Tutorial 6

ACB3-8
Radjkoemar Devika 355697
Ramdin Varun 372569
Oya Tom 403032
Walden Kensley 372532

Lecturer: R. van Schadewijk




page 2

1. Introduction
Nowadays the economic situation of companies in all segments wants to reduce expense lines,
improving the functioning of the supply chain, and the map together with partners. Most long-term
planning, but ends with account management activities; tactical plans are rarely associated with
implementation. Companies that close the gap between the ERP and supply chain execution with
partners through joint processes to the reduce cost while improving service costs, inventory risk and
cycle times. The companies make more use of Information Technology to control their daily business
activities. They make use of computers to keep track of internal processes like the level of inventory
(http://www.qad.com/Public/Documents/rm_electronics_supply_chain.pdf/).
The main view behind this study is that the systems of the trading partners provides the communicating
process with each other to create a more efficient and effective supply chain (Malhotra, Gosain, & El
Sawy, 2007). Many names are used to refer to this electronic inter-enterprise collaboration: Standard
Electronic Business Interface (Malhotra, Gosain, & El Sawy, 2007), Business-to-Business data sharing
(Stefansson, 2002), The Audit Risk Model, Business Risk and AuditPlanning Decisions (Richard W.
Houston et al 1999) , Collaborative Audit Framework (Paulus et al, 2007) and Technology-Driven
Convergence of Business Processes in the Acquisition Cycle (Palmer, R. & Gupta, M. 2011) and many
more. In this paper the term Electronic Inter-Enterprise Collaboration (EIEC) which is also known as the
Enterprise Process Innovation Continuum (EPIC) will be used.
Applying EIEC for the sale order and purchase process identifies several the internal control problems
within the company than applying a manual process. For example Company A has to be sure that the
trading partner cannot enter in their accounting records through the developed connection between the
two companies systems. On the end of supply chain management, the company can merely pay their
suppliers. In this paper the exposures and risks arising due to the used of EIEC will be addressed to
acquisition and payment cycle. This integrated system communicates with the core systems of both
companies (supplier and purchaser). Given that EIEC makes it possible for companies to place orders
directly into the system of the supplier, auditors need to question data integrity and confidentiality.
(http://www935.ibm.com/services/multimedia/GL_13808_EPIC_bch_Draft_02.pdf./)

page 3

1.1 Research question and sub questions
The main research question addressed in this paper is:
Does the Electronic Inter-Enterprise Collaboration affect the audit risk?'
To answer this question there will be made use of three sub questions, which are:
What is meant with Electronic Inter-Enterprise Collaboration?
What are the advantages and disadvantages of using Electronic Inter-Enterprise Collaboration for the
internal control?
What can be the effects of using Electronic Inter-Enterprise Collaboration for the audit risk?
In chapter two the first sub question is addressed. It will describe EIEC and mention the advantages and
disadvantages of using EIEC on the sales process. Chapter three answers sub question two. It will
thoroughly investigate the advantages and disadvantages of EIEC. The fourth chapter looks at the affects
of EIEC on the audit risk. Every chapter gives a short introduction followed by the information to answer
the affiliated sub question, and will conclude with an answer. The fifth chapter is the conclusion, which
consists of a summary which is followed by the answer to the research question.
1.2 Method
A literature review will be conducted to answer the research question. Other papers will be addresses
for the influence on the audit risk. Based on the accumulated evidence, a conclusion will be drawn on
the research question mentioned above. During this research the three parts of audit risk are explained.
To draft a conclusion on the main question, inherent risk, control risk and detection risk will be
disregarded, for reasons that become clear in the fourth chapter.
1.3 Relevance
The continuous increase in the use of some form of EIEC necessitates the implementation of a secure
environment to do this. An auditor is required to form an opinion about data integrity and needs to
assess outside influence on the numbers stated in the financial statements (FS). This paper informs
about the risks affiliated with EIEC and researches the (dis)advantages of the use of EIEC. This paper is a
contribution towards a better understanding of EIEC and its influence on the internal controls and thus
on the audit risk.
page 4

2. Electronic Inter-Enterprise Collaboration
In this chapter the term Electronic Inter-Enter Collaboration will be discussed. This chapter will also
cover the definition of audit risk en the different components of audit risk. The last part of this chapter
will contain the effects of inter controls on the audit risk component.
Several names are given to electronic (internet) communication between different parties outside the
organization e.g. communication between trading parties (David A. et al. 2003) The goal of this
communication is to increase the supply chain (Gunasekaran A. et.al., 2004). Different authors gave
different names to this form of communication such as; Interorganisational Information System (Lee H.
et.al 2004), Standard Electronic Business Interface (Lee H. et.al, 2004).
In this paper the term is Electronic Inter-Enterprise Collaboration (EIEC). The EIEC is referred to the
electronic (internet) communications between the respective parties.
There is no single and clear definition of EIEC available but different authors have the same reasoning
about the integration of information system. That is that companies integrate their information system
to gain a competitive advantage (Gunasekaran A. et.al, 2004).
There are two conditions before implementing this system (Gunasekaran A. et.al, 2004):
The goal of the use of this system is to optimize the competitive advantage of the company.
This system should be used at least by two companies for the integration of the supply chain.
Based on what is stated above we can say that EIEC is an electronic information system used by at least
two companies to gain a competitive advantage.
To successfully develop information system there are four phases (Williamson E. et.al. 2004):
Paper copies; in this phase a company uses the paper work (copies of invoices, purchase orders,
and bills). Because of the use of paper copies the communication between the company and the
supply chain is limited. This lead to
Development of Electronic Data Interchange (EDI). This was expensive and proved also to be
limited. However this was the first step towards automated information flow. EDI proved to be
inflexible and expensive, because suppliers who were using EDI had to provide their customers
with additional EDI information (Golden W. et.al., 1999). This lead to the third phase;
page 5

Development of Enterprise Resource Planning (ERP). ERP provided more flexibility, than the EDI
because by using this system more information could be shared at lower costs. The ERP system
increases the transparency by removing information distortions. However the ERP is a system
that cannot be used by more companies because this is computer to computer exchange system
(Akkerman H. et.al 2003). This introduced the last stage;
Because there was growth of the use of internet to exchange information, the XML was
introduced. This is a standard language used over the internet. And this can be implemented by
many companies (Shore B, 2001). The advantage of this is that several business partners can
integrate their business resources. The XML provide also a reliable communication between the
partners (Shore B, 2001). Several factors such as; reliability, the low cost are the reasons behind
the growth of internet usage. Another factor is accessibility of internet (Williamson E. et.al.
2004).
2.1 Audit Risk
According to Arens (2013) the audit risk is the risk that the financial statement may be materially
misstated after the audit is completed and an unqualified opinion has been issued. The audit risk has
three components; the inherent risk, the detection risk, and the control risk (Arens, 2013).
The inherent risk is; the risk of a material misstatement in the financial statements before
considering the effectiveness of the internal controls (Arens A. et al, 2013).
The control risk is; is the risk that a material misstatement will not detected or prevented by the
internal control.(Arens, 2013)
The detection risk is the risk; is the risk that the accumulated audit evidence will fail to detect a
material misstatement in the financial statements. (Arens A. et.al, 2013)
2.2 Effect of internal controls on audit risk
According to Hall (2011) there are seven types of internal control; physical examination, transaction
authorization, segregation of duties, supervision, accounting records, access control and independent
verification. Apart from these controls there are two categories of IT controls; input controls and
processing controls (Hall, 2011). When all these controls are properly implemented it can be said that
the internal control is working properly. A proper working internal control will reduce the control risk
(Arens A. et.al, 2013). Before the auditor can conclude about the effectiveness about the internal
page 6

control it should perform tests of controls (Arens A. et.al, 2013). The tests of controls are specified to
check the design and the operating effectiveness of the internal control (Arens A. et.al, 2013). So the
auditor checks which controls are in place and how they perform (Arens A. et.al, 2013). The main point
in this chapter was the definition of EIEC. The implementation of this system is through four phases.
Companies chose to acquire such a system to increase their competitive advantage. Further we have
discussed the different components of audit risk and the effects of inter control on internal control
components.

page 7

3. The advantages and disadvantages of Electronic Inter-Enterprise
collaboration
3.1 Introduction
Collaboration has become a new trend in the supply chain management (SCM) that is focus on joint
planning coordination, and process integration between suppliers, customers and other partners in the
supply chain. Reduction of costs and the increased of return on assets are its competitive advantages. It
also increased reliability and responsiveness to market needs.
Companies are increasingly using information systems to integrate the system and the processes
throughout their supply chain, so that they can reduce inefficiencies in a supply chain. To transform
their focus from operational buying and selling relationship into higher performing collaborative
relationships, many companies have undertaken information technology (IT) supported initiatives.
According to Venkratraman (1991) there are five levels of business transformation made possible
through information technology implementation these are:
Localize exploitation.
Internal integration.
Business process redesign.
Business network redesign.
Business scope redefinition.
With the improvement of the supply chain management in mind, companies are moving rapidly in using
electronic business. Part of that movement involves including significant technology to the acquisition
cycle. Within this movement, come expectations which drive decision-makers from conceptions to
development to implementation such as the propellant for decision, acquisitions, and training.
(Erffmeyer and Johnson 2001). Every company that seeks to be successful in the future is striving to
implement a successful e- business strategy. According to Waters (2000) e- business has become an
important part of life, nearly essential to commerce as the telephone. E-Business uses normal electronic
data standards with computer automated technology to electronically interconnect information
systems, integrate internal and external data streams, and automate businesses between business
partners (Health Industry today, 1999)
page 8

3.2 Advantages and disadvantages of EIEC
Companies may pursue this path for many reasons such as an increased need to share information
between companies departments and with selected outside parties and to keep up with the competition
(Erffmeyer and Johnson 2001). Other advantages that a successful integration has that will help the
company are:
The developing of strategic advantages due to speed or response.
Improved accuracy.
Greater synergy through improved communication.
Costs saving.
Disadvantages of E-Business
The cost of developing the e- business is one of the primary concerns for e-business. Because of the
complexity of the e- business applications, a company may need to completely change its current
system. The adoption of an e-business solution implies high risk of failure. Further the attacked by
hackers is one of the disadvantages that a company must keep in mind, because with of the fact that the
electronically transmitting of corporate information will increased with other word security becomes
another concern while implementing e-business. Another disadvantage is the lack of a common
framework to help execute transactions over the internet (Rodgers et al 2002).
3.3 The advantages and disadvantages of EIEC for Internal control.
The introduction of this system has several advantages for the internal control (Hall, 2011):
The fraudulent behavior should be decrease because of there would be more segregation of
duties.
The human error will be decreased because only authorized employees can change the input
(information).
There will be more supervision and/or transaction authorization because of the segregation of
duties.
These advantages give the company in a better competitive advantage.
Apart from these advantages there are also disadvantages. One of the most important one is the high
cost of implementation. The second disadvantage is that the personnel need to be trained to use this
system (Rodgers et al 2002). The last disadvantage can be arise of new control problems, because the
page 9

system eliminates control problems but on the other hand new problems arise (Turtle et.al 2007). The
company needs to assess the advantages and the disadvantages before it can decide to implement this
system.
page 10

4. The effects of Electronic Inter-Enterprise Collaboration on the audit risk
4.1 Introduction
In the preceding chapters the meaning of Electronic inter-enterprise collaborations is discussed and the
advantages and disadvantages of Electronic inter-Enterprise Collaboration with respect to internal
control are discussed.
In this following chapter the third and final research question of this paper will be answered: What can
be the effects of using Electronic Inter-Enterprise Collaboration (EIEC) on audit risk? The effects of EIEC
on audit risk related to the acquisition and payment cycle will be discussed.
4.2 Effects on Audit risk components.
As introduced in chapter 2 audit risk is the risk that the financial statement may be materially misstated
after the audit is completed and an unqualified opinion has been issued. Audit risk can be divided in the
components inherent risk, detection risk and control risk (Arens, 2013).
Inherent risk
The acquisition and payment cycle consists of three types of transaction (Arens, 2013) :
The acquisitions of goods and services.
Cash disbursements.
Purchase returns and allowances and purchase discounts
The completion and review of paperwork involved in this transaction require a huge workload. In many
cases the paper-based acquisition transaction-processing costs can even exceed the cost of the good
itself (Palmer, 1994). From this perspective the emergence of Electronic Inter-Enterprise Collaboration
(EIEC) as an improving transaction-processing efficiency within the acquisition cycle comes as no
surprise.
However Electronic Inter-Enterprise Collaboration has three important implications on the inherent
audit risk.
The first effect is the increased amount of shared data between enterprises. These results in
increased load of used data which will need more analytical software to audit the content and
the transactions.
page 11

The second effect is the transition of the traditional purchase process, which typically consisted
of requisitions, purchase orders (POs), invoices, and receiving documentation into a process
involving electronic data interchange (EDI), bank card technology or e-procurement
software(OLeary, 2000). This also changes the way in which the audit trail is used. Audited IT-
systems provide more reliable evidence.
The third and most important effect by the adoption of EIEC is the convergence of different
processes within the acquisition cycle, such as the process to make payroll, reimburse travel, or
acquire inventory, supplies, or capital assets, into one electronic procurement process.(Palmer,
2011) This makes deviations from the standard process also more apparent.
Control risk
Almost all recent developments in technology in the acquisition cycle attempt to strengthen the
efficiency of the process while expanding the information payload associated with the transaction to
support greater internal control over spending. Improved internal control will lead to a decreased
control risk. Control, in this context, has several meanings:
The enterprise wants to ensure that the purchase transaction are compliant with regulatory
requirements and are not fraudulent. So one important aspect of compliance is a focus on the
need to collect data about the purchase transactions for tax and regulatory purposes.
The enterprise wants to ensure that the procurement process directs the employee to suppliers
that provide goods and services at the best available terms and to make sure that the right
approvals and authorizations are in place. Stated in the negative, organizations want to stop
purchase activity that is (1) without appropriate approval, (2) from undesirable vendors, (3) for
personal purposes, and (4) without adequate transactional data to support organizational
analyses and completion of tax and regulatory reports. (Palmer, 2011)
As a result of this development auditors can rely more on the internal control of the clients. So as an
effect control risk is therefore significantly decreased.
page 12

Detection risk
The detection risk is the risk that audit evidence gathered will fail to detect misstatements exceeding
tolerable misstatements (Arens, 2013). The digitalization of the transactions and automation of the
documentation of acquisition and payment processes does not change the audit process itself but
mainly the amount of audited data and demanded time in which the audit should be completed.
Therefore the collection of audit evidence additional analytical software tools can be used to respond to
this need. Overall detection risk will therefore decrease.
A specific audit risk related to the Electronic Inter-Enterprise Collaboration in the audit process is the
verification of accounts and transactions. Electronic signatures can be used to verify. Electronic
signatures can take various forms and can be created by using noncryptographic security techniques or
cryptographic techniques. However these security measures have their technical limitations (Emond &
Lavigne, 2002).
This part of this paper discussed the effects of Electronic Inter-Enterprise Collaboration on audit risk.
Audit risk was separated into inherent risk, control risk and detection risk. The effect on inherent risk
results from a convergence of different processes into one main electronic process. As a result audit
focuses more on exceptions. The effect on control risk is an increased reliance on internal controls which
decreases control risk. The effect on detection risk is more extensive approach using analytical software
but also an addition risk in verifying accounts.

page 13

5. Conclusion
As stated in the introduction the research question was; does the Electronic Inter-Enterprise
Collaboration affect the audit risk?'
Before answering this question the term EIEC was defined. This system also has some advantages and
disadvantages for both the company and its internal control. The chapter also stated which component
of the audit risk would be affected by the implementation of EIEC.
One of the big disadvantages is the lack of experienced personnel to operate this system.
As a counterpart of this disadvantage there is a advantage that because of the implementation of this
system, the information will be more reliable due reduced human errors and less fraudulent behavior.
This will result in a higher efficiency of information for decision making. This will increase the
competitive advantage.
So we can conclude that the implementation of EIEC will reduce the audit risk, given that the inherent
risk and the control risk are not changed after the implementation of EIEC.
page 14

References
Articles:
Avison, D. and Fitzgerald, G. (2003). Information systems development: methodologies, techniques and
tools (3rd edition), Maidenhead, UK, McGraw Hill, 608pp.
Emond, C & Lavigne, A. 2002. Going electronic. CA Magazine (7): p. 47 55.
Erffmeyer, R. C. and Johnson, D. A. (2001). An Exploratory Study of Sales Force Automation Practices:
Expectations and Realities. Journal of Personal Selling & Sales Management, 21 (2), 167-175.
Akkerman, H.A. Bogerd, P. Yucesan, E. van Wassenhove, L.N. (2003). The impact of ERP on supply chain
management Exploratory findings from a European Delphi study, European Journal of Operational
Research, 146 (2) pp. 284301.
Gunasekaran, A. & Ngai, E.W.T (2004). Information systems in supply chain integration and
management, European Journal of Operational Research, Volume 159, Issue 2, Pages 269295.
Golden, W. Powell, P.(1999). Exploring inter-organisational systems and flexibility in Ireland A case of
two value chains, International Journal of Agile Management Systems, 1 (3) pp. 169184.
Hau L. Lee, Seungjin Whang, (2004). Information sharing in a supply chain,
International Journal of Manufacturing Technology and Management, Volume 1, Number 1/2000, Pages
79-93.
Health Industry today (1999) Separating e-business and e-commerce necessary to successfully compete
on the Net says HEDIC, Health Industry today, vol. 62 No.12, pp5-7.
Johnstone, K.M. (2000) ClientAcceptance Decisions: Simultaneous Effects of Client Business Risk, Audit
Risk, Auditor Business Risk, and Risk Adaptation. AUDITING: A Journal of Practice & Theory: March 2000,
Vol. 19, No. 1, pp. 1-25.
Malhotra, A., Gosain, S., & El Sawy, O. A. (2007). Leveraging Standard Electronic Business Interfaces to
Enable Adaptive Supply Chain Partnerships. Information System Research , 18 (3), 260-279.
Maletta M, (2010), An Examination of Auditors' Decisions to Use Internal Auditors as Assistants: The
Effect of Inherent Risk. Contemporary Accounting Research Volume 9, Issue 2, pages 508525.
OLeary, D. E. (2000). Supply chain processes and relationships for electronic commerce. Handbook on
Electronic Commerce, edited by M. Shaw, R. Blanning, T. Strader, and A. Whinston, 431444.
Palmer, R. (1994). Reengineering payables at ITT Automotive. Management Accounting 76 (1): 3842.
Palmer, R. & Gupta, M. (2011). Technology-Driven Convergence of Business Processes in the Acquisition
Cycle: Implications for Accountants and Educators. Journal of emerging technologies in accounting (8):
65-87.
page 15

Richard B. Dusenbury, Jane L. Reimers, and Stephen W. Wheeler (2000) The Audit Risk Model: An
Empirical Test for Conditional Dependencies among Assessed Component Risks. AUDITING: A Journal of
Practice & Theory: September 2000, Vol. 19, No. 2, pp. 105-117.
Richard W. Houston, Michael F. Peters, and Jamie H. Pratt (1999) The Audit Risk Model, Business Risk
and AuditPlanning Decisions. The Accounting Review: July 1999, Vol. 74, No. 3, pp. 281-298.
Rodgers John A, Yen David C, and Chou David C, (2002) Developing e-business: a strategic approach
B. Shore, (2001), Information sharing in global supply chain systems, Journal of Global Information
Technology Management, 4 (3), pp. 2750.
Tuttle, B., & Vandervelde, S. D. (2007). An empirical examination of CobiT as an internal control
framework for information technology. International Journal of Accounting Information Systems , 240-
263.
Venkratraman, N. (1991), IT-Induced business reconfiguration, in Morton, S. (Ed.), The Corporation of
the 1990s: IT and Organizational Transformation, John Wiley & Sons, London, pp. 122-47.
Waters, J. (2000), Living in a world 24x7, Software magazine, Vol. 20 No. 1, February/March, pp. 53-7.
Williamson, E. A., Harrison, D. K., & Jordan, M. (2004). Information systems development within supply
chain management. International Journal of Information Management , 375-385.
Books:
Arens, A., Elder R. & Beasley M.(2013). Auditing and Assurance Services: An integrated Approach.
Pearson Education Limited.
Raval, V., & Fichadia, A. (2007). Risks, Controls and Security. Wiley.
Hall, J. A. (2011). Accounting Information Systems. Cengage Learning EMEA.