Happy Ovens Pte Ltd is a major supplier of industrial-grade baking ovens to bakeries in Singapore. Below describes the revenue cycle from the perspective of the Accounts Receivable department. Sales invoices are created when equipment is delivered and installed at customers’ premises.
Sam, Billing Executive, logs into the company ERP’s billing module and retrieves each proforma invoice in the ERP system’s database. The proforma invoices were previously created by the sales team and sent to the customer for their info whenever they confirm a sale. Sam will match the proforma invoice against the sales quotation from a sales quotation folder.
If there is a match, Sam will proceed to convert the proforma invoice into an invoice from the billing module. A PDF invoice will be generated and emailed to the customer as an attachment with an email with payment instructions. A hard copy of the invoice will be printed and filed in a Monthly Invoices arch file by date.
If there are discrepancies, Sam will inform the sales team to correct the proforma invoices and resubmit the proforma invoices. Of course, this causes delays in the billing process as the sales team may not amend these immediately and occasionally require further information from the customers. One of the common missing information is credit terms which are usually not established and approved during the creation of a new customer profile in the ERP system.
Customer payments are received in the form of cheques and internet bank transfers. Tom, the Finance Executive, will retrieve the invoices from the ERP system’s billing module and update the payment status on each invoice in the system as the banking system is not integrated with the ERP system. Tom will also find the corresponding invoices in the Monthly Invoices arch file, and stamp paid with payment information written. If the hard copy of the invoice is not found, Tom will just ignore it as he thinks that this step is irrelevant as the transaction volume can be overwhelming on certain days. Cheques are deposited to the bank twice weekly.
On a monthly basis, Tom will generate the Statement of Accounts to be emailed as attachments to the customers, print the Monthly AR Aging Report, and forward it to Ronny, Finance Manager. Ronny will instruct Sam to send reminders to customers for outstanding payments, but occasionally he experienced difficulties as the payment status may not have been updated in the Billing Module and/or Monthly Invoices arch file; this inefficiency causes further delay in the payment collection process. Sam has to either contact Tom or the Sales Team for their assistance, further complicating the process.
(a) Analyse the customer billing and payment process described above, and illustrate the process with a flowchart. State the assumptions made if any.
(b) From the case presented above, identify and discuss three (3) major areas of existing or potential internal control weaknesses, and the associated threats, and suggest the appropriate measures or controls that should be put in place.
Digitalization and digital business transformation have been the buzzword in today’s highly competitive business world. Companies are pressured to quickly push out new digital initiatives to address changing business and customer needs.
(a) In your own words, explain what is business process reengineering (BPR), and examine the importance and role of information technology in BPR.
(b) BPR has been criticized as highly disruptive to the present business operations and time-consuming. Appraise the relevance of BPR in light of companies’ drive towards digital business transformation since shortening the time-to-market is highly critical.
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It comprises various requirements governing the collection, use, disclosure, and care of personal data in Singapore. The PDPA recognizes both the need to protect individuals’ personal data and the need of organizations to collect, use or disclose personal data for legitimate and reasonable purposes. A data protection regime is necessary to safeguard personal data from misuse and to maintain individuals’ trust in organizations that manage their data.”
(a) Explain and demonstrate your understanding by providing a relevant example of each of the three (3) types of internal controls: Preventive, Detective, and Corrective. Discuss if any of these should be ranked and prioritized as the focus, or should all these three (3) types of controls be given equal emphasis.
(b) In the context of a chain of fitness gyms that operates over several locations in Singapore, review appropriate preventive, detective, and corrective controls that should be put in place to safeguard the personal data of their members, and to comply with PDPA. Your suggestions must be relevant and practical to suit the operating and business environment of this local SME, assuming that the gym uses a cloud-based gym membership system.