Article Preview
TopIntroduction
Internal controls are defined as controls that are introduced in an organization to safeguard its assets, to protect the accuracy and reliability of the accounting data, to promote operational efficiency, and to encourage compliance with management policies and procedures (Romney & Steinbart, 2009). A more detailed discussion of internal controls is given in Section 2. With the advancement of information technology, organizations rely significantly on information systems to support their transactions and data processing. Information systems have played a crucial role in business operation. The manual mechanisms of traditional internal controls need to be re-designed and transformed into automated controls to achieve control objectives (Stringer & Carey, 2002). As information systems should undertake more internal control functions, the reliability of information systems becomes an important issue. Managerial problems and operational risks may arise if the automated control mechanisms are not properly implemented into information systems.
As the business rules are introduced for the integrity of transactions, the database constraints are in place for the accuracy of data processing. While transaction activities are mapped against data processing, internal control rules are mapped to database constraints. In other words, the essence of internal controls in operational activities is the data expressions or constraints in database (Doty et al., 1989; Tsamoura et al., 2011). The transaction data corresponding to the requirements of internal controls should be built into the database for enabling the presentation of the data expressions and constraints. However, IT professionals didn’t pay much attention to the above issue during database design process. As indicated by Bohem (1976) that it takes much more efforts to install the requirements at post-implementation stage than at analysis and design stage. Therefore, to design database schema incorporating the information needs of internal controls become a crucial issue for computerized organizations.
In 1976 Peter Chen published the original entity-relationship (ER) model which provided a friendly approach to logical database design (Chen, 1976). The model is comprehensive, yet it avoids the complications of storage and efficiency considerations, which are reserved for physical database design. In the more than three decades since then, a lot of users have adopted the original model and used it enthusiastically after minor changes. In addition, a number of researchers have extended the model to enhance its capabilities so that it is more appropriate for their particular endeavor. The most comprehensive extension includes REA accounting model which shares the enterprise financial and non-financial data proposed by McCarthy (1982).
Therefore, this study use the mapping mechanisms between controls and data of internal controls in transaction activities, referred Entity-relationship model to propose a Control-Data-Mapping Entity-Relationship (CDMER) model. By using this model, the operational rules are mapped to data expressions, and data expressions are analyzed to design the desired database schema, during the developing stage of information systems. Finally, a simple simulated case is prepared for illustration of the CDMER model. It will enhance the reliability of information systems through internal controls construction by applying the model to design databases.