the customer monthly statements.
2. Access to blank sales orders may enable an unauthorized individual to trigger the shipment of a product.
3. An individual with access to both cash and accounting records could remove cash from the firm and cover the act by adjusting the cash account.
4. An individual with access to physical inventory and inventory records could steal products and adjust the records to cover the theft.