The Effect of Erp Systems On Internal Control Systems in Revenue Process of Manufacturing Companies

THE REPUBLIC OF TURKEY
BAHCESEHIR UNIVERSITY
THE EFFECT OF ERP SYSTEMS ON INTERNAL

CONTROL SYSTEMS IN REVENUE PROCESS OF
MANUFACTURING COMPANIES
Master’s Thesis
MUHAMMET FATIH OZDEMIR
ISTANBUL, 2017
THE GRADUATE SCHOOL OF SOCIAL SCIENCE

MASTER OF BUSINESS ADMINISTRATION
THE EFFECT OF ERP SYSTEMS ON

INTERNAL CONTROL SYSTEMS IN REVENUE
PROCESS OF MANUFACTURING COMPANIES
Master’s Thesis
MUHAMMET FATIH OZDEMIR
Supervisor: ASSOC. PROF. FATMA ULUCAN ÖZKUL
İSTANBUL, 2017
GRADUATE SCHOOL OF SOCIAL SCIENCE

WEEKEND MBA PROGRAM
Name of the thesis: The Effect oF ERP Systems on Internal Control Systems In
Revenue Process of Manufacturing Companies
Name/Last Name of the Student: Muhammet Fatih Özdemir
Date of the Defense of Thesis:
The thesis has been approved by the Graduate School of Social Science.
Assist. Prof. BURAK KÜNTAY

Graduate School Director
Signature
I certify that this thesis meets all the requirements as a thesis for the degree of
Master of Arts.
Assoc. Prof. Ela ÜNLER

Program Coordinator
Signature
This is to certify that we have read this thesis and we find it fully adequate in
scope, quality and content, as a thesis for the degree of Master of Arts.
Examining Comittee Members Signature____
Thesis Supervisor -----------------------------------

Title, Name and Surname
Thesis Co-supervisor ----------------------------------

Title Name and Surname
Member -----------------------------------
Member -----------------------------------
ABSTRACT
THE EFFECT OF ERP SYSTEMS ON INTERNAL CONTROL SYSTEMS IN

REVENUE PROCESS OF MANUFACTURING COMPANIES
Muhammet Fatih Özdemir
Master of Business Administration
Thesis Supervisor: Assoc. Prof. Fatma Ulucan ÖZKUL
April 2017, 56 pages
The aim of this study is to examine the relationship between ERP Systems and internal
control systems. In this context, the impact of ERP systems on internal control is
examined in the revenue cycle of organizations. In the study, firstly the theoretical
information about ERP Systems, internal control system and revenue processes were
given and related previous studies were examined. The survey method was chosen as the
research methodology. The questionnaire was sent to the internal audit departments of
the BIST companies operating in the manufacturing / manufacturing sector. Internal audit
managers / senior auditors were asked to evaluate the effectiveness of ERP systems in
meeting the 29 control objectives that are compatible with the COSO Framework. As a
result of the study, ERP systems are found to have a positive impact on the internal control
system in that they have a significant positive impact on the majority of the control
objectives.
Keywords: ERP Systems, Internal Control, Revenue Process, COSO Framework
iii
ÖZET
ERP SİSTEMLERİNİN İÇ KONTROL SİSTEMLERİ ÜZERİNDEKİ ETKİSİNİN

İMALAT FIRMALARININ GELİR SÜRECLERİNDE İNCELENMESİ
Muhammet Fatih Özdemir
Haftasonu MBA Programı
Tez Danışmanı: Doç. Dr. Fatma Ulucan ÖZKUL
Nisan 2017, 56 sayfa
Bu çalışmanın amacı ERP Sistemleri ile iç kontrol sistemleri arasındaki ilişkiyi

incelenmektir. Bu bağlamda ERP sistemlerinin iç kontrol yapısındaki etkisi
organizasyonların gelir süreçlerinde incelenmiştir. Çalışmada İlk olarak ERP Sistemleri,
iç kontrol sistemi ve gelir süreçleri hakkında teorik bilgi verilmiş, konu ilgili olarak
gerçekleştiren önceki çalışmalar incelenmiştir. Metodoloji olarak anket yöntemi
seçilmiştir. Anket değerlendirilmek üzere üretim/ imalat sektöründe faaliyet gösteren
BIST firmalarının iç denetim departmanlarına gönderilmiştir. İç denetim
müdürleri/kıdemli denetçilerden ERP sistemlerinin COSO Framework'e uyumlu 29 adet
kontrol hedefini karşılamadaki etkinliklerinin değerlendirilmesi istenmiştir. Çalışma
sonucunda ERP sistemlerinin genel olarak kontrol hedeflerinin büyük bir çoğunluğunu
karşılamada etkili olduğu, bu bağlamda iç kontrol sistemine olumlu katkı sağladığı
görülmüştür.
Anahtar Kelimeler: ERP Sistemleri, İç kontrol, Gelir süreci, COSO Framework
iv
CONTENTS
TABLES........................................................................................................................viii
FIGURES.........................................................................................................................x
ABBREVIATIONS........................................................................................................xi
1. INTRODUCTION.......................................................................................................1
2. LITERATURE REVIEW............................................................................................3
2.1 ENTERPRISE RESOURCE PLANNING SYSTEM..................................3
2.1.1 Overview of the ERP Systems.........................................................3
2.1.2 Evolution of Enterprise Resource Planning Systems....................4
2.1.3 General Characteristics of ERP Systems.......................................5
2.1.4 ERP Systems Components..............................................................6
2.1.5 Categorizing Contributions of ERP Systems.................................7
2.1.6 Limitations of ERP Systems............................................................8
2.1.7 ERP Market Overview....................................................................9
2.2 INTERNAL CONTROL SYSTEMS..........................................................12
2.2.1 The Concept of Internal Control..................................................12
2.2.2 Internal Control Objectives..........................................................15
2.2.2.1 Operations objectives.....................................................15
2.2.2.2 Reporting objectives.......................................................15
2.2.2.3 Compliance objectives....................................................15
2.2.3 Principles and Components of Internal Control System…........15
2.2.3.1 Control environment......................................................16
2.2.3.2 Risk assesment................................................................17
v
2.2.3.3 Control activity...............................................................19
2.2.3.4 Information & communication.....................................19
2.2.3.5 Monitoring......................................................................20
2.2.4 Importance and Necessity of Internal Control System...............21
2.2.5 Internal Control Structure in ERP Environment.......................22
2.3 REVENUE CYCLE OF ORGANIZATIONS............................................24
2.3.1 Overview of Revenue Cycle...........................................................24
2.3.2 Possible Risks in Revenue Processes............................................25
2.3.2.1 Improper revenue recognition.......................................26
2.3.2.2 Inventory schemes..........................................................27
2.3.2.3 Billing schemes................................................................27
2.3.2.4 Misappropriation of assets.............................................28
2.4 REVIEW OF PERIVIOUS ACADEMIC STUDIES................................28
3. METHODOLOGY....................................................................................................33
3.1 OBJECTIVE OF THE RESEARCH..........................................................33
3.2 RESEARCH METHODOLOGY...............................................................33
3.2.1 Sample Design................................................................................35
3.2.2 Conducting the Survey..................................................................35
3.2.3 Data Collection..............................................................................35
4. RESULTS...................................................................................................................37
4.1 SALES ORDER AUTHORIZATION RESULTS.....................................37
4.2 SALES ORDER ENTRY AND PROCESSING RESULTS......................39
4.3 BILLING CONTROL RESULTS...............................................................42
vi
4.4 COLLECTION RESULTS.........................................................................48
4.5 FINANCIAL REPORTING RESULTS.....................................................51
4.6 GENERAL CONTROL ACTIVITY RESULTS.......................................52
5. DISCUSSION & CONCLUSION.............................................................................55
REFERENCES..............................................................................................................57
vii
TABLES
Table 2.1: Categorizing contributions of ERP systems...........................................8
Table 2.2: Possible problems due to excessive risks and controls........................18
Table 3.1: Questions category and question numbers per category......................34
Table 3.2: Number of responses per section of the survey....................................36
Table 4.1: Control objective 1 in sales order authorization sub process...............38
Table 4.4: Control objective 4 in sales order entry and processing.......................40
Table 4.8: Control objective 8 in billing sub process............................................42
Table 4.9: Control objective 9 in billing sub process............................................43
Table 4.10: Control objective 10 in billing sub process.........................................43
viii
Table 4.19: Control objective 19 in collection sub process....................................48
Table 4.24: Control objective 24 in financial reporting sub process......................51
Table 4.25: Control objective 25 in financial reporting sub process......................52
Table 4.26: Control objective 26 in general control activities sub process….........52
Table 4.27: Control objective 27 in general control activities sub process............53
ix
FIGURES
Figure 2.1: The concept of Enterprise Resource Planning........................................3

Figure 2.2: Evolution of ERP systems......................................................................5
Figure 2.3: ERP market on global scale in 2013......................................................10
Figure 2.4: COSO cube...........................................................................................16
Figure 2.5: ERP system’s control assumptions.......................................................24
Figure 4.1: Which Erp program is used in your organization..................................37
Figure 4.2: Rating averages for sales order authorization sub process….................39
Figure 4.3: Rating averages for sales order entry and processing..........................42
Figure 4.4: Rating averages for billing sub process.................................................47
Figure 4.5: Rating averages for collection sub process............................................50
Figure 4.6: Rating averages for general control activities sub process....................54
x
ABBREVIATIONS
AAA : American Accounting Association

ACFE : Association of Certified Fraud Examiners
AICPA : American Institute of Certificated Accountants
APS : Advanced Planning and Scheduling
BIST : Borsa İstanbul
CIMA : Chartered Institute of Management Accountants
COSO : Committee of Sponsoring Organization
CRM : Customer Relationship Management
DBMS : Database Management System
EAMs : Embedded Audit Modules
EMEA : Europe, Middle East and Africa
ERP : Enterprise Resource Planning
FCPA : The Foreign Corrupt Practices Act
FEI : Financial Executives International
IC : Inventory control
IIA : Institute of Internal Auditors
IMA : Institute of Management Accountants
IP : Internet Protocol
IT : Information Technology
MBS : Microsoft’s Business Solutions
MRP : Material Requirements Planning
PDP : Public Disclosure Planform
SEC : Security Exchange Commission
SME : Small Medium Sized Enterprise
SOX : Sarbanes-Oxley Act
xi
1. INTRODUCTION
After major corporate incidents in USA such as Worldcom, Enron, the necessity and
importance of the internal control structures in the organizations has draw great public’s
attention. (Huang, Hsieh, Tsao, & Hsu 2008). Due to strong demand for improved
corporate governance and auditing standards, SOX (Sarbanes-Oxley Act of 2002) was
put into force to improve auditing and accounting practices and restore the confidence of
investors. (Damianides, 2005)
The SOX mandates managements to take responsibility and accountability of adequate

and proper internal control structure in their organizations. (Morris, 2011) Therefore, the
law gives paramount importance to founding well-established and secure information
systems and according internal control system of the organization to provide adequate
compliance. Accordingly, because of control structure of ERP systems, The SOX seems
to encourage companies to implement these programs for establishing compliance efforts.
(Grabski, Leech & Schmidt, 2011) Hence, it is important to have knowledge about ERP
System.
Although there are various definitions of ERP Systems, in general terms, most of the
authors are referring similar concept with certain features. For example, ERP Systems
can be defined as software systems, which provide integration of all business process,
and data flow from all parts of organizations. The systems are designed to support
functional areas such as sales & marketing, stock management, finance, HR management,
production & planning (Rashid, Hossain, & Patrick, 2002) Today many organizations
from multi national companies to SMEs’ across the world has implemented ERP Systems
for various purposes. Some of them have had ERP Software to gain competitive
advantage, some organizations aim at increasing standardization, reducing cost or
replacing legacy systems. (Mabert, Soni & Venkataramanan, 2000)
Enterprise Resource Planning (ERP) offers many gains such as real-time information
flow, enhanced transparency and visibility, and higher level of automated tasks and
operational efficiency.(Gupta & Kohli, 2006)
ERP Systems, by integrating huge amount of internal data, shaping business processes,
assigning pre-determined roles and authorization level for every user contribute greatly
to internal control systems of organizations. (Grabski et. al, 2011)
Because ERP implementation is not easy task in which organizations allocate huge
amount of resource, time and effort (Davenport, 1998). It seems that majority of ERP
related studies focused on two main streamlines; First group of studies are on ERP
implementation process and success factors and the second group of studies focus
measuring firms’ performance after ERP implementation. Currently a third stream of
studies from various topics including internal control and ERP systems has gained
momentum. (Morris, 2011) Parallel to third stream of researches, this study aims to
understand the relationship ERP Programs and internal control system by addressing
revenue process, which is one of most vulnerable areas of organizations against fraud and
errors. The study particularly aim to investigate how effective ERP systems are meeting
control objectives that are in line with COSO framework in revenue cycle of
organizations. The outline of the thesis is mentioned in the following paragraphs.
In the second chapter, the ERP systems are explained in detail. Within this context, the
evaluation of the ERP systems, the main characteristics of ERP systems, ERP programs
components, benefits and limitations of ERP Program, general knowledge about ERP
market are covered. In addition to this, the concept and evaluation of internal control are
investigated. Internal control objectives, internal control components and principles, the
importance and necessity of internal controls structure in ERP environment are explained.
Furthermore, theoretical knowledge about revenue process and possible risks and frauds
in revenue cycle of the organization are given. In addition, academic studies related to
ERP programs, and internal control systems are examined. In chapter three, related
information about research methodology is given. In addition to this, in chapter four
findings from the study are introduced. Lastly, in the final chapter the study is briefly
explained and assessed. Limitation of the study and recommendation for future studies
are proposed.
2
2. LITERATURE REVIEW
2.1 ENTERPRISE RESOURCE PLANNING SYSTEMS
2.1.1 Overview of The ERP Systems
Many organizations have channeled considerable amount of resource, time and effort into
implementation of Enterprise Resource Planning Systems in order to enhance their
organizational effectiveness, increase productivity and benefit from real time
information. (Davenport,1998)
It can be said that ERP systems can be considered as computer programs that provide
integration of all meaningful data and all functional and operational processes of
organizations. The software are designed to support business functions of organizations
such as sales, billing and distribution, HR Management, financial applications and
reporting, stock management (Rashid et. al, 2002)
Figure 2.1: The concept of enterprise resource planning
Source: Rashid, Hossain & Patrick (2002)
Compared to legacy systems or in house softwares, ERP Systems offer continuous

support and updates, reduction in costs and opportunity of connection of all functions of
organization within same database. (Klaus, Rosemann, Gable, 2002)
3
With integrated structure, ERP programs enable easier and visible exchange of data
between all functions, which contribute to monitoring all actions of agents of
organizations (Rashid, et. al 2002) With enterprise-wide integration, it is highly possible
that Enterprise Resource Planning Systems standardize operations, way of doings and
make major contributions to lower reduction in maintenance fees, and reporting activities.
(Obitade, 2015)
2.1.2 Evolution of Enterprise Resource Planning Systems
The evolution of ERP systems closely related to advancements in information technology

especially in computer hardware and software systems. Newer developments in both area
increase ERP Systems applicability to all organizations which have given pave the way
to increase usage of these systems. Considering beginning point, ERP systems can be
tracked to inventory control packages (IC), which are used by considerable number of
organizations during 1960s in order to automate their stock control activities. (Rashid et.
al, 2002)
In 1970s, Material requirements planning (MRP) systems were developed to plan and
estimate more efficiently product or parts requirements. MRP Systems evolved into
MRPII systems in 1980s that focused on improving manufacturing processes by adding
new functionalities like sales planning, capacity management and scheduling. (Chen,
2001)
Although MRPII was initially introduced for optimizing manufacturing planning, new
areas such as finance, sales and distribution, and human resources are included to support
profitability and customer satisfaction objectives. (Klaus et al, 2000)
In 1990s, ERP system was introduced with the aim of integration of functional areas and
operational activities. By benefiting technical infrastructure MRP and MRP II, ERP
systems integrated business processes like production, financial applications, sales, HR
management, and stock management in order to create a consistent, transparent and
accessible structure throughout the organizations (Rashid, et.al, 2002)
4
Figure 2.2: Evolution of erp systems
Source: (Rashid et. al, 2002)
Starting from the 1990s, ERP vendors added more modules and functions as “add-ons”
which are additional components to fulfill companies’ needs that are not covered by
standard ERP components. These New ERP modules include electronic business
advanced planning and scheduling solutions like supply chain management (SCM)
customer relationship management (CRM) (Rashid et. al, 2002)
In 1994, introduction of R/3 Software by SAP, one the major ERP Vendors, ERP systems
stated to gain considerable popularity and attention. In following years, companies started
to allocate huge amounts of budgets to benefit from ERP systems created by SAP and the
other main vendors Oracle, Microsoft, J.D Edwards. Considering future prospects,
industry insiders estimated that the ERP market is capable of maintaining an industry
growth rate of 30 percent. (Chen, 2001)
2.1.3 General Characteristics of ERP Systems

ERP Systems have following general features;
i. ERP system is highly customized to meet diverse needs of customers from various
industry and sectors (Klaus et al, 2000)
ii. ERP Systems are integrated sets of comprehensive software based on modular
design of business functionalities. These sets of business functions are financial
and cost accounting, computer supported manufacturing and production, planning
activities , sales and distribution (Boykin, Corbitt & Sandoe, 2001)
5
iii. ERP systems provide that huge amount data is shared from a single information
repository. (Boykin et.al, 2001)
iv. Standard interfaces in the software enable error-free data flow among the
modules, which contribute to operational visibility of the system (Rashid et. al,
2002)
v. ERP Systems need considerable amount of time to tailor and configure setups for
integrating with the company’s business functions. In addition, their complex
structure can create high cost for organizations. (Rashid et. al, 2002)
vi. The modules utilize centralized common database management system (DBMS)
and work in real time with online and batch processing abilities. (Rashid et. al,
2002)
vii. ERP systems have the flexibility of in terms of language currency and accounting
standards (Macris, 2004)
2.1.4 ERP Systems Components

ERP systems consist of integrated several modules, which exchange flow of all sort of
information using same database. Although various ERP vendors provide specific
modules based on specialty, most of them design similar modules that can meet needs of
business functions. These modules can be listed as; (Rashid et.al, 2002)
i. Accounting
ii. Financial reporting
iii. Production management
iv. Sales & shipment management
v. Human resources management
vi. Supply chain management
vii. Customer relationship management
viii. Electronic business
6
2.1.5 Categorizing Contributions of ERP Systems
Many organizations have allocated considerable amount of resource in order to benefit

from ERP Programs. While some companies’ primary aim is gain from operational
activities, some of them plan to improve their reporting decision making capabilities.
Therefore, in literature many academicians has tried to categorize benefits of ERP
Systems according to organizations’ motives.
Accordingly, it can be seen that in Shang and Seddon’s (2000) comprehensive study,
benefits of ERP systems are categorized into five groups;
i. Operational benefits are decrease in employment cost, expenses related to stock

management, maintenance and administration , improvement of cycle time of
customer support activities, employee support activities, supplier support
activities, productivity, customer service and quality improvement
ii. Managerial benefits contribute to higher level of resource management, better
decision making and provide better performance supervision in a variety way in
all levels of the organizations.
iii. Strategic benefits support organizations’ current and future business growth plans,
support business alliance by consolidating newly acquired companies, enhance
product differentiation through customized product or services and make to order
capabilities, build business innovation and cost leadership, provide global level
operations with centralized structure, global resource management and multi-
currency capabilities and provide E-business capabilities.
iv. IT infrastructure benefits includes enhanced business flexibility and IT
infrastructure capability, reduction in IT costs, adaptability to modern
technologies, external parties and different systems
v. Organizational benefits are backing businesses in organizational changes,
providing better employee morale and satisfaction, changing employee behavior
and culture.
O’Leary (2004) on the other hand, categorize the benefits of ERP systems into two
groups; These are tangible benefits and intangible benefits.
7
He also assert that while intangible benefits are varied across different industries, tangible
benefits mostly are independent in terms of industry.
Table 2.1: Categorizing contributions of ERP systems

Tangible Benefits Intangible Benefits
Reduction in Stock Levels Transparency
Reduction in Labor Better Founded Processes
Improvement in Productivity Customer Responsiveness
Improvement in Order Management Decrease in Cost
Financial Close Cycle Reduction Integration
Reduction in Information Technology Costs Standardization
Reduction in Procurement Expense Flexible Structure
Improvement in Cash Cycle Globalization
Revenue/Profit Increases Year 2000 İssue
Reductions in Transportation/Logistics Cost Better Performance in Business
Reductions in Maintenance Expenses Demand and Supply Chain
On-Time Delivery
Source: (O'Leary, 2004)
2.1.6 Limitations of ERP Systems
Although ERP systems are widely used in large number of countries and various sectors,
there are many critical drawbacks of ERP software for organizations.
ERP systems implementation should be seen as a highly complex, which requires

considerable amount of budget, time and expertise. (Davenport, 1998) In USA, the
estimated investment of ERP systems ranges between $400,000 and $300 million and the
implementations takes approximately, two year to complete. (O’Leary, 2000)
Vendor dependency is another drawback of ERP Software. (Rashid et.al, 2002). Even
implementation process is completed, considerable amount resources are needed to
maintain and update these systems. (Obitade, 2015) Indeed, ERP vendors have important
amount of income sources from maintenance costs of ERP systems. (Chung and
Skibniewski, 2007)
Customization of ERP Systems to organizations structure and processes has a certain

limit. After a certain point, organizations have to select options that vendors offered.
8
It is very important to note that organizations might lose the way of doings or peculiar
process, which provide competitive advantage over its competitor or in some cases;
organizations find themselves more inefficient structure as compared to prior legacy
systems. (Davenport, 1998) Considering a survey conducted by Gartner, only 60 percent
of organizations having ERP systems claim to have achieved the expected benefits.
(Obitade, 2015)
Resistance to new system is another important drawback during ERP implementation

process. (Workforce, 2002) With the ERP systems, organizations has gone through a
complex transformation, which change organizational roles, structures, and processes.
Therefore, it is possible that the personnel create resistance to the new system. (Boudreau
and Robey 2005)
2.1.7 ERP Market Overview
According to ERP software market report Gartner, The worldwide ERP software market
grew 3.8% from $24.4 Billion in 2012 to $25.4 Billion in 2013. SAP preserve its
leadership in ERP market in 2013, selling $6.1 Billion in ERP software up from $6 Billion
in 2012. Oracle is second with $3.117 Billion in sales in 2013. Sage is third with $1.5
Billion in sales in 2013.1 The following graphic below shows ERP software market share
for 2013 across the world.
1
http://www.forbes.com/sites/louiscolumbus/2014/05/12/gartners-erp-market-share-update-shows-the-
future-of-cloud-erp-is-now/#1705f42574a1
9
Figure 2.3: ERP market on global scale in 2013
ERP Software Market in Global Scale, 2013

Market Size: $25.4B, 3.8% Growth Over 2012
SAP
24%
Others
37%
Oracle
12%
Yonyou
1% Sage
Totvs 6%
2% IBM Infor
Concur Kronos Microsoft 6%
2% 2% 3% 5%
Source: www.forbes.com
Gartner reports that Workday, Workforce Software, Cornerstone on Demand and

NetSuite are the five fastest-growing vendors worldwide from 2012 to 2013. “Workday’s
revenue grew 86.1 percent, WorkForce Software, 57.6 percent; Cornerstone on Demand,
57 percent; and NetSuite, 39.6 percent”2
The Biggest Vendors’ Profiles

i. SAP: Founded 1972, SAP today is the global leader in business application and
analytics software in terms of market share and the market leader in digital
commerce. SAP works with 345.000 customers and 15.000 business partners
more than 180 countries. SAP claimed that 87 percent of Forbes Global 2000 are
SAP customers and 80 percent of SAP customers composed of SME’s. “SAP has
84.183 employees worldwide in 2016. Total Revenue for 2016 is €22.07 billion.
The majority of SAP's 2016 revenue came from Cloud and Software sales
(83.5%)”3
2
3
http://www.sap.com/documents/2016/07/0a4e1b8c-7e7c-0010-82c7-eda71af511fa.html
10
ii. Oracle is serving more than 420.000 customers across 145 countries with $37
billion total revenue for 2016. The majority of the revenues come from software
sales and hardware and services sales are 12 percent and 9 percent respectively.
Considering geographic distribution, “Americas region with 56 percent of the
total revenue is the first, EMEA region with 29 percent of total revenue is the
second and Asia Pacific with 15 percent is the third.”4
iii. Sage is operating with across 23 countries to service our three million customers.
According to 2016 figures, the number of employee in the organization increases
to 13761. The company reaches £1.5 billion revenue in 2016 up from £1,43 billion
in 2015 and generating £427million operating profit. “The revenue mainly comes
from Europe region with 53 percent, North America market with 34 percent is the
second in the revenue structure, and other countries constitutes 13 percent of the
total revenue.”5
iv. Microsoft MBS (Microsoft’s Business Solutions group): Microsoft Dynamics is

a part of Microsoft Business division of Microsoft Corporation, which entered
business solution market in early 2000’s by focusing small and midsized
businesses. In recent years, the Microsoft Business Solutions (MBS) division has
become capable of providing two business programs—Microsoft Dynamics AX
(the former version of Axapta) and Microsoft Dynamics CRM—to big scale
organizations (Computer Economics Report, 2013) According to Forbes,6
“Microsoft is fifth with $1.16 Billion in sales in 2013”.
v. LOGO is very important player for ERP market in Turkey. Founded in 1984, the
company, by focusing mainly SMEs, has become major player for ERP Market in
Turkey. According to LOGO’s consolidated annual report, following SAP,
LOGO with 24.2 percent share, is the second biggest vendor in enterprise software
applications market. The company reaches TL 190.4 million revenue with 697
employee, 85.000 customers and 800 business partners across 45 countries.
4
http://www.oracle.com/us/corporate/oracle-fact-sheet-079219.pdf
5
http://www.sage.com/company/investors/2016-annual-report
6
11
2.2 INTERNAL CONTROL SYSTEMS
2.2.1 The Concept of Internal Control
The concept of the internal control has varied and evolved overtime. Depending on the
different perspectives and needs and external factors, many definitions and interpretations
has aroused, which made very difficult to form a standard universal definition and
comprehend the concept.
In 1892, definition of internal control is introduced in auditing book of English audit-

specialist Lawrence Dicksee. He describe internal control as a system of internal check,
founded by the organization itself, which can be seen as useful tool for accounting and,
auditing. (Arwinge, 2012)
In 1949, internal control is defined by the American Institute of Certificated Accountants

as the plans, coordinated efforts and precautions to preserve organizations’ assets, control
the reliability and accuracy of accounting information, data to improve efficiency in
operations and stimulate adherence to predetermined policies set by management
(AICPA, 1949)
It is substantial point that the 1949 definition includes the objectives covering operational
efficiency and managerial policies, which introduces a new concept of control
considerably broader than the previous ones. (Hay, 1993)
In 1970s, findings about questionable or illegal payments of many corporations caused a

public discontent, which give a way to The Foreign Corrupt Practices Act (FCPA). The
Law aimed to prevent "off-the-books slush funds and bribes". Following this
development, a report from an advisory committee of the AICPA released the broader
concept of internal control, which includes organizational structure, and leadership from
top management terms to provide proper "control consciousness" in organizations. (Hay
1993)
12
However, continuing corporate disasters due to financial fraud and large-scale failures,
increasing institutional investors in ownership of companies has created a strong demand
for improved corporate governance auditing standards. (Hermanson and Rittenberg,
2003)
As a result of such events, the National Commission on Fraudulent Financial Reporting

namely Treadway Commission has been founded in 1987 under the sponsorship of five
important professional organizations namely American Accounting Association (AAA),
The Institute of Internal Auditors (IIA), Financial Executives International (FEI),
Institute of Management Accountants (IMA), American Institute of Certified Public
Accountants (AICPA) to investigate and prevent the causes of errors and fallacy in
financial reports. (Moeller, ch 3, 2005)
The Treadway commission made many recommendations for improving both control and
governance in its report released in 1987. After 1987 report, The sponsors of the
Treadway Commission called as “COSO” for “Committee of Sponsoring Organizations”
introduced a new internal control definition. (Arwinge, 2012) Internal control is defined
as follows: Internal control is a process, effected by an entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance regarding
the achievement of objectives relating to operations, reporting, and compliance. (COSO
1992)
New interpretation considers internal control as a dynamic and non-rigid nature, which
concentrated on processes rather than system or structure of companies or entities.
Additionally, it is important to note that new internal control definition compasses not
only financial but also non-financial objectives, which are outside traditional accounting
oriented internal control concept. (Arwinge, 2012)
In other words, the COSO model interprets that internal control

i. is intended to achieve three classes of objectives (operations, reporting and
compliance)
ii. an ongoing process
13
iii. effected by people at all organizational levels, e.g., the board, management, and
all other employees
iv. able to provide reasonable, but not absolute assurance
v. adaptable to an organization’s structure (Gleim, 2013)
SOX (Sarbanes-Oxley Act of 2002) can be seen another important milestone in the
development of internal control. After the outbreak of several incidents related to big
scale companies such as Tyco International, Enron, Adelphia, and WorldCom, with the
US Congress’ efforts, US President Bush signed the SOX act on 30 July 2002. The Law
was put into force to improve auditing and accounting practices and restore the
confidence of investors, which is the one of the most dramatic change to federal securities
laws since the 1930s. (Damianides, 2005)
SOX obligates that organizations should assess how effective their internal control
systems to give reasonable assurance of having reliable, accurate and proper financial
reporting structure. In this vein, Section 302 of the law mandates companies’ personnel
to give a statement assuring that financial statements’ disclosures are fairly presented are
appropriate. In addition to this, Section 404 requires the senior level officials to found
and maintain an adequate internal control systems and way of doings for financial
reporting and to evaluate their effectiveness (Huang et. al 2008) This is a turning point
for academic studies because internal control was seen an “internal practice” of the
organizations and public companies were generally not required to reveal information
about their internal control systems and structures. Therefore it was a tiresome process to
reach a particular information for academicians until SOX Law (Morris, 2011 ) For this
reason, sections 302 and sections 404 parts of the act have been attracted great attention
by many academicians (Damianides, 2005)
It can be also said that After SOX law, the recognition and usage of COSO framework
has increased. Although the SEC (Security Exchange Commission) rules do not require
the use of a certain framework, SEC has expressed that COSO framework is meeting the
requirements of SEC’s criteria (SEC, 2008)
14
2.2.2 Internal Control Objectives
In COSO Framework, objectives of the internal control process are categorized into three
groups namely operation, reporting and compliance objectives. (COSO, 2013)
2.2.2.1 Operations Objectives

Operations objectives aim at achieving the organization’s mission through improving
financial performance, productivity, quality innovation and customer satisfaction. In
addition to this, organizational objectives give utmost importance to safeguarding of
assets. These objectives not only cover risk assessment activities and improvement of
mitigating controls but also broader goals such as avoidance of waste, inefficiency.
(Gleim, 2013)
2.2.2.2 Reporting Objectives

Reporting objectives refer to financial or non-financial reporting and external or internal
reporting. These objectives contribute to making sound decisions, having reliable timely
and transparent information for organizations’ stakeholders. (Gleim, 2013)
2.2.2.3 Compliance Objectives

Compliance objectives pertain to conformity with laws and regulations in which
organizations have to apply and put into practice. These can be external such as taxation,
environmental protection or internal like following internal policies procedures. (Gleim,
2013)
2.2.3 Principles and Components of Internal Control System
The COSO Framework is composed of five internal control components and twenty
internal control principles to each of the five components. Five components of COSO's
control framework can be seen an effective mean for organizations to plan, evaluate and
update their controls in order to meet organizations’ operational, reporting and
compliance objectives. (Rittenberg, 2007)
15
“A direct relationship exists between objectives, which are what an entity strives to
achieve, components, which represent what is required to achieve the objectives, and the
organizational structure of the entity (the operating units, legal entities, and other).”7
Figure 2.4: COSO cube
Source: (COSO, 2013)
2.2.3.1 Control environment
The control environment is a set of standards, processes, and structures that make possible
to perform internal control throughout all organization. The control environment
component aims at setting the tone of organizations in order to have a sound risk culture.
(COSO 2013) Therefore, it can be seen as a foundation for all other components of
internal control. (COSO, 1992, p. 2).
Control environment encompasses;

a. The integrity and ethical values of the organization
b. The leadership, direction and supervision responsibilities of the board of
directors
7
https://www.coso.org/Documents/990025P-Executive-Summary-final-may20.pdf
16
c. The organizational structure and management’s tendency and way of doings,
assignment of roles and responsibilities
d. All processes for the sake of retaining competent individuals (COSO, 2013)
The Control environment also compromises the accountability for their internal control
responsibilities in pursuit of objectives. This can be can accomplished if management and
the board of the organization holds individuals accountable through structures, authorities
and responsibilities and founds performance measurements, rewards and incentives.
(Gleim, 2013)
Thus, control environment enable that controls exist on an entity-wide level, in which the
control structure has broad and pervasive effect on business processes, control diligence
and risk-taking behaviors. (Arwinge, 2012)
The control environment propounds five principles in order to have a sound and effective
control environment. These are;
1. Commitment to integrity and ethical values should be demonstrated by the
organization.
2. The board of directors should be independent and oversee the development and
effectiveness of internal control.
3. Management should determine role, responsibilities and establish authority levels,
with board to follow the objectives.
4. The organization should give effort to attract, develop, and keep competent
employees in line with objectives.
5. Employees should be accountable for duties and responsibilities related to internal
control (COSO, 2013)
2.2.3.2 Risk assessment

Risk can be described as uncertainty of event or factors that affect organizations
positively or negatively. Considering internal control literature, risks refers to possible
unpleasant situations that organization may encounter. Sampson (1999) states that It is
natural to expect that organizations face various risks during their daily operations.
17
These can be simple errors as well as major ones that prevent an entity from meeting its
goals and objectives. Therefore, it is highly required that the management evaluates all
risks that the organization might face. To this end, risk assessments has an effective role
in determining what the risks are, what control are needed, and how they should be
managed (COSO, 1992, p. 3)
It is also important that risk assessment activities should cover across all organization and
at all level. During risk assessment, evaluating likelihood of a risk as well as the
estimation of costs of the risk in terms of quantitative, qualitative and determing
correspondent risk tolerance levels are crucial factors that should be considered. (COSO,
1992, p. 3)
By conducting right risk assessment activities, organizations have an opportunity of

attaining reasonable assurance, which help avoiding devastating effects of excessive risks
and spending too much resource and efforts to excessive controls. (Sampson, 1999) Table
2 shows possible problems organizations can encounter if they are not successful in
managing risks:
Table 2.2: Possible problems due to excessive risks and controls
Excessive Risks Excessive Controls

Loss of Grants, Assets, Donor Increased Bureaucracy
Poor Business Decisions Reduction in Productivity
Non-compliance Increased Complexity
Increased Regulations Increased Cycle Time
Major incidents that cause public Increase of activities that have minor
backlash importance
Source: (Sampson,1999)
COSO frameworks suggests four principles to conduct right risk assessment.

a) The organization specifies objectives with sufficient clarity to enable the
identification and assessment of risks relating to objectives.
b) The organization identifies risks to the achievement of its objectives across the
entity and analyzes risks as a basis for determining how the risks should be
managed.
18
c) The organization considers the potential for fraud in assessing risks to the
achievement of objectives.
d) The organization identifies and assesses changes that could significantly influence
the system of internal control.
2.2.3.3 Control activity

Control activities can be seen as the activities created through procedures and policies
that help management in reducing risks to succeed objectives of the organization. They
are performed at various levels of the organization and its processes over the technology
environment. (COSO, 2013)
Control activities can be detective or preventive in nature and can compromise both
automated and manual activities. (COSO, 2013) To illustrate, control activities
compromises activities such as giving authorizations, establishing segregation of duties.
In addition, certain controls embedded in information systems or verifying a document
or transaction can be seen as control activities. (Sampson, 1999)
In the updated version of the COSO framework in 2013, there are three principles to
conduct control activities. Firstly, the organization select and develop control activities
to mitigate risks. Secondly, the organization select and develop controls over information
technology. Lastly, the organization perform control activities through policies and
procedures. (Arwinge, 2012)
2.2.3.4 Information & communication

Information is vital for organizations to implement internal control responsibilities in
order to meet organizational goals. Information from external and internal sources is used
by management to contribute to the effectiveness of other components of internal control.
(COSO, 2013)
Communication is dynamic, continual process in nature, which provides shares and

obtains necessary information to interested parties. Internal communication enable to
transmit and convey information throughout the organization.
19
External communication is also need for exchanging information with external parties in
response to requirements and expectations. Additionally, effective communication is a
useful means for personnel to comprehend messages from senior management in terms
of control duties within the organization. (COSO, 2013)
The COSO framework mandates three principles for information & communication
component
a. The organization should obtain, generate and uses relevant, quality information to
support its internal control mechanism.
b. The organization should have internal communication to disseminate all
necessary information, including objectives and responsibilities for internal
control to support internal control system.
c. All issues that are affecting the functioning of internal control should be
communicated with related external parties. (COSO, 2013)
2.2.3.5 Monitoring
Monitoring activities can be seen as measurement of internal control quality over time. It
can be observed that monitoring activities are not static in nature. Rather, these activities
continuously aim at improving internal control effectiveness. For instance, while ongoing
evaluations give the opportunity of timely information and feedbacks, separate
evaluations such as audit reports, assessments conducted by employees, which conducted
periodically can be considered effective tools to evaluate of internal control structure
within organizations. (Sampson, 1999)
Ongoing monitoring activities, separate evaluations or either of them play a vital role to
confirm that each of internal components from control environment to monitoring
activities are effective, available and functioning. (COSO, 2013)
In updated version of COSO framework, there are two principles for monitoring
component that an organization should take into consideration:
a. Selecting and performing ongoing and separate evaluations.
b. Evaluation and communication of internal-control deficiencies (Arwinge, 2012)
20
2.2.4 Importance and Necessity of Internal Control Systems
Arwinge (2012) in his comprehensive study on internal control, try to explain underlying
reasons that lead to internal control systems in organizations. He assert that need of
control systems arise from two significant theories; agency theory and institutional
theory.
The relationship between principals and agents are explained by agency theory in
business in which principals delegate responsibility to the agents within the context of
separation of ownership.
If both party act for solely own benefit, it is a natural outcome that agent will not always
serve for the interest of the principal. Hence, the principal may choose to establish
effective control system in order to decrease information asymmetry and monitor
behavior or output of agents. Otherwise, it may be both difficult and expensive to receive
information about the true behavior of the agents.
On the other hand, institutional theory takes different perspective to explain control
practices are adapted and evolved. The theory put forward that internal control or similar
systems or structures are established in order to have legitimacy in the public, which gives
organizations social accountability, conformity with expectations of the public. The
theory also adds that reassures from governments, professions and organizations that
determine standards also lead to foundation of internal control system in various entities.
There are numerous number of studies addressing directly or indirectly the importance of
internal controls for organizations. For example, Wang (2012) states that failure to
establish effective internal control may reduce inventors’ confidence financial statements
and lead to increase intentional manipulations and errors. Dobre (2011) found that the
firms that restate their earnings because of errors, fraud shows relationship with
organizations that have material weaknesses. Similarly, according to ACFE report in
2012 it is revealed that due to lack of proper established internal control systems, the
typical organization loses 5% of its revenues due to fraud each year, which equals to
projected annual fraud loss of more than $3.5 trillion across worldwide.
21
2.2.5 Internal Control Structure in ERP Environment
There are many built in controls in ERP systems, which are effective means, if
implemented and used properly, to enhance internal control systems in organizations.
Elbardan (2014) in his comprehensive study categorized several internal control
assumptions as preventive controls, automation, centralization, real time monitoring
consistency of data integration, combined ways of control, standardization, visibility,
compensating controls. Following features of ERP systems contribute to have sound and
effective internal control systems.
a. Automation
With automated processes and validity checks, ERP systems enable that human
intervention related errors are reduced. It is also beneficial for internal audit to monitor
internal control structure. (Elbardan, 2014) ERP systems by automating the business may
enhance efficiency of personnel, and available, accurate and reliable information decrease
errors input stage. (Chand, Hachey, Hunton, Owhoso & Vasudevan, 2005)
b. Centralization
Using centralized database can minimize data redundancy provide integrity and prevent
data loss when using the same data which gives deeper level of control ability and
assurance for entities. (Elbardan, 2014) ERP systems by integrating data from different
units or segments contribute to improve control, and reduction data-entry mistakes
(O’Leary 2004).
c. Continuous Timely Monitoring

ERP systems has the ability to continuously monitor data flow and activities of the users
and produce periodic, ad hoc, exceptional or specialized reports about all activities within
the system. With this infrastructure, organizations have the opportunity of having real-
time control and continuous monitor transactions, user activities, authorizations and
process, which enhance internal control system. ( Elbardan, 2014)
22
d. Data Consistency
ERP Systems standardize business processes and unify the all data process. The system
provides that all data used in standardized processes across the organization is consistent.
(Elbardan, 2014) After ERP Implementation, organizations benefit from a seamless
accumulation of consistent data across the company, which provides improved reliability
and integrity of data. (Chand et. al, 2005)
e. Control through Integration

ERP systems are planned to integrate all data such as non-financial or financial collection
functions within the organization. (Spathis and Constantinides, 2004) Unlike legacy
systems that have fragmented structure, ERP systems offers integration through using one
system with one database. Although traditional systems process each transaction
separately, ERP systems considers all transactions to be part of the interlinked processes
that constitutes all organization activities. (Gupta, 2000) This reduced using inaccurate
information level and make easier updating and accuracy, data-retrieval. In addition, the
automated integration of activities provides transparency, and makes individuals’ actions
visible as data entered in one place automatically flows through to others which contribute
greatly overall internal control system of the organization ( Chapman and Kihn, 2009)
f. Combined Methods for Control Structures

ERP Systems have built in controls, which give the opportunity of providing
simultaneous control activities over the data processed. In other words, it can be said that
simultaneously working many controls lead to more effective control structure for
organizations. (Elbardan, 2014)
g. Preventive Controls
Preventive controls are controls that are aimed and designed to prevent errors, problems
before they occur. Authorization, security and access controls embedded in ERP Systems
can be seen as strong preventive means for a safer internal control environment. ERP
systems enable proactive structure that is capable of stopping incorrect, unauthorized and
incomplete data to be input or processed.
23
The System does not allow violations of any restrictions regarding the removal of
electronically stored data. (Bagranoff, Simkin & Norman, 2010)
h. Transparency
In ERP environment, an entity has the ability of enhancing internal information with the
effect of visibility of operations across business units (Davenport, 1998)
Employees’ actions at all levels are closely monitored under ERP environment that
provides transparency and combined with the utilizing of built-in controls. (Morris, 2011)
Figure 2.5: ERP system control assumptions
Source: (Elbardan, 2014)
2.3 REVENUE CYCLE OF ORGANIZATIONS
2.3.1 Overview of Revenue Cycle
“The revenue cycle can be seen as a continous relationhip with customers, which include
business activities from sales order to shipments and collection of payments in return of
sales of goods and services. Hall (2011) put forward that Direct exchanging of finished
goods and services for cash can be considered as simplest form of revenue cycle. More
complex revenue cycle process can be found in sales on credit transactions in which
physical stage that involves the transfer of goods and services from seller to buyer and
second is the financial stage in which seller receive payment of the account receivable.
24
In revenue cycle process, there are four main business activities; Sales order entry,
Shipping, Billing and Cash Collections processes. (Romney, 2006)
a. Sales Order Entry

Sales Order Entry can be seen as first step of the sales process. In this stage, customer
send or transmit its order. If customers do not use standard order format, sales order
information is transcribed into a formal order format. Before processing order further,
customer’s creditworthiness, limit level is checked and if suitable, customer approved.
Then inventory status of demanded goods or services is controlled.
b. Shipping
Shipping can be considered as second step in which verification of order is performed
and desired merchandise is picked, packed and transferred to customers.
c. Billing
After shipping stage is completed, billing of sent items and goods is executed. Billing of
demanded goods or items is not realized until shipping notification is received because
billing before shipments can encourage inaccurate record keeping and inefficient
operations. Once goods or services billed, account receivables are updated from
information the sales order provides.
d. Cash Receipts
Cash Receipts is last stage of revenue cycle in which a company aims to receive and
secure cash. Therefore the companies deposit the cash to the bank accounts, match the
payment with customer and adjust the correct account and reconcile the details transaction
details.
2.3.2 Possible Risks in Revenue Processes

Revenue cycle should be seen as one of most important process in organizations in terms
of internal control context. Internal control is important within the revenue process
because revenue process of organizations are one of the most vulnerable areas affected
by fraud and abuse. (Orchard & Hoag, 2014)
25
ACFE report in 2012 affirmed that the typical organization loses 5% of its revenues due
to fraud each year which corresponds to projected annual fraud loss of more than $3.5
trillion across worldwide. Hence, it has paramount importance to have knowledge about
various types of fraud schemes and errors in revenue process, which should be considered
by all organizations.
In following paragraphs, most common fraud, error schemes that organization can
encounter in revenue cycle are summarized.
2.3.2.1 Improper Revenue Recognition
a. Side Agreements
Transactions that do not use standard authorized sales terms and conditions. Sellers may
provide terms such as extending payment terms, giving of rights of return, refund, or
exchange in order to recognize revenue before the sale is complete. Side agreements are
generally used to increase sales, meet sales targets or to obtain commissions. (Deloite,
2009)
b. Roundtrip Transactions
Round tripping transactions can be seen where two or more companies buy and sales each
other even if there is no economic benefits to either party. This kind of transactions are
done because of inflating revenue and showing that the organization has strong sales
growth. (Deloite, 2009)
c. Bill and Holds Transactions

“Bill and Hold” activities are considered as legitimate sales in which there is a real order
made for certain good or service. However, the problem is that buyers are not ready,
willing, or able to accept delivery. Hence, seller or sales units may retain the goods in its
facilities or may ship them to different locations, including third-party warehouses in
order to raise sales amounts. (Deloite, 2009)
26
d. Altering Shipping Documentation
Companies may resort to unreal shipping documentation to factitiously record sales
transactions and improperly recognize revenue. By doing this, revenue figures can be
increased in a specific accounting period even if the resulting revenue should have been
recorded in the subsequent accounting period. (Deloite, 2009)
e. Holding Accounting Periods Open

Holding open the books beyond the end of an accounting period to record additional
transactions is another way for companies to enter improper sale entries or cash receipts
that occur after the end of the reporting period in the current period.(CIMA, 2008)
f. Failure of Recording Allowances or Sales Provisions

Some sales transactions needs companies to record provisions or reductions to gross sales
amounts. Companies that fails to record sales provisions or reductions can improperly
overstate revenue figures. It is important to note that this approach may lead to creation
of accounting records that are falsified and modified in order to conceal conditions or the
terms that may need reductions in sale such as purchase orders, invoices and sales
contracts. (Deloite, 2009)
2.3.2.2 Inventory Schemes

SEC ( Security Exchange Commission) and Public Company Accounting Oversight
Board reveal lists of various factors that are misstating accounts in the revenue cycle.
These are Recording consignment sales as final sales
i. Shipping unfinished goods
ii. Shipping products that are more than customers demands
iii. Showing shipments to firm’s own warehouse as real sale transaction (Johnstone,
Gramling & Rittenberg, ch 9 2013)
2.3.2.3 Billing Schemes

Billing frauds and errors are also common in revenue process. Either the content of the
invoice can be fake or the invoice itself can be fake. (Johnstone et al, ch 9 2013). An
employee may produce fictitious invoices or inflate business expenses.
27
For example Employee found a unreal company and bills employer for products or
services not actually taken Or employee try to pay his/her personal expenses by
submitting invoices to the employer. (ACFE, 2012)
Personnel may also attempt to exercise these actions (CIMA, 2008)

i. Over-charging customers
ii. Creating of false credits to refund customers
iii. Pay and return schemes in which a supplier is overpaid because employee
increase bill amount in order to pocket the subsequent refund
2.3.2.4 Misappropriation of assets

There are many types of asset misappropriations. In this section, possible risks that can
be encountered in revenue cycle are listed.
a) Skimming: This type of scheme is one of the most frequent fraud activities in sale
cycle. An employee of the organization steals the cash but do not record
responding transaction (Deloitte) In other words; cash is embezzled from the
company before it is recorded. In addition, employee take the money and do not
record the transaction even if receive payment from a customer is received.
(ACFE, 2012)
b) Cash Larceny: this is another version of stealing cash or making fraud in sale
cycle. Personnel embezzles the cash after it is recorded. This can be done between
cash receipt activities and depositing activities. (ACFE, 2012)
2.4 REVIEW OF PREVIOUS ACEDEMIC STUDIES

Considering academic studies related to ERP Systems, it can be said that majority of
researches are concentrated on topics like ERP system selection and ERP
implementations. It is seems that Academic studies on internal control under an ERP
environment are limited (Huang et. al, 2008) Similarly, Morris (2011) states that early
academic studies focus on ERP systems focus on two research streams: First group of
academic researches give utmost importance to ERP implementation and success factors,
which try to investigate critical success factors for ERP implementation projects.
28
Second streams of studies concentrate on measuring firms’ performance by using archival
accounting and financial data. Currently a third stream of studies has gained momentum
to research various topics such as internal control, financial statement disclosures, audit
and, categorizing benefits, and organizational and strategic implications. In this section,
by following third stream of ERP studies, previous studies investigating ERP systems and
internal control topics are highlighted.
Chapman and Kihn (2009) assert that ERP systems with automated functions makes flow
of information more visible, and provides organization transparency, which contributes
greatly to internal control and internal audit system.
Turner (2009) describes vital systems, functions and processes that are required to
monitor compliance efforts internal control systems and the implications for SOX
compliance. She asserts that control reports produced by ERP systems can monitor and
enhance user access activities and segregation duties, which contributes greatly to
contribute to internal control system of the organization.
Soral and Jain (2011) states that the use of new technologies will increase the quality of
internal control and auditing systems. However, they highlight that the structure and the
complexity of the ERP system can raise newer risks. To illustrate, In ERP environment,
flow information is not intervened because once the data is entered the system most of
the data is undergone automated process. In case of incorrect data, the whole process can
be affected. Therefore, auditors should be alert to the risks related to ERP system.
Canada et al. (2007) investigate the relationship between audit fees and IT and non-IT
related internal control weaknesses. They assert that companies with material IT-based
control weaknesses pay higher audit fees as compared to both firms without any material
weaknesses and firms with only non-IT related material weaknesses. Similarly, Azaltun
et al. (2013) find that companies with ERP systems have more powerful internal control
and higher data reliability. This reflects itself in reduction of audit costs and required time
in organizations.
29
Debreceny et al (2005) investigate potential benefits of Embedded Audit Modules
(EAMs) in ERP systems. Embedded Audit Modules are software programs embedded in
ERP systems, which can continuously monitor the information systems. They find that
these modules can be used to prevent fraudulent behavior, reduce risks and strengthen
internal control structure.
Madani (2009) examines the role of internal auditors in enterprise resource planning
(ERP) based organizations. He points out that ERP system with built-in controls can make
valuable contributions to maintaining effective controls over operations and having
reliable transactions consistent with the organization’s goals and objectives.
Little and Best (2003) assert that ERP Systems with their unique features can contribute
internal control systems of organizations. ERP Systems are able to provide segregation
of duties and controlling user access, which are effective means to prevent fraud and
errors. SAP, one of major vendor in ERP market gives access to users according to their
pre-determined role in their organization. With this control structure, users could not
perform any activities that are outside their roles.
Kim (2013) examines the relationship between ERP systems in companies and audit
report lag. They found that implementation of ERP systems is positively associated with
the effectiveness of internal controls and is associated with shorter audit report lags. This
is because if ERP systems are effectively used, external auditors are likely to regard ERP
firms as having stronger internal controls than non-ERP firms. Weak internal control
indicates high control risk, which may force auditors to conduct more strict audits in order
to decrease detection risk, ultimately leading to an increase in audit work. In addition to
this, they assert that auditing firms that use ERP systems are more efficient which reflects
to auditors’ costs.
Huang et. al (2008) try to explore internal control elements in ERP System environments
by taking SOX act and COSO, COBİT internal control framework as a reference. They
design an internal control framework in ERP systems using 19 detailed factors and the 5
dimensions as the reference point.
30
Then the framework is used to create questionnaires in which they calculate the priority
and weights of each factor by taking insights from Taiwan firms that implemented ERP
Systems.
Morris (2011) examined the relationship between the ERP software application and the
internal control system. Using firms that founded ERP systems between 1994 and 2003
years and were required to fit their control structure to SOX legislation in the first three
years as sample, Morris evaluated these firms based on the frequency of reported internal
control weaknesses and compared its results with the control sample firms that are not
implemented such systems and matched by same industry and similar size. Morris’s
research suggests that firms with ERP programs are less likely to report internal control
deficiencies at both company and accounting levels than non-ERP implementing firms.
Okuda and Nakashime (2015) investigate the relationship between information system
integration and internal control effectiveness. They assert that information system
integration affect internal control effectiveness positively. However, it is important to
point out that although considerable number of study suggests ERP systems with
embedded controls and features such as standardization, ability of real time checking
contribute to improvement of internal control, there are many researcher advocate that
ERP systems can affect negatively internal control structure of firms by increasing new
risks that drive from ERP System itself.
Hsu et al. (2006) state that there four main group of risks related to ERP Systems. These
are control, security, system and business risks. Control risks can arose because of the
interconnectivity and automation of processes, an employee by entering a single data can
lead to launch chain processes. In addition to this, especially for initial implementation
period, it can be expected that employees are unfamiliar with new system and their role
and responsibilities. Therefore, employees can spend considerable amount of time and
effort activities that have minor importance.
31
Hunton et. al (2004) states that organizations with information systems may encounter
business interruption risks such as hardware, software failures, process interdependency
risks in which problems in workflow procedures fail to transmitting from upstream
process (sales orders) to downstream process (shipping, billing). Security risks associated
with information systems is another complexity for organizations. Employees in
organizations or outside hackers endanger the integrity of company’s information
systems. Hence, they conduct a research to evaluate the risks associated with ERP
systems by comparing risk assessments of IT and financial auditors for ERP and non-
ERP environment. They found that both groups of respondents evaluate the risk level
associated with internal control structure higher in the ERP system than the non-ERP
system. However, considering IT related risks of ERP systems, IT auditors evaluate that
firms in ERP environment are more vulnerable to security, network and database related
risks than firms that did not implement ERP programs
To sum up, many researches show that ERP Systems contribute to internal control
systems of organizations. It is also important to note that some of ERP related studies
indicate that ERP systems can increase overall internal control risks. Findings in the
literature do not show unanimity on the relationship between ERP software and internal
control systems.
Hence, in this study, the relationship ERP Systems and internal control system in revenue
process is examined. I try to find whether ERP systems are satisfactory enough to answer
internal control standards of COSO framework in revenue process.
32
3. METHODOLOGY
This sections below explain about selected the objective of the research, research
methodology, sample design the method for data collections and data analysis techniques
will be discussed.
3.1 OBJECTIVE OF THE RESEARCH
In this study, I aim to examine the relationship ERP systems and internal control system
in revenue cycle of organizations. Particularly, I aim to understand how effective ERP
systems in meeting control objectives set by COSO framework. Based on internal audit
heads/senior auditors evaluations, this study tries to find out effectiveness of ERP
systems at meeting internal control requirements in revenue process of
manufacturing/production companies.
3.2 RESEARCH METHODOLOGY
Orchard et. al (2014) presents an evaluation tool for independent or internal auditors to
assess adequacy of their company’s internal control system specifically for
manufacturing sector. They set control objectives pertain to COSO’s internal control
objectives of reliability of financial reporting and operational effectiveness and efficiency
for revenue process. Adapting from Orchard et. al (2014) study, a self-administered
survey was designed to conduct the research.
The survey is composed of 29 questions and covers internal control objectives that are in
line with COSO framework in six sub revenue processes; Sales Order Authorization
Objectives, Sales Order Entry and Processing Objectives, Billing Objectives, Collections
Objectives, Financial Reporting Objectives, General Control Activities Objective. We
also add a compulsory question asking which vendor program (SAP, Oracle etc.) they are
using in order to analyze ERP vendor differentiations in meeting internal control
objectives and a non-compulsory question asking company name for listing and following
purposes. Consequently, the survey contains 31 questions in total.
33
Table 3.1: Questions category and question numbers per category
Questions Category Number of Question

Company Name (Optional) 1
Which ERP program does your organization use? 1
Sales Order Authorization Control Objective
3
Questions
Sales Order Entry and Processing Objectives
4
Questions
Billing Control Objective Questions 11
Collection Control Objective Questions 5
Financial Reporting Control Objective Questions 2
General Control Activity Objectives Questions 4
The responses were designed to fill according to 5-point Likert response type questions,
the response scale are set Strongly Agree (scored as +2), Agree (scored as +1), Neutral
(scored as 0), Disagree (scored as -1) to strongly disagree (scored as -2). Respondents
were asked to evaluate each question by indication their degree of agreement or
disagreement. Here, based on respondents’ assessments, I aim to understand the
effectiveness of ERP Systems in meeting control objectives in revenue cycle.
Additionally, a rating average will be calculated for each questions based on scores taken
by all respondents. Rating averages of each question are used for understanding
satisfaction level of ERP Systems for each control objective. Rating averages above 1
show that ERP System meets concerned control objective and scores approaching +2
means shows higher fulfillment rate. Rating averages between 0 and 1 points shows that
ERP System fulfill partially the control objective but needs to be improved. Within this
context, it can be concluded that the more rating average is close to +2, higher
effectiveness of ERP Systems in meeting control objective is expected. The survey is
planned to send internal audit departments of manufacturing/production companies that
are registered to BIST (Borsa Istanbul) and operating in Turkey.
34
3.2.1 Sample Design
Because ERP Systems demand considerable amount of time, money and commitment,
large enterprises are more outward oriented in ERP adoption than small enterprises
(Laukkanen, Sarpola & Hallikainen, 2008) Hence, selecting BIST companies seems
reasonable, which have higher level of institutionalism, market, financial size. This
corresponds to 506 companies. Further, I narrowed this number by focusing
manufacturing/production sector which needs and uses extensively ERP systems. (Celik,
2011) After this adjustment, 181 firms are remained as the research sample.
3.2.2 Conducting the survey

Self-administered survey was conducted according to model developed by Dillman
(2007), which uses follow-up methods, and anonymity of the responders, customization
in order to improve survey response rates. Firstly I obtained email address of all sample
companies, which are accessible to the in PDP’s website (Public Disclosure Planform).
The first survey was sent to email addresses of all sample companies, which are accessible
to the public in PDP’s (Public Disclosure Planform) website in February 2017. The mail
composed of brief information about the study, assurance of confidentiality and
anonymity and the request of forwarding this mail to internal audit department or
equivalent unit of the organizations and survey link. Approximately two weeks after the
first email sent, a reminder email was sent to the study sample in order to increase
response rate.
Initial responses was low in terms of validity, generalizability and reliability of the study.
To overcome this issue, I contacted managers of internal audit departments of the sample
companies via LinkedIn and asked them to fulfil the survey. I also sent surveys by using
my business network and make phone calls in order to improve response rate further.
3.2.3 Data Collection

Survey Monkey website, which is one of the leading provider of web-based survey
solution is used to collect data of the survey. From this survey, a total of 112 responses
were received in reply to 181 e-mail, survey link sent.
35
Table 3.2: Number of responses per section of the survey
Answered Skipped
Questions
Question Question
Company Name 28 84
Which ERP program does your organization use? 96 16
Sales Order Authorization Control Objective 80 32
Sales Order Entry and Processing Objectives 75 37

Billing Control Objective Questions 72 40
Collection Control Objective Questions 72 40
Financial Reporting Control Objective Questions 72 40
General Control Activity Objectives Questions 72 40
From all answers, incomplete (skipped) responses, quick responses (answers below four
minutes are not counted) and responses from same company or same I.P (Internet
Protocol) are excluded in order to have reliable and valid data. Consequently, the survey
have 68 valid response. Number of responses is enough to meet sample size criteria with
95-percentage confidence level and 10-percentage margin of error, which corresponds 63
answers.
36
4. RESULTS
In this chapter, findings of the study are introduced and examined. According to survey
result, 36 responders state that they are using SAP as a ERP program in their
organizations. Oracle with 14 responses follows SAP and Microsoft Dynamics with 8
responses comes in third and Logo with 3 responses is in fourth place. Lastly, seven
companies choose “Other” option. In Figure 4.1 below, distribution of answers is shown
as percentage.
Figure 4.1: Which erp program is used in your organization?

Other
10,3%
Microsoft -
Microsoft
Dynamics
11,8%
Logo SAP
4,4% %52,9
Oracle
20,6%
In following paragraphs, respondents’ evaluations for each statement are grouped and
shown according to sub process of revenue cycles.
4.1 SALES ORDER AUTHORIZATION RESULTS
This section of survey contains three control objectives to be evaluated. In Table 4.1,
opinions of respondents for each statements in Sale Order Authorization process are
shown as percentage.
As shown in Table 4.1, 43 percent of responders strongly agree that ERP system in their
organization allows orders within approved customer credit limits and prevents orders of
blocked, low credit customers to be processed. 37 percent of responders also agree with
ERP Program that is used in their companies meet the control objective.
37
However, while 6 percent of respondents are indecisive about the control objective, 15
percent of respondents give negative feedback. The rating average based on internal audit
heads/senior auditors’ evaluations equals to 1.04 point for this statement.
Table 4.1: Control objective 1 in sales order authorization

Strongly Strongly Rating
Control Objective Agree Neutral Disagree
Agree Disagree Average
The ERP software does
not allow processing of
sales orders that exceed
43% 37% 6% 12% 3% 1,04
customer credit limits or
involves blocked, low
credit customers.
As shown in Table 4.2, 76 percent of respondents in total support the statement that ERP
systems prevent overrides of standard pricing and terms. While small portion of
responders do not agree with existing ERP programs in their organizations answer the
needs of the control objective, 10 percent of senior auditors/ audit managers choose not
to disclose any opinion. Respondents give overall 1.12 point to ERP Systems’ ability to
meet Control Objective 2.

In ERP Environment,
orders are approved
by management as to 38% 38% 13% 10% 0% 1,12
prices and terms of
sale.
Organizations should also be aware of sale orders that are not in boundaries of usual
transactions. As in shown in table 4.3, higher portion of senior auditors/ audit managers
favor of the ability of ERP Systems to provide essential means to fulfill the objective. On
the other hand, only 6 percent of respondent state disagreement and 6 percent remain
indecisive. As result of evaluations, the statement in Table 4.3 takes 1.26 score.
38
The ERP systems allow
significant or unusual
sales orders if they are
43% 46% 6% 6% 0% 1,26
specifically approved
by management /
authorized personnel.
In Figure 4.2, It can be said that ERP Systems seems to be effective in meeting all three
control objectives in Sales Order Authorization Sub Process.
Figure 4.2: Rating averages for sales order authorization sub process
Rating Averages based on respondents' evaluations
Control Objective 3
Control Objective 2
Control Objective 1
0 0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2
4.2 SALES ORDER ENTRY AND PROCESSING RESULTS
In this section, relationship of ERP Systems and internal control objectives of sales order
entry and processing processes in revenue cycle are examined.
While 7 percent of respondents are undecided on whether ERP Systems could fulfill
control objective 4 as exhibited in Table 4.4, there is a slight disagreement with the
statement. It can also be seen that 88 percent of respondents in total support that ERP
Programs are able to prevent inaccurate or incomplete orders or cancellations of orders
before putting into process. With the effect of high support to the statement the rating
average equals to 1.28
39
Table 4.4: Control objective 4 in sales order entry and processing
ERP Systems provide
that orders and
cancellations of
41% 47% 7% 4% 0% 1.28
orders are input
accurately and
completely.
Conveying order entry data to next stage in revenue cycle is also important step for
organizations. Majority of participants exhibited in Table 4.5 approve that ERP Systems
provide that data entries of sales orders are transferred completely and accurately to the
shipping and invoicing stages. While 9 percent of respondents show neither agreement or
disagreement, 7 percent of respondents in total do not agree with ERP Programs’ ability
to meet the objective. As a result of all assessments, the rating average equals to 1.09

Order entry data is
transferred
completely and
accurately to the 37% 47% 9% 6% 1% 1.09
shipping and
invoicing activities in
ERP Environment
In Table 4.6, respondents are asked to evaluate how effective ERP Systems in ensuring
entry and processing of all customer orders via EDI platforms. While 21 percent of
internal audit managers/ senior auditors express as strongly agree on this statement, 43
percent of correspondents agree with the effectiveness of ERP Programs on this control
objective. It is also important to note that 18 percent of respondents do not choose to
express opinion. The Disagreement with the statement is 23 percent in total.
40
ERP Programs enable
that All orders
received from
customers are input 21% 38% 18% 19% 4% 0,51
and processed by using
EDI (Electronic
data interchange)
Rating average for this statement is 0.51. It can be interpreted that ERP Systems are not
fully effective in meeting the internal control objective 6. In other words, ERP Programs
control structure and means should be improved in order to fulfill intended satisfaction
level.
As shown in Table 4.7, internal audit managers/senior auditors are asked to assess the
role of ERP programs in preventing invalid, inaccurate orders to be entered and
processed. 59 percent of respondents in total support the statement that ERP programs
are effective in blocking invalid, incorrect orders. Those who are neither agree or disagree
with the statement form 10 percent of respondents. Also 31 percent of internal audit
managers/auditors in total do not find control structure of ERP Systems satisfactory to
fulfill the objective. Hence, Rating score in this statement is below 1 point which mean
that ERP Systems needs improvement for satisfying requirements of control objective 7.
Table 4.7: Control Objective 7 in sales order entry and processing

ERP Systems
allows only valid
19% 40% 10% 25% 6% 0,41
orders to be input
and processed.
In Figure 4.3, based on internal audit managers/senior auditors’ evaluations in sales order
entry and processing sub process, rating averages of each statements are shown. It can be
said that ERP Systems are found to meet requirements of control objective 4 and control
5.
41
Considering rating averages of control objective 6, and 7, which are below 1 point, it
seems that ERP Systems are not able to fully answer needs of the control objectives.
Figure 4.3: Rating average for sales order entry and processing sub process
Control Objective 7
Control Objective 6
Control Objective 5
Control Objective 4
0 0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2
4.3 BILLING CONTROL RESULTS
In this section, ERP Systems and Internal control objectives in billing sub process are
examined. Internal audit managers/auditors are asked to evaluate ERP Programs’
effectiveness in meeting 11 control objective.
As exhibited in Table 4.8, ERP Systems should provide that invoices are created based
on predetermined terms and prices. In other words, If any changes occur beyond reference
conditions or pricing, the system should seek authorization to proceed. While 90 percent
respondents in total support that ERP systems are able to meet such criteria, low level of
participants state disagreement on this issue. With 1,19 score for this statement, it can be
said that ERP Systems have ability and means to answer needs of control objective 8 in
billing sub process.
Table 4.8: Control objective 8 in billing sub process

Control Objectives Agree Neutral Disagree
Invoices are generated
using authorized terms
34% 56% 6% 4% 0% 1,19
and prices in ERP
Environment.
42
In Table 4.9 , internal audit managers/senior auditors assessed whether ERP Systems are
able to properly calculate and record invoices. According to survey results, while a small
portion of respondents disagree with the statement, 91 % percent of participants favor the
ERP Programs in ensuring expected control infrastructure to meet the control objectives.
Rating average of 1.25 point shows ERP Systems are successful at meeting criteria of
control objective 9

Control Strongly Strongly Rating
Agree Neutral Disagree
Objectives Agree Disagree Average
ERP Programs
enable that Invoices
are accurately 37% 54% 6% 3% 0% 1,25
calculated and
recorded.
As show in table 4.10, it is asked that how adjustments are made in account receivable
account and credit notes in ERP Environment corresponding the control objective. While
34 percent respondents strongly agree with the statement, 47 percent of internal audit
managers/senior auditors find ERP Systems satisfactory enough to answer the control
objective. Although a small portion of respondents do not agree with the statement, a
considerable number of respondents are indecisive about the control objective. As a result
of all evaluations, the rating average equals to 1.09 point.

ERP System enable
that credit notes and
adjustments to
accounts receivable 34% 47% 13% 6% 0% 1,09
are accurately
calculated and
recorded.
43
Internal control objective 11 in billing process of revenue cycle requires that every
shipment has to have a corresponding invoice. As shown in Table 4.11, high majority
respondents believe that ERP Systems have ability to fulfill such objective. There is also
a 4 percent of respondents who disagree with ERP Programs capability and 4 percent
respondents who neither give opinion as agreement or disagreement. With the 1,31 score
of rating average, it can be derived that ERP Programs meet successfully control objective
11.
All goods shipped
are invoiced in ERP 44% 47% 4% 4% 0% 1,31
Programs
31 percent of respondents as exhibited in Table 4.12 strongly agree that in ERP

environment, adjustments to accounts receivable and credit notes are issued according to
policies set by the organization. Furthermore, 53 percent of respondents choose to select
“agree” and 10 percent of respondents do not reach a decision. On the other hand, 6
percent of respondents do not agree the statement. Rating average of 1,09 point shows
ERP Systems are successful at meeting criteria of control objective 12.
Table 4.12: Internal control objective 12 in billing sub process

ERP Environment
provides that credit
notes for all goods
returned and
adjustments to 31% 53% 10% 6% 0% 1,09
accounts receivable
are issued in
accordance with
organization policy.
In Table 4.13, internal audit managers/senior auditors are asked to evaluate whether ERP
Programs enable that every invoice has a corresponding valid shipments. 87 percent of
respondents in total show agreement with the statement.
44
While 10 percent of them remain neutral, only 3 percent oppose that ERP are able to meet
the control objective. As a result of all evaluations, the rating average equals to 1.26 point,
which shows that ERP Programs’ structure enable to answer control objective 13.

ERP Programs enable
that Invoices relate to 43% 44% 10% 3% 0% 1,26
valid shipments.
All credit notes issued in organizations should depend on a return of goods or other valid
adjustments. 25 percent of respondents as exhibited in Table 4.14 show strong support
the statement. 40 percent of respondents prefer to agree with statement. It is also
important to express that in control objective 14, a considerable number of respondents
could not reach a conclusion. With rating average of 0,71 it can be said that ERP Systems’
control structure should be enhanced to meet control objective 14.

In ERP Environment,
all credit notes relate to
25% 40% 19% 13% 3% 0,71
a return of goods or
other valid adjustments.
In Table 4.15, internal audit managers/senior auditors are asked to evaluate whether ERP
Systems provide that all recorded invoices are accurate and complete. Majority of
respondents strongly agree with the statement. On the other hand, while 7 percent of
disagree with ERP’s ability to provide such results, 6 percent remain indecisive. As result,
with the score of 1.22 point, general opinion of respondents is that ERP Systems’
effectiveness is satisfying control objective 15
45
ERP Systems provide
that all invoices are
43% 44% 6% 7% 0% 1,22
recorded correctly and
completely.
All credit notes issued should be recorded. In Table 4.16, 29 percent of respondents show
strong support that ERP systems are able to provide such control environment in which
all issued credit notes are recorded. While those who give opinion as “agree” with the
statement equals to 37 percent, those who disapprove the statement are 10 percent in total.
It is also important to note that 24 percent of respondents do not express opinion about
the statement. The average of respondents evaluation equals to 0,96 point which signals
that improvements are needed to fullfill control objective 16.

ERP Programs enable
that All credit notes 29% 37% 24% 9% 1% 0,96
issued are recorded.
Recording invoices to the proper accounting period is another important activity for
billing process. Therefore respondents are asked to evaluate ERP Programs’ effectivness
for this control objective. As shown in Table 4.17, 90 percent of respondents in total give
support to the statement. A small portion of internal audit managers/senior auditors do
not agree that ERP Systems have ability to fulfill such objective. Due to the high rate of
support to the statement, rating average reaches 1.31 point.

In ERP System,
invoices are recorded
46% 44% 6% 4% 0% 1,31
in the appropriate
period.
46
As exhibited in Table 4.18, while 34 percent of respondents strongly agree that in ERP
environment, issued credit notes are recorded in the appropriate period. 43 percent of
respondents agree with the statement. While disagreement level equals to 7 percent, 16
percent of respondents give no opinion. Average score in this statement equals to 1.03
which points out that ERP Systems are found to satisfy control objective 18.

ERP System provides
that Credit notes
34% 43% 16% 7% 0% 1,03
issued are recorded in
the appropriate period.
As exhibited in Figure 4.4, internal audit managers/senior auditors opinions in general

shows that ERP Systems are found to meet all control objectives in billing sub process.
However it is also seen that ERP Systems are not fully effective in meeting control
objective 14 and control objective 16. Rating averages below 1 point may signal that ERP
Systems control structure should be updated/redesigned to answer needs of these control
objectives.
Figure 4.4: Rating averages for billing sub process

Control Objective 18
Control Objective 9
Control Objective 8
0 0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2
47
4.4 COLLECTION RESULTS
In this section, ERP Systems and Internal control objectives in collection sub process are
examined. Hence, internal audit managers/senior auditors from manufacturing/
production companies are asked to evaluate five statements in order to understand ERP
Programs’ effectiveness in meeting internal control objective.
As shown in Table 4.19, large majority of internal audit managers/senior auditors give
support that ERP System provide that , cash receipts are recorded in the period in which
they are received. While 10 percent of respondents remain indecisive, 4 percent of
respondents show disagreement. With 1.15 average score, it can be said that ERP Systems
are acknowledged to provide necessary means to meet control objective 19.
Table 4.19: Control objective 19 in collection sub process

In ERP Environment,
cash receipts are
recorded in the period 34% 51% 10% 4% 0% 1,15
in which they are
received.
In revenue cycle, cash receipts data should be processed accurately. 36 percent of internal
audit managers/senior auditors strongly agree with the statement. 45 percent of
respondents state agreement with ERP Programs ability to meet the control objectives.
While 10 percent of respondents show neither agreement or disagreement, 4 percent of
them disagree with proposition as shown in Table 4.20. As a result of respondents’
evaluations, ERP programs are considered to fulfill the control objective.

ERP Systems
provide that cash
receipts data entered 36% 45% 15% 4% 0% 1,12
is processed
accurately.
48
As exhibited in table 4.21, 69 percent of respondents in total favor that ERP systems
provides that cash receipts data is valid and is entered for processing only once. While 16
percent of respondents in total shows disagreement, 15 percent of respondents could not
reach a conclusion. Because average of respondents’ assessments below 1 point, it can be
concluded that ERP Systems are not able to fully meet requirements of control objective
21.

In ERP Programs
cash receipts data is
valid and is entered 29% 40% 15% 10% 6% 0,76
for processing only
once.
For organizations, it has paramount importance that cash discounts should be calculated
accurately and recorded. In Table 4.22, internal audit managers/senior auditors are asked
to evaluate whether ERP Programs are able to make these calculations and recordings
accurately. While majority of internal audit managers/senior auditors give support with
the statement, only small portion of respondents state disagreement. Rest of the
respondents do not show any opinion. The rating average of 1.18 shows that ERP Systems
are functioning well to answer control objective 22.

ERP Programs
provide that cash
discounts are 33% 55% 9% 3% 0% 1,18
accurately calculated
and recorded.
Accounts receivable constitutes one of the primary source of income cash flow for most
of the organizations. Hence, monitoring timely collection of accounts receivable is a vital
task for companies. As shown in Table 4.23, large number of respondents in the survey
believe that with ERP systems closely monitoring accounts receivable is highly possible.
49
However, while 13 percent of respondents neither agree nor disagree with the statement,
6 percent of them show express disapproval. As a result of internal audit managers/senior
auditors’ evaluations, ERP programs are found to fulfill the control objective.

Timely collection of
accounts receivable is
36% 45% 13% 6% 0% 1,10
monitored in ERP
Environment
As exhibited in Figure 4.5, internal audit managers/senior auditors’ opinions in general

show that ERP Systems are found to meet all control objectives in collection sub process.
However, respondents’ opinions also show that ERP Systems are not fully effective in
meeting control objective 21. Rating averages below 1 point may point out that ERP
Systems control structure should be updated/redesigned to answer needs of the control
objective.
Figure 4.5: Rating averages for collection sub process

0 0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2
50
4.5 FINANCIAL REPORTING RESULTS
In this section, ERP Systems and Internal control objectives in financial reporting part of
revenue process are examined. Hence, Internal audit managers/auditors from
manufacturing/production companies are asked to evaluate 2 statements in order to
understand ERP Programs’ effectiveness in meeting internal control objective.
As shown in Table 4.24, internal audit managers/senior auditors are asked to grade how
successful ERP Programs are reflecting business circumstances and economic conditions
in accordance with organizations’ accounting policies. 29 percent of internal audit
managers/senior auditors strongly agree with the statement. 54 percent of respondents
state agreement with ERP Programs ability to meet the control objectives. While 7 percent
of respondents show neither agreement or disagreement, 8 percent of them in total
disagree with proposition. With 1,03 rating score, ERP programs seems to provide
necessary means to meet control objective 24.
Table 4.24: Control objective 24 in financial reporting

In ERP System,
accounts receivable
reflect the existing
business circumstances
and economic 29% 54% 7% 7% 1% 1,03
conditions in
accordance with the
accounting policies
being used.
Information that derive from sales and accounts receivable accounts should be
appropriately presented. Within this context, all information should be disclosed in line
with fair presentation, compliance with professional standards and legal requirements.
As exhibited in Table 4.25, majority of respondents give support with the statement. On
the other hand, while 7 percent of respondents show neither agreement nor disagreement,
6 percent disagree with that ERP Systems’ ability to fulfil the control objective.
51
As a result of internal audit managers/senior auditors evaluations, rating score of 1,18
shows that ERP Systems are capable of meeting control objective 25.
Table 4.25: Control objective 25 in financial reporting

ERP System enable that
Sales and accounts
receivable information
is appropriately
presented, and all
information that is
31% 60% 4% 4% 0% 1,18
necessary for fair
presentation and
compliance with
professional standards
or legal requirements is
disclosed.
4.6 GENERAL CONTROL ACTIVITY RESULTS
In this section ERP Systems and Internal control objectives in customer master files are
examined. Accordingly, internal audit managers/senior auditors are asked to assess four
statements. Internal audit managers/senior auditors are asked to evaluate whether ERP
Programs enable that only valid changes are made to the customer master file. As shown
in Table 4.26, 80 percent of respondents in total show agreement with the statement.
While 12 percent of them remain neutral, only 7 percent oppose that ERP are able to meet
the control objective. Average score in this statement equals to 1.07 which points out that
ERP Systems are found to satisfy control objective 26.
Table 4.26: Control objective 26 in general control activities

ERP Systems allows
only that valid
changes are made to 34% 46% 12% 7% 0% 1,07
the customer master
file.
52
As exhibited in Table 4.27, 31 percent of internal audit managers/senior auditors strongly
agree with the statement. 51 percent of respondents state agreement with ERP Programs
ability to meet the control objective 27. While 10 percent of respondents show neither
agreement or disagreement, 4 percent of them disagree with proposition. the rating
average equals to 1.09 point which shows that ERP Programs’ structure enable to answer
control objective 27.

All valid changes to
the customer master
file are input and 31% 51% 13% 4% 0% 1,09
processed in ERP
Environment
Changes in customer master file should be accurate and processed in a timely manner. 65
percent of respondents in total show agreement with the statement. While 7 percent of
respondents in total oppose the statement, considerable number of respondents do not
show any opinion as in Table 4.28. Rating average of 0.81 points out that ERP Systems
are not able to fully meet control objective 28.

In ERP Environment,
changes to the
customer master file
25% 40% 28% 6% 1% 0,81
are accurate and
processed in a timely
manner.
In Table 4.29, internal audit managers/senior auditors are asked to evaluate that Customer
master file data remains pertinent in ERP Systems. According to survey results, while a
small portion of respondents disagree with the statement, 81 percent of participants favor
the ERP Programs’ control infrastructure to meet the control objectives.
53
As a result of internal audit managers/senior auditors’ evaluations, ERP programs are
found to fulfill the control objective.

ERP System enables
that Customer master
27% 54% 15% 4% 0% 1,03
file data remains
pertinent.
As exhibited in Figure 4.6, internal audit managers/senior auditors opinions in general

shows that ERP Systems are found to meet all control objectives in general control
activities in revenue process. However it is also points out that ERP Systems are not fully
effective in meeting control objective 28. Rating averages below 1 point may show that
ERP Systems control structure should be updated/redesigned to answer needs of the
control objective.
Figure 4.6: Rating averages for general control activities sub process
0 0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2
54
5. DISCUSSION & CONCLUSION
With the effect of corporate scandals in US such as Enron, Worldcom, importance of the
internal control systems in organizations has risen dramatically. (Huang, et. al 2008) In
response to these events, a structural reform has been made with Sarbanes-Oxley Act of
2002 which obligate managements to take responsibility and accountability of adequate
and proper internal control structure in their organizations. (Morris, 2011) IS security
and internal control compliance has become vital issues for organizations. Accordingly,
companies allocate considerable amount of resource, time and effort for IT investments
in order to meet SOX requirements. (Grabski, 2011) Hence, ERP Systems, which has
been used for many reasons such as real-time data, improved transparency, the increased
automation of tasks and operational efficiency, has drawn great attention. Many studies
propose that ERP Systems can make valuable contributions to internal control
systems.(Morris, 2011) Parallel to these researches, this study aimed to understand the
relationship ERP Programs and internal control system by addressing revenue process
which is one of most vulnerable areas of organizations against fraud and errors. The study
particularly aimed to investigate how effective ERP Systems are meeting control
objectives that are in line with COSO framework in revenue cycle of organizations.
According to the result of this study, internal audit managers/senior auditors’ opinions
indicate that ERP Systems are effective in providing necessary means to meet most of the
control objectives in revenue process. However, general opinion of respondents for some
of control objectives indicates that ERP Systems’ control structure are not found
satisfactory enough to fulfill the requirements of the control objectives.
This can be explained as follows. Rating averages between 0 and 1 point may show that
Regardless of vendors, all ERP systems are not performing well for meeting the control
objectives in which ERP programs should be updated/redesigned to answer needs of the
control objective. On the other hand, this may also signal that some of ERP vendors are
not capable of answering the requirements of the control objectives.
55
In other words, even if all ERP programs are intended to serve same control
objectives, their control structure, logic and means are various. Therefore, it is expected
that some of ERP vendors are not successful at meeting some of the control objectives
while the others are able to provide expected results.
As a limitation of this study, findings for each ERP vendor could not be compared because
some of ERP vendors in sample do not reach enough numbers in terms of reliability and
validity concerns. It can be proposed that relationship between internal controls and ERP
Programs should be examined by comparative or case studies in order to gain further
knowledge in this subject.
56
REFERENCES
Books
Arwinge, O., 2012 internal control: A study of concept and themes. Springer Science &
Business Media.
Bagranoff, N. A., Simkin, M. G., & Norman, C. S. (2010). Core concepts of accounting
information systems. Hoboken, NJ.
Dillman, D. A., 2007 Mail and Internet Surveys: The Tailored Design Method, Hoboken,
John Wiley & Sons Inc.
Gleim, I. N., (2013) CIA Review Part 3, Internal Audit Knowledge Elements,
17/e, Gleim Publications, Inc.
Hall, J. A., 2011 Accounting information systems. Cengage Learning
Johnstone, K., Gramling, A., & Rittenberg, L. E., 2013. Auditing: a risk-based approach
to conducting a quality audit. Cengage Learning.
Moeller, R. R., 2005 Brink’s Modern Internal Auditing, 6th edition, John Wiley & Sons,
New York
O’Leary D. E., 2000 Enterprise Resource Planning Systems: Systems, Life Cycle,
Electronic Commerce, and Risk. Cambridge, UK, Cambridge University Press.
Romney, M. B. & Steinbart, P., 2006 Accounting information systems. Pearson Education
Sandoe, K., Corbitt, G., & Boykin, R. (2001). Enterprise integration. New York, NY:
Wiley.
57
Periodicals
Azaltun, M., Batibay, I., Calayoglu, I., Mert, H., & Tastan, H., 2013 The Impact of
Enterprise Resource Planning (ERP) System on the Cost and Price of Auditing –
Auditors Perspective. Journal of Modern Accounting and Auditing, Vol. 9, No. 4,
pp. 497-504
Boudreau, M. C, & Robey, D., 2005. Enacting integrated information technology: a

human agency perspective. Organization Science, 16,3-19.
Boykin, R.F. (2001), Enterprise resource-planning software: a solution to the return

material authorization problem, Computers in Industry, Vol. 45, pp. 99-109.
Çelik, M. (2011). Kurumsal Kaynak Planlama Sistemlerinin Muhasebe Süreçlerine

Etkisine Yönelik IMKB'de Bir Arastirma. Muhasebe ve Finansman Dergisi, (52).
Chand, D., Hachey, G., Hunton, J., Owhoso, V., & Vasudevan, S. (2005). A balanced
scorecard based framework for assessing the strategic impacts of ERP
systems. Computers in industry, 56 (6), 558-572.
Chapman, C. and Kihn, L. (2009) ‘Information system integration, enabling control and
performance’, Accounting, Organizations and Society, 34, pp. 151–169
Chen, I.N., 2001, “Planning for ERP systems: analysis and future trend”, Business
Process Management Journal, Vol. 7 No. 5, pp. 374-86.
Chung, B., & Skibniewski, M. J. (2007). Cost-benefit analysis of ERP modules in

construction firms. AACE International Transactions, IT 71.
Damianides, M. (2005). Sarbanes-Oxley and IT governance: New guidance on IT control

and compliance. Information Systems Management, 22(1), 77-85.
Davenport, T. (1998). Putting the enterprise into the enterprise system. Harvard Business
Review 76: 121-131.
Debreceny, R. S., G. L. Gray, J. J.-J. Ng, K. S.-P. Lee, and W.-F. Yau. 2005. Embedded
Audit Modules in Enterprise Resource Planning Systesm: Implementation and
Functionality. Journal of Information Systems 19 (2):7-27
Dobre, M., 2011 " Stock Investors'Response To Dısclosures Of Materıal Weaknesses In

Internal Control." Accounting and Management Information Systems 10.3: 397.
Elbardan, H., 2014 Enterprise resource planning systems implementation and the
implications for the internal audit function (Doctoral dissertation, Brunel
University Brunel Business School PhD Theses).
58
Grabski, S. V., Leech, S. A., & Schmidt, P. J., 2011. A review of ERP research: A future
agenda for accounting information systems. Journal of information systems, 25(1),
37-78.
Gupta, A. (2000). Enterprise resource planning: the emerging organizational value

systems. Industrial Management & Data Systems, 100(3), 114-118.
Gupta, M. and Kohli, A., 2006. Enterprise resource planning systems and its
implications for operations function. Technovation, 26 (5-6), 687-696.
Hay, David., 1993 Internal control: How it evolved in four English-speaking

countries. The Accounting Historians Journal 79-102.
Hermanson, D. R., & Rittenberg, L. E. (2003). Internal audit and organizational

governance. Research opportunities in internal auditing, 1, 25-71.
Hsu, K., Sylvestre, J., & Sayed, E. N. (2006). Avoiding ERP pitfalls. Journal of Corporate
Accounting & Finance, 17(4), 67-74.
Huang, S. M., Hsieh, P. G., Tsao, H. H., & Hsu, P. Y. (2008). A structural study of
internal control for ERP system environments: a perspective from the Sarbanes-
Oxley Act. International Journal of Management and Enterprise Development, 5(1),
102-121.
Hunton, J. E., A. M. Wright, and S. Wright. 2004. Are Financial Auditors Overconfident
in Their Ability to Assess Risks Associated with Enterprise Resource Planning
Systems? Journal of Information Systems 18 (2):7-28.
Kim, J., Nicolaou, A. I., & Vasarhelyi, M. A. (2013). The impact of enterprise resource
planning (ERP) systems on the audit report lag. Journal of Emerging Technologies
in Accounting, 10(1), 63-88.
Klaus, H., Rosemann, M., & Gable, G. G. (2000). What is ERP? Information systems
frontiers, 2(2), 141-162.
Laukkanen, S., Sarpola, S., & Hallikainen, P. (2007). Enterprise size matters: objectives
and constraints of ERP adoption. Journal of enterprise information management,
20(3), 319-334. ISO 690
Little, A., & Best, P. J. (2003). A framework for separation of duties in an SAP R/3
environment. Managerial Auditing Journal, 18(5), 419-430.
Mabert, V. A., Soni, A., & Venkataramanan, M. A. (2000). Enterprise resource planning
survey of US manufacturing firms. Production and Inventory Management
Journal, 41(2), 52.
59
Macris, A., 2004 “Enterprise Resource Planning (ERP): A Virtual lab implementation for
managers’ and users’ training”, SPOUDAI Journal, pp. 13-38,
Madani, H. (2009) ‘The role of internal auditors in ERP-Based organizations’, Journal

of Accounting and Organizational Change, 5 (4), pp. 514-526.
Morris, J. J. (2011). The impact of enterprise resource planning (ERP) systems on the
effectiveness of internal controls over financial reporting. Journal of Information
Systems, 25(1), 129-157.
Obitade, O. P. (2015). An Examination of the Role of Corporate Governance Structure in

the Implementation of Enterprise Resource Planning (ERP) Systems: An
International Perspective (Doctoral dissertation, University of North Texas).
Okuda, S. Y., & Nakashima, M. (2015). Systems Integratıon, Management Involvement

And Qualıty Of Internal Controls And Audıtıng. Asia-Pacific Management
Accounting Journal, 10(1), 1-21.
O'Leary, D. E. 2004. "Enterprise Resource Planning (ERP) Systems: An Empirical

Analysis of Benefits." Journal Of Emerging Technologies In Accounting 1, 63.
Orchard, L. X., & Hoag, M. L. (2014). Revenue Process Internal Control For
Manufacturers: An Evaluation Tool For Independent Auditors And
Managers. Journal of Business & Economics Research (Online), 12(2), 137.
Rashid, M., Hossain L., & Patrick J. (2002). The Evolution of ERP Systems: A Historical
Perspective. Enterprise Resource Planning-Global Opportunities & Challenges
(p.1-16). Hershey: Idea Group Publishing.
Rittenberg, L. E., Martens, F., & Landes, C. E. (2007). Internal Control

Guidance. Journal Of Accountancy, 203(3), 46-50.
Shang, S., & Seddon, P. B. (2000). A comprehensive framework for classifying the
benefits of ERP systems. AMCIS 2000 proceedings, 39.
Soral, G., & Jain, M. (2011). Impact of ERP system on auditing and internal control. The
International Journal’s Research: Journal of Social Sciences and Management, 1(4),
16 23.
Spathis, C., & Constantinides, S. (2004). Enterprise resource planning systems’ impact
on accounting processes. Business Process Management Journal, 10(2), 234–247.
Turner, L. D., & Owhoso, V. (2009). Use ERP Internal Control Exception Reports to
Monitor and Improve Controls. Management Accounting Quarterly, 10(3), 41-50.
Wang, Y. (2012). Restatement severity, credit risk, and internal control. International
Research Journal of Finance And Economics, 89146-157.
60
Other Publications
American Institute of Certified Public Accountants (AICPA). American Institute of

Accountants, Committee on Accounting Procedure. (1949). Infernal control. New
York: AICPA.
ACFE Report to the Nations (2012), www.acfe.com/ uploadedFiles/ ACFE_Website/

Content/rttn/2012-report-to-nations.pdf
Canada, J., J. R. J. Kuhn, and S. G. Sutton. 2007. The Pervasive Nature of IT Congtrols:
An Examination of Material Weaknesses in IT Controls and Audit Fees. Paper read
at AAAIS Section Mid-Year Conference, at Savannah, Georgia
Committee of Sponsoring Organizations of the Treadway Commission, 1992 Internal

Control-Integrated Framework New York, Committee of Sponsoring Organization
of the Treadway Commission, www.coso.org/-erm.htm.
Committee of Sponsoring Organizations of the Treadway Commission (COSO), 2013:

Internal control - Integrated Framework, New York: AICPA. 2013b: Internal
control Integrated Framework – Executive Summary, May, 2013
Deloitte, 2009 Sample listing of fraud schemes. Retrieved from

https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/Corporate%2
0Governance/Audit%20Committee/in-gc-fraud-schemes-questions-to-
considernoexp. pdf (2009, January 17).
Chartered Institute of Management Accountants, 2008 Fraud risk management A guide

to good practice. Retrieved from
http://www.cimaglobal.com/Documents/ImportedDocuments/cid_techguide_frau
d_risk_management_feb09.pdf.pdf (2008, February 09).
Microsoft Dynamics Stepping onto Large Enterprise Turf. (2013). Computer Economics
Report, 35(2), 8-15.
Securities and Exchange Commission 2008 Final Rule: Management's Report on Internal
Control Over Financial Reporting and Certification of Disclosure in Exchange Act
Periodic Reports. Retrieved from https://www.sec.gov/rules/final/33-8238.htm
(2008, May 28).
Sampson D.. (1999). Understanding Internal Controls: A Reference Guide for Managing
University Business Practices. University of California Website.
www.ucop.edu/ctlacct/under-ic.pdf> [Retrieved: 2009-02-18]
Workforce, 2002. For ERP success, plan on a culture change. September, 88-94.
61

The Effect of Erp Systems On Internal Control Systems in Revenue Process of Manufacturing Companies

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The Effect of Erp Systems On Internal Control Systems in Revenue Process of Manufacturing Companies

Uploaded by

Copyright:

Available Formats

THE REPUBLIC OF TURKEY

THE EFFECT OF ERP SYSTEMS ON INTERNAL

MUHAMMET FATIH OZDEMIR

THE GRADUATE SCHOOL OF SOCIAL SCIENCE

THE EFFECT OF ERP SYSTEMS ON

MUHAMMET FATIH OZDEMIR

Supervisor: ASSOC. PROF. FATMA ULUCAN ÖZKUL

GRADUATE SCHOOL OF SOCIAL SCIENCE

Assist. Prof. BURAK KÜNTAY

Assoc. Prof. Ela ÜNLER

Examining Comittee Members Signature____

Thesis Supervisor -----------------------------------

Thesis Co-supervisor ----------------------------------

THE EFFECT OF ERP SYSTEMS ON INTERNAL CONTROL SYSTEMS IN

Muhammet Fatih Özdemir

Master of Business Administration

Thesis Supervisor: Assoc. Prof. Fatma Ulucan ÖZKUL

April 2017, 56 pages

Keywords: ERP Systems, Internal Control, Revenue Process, COSO Framework

ERP SİSTEMLERİNİN İÇ KONTROL SİSTEMLERİ ÜZERİNDEKİ ETKİSİNİN

Muhammet Fatih Özdemir

Haftasonu MBA Programı

Tez Danışmanı: Doç. Dr. Fatma Ulucan ÖZKUL

Nisan 2017, 56 sayfa

Bu çalışmanın amacı ERP Sistemleri ile iç kontrol sistemleri arasındaki ilişkiyi

Anahtar Kelimeler: ERP Sistemleri, İç kontrol, Gelir süreci, COSO Framework

2.1 ENTERPRISE RESOURCE PLANNING SYSTEM..................................3

2.1.1 Overview of the ERP Systems.........................................................3

2.1.2 Evolution of Enterprise Resource Planning Systems....................4

2.1.3 General Characteristics of ERP Systems.......................................5

2.1.4 ERP Systems Components..............................................................6

2.1.5 Categorizing Contributions of ERP Systems.................................7

2.1.6 Limitations of ERP Systems............................................................8

2.1.7 ERP Market Overview....................................................................9

2.2 INTERNAL CONTROL SYSTEMS..........................................................12

2.2.1 The Concept of Internal Control..................................................12

2.2.2 Internal Control Objectives..........................................................15

2.2.2.1 Operations objectives.....................................................15

2.2.2.2 Reporting objectives.......................................................15

2.2.2.3 Compliance objectives....................................................15

2.2.3 Principles and Components of Internal Control System…........15

2.2.3.1 Control environment......................................................16

2.2.3.2 Risk assesment................................................................17

2.2.3.4 Information & communication.....................................19

2.2.4 Importance and Necessity of Internal Control System...............21

2.2.5 Internal Control Structure in ERP Environment.......................22

2.3 REVENUE CYCLE OF ORGANIZATIONS............................................24

2.3.1 Overview of Revenue Cycle...........................................................24

2.3.2 Possible Risks in Revenue Processes............................................25

2.3.2.1 Improper revenue recognition.......................................26

2.3.2.2 Inventory schemes..........................................................27

2.3.2.3 Billing schemes................................................................27

2.3.2.4 Misappropriation of assets.............................................28

2.4 REVIEW OF PERIVIOUS ACADEMIC STUDIES................................28

3.1 OBJECTIVE OF THE RESEARCH..........................................................33

3.2 RESEARCH METHODOLOGY...............................................................33

3.2.1 Sample Design................................................................................35

3.2.2 Conducting the Survey..................................................................35

3.2.3 Data Collection..............................................................................35

4.1 SALES ORDER AUTHORIZATION RESULTS.....................................37

4.2 SALES ORDER ENTRY AND PROCESSING RESULTS......................39

4.3 BILLING CONTROL RESULTS...............................................................42