The current economic crisis highlights the disastrous results when risks associated with strategies are ignored or ineffectively mismanaged. Most companies failed because of the absence or lack of proper risk management. Risk management is “a process of understanding and managing the risks that the entity inevitably subject to in attempting to achieve its corporate objectives. For management purposes, risks are usually divided into categories such as operational, financial, legal, compliance, information and personnel. One example of an integrated solution to risk management is enterprise risk management” (CIMA, 2005).
Effective risk management involves risk assessment, risk evaluation, risk treatment and risk reporting. The focus of good risk management is the identification and treatment of these risks in accordance with the organization’s risk appetite. These risks need to be managed and controlled in order to prevent vibrant organizations from catastrophic losses and help them achieve their goals and objectives. Accounts Payable is a part of the expenditure cycle, which is prone and susceptible to risks. The expenditure cycle is a subsystem of the both the cash management system and the accounting system.
The other parts of the expenditure cycle are purchasing, receiving, and warehousing. Each of these subsystems should have controls to ensure that its overall objective will be met. Moreover, these subsystems have individual risks associated to it which can be affect the whole process in the organization, as well as other processes outside Accounts Payable, which can arise from an event or condition, external and internal factors, and decisions and choices made by people within in the organization. It can be grouped into three major components: (1) a variety of people responsible for extracting, assembling, aggregating, and analyzing data. 2) The processes and timelines by which this data is obtained and reported and (3) the systems that crunch the financial information and distil it into meaningful form. (Deloitte Development LLC, 2010) An organization needs to understand its mission and articulate it clearly. This makes it easier to recognize the risks associated and areas of improvement with the mission. Once an organization identifies its mission, it can begin its evaluation by listing the possible risks that threaten the business with the aim of identifying high priority threats and focusing on those first.
Risks should be prioritized, depending on their impact to the overall business and the effectiveness by which these are managed. Risk mitigation strategies should be developed, updated and continuously reviewed for effectiveness, and should be monitored through various control mechanisms. Internal control on the other hand, is “the whole system of controls, financial and otherwise, established in order to provide reasonable assurance of: (a) effective and efficient operation; (b) internal financial control; (c) compliance with laws and regulations” (CIMA, 2006)
The weaknesses of many companies’ control systems have been highlighted due to the big financial scandals of recent years (between 2001 and 2003) and as a result increased attention on risk management, internal controls, internal audit and their role in modern organizations. The implementation of the Sarbanes-Oxley Act 2002 (SOX), which was enacted by the US Congress, in response to a number of major corporate and accounting scandals including those affecting Enron Corporation, Tyco International, WorldCom and others, is an evidence of major steps taken by governments to revise company regulations (Coates, 2002).
The Sarbanes–Oxley Act of 2002 (Pub. L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the ‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) and ‘Corporate and Auditing Accountability and Responsibility Act’ (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U. S. public company boards, management and public accounting firms.
The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the law. Harvey Pitt, the 26th chairman of the SEC, led the SEC in the adoption of dozens of rules to implement the Sarbanes–Oxley Act. It created a new, quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, charged with overseeing, regulating, inspecting and disciplining accounting firms in their roles as auditors of public companies.
The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. The primary goal of SOX was to help investor’s confidence increase in the public marketplace. Investors had lost faith that their investments in American companies. This lack of faith resulted in the decline of stock values. Investors also believe that most of the scandals could have been prevented if the accounting misconducts could have been better monitored and thus deterred by regulatory agencies. Lowengrub, 2005) Many companies update and refurbish their existing information technology systems to allow standardization and integration throughout all applications company-wide. In connection with this, Lexmark CSSC Accounting has felt the need to change their accounting system from JD Edwards to SAP (Systems Applications and Products) in order to deliver a comprehensive set of integrated, cross-functional business processes. SAP is an ERP system that integrates various modules, such as the Accounts Payable, General Ledger, Accounts Receivable, etc.
An enterprise applications software that is both building service-orientation directly into its solutions and providing a technology platform SAP Net Weaver and guidance to support companies in the development of their own service-oriented architectures spanning both SAP and non-SAP solutions. SAP was first launched in EMEA (Europe, Middle East and Africa) region last October 2009 where the researchers were also assigned at that time. With this, established processes from the previous JDE system were totally changed and different challenges were encountered along the way.
There is a big room for people and system error especially in the first few months since we are on the process of scrutinizing the system. It took us months or even a year to fully stabilize the system and make ourselves comfortable with it. After the said SAP implementation in EMEA, the other geographies then followed. North America (NA) went live in the system last August 2010 while Asia Pacific Group (APG) started to use it last January 2011. In the previous JDE system, Lexmark CSSC Accounting was grouped per geography such as EMEA, NA, and APG and each consists of different teams such as AP, AR, Bank, GL, and etc. nd has different accounting processes. It was early this year, after the full implementation of SAP among all geographies, that the Accounting Department was grouped already per function (AP, AR, GL, & etc. ) regardless of what geography it belongs. Thus, all Accounts Payable team from the three groups were all joined together and a uniform or global process was then established. Since the process is still very new, the researchers would like to know the possible financial reporting risks that can be triggered with this newly established global process.
This study aims to identify potential financial reporting risks that could threaten the achievement of the Company’s mission and vision and how management reacts to these risks and what are their strategies to mitigate and manage such risks. This study will further evaluate if the current Accounts Payable process being practiced in Lexmark CSSC is strong enough to deal with the identified financial reporting risks. Accounts Payable has been a very important function in all companies since this is where the cash outflows are being handled and it is where the supplier relationships are being built.
The accuracy of the invoices processed should be well monitored to ensure that amount being paid to the suppliers are correct, payments are being made on time and to the correct suppliers, and the expenses recognized in the financial statements are accurate. Thus, any errors may yield to inaccurate financial data and affects the integrity of the financial report and the company as well. Accounts Payable as defined in www. wisegeek. com, “is the obligation that a business owes to its creditors for buying goods or services.
It is the unpaid invoices, bills, or statements for goods or services rendered by outside contractors, vendors or suppliers. Accounts payable are sometimes referred to as “payables. ” When someone pays his or her monthly utility, phone, cable TV bills, or Internet service provider (ISP) bills, he or she is in a sense paying off his or her accounts payable obligations”. Accounts payable is also the term used to refer to the unit within an organization’s accounting department that manages these payments.
The accounts payable unit often oversees a variety of tasks, which may include authorizing purchase orders, collecting credit card receipts, organizing account withdrawals, keeping the general ledger, and auditing expense reports. Statement of the Problem The recent migration of Lexmark’s ERP system of JD Edwards to SAP has brought major changes in the operating processes and procedures of the Accounting department in the Cebu Shared Service Center, most specifically in the Accounts Payable team.
With various major changes at hand, the financial reporting of the organization is at risk. There is a need to identify and manage the financial reporting risks in the Accounts Payable process for the organization to have a reliable financial statement for the stakeholders. Research Questions 1. What are the financial reporting risks in the Accounts Payable process in Lexmark Cebu Shared Service Center? 2. Where do these risks came from and how to avoid them? 3. Who are the responsible persons contributing these risks and who are affected? . How does the management handle and mitigate such risks? 5. Is the current Accounts Payable process in Lexmark CSSC resilient enough to prevent and effectively manage such risks or are there any room for changes? Significance of the Study Since the implementation of SAP which was piloted in the EMEA geography in Lexmark Cebu Shared Service Center last October 2009, the organization is still struggling to refine its current processes, so as to have a streamline with other geographies like North America and Asia Pacific.
Due to this ongoing initiative, there are areas that need to be evaluated, especially on the operations point of view, and its effects on the overall financial statements reliability. The study will be beneficial to the organization as a whole for it will be able to identify and manage the financial risks it is facing due to the processes in Accounts Payable that needs to be resolved. It is also very useful for the following individuals: * Accounts Payable employees – the employees will be able to have a more in depth understanding of the processes they are doing.
Through this research, it can create value- added activities to their function, most especially, to the Goods Receipt/Invoice Receipt function. * General ledger employees – they will have lesser manual work and be more efficient in their function due to lesser risks and lesser man-made errors that came from the Accounts Payable process. * Managers – managers will make better decisions due to a more accurate data in the financial statements, real-time. * Stakeholders – will have more onfidence over the financial reports of the organization and will be able to make decisions more effectively because of the management of the financial reporting risk. * Country accountants and controllers – will have a better view of the financials on a business level and can have better judgment over the budgeted expense of each cost center, and in turn, make better decisions. * Lexington controllers and counterparts – will have access to appropriate data on the financials at any time of the month, especially to the planning department.
Moreover, they can give informed judgments and make better decisions due to the lessen risk of financial reporting. * Partners and customers – will have confidence in dealing with the company due to its reliable financial information. At the same time, they can make informed judgments in their associations with the company. Definition of Terms 1. Risk – commonly referred to as the chance, possibility, or uncertainty of outcome or consequences. Risks stem from every activity an organization undertakes.
Risks include those directly related to the organization’s principal business activities (i. e. , the risks that are unique to those business activities) as well as risks stemming from the operations supporting those principal activities (e. g. , operational risks). These risks exist continuously, whether you have identified them or not. But a risk event first must happen before it can have a risk impact, and such risk impacts can be positive or negative. 2.
Financial reporting risk – the impact on the financial statements of the accounts payable process from the invoice processing, good receipt/invoice receipt procedures, to the mismatch resolution, and finally to the payment process through the SAP ERP system. Enterprise Resource Planning – It integrates all departments and functions across a company onto a single computer system that can serve all those different departments’ particular needs. 3. Goods Receipt – denoted by a (WE) document type in SAP. This is an indication that the requestor has already received the goods and services in his/her department. . Invoice Receipt – denoted by a (RE) document type in SAP. This is the document where the invoice is attached. 5. SAP – This acronym means Systems, Applications, and Products in Data Processing. An ERP system that integrates various modules, such as the Accounts Payable, General Ledger, Accounts Receivable, etc. An enterprise applications software that is both building service-orientation directly into its solutions and providing a technology platform SAP Net Weaver and guidance to support companies in the development of their own service-oriented architectures spanning both SAP and non-SAP solutions. . SRM – This acronym means Supplier Relationship Management. This application automates, simplifies, and accelerates procure-to-pay processes for goods and services. With SAP SRM, you can reduce procurement costs, build collaborative supplier relationships, better manage supply bases, and improve your bottom line with innovative offerings and a faster time to market. It delivers an integrated offering for automating goods and services procure-to-pay processes and extending the value delivered by SAP Business Suite.
To see exactly how SAP SRM can add value to your company 7. CSSC – Cebu Shared Service Center, which composed of employees that handle various functions under different geographies, EMEA (Europe, Middle East, Africa), North America (United States of America, Canada and Puerto Rico), and Asia Pacific Group. Chapter 2 THEORETICAL BACKGROUND Review of Related Literature 2. 1 ERP System Organizations implement Enterprise Resource Planning (ERP) Systems in order to address the problems pose by disparate applications within functional reas and to achieve competitive advantages. ERP systems typically provide elegant technological solutions for organizations information needs through radical changes in information processing orientation. (Kelechi, 2007). An effective business strategy centers on an aggressive, efficient use of information technology; for this reason the ERP systems have emerged as the core of successful information management, and the enterprise backbone of the organization (Nash, 2000a, b).
A successful ERP system will streamline processes within a company and improve its overall effectiveness, while providing a means to externally enhance competitive performance, increase responsiveness to customers, and support strategic initiatives (Sandoe et al, 2001). The software components of ERP system are subdivided into modules. It is usually seen as the ERP product and several generic modules sold by ERP vendors. SAP is a clear market leader in ERP deployment.
Gelinas et al, (2005:57) identified the core modules of SAP R/3 as listed below: * Sales ;amp; Distribution: This contains the functions related to the sale of goods to customers and includes recording customers order, shipping of good to customer, and billing the customer. They are interconnected to the Material Management module to check the availability of inventory and record the issue of goods, the Financial Accounting module to record the sales and the Controlling module for profitability analysis. Material Management: This contains the function related to acquisition of goods from vendors and management of goods in the warehouse. This module prepares and records a purchase order, receives goods from vendors and record the vendors invoice. * Financial Accounting: This contains the function related to business events from other modules such as Sales ;amp; Distribution and Material Management.
This module records transactions into the general ledger accounts, external account statements, the balance sheet, profit and loss statement and statement of cash flows. This module also includes account receivables and account payable functions. * Human Resources: This contains the function related to the recruitment, management and administration of personnel, payroll processing and personnel training and travel. The HR module is also used to maintain data related to training and work benefits. Quality Management: This contains the function related to product inspections, material certifications and quality controls. * Project Management: This contains the function related to research and development, construction, marketing projects, cost settlement and project phases. ERP implementation is a social-technical challenge that requires a fundamentally different outlook from technologically-driven innovation, and will depend on a balance perspective where the organization as a total system is considered.
ERP implementation is considered to rely on behavioural processes and actions (Al-Mudimigh et al. , 2001). ERP systems facilitate horizontal and vertical integration of business processes across an organization via a synchronized suite of software applications (Hunton et al 2004). These ERP systems if successfully implemented, can enable companies to better manage supply chains, perform business reengineering and reorganize their accounting processes along with different other functions (Hebermann and Scheer 2000).
In addition, (Spathis ;amp; Contantinides 2004) observed that ERP systems are currently becoming a necessary tool for companies to remain competitive in this new business environment rather than constituting a new strategic move. According to Parr and Shanks (2000), ERP systems have two important features: firstly, it facilitates a causal connection between a visual model of business processes and the software implementation of those processes, and secondly, it ensures a level of integration, data integrity and security, which is not easily achievable with multiple software platforms.
ERP systems can provide an organization with competitive advantage through improved business performance by integrating supply chain management, receiving inventory management, customer orders management, production planning and management, shipping, accounting, human resource management and all other activities that take place in the modern business (Hitt et al 2002, Kalling, 2003). O, Leary (2000) noted the following characteristics of ERP systems: * ERP systems are packaged software designed for a client server environment whether traditional or webbased. ERP systems integrate the majority of a business’s processes * ERP systems process a large majority of an organization’s transaction. * ERP systems use enterprise-wide database that typically store each piece of data once. * In some cases, ERP systems allow an integration of transaction processing and planning activities. 2. 2 Financial Reporting Risks However, ERP systems are usually accompanied with changes in business processes in companies.
According to Hunton et al (2001), ERP systems bring about changes in internal control, business process, and segregation of duties. Typically, organizations may need to reengineer business processes and make essential changes for successful implementation of ERP systems. Such changes affect the major processes as well as organizational setup in a company. These changes, at the same time, create a lot of risk factors within the entity, such as financial risk. Over the years, there is still a huge amount of financial risk amongst companies.
As evidenced by the figures below, after the increase financial risk trends in 2005-2006, the coming years were brought to the normal state. But the question is how to mitigate these financial risks in the organization? Figure [ 1 ]. Financial Risk Reporting Trends Accounts Payable is one of the major functions in the Accounting department of the organization. It is involved with the daily operations, with repetitive tasks and involves different geographies in a multinational company.
Invoices and receipts entered into the system through the Accounts Payable function create an impact into the financial reporting and integrity of reports in the organization. As Jerry F. White, director of the Caruth Institute of Owner-Managed Business at Southern Methodist University Cox School of Business in Dallas, points out, “Efficient financial reporting is essential to making management decisions on a timely basis, before a problem compounds.
The faster you have high-quality information, the quicker management will be able to take corrective action. ” However, it is definitely better to address the issues before-hand that is why there is a need for management to assess its internal controls in order to have reasonable assurance on the achievement of its objectives in the following categories: (1) Effectiveness and efficiency of operations (2) Reliability of financial reporting (3) Compliance with applicable laws and regulations
The first category addresses an entity’s basic business objectives, including performance and profitability goals and safeguarding of resources. The second relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly. The third deals with complying with those laws and regulations to which the entity is subject.
These distinct but overlapping categories address different needs and allow a directed focus to meet the separate needs. Moreover, it is vital for the financial reporting of the organization to consolidate routine processing, streamline time-consuming tasks of little advantage or eliminates data duplication by more fully using software capabilities (Institute of Internal Auditors, 2008). 2. 3 Impact of Sarbanes-Oxley Act and Audit on ERP systems
After financial reporting scandals at Enron and other major companies, the U. S. Congress passed the Sarbanes–Oxley Act (SOX) in 2002. Section 404 of the Act requires nearly every public company’s chief corporate officers to assess whether the company’s financial reporting system has been effectively controlled during the reporting period. Over the past decade, organizations have invested heavily in improving the quality of their internal control systems.
They have made the investment for a number of reasons, notably: (1) good internal control is good business — it helps organizations ensure that operating, financial and compliance objectives are met, and (2) many organizations are required to report on the quality of internal control over financial reporting, compelling them to develop specific support for their certifications and assertions. Internal control is designed to assist organizations in achieving their objectives.
The five components of COSO’s Internal Control — Integrated Framework (the COSO Framework) work in tandem to mitigate the risks of an organization’s failure to achieve those objectives. The COSO Board recognizes that management’s assessment of internal control often has been a time-consuming task that involves a significant amount of annual management and/or internal audit testing. Effective monitoring can help streamline the assessment process, but many organizations do not fully understand this important component of internal control. As a result, they underutilize it in supporting their assessments f internal control. (COSO, Internal Control-Integrated Framework) Information technology is playing a key role in virtually every phase of global business environment. Auditors are faced with the enormous challenge of working and keeping up-to-date with such sophisticated technologies. ERP systems are one of such state of the art technologies deployed by various organizations to achieve a strategic advantage in the competitive market. ERP systems create seamless integration of information among cross-functional areas through automation of business processes.
According to Wright ;amp; Wright (2002), Hunton et al (2004), auditors need to be aware of increased audit risk involved with ERP systems. Bae and Ashcroft, (2004) went further to state that ERP implementation is usually associated with elimination of traditional controls without adequate replacement. Covaleski (2000) pointed out that accountants need to be mentally creative to understand and communicate the value added by ERP systems and the technological knowledge needed to implement it.
ERP systems are being adapted by the organization to mitigate the risks that make it vulnerable, as well as to produce reliable financial reports. There is a need for management to be flexible in designing and implementing systems, which calls for the application of SOX 404 top-down risk assessment (TDRA) performed to comply with Section 404 of the Sarbanes-Oxley Act. A top-down approach begins at the financial statement level and with the auditor’s understanding of the overall risks to internal control over financial reporting.
The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor’s attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures. The auditor then verifies his or her understanding of the risks in the company’s processes and selects for testing those controls that sufficiently address the assessed risk of misstatement to each relevant assertion.
Management should identify those risks of misstatement that could, individually or in combination with others, result in a material misstatement of the financial statements (“financial reporting risks”). Ordinarily, the identification of financial reporting risks begins with evaluating how the requirements of GAAP apply to the company’s business, operations and transactions. (The Institute of Internal Auditors, 2008) Controls cannot guarantee that the goals will be met, but they reduce the risk that these objectives will not be met.
In this context, effectively controlled financial reporting processes give reasonable assurance that the company will meet the goal of producing accurate financial reports. According to Auditing Standard 2, an internal control deficiency exists when the design or operation of a control does not allow for the timely prevention or detection of misstatements. The standard (PCAOB, 2004) defines two types of deficiencies: * In a significant deficiency, there is more than a remote likelihood that the financial statements will be impacted in a manner that is consequential but not material. In a material deficiency, there is “a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected” (PCAOB, 2004). Vorhies (2005) indicates that a 5% error in revenues is the usual threshold for labeling a deficiency as material because a smaller difference is not likely to sway a reasonable investor.
This distinction between significant and material internal control deficiencies is important because if management finds even a single material deficiency, it may not assess its internal controls as having been effective during the reporting period. According to the PCAOB’s analysis, 12% of all audits in 2004 and the first part of 2005 assessed companies as not having effectively controlled their financial reporting function (Rankin, 2005). Actually, the situation may be much worse because only larger firms were required to assess their financial reporting systems during that period.
In addition, auditors tended to focus on strikingly out-of-control aspects of financial reporting systems. Failing an audit of the effectiveness of financial controls can be very costly to a company. The research firm Glass, Lewis ;amp; Company analyzed 899 cases in which firms reported material weaknesses (Durfee, 2005). They discovered that companies experienced an average stock price drop of 4% right after the announcement. In turn, the Dutch research firm ARC Morgan found in 2004 that in more than 60% of all cases, the chief financial officer (CFO) was replaced within three months fter a companies reported material weaknesses (Durfee, 2005). In addition, audit risk refers to the level of uncertainty in performing audit engagement. Risk identified in the previous step is analyzed and evaluated. An effective auditor recognizes that risk exist and deals with such risk in an appropriate manner. Auditor’s ability to deal with these risks properly is critical to achieving a high quality audit. One of the most widely accepted concepts in the theory and practice of auditing is the clients system of internal control for safeguarding assets and records and generating reliable financial information. Kelechi, 2007) 2. 4 Risk associated with ERP systems Sally Wright and Arnold M. Wright (2002) investigated the unique risk associated with the implementation and operation of ERP systems. The study focused on examining ERP risks by applications, and how such risks affects planning and conducting of assurance engagement and reliability of complex computer systems. Wright and Wright (2002) asked the following questions: * What risks are most common in an ERP setting? * Do risks differ by ERP application? Do risks differ by ERP vendor across applications? * How are ERP systems tested as a basis for providing system reliability assurance? they found that lack of end user involvement exposed the firm to significant risk of unintentional errors and inefficiencies. They noted that due to fixed deadlines, there is usually inadequate time to train end users and this lead to high error rates that could eventually affect financial statement. This often resulted to erroneous reporting.
Regarding how the risks differed by applications, they found that supply chain, payroll and financial modules exhibited greater control risks and that the risks varied according to the vendors. The respondents reported major system differences with regard to access and encryption controls. This finding suggested significant variations in risk exposure for various modules. Finally, on examining how information systems auditors test the effectiveness of an ERP systems and security, Sally Wright and Arnold M. Wright (2002) found a redominant use of process audit techniques rather than conducting audit of the output. The result indicated that the implementation process of ERP systems had an important impact on system reliability. They concluded that access controls and security protocols were correlated to the ERP risks and hence financial statement error and business risk may be increased if access is not adequately considered during ERP implementation. Wright and Wright (2002) research found that control risk could potentially increase with the implementation of ERP systems and that these risks varied according to ERP vendors.
This result was also consistent with Girard and Farmer (1999) who also noted that ERP systems implementation at many corporations increased audit related risk due to “automated interdependencies” among business processes, and “integrated relational database”. Although Wright and Wright (2002) could not establish whether the risk was because of ERP access control configuration, however, the research further signified that ERP systems could have a causal relationship with audit risk. Theoretical Framework
The underlying premise of enterprise risk management is that every entity exists to provide value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. (Steinberg et. al, 2004)
Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. Enterprise risk management encompasses: * Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks. * Enhancing risk response decisions – Enterprise risk management provides the igor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance. * Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses. * Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks. Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities. * Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation. These capabilities inherent in enterprise risk management help management achieve the entity’s performance and profitability targets and prevent loss of resources.
Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity’s reputation and associated consequences. In sum, enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way. Conceptual Framework This study will further evaluate the current Accounts Payable process in Lexmark CSSC Accounting to be able to identify possible risks derived from the said process and how management reacts to such risks.
By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. This study will use the current accounts payable process in CSSC as the dependent variable while the independent variables are the internal controls being practiced in the team, and the employee’s familiarity of the said process. This may also include the process owner’s number of years working in AP, seminars or trainings attended, and age of the employees.
Furthermore, this study will show the relationship between the dependent and independent variables. Using questionnaires, interviews and focus group discussions with some of the Accounts Payable team in Lexmark CSSC Accounting, the researchers will be able to gather actual data on how the process in being done to derive accurate results. Below is the conceptualized table that shows the relationship of the dependent and independent variables in this study. Independent Variables Dependent Variables Accounts Payable Process -Invoice Processing Invoice Mismatch -Goods/Invoice Receipt -Travel Expense Accounts Internal Controls Employee’s familiarity of the process -No. of yrs working in AP – Seminars/Trainings attended -Age Figure 2. Conceptualized relationships among variables CHAPTER III RESEARCH METHODOLOGY The study is a descriptive research designed to identify the financial reporting risks present in the SAP ERP system implemented in the Accounts Payable process in Lexmark Cebu Shared Service Center in order to recommend approaches to manage them. The research flow is as follows:
Research Environment The research is conducted at Lexmark Plaza 3, Samar Loop cor. Panay Road, Cebu Business Park, Cebu City. Lexmark Cebu Shared Center is an umbrella of Lexmark Research and Development Corporation. Figure 3. Map of Lexmark Plaza Buildings The Accounts Payable in Cebu Accounting is located at the 5th floor of Lexmark Plaza 3. The company has recently implemented the grouping of teams into functional processes, so the team is easily identified not by geography, but by function, and are clustered into one area in the 5th floor. Research Respondents
The respondents for this research are the Accounts Payable employees in Lexmark CSSC which composed of thirty one (31) individuals and is divided into 3 subgroups such as Invoice Processing, Invoice Mismatch/GRIR and Travel and Expense Accounts. The team is handling all the accounts payable transactions worldwide for 3 geographies such as Asia Pacific, North America, and Europe and Middle East. Below is a table that shows the total number of employees for each subgroup. Table 1. Number of employees per subgroup. Subgroup| No. of Employees| Invoice Processing| 10| Invoice Mismatch/GRIR| 14| Travel Expense Accounts| 7| TOTAL| 31|
The Invoice Processing team ensures the timely posting of all invoices that have been scanned from the country in SAP workflow. This will include correct posting of invoice dates, amounts, and related Purchase Orders. The Invoice Mismatch team are tasked to resolve issues such as: mismatches in the Purchase Orders with invoices, double payments, double invoice bookings and all other related queries. The GRIR team are the ones responsible in resolving the open items in the GRIR account which basically comprises of those Purchase Orders where goods receipt confirmation is higher or lower than the actual invoice booked in the PO or vice versa.
They also ensure that the goods receipt confirmations posted in the Purchase Orders are validated with invoices to make sure that expenses recognized in the financial statements are reliable. The Travel and Expense Accounts team are currently handling the auditing of all travel expenses raised by employees and ensuring that valid documents are being attached to their liquidation. Since the total population size is minimal and in order to get the most reliable data, the researchers chose all the Invoice Processing and Invoice Mismatch/GRIR team as the sample size. Thus, there are a total of twenty four (24) respondents for this survey.
No respondents were selected in the Travel and Expense Accounts team since the team was just newly organized and no process has been established yet as of the time of the research study. Research Instruments A self made questionnaire was used as an instrument for this research study. It was used to find out from the respondents the strengths and weaknesses of the Accounts Payable process being established using the SAP ERP system. The questionnaire aims to identify and evaluate the policies and procedures, working standards, objectives and goals, and accuracy of the existing process and its compliance of internal control mechanism.
Given the fact that the researchers are within the research environment, actual observation and focus group discussions will be used in order to gather vital data and information needed in the realization of this research. Research Procedures Gathering of Data. A complete list of the employee’s names was gathered including the tasks and ledgers currently being handled. The distribution and retrieval of the survey questionnaires were done personally by the researchers. Results were collated, analyzed, and interpreted. Treatment of Data. The statistical tool used for this research was the weighted average method.
Below is the formula for this statistical tool: ? fX WA _______________ ? f Where, WA — weighted average f — frequency x — rating As one of the descriptive methods, it is concerned with the collection and illustration of data in order to give meaningful information. After deriving the weighted average, the data will then be interpreted using the hypothetical rating scale as shown in the table below: Table 2. Hypothetical rating scale. 4. 01 – 5. 00| Always| 3. 01 – 4. 00| Often| 2. 01 – 3. 00| Sometimes| 1. 00 – 2. 00| Rarely|