Planning and Implementing Controls

Business rules are essential for ensuring the integrity of the purchase and payment process. These rules are developed to manage key aspects of internal control: preventive, detective, and corrective controls. They ensure segregation of duties, proper authorization, and reconciliation processes, all of which are critical in preventing errors and fraud.

Segregation of Duties

One of the key business rules for internal control is the segregation of duties. This ensures that the person responsible for ordering goods is not the same person responsible for receiving or paying for them. This separation reduces the risk of fraud and errors. For instance:

• The employee ordering products should not have access to modify product inventory or manage payments.

• The employee receiving items must be different from the person who ordered them and should not have the ability to modify purchase orders or inventory records.

Application Controls

Application controls within the accounting system support these business rules. For example, systems are designed to:

• Assign unique purchase order numbers to ensure all orders are accounted for.

• Implement range and limit checks to restrict the values employees can enter, ensuring they align with company policies.

• Create an audit trail, documenting every action taken within the system.

Example of Business Rules for Internal Controls

Exhibit 8.6 in the text outlines several business rules for Sunset Graphics' purchase and payment process. These rules address segregation of duties, employee access, and system-enforced application controls:

• Order Products: Manager approval is required for orders over $5,000.

• Record Receipt of Items: Employees receiving items must not be the same as those who ordered them.

• Payment: The employee making payments must not be the one who ordered or received the items, ensuring a clear separation of roles.

By developing such business rules, companies can better manage risks and ensure their purchase and payment processes are efficient, secure, and compliant with internal policies​​.