In ensuring the alignment of an organization’s information system risk and control, beside Entity and General Control, an organization must also strive to set application control at business process level. How do we do that?  Here is one of my paper written ( in Indonesia) for academic journal initially submitted for project completion. It’s a good idea to share it and to be able to discuss control in accounting information system context.

We can adopt COSO’s control principles while collaterally reconciling it with CobiT reference. Only, to comply with CobiT control calls for further refinement in developing the application control, something beyond the scope of the paper. This write up attempts to bring up some idea to fit the COSO into CobiT (or vice versa) on a specific use case of procure-to-pay business process. We show how to link application control goals of procure-to-pay process with the state of control plan fulfillment, that is whether the control plans present or absent in meeting the control objectives. We use control matrix and logical business process model to help annotate the control issues in the respective business activities along the business process.

Control Issues Annotated

Control Matrix showing the absence of control plan.

Control Matrix showing the presence of control plan.

Abstract below is the translated version of the original Indonesia.

Business process analysis has been found in many literatures as a mean of a well developed accounting information system. Application control exists as one of its core component. This paper investigates the business process analysis to understand application control better by embracing combination of COSO and COBIT control frameworks. Case study was conducted in a Singapore-based small furniture trading company. The author employed several process modeling tools such as flowchart,logical data flow diagram and control matrix along with the explanation to obtain richer and more understandable picture of current business process.

By matching COSO-oriented control objective for operation and information process with COBIT-based control objective at application level, a number of presented and missed control are detected within order entry to sales business process as improvement requirements for the company’s internal control activities. It can be concluded that adopting internal control analysis with COSO and COBIT control framework to business process provides practical way to attaining IT governance.

Furthermore, combination of flowchart and control matrix brings about effective communication between management and accounting information system professionals.

Keyword: Internal Control, Business Process, COSO, COBIT, Flowchart

and here’s the full version