worst country in performing good governance. Indonesian ... Structured Query Language, Good Governance. 1. Introduction ... Indonesian index good governance was only 2,88 and the highest was ..... Clean Government dan. Budaya Bisnis ...
Structured Query Language: an Alternative Audit Tool to Support Good Governance Oviliani Yenty Yuliana Natalia Tangke Petra Christian University - Indonesia
The prior researches indicate that Indonesia is the worst country in performing good governance. Indonesian government and private sector focus their activities to improve good governance. Auditors have significant roles in applying it. Auditor roles become wider and complex therefore they need supporting tools. This requirement is answered by the growth of information technology. Various “audit tools”, e.g. ACL, have been developed so “audit with computer” is appropriated. The goals of the research are: to demonstrate the power of Structured Query Language (SQL), to gain operational experience in using the SQL, to get an alternative audit tool. Every DBMS over SQL therefore governments or companies do not need additional expense to support clear governance.
Key words: Audit with Computer, Audit Tool, Structured Query Language, Good Governance
1. Introduction Booz-Allen and Hamilton mentioned that Indonesia was the worst governance index in South-East Asia in 1999 (Irwan, 2000). Indonesian index good governance was only 2,88 and the highest was Singapore, 8,93. During 1999/2000, Indonesia lost trillions rupiahs because of KKN (Anonim, 2000). BPKP indicates KKN from existence of fraudulent of procedure levying of services and goods, payment exceeding labor capacity, fictions worker, forgery of document, mark-up, or giving project to parties with special relationship (Achwan, 2000). Other survey by Pricewaterhousecoopers among international investors in Asia in 1999 showed that Indonesia was the worst in standards of accounting and compliance, accountability to
shareholders, standards of disclosure and transparency and board processes. Another study showed that the degree of investor protection in Indonesia was the lowest in South-East Asia. Susilo (2001) and Shunglu (2000) agree that auditors have significant roles to increase good governance. The existence of corruption in economic activities can be found from audit finding. Furthermore, Shunglu (2000) stated that the roles of auditor expand. Auditors do not only test financial statement, but auditors also test management practice. In consequence, auditors need tools to support their duty. It is known as the audit with the computer (Handayani, 2000; Meidawati, 2002; and Purba, 2002). Chapman (2002) surveyed about the usage of audit tools by internal auditor. The survey showed that internal auditor used ACL (specialized audit tools) for data extracting (24%) and data analysis (24%). While database software used for data extracting (9%) and data analysis (10%) was Access. Researchers conducted a survey to 21 auditors from 5 Public Accountant Firms on April 2006 in Surabaya. The result shows that most of auditors’ clients use database. The three highest percentages of databases are Excel (50%), Foxpro (40%), and Access (5%). Respondents have known the existence of audit tools, like: ACL (75%) and IDEA (15%). However, from 75% respondents know ACL, only 60% respondents have already used it. Research about tools which is not special designed for audit, like Excel, has been done by
1
Lanza (2006). Excel has several limitations, i.e.: can only process 65.536 data and difficult to manage data. Base on Excel limitations, percentage database usage in companies is high enough, and several Accounting Majors in Indonesia over Database Management course (for instance Universities of: Indonesia, Gajah Mada, Atmajaya Yogyakarta, Atmajaya Jakarta, Petra Christian). In addition, according to Chamberlin (1974), Astrahan (1975), and Welty (1981), SQL is intended for interactive, problem solving use by people who have need for interaction with a large database but who are nonprogrammers, e.g.: urban planners, accountants. The objective of the language should be easy to learn, use, and remember. This project research considers SQL in Access 2003, especially DML statements, for querying data in auditing context. The SQL will be reviewed by a series of examples. The goals of the research projects are: (a) to demonstrate the power of SQL; (b) to gain operational experience in using the SQL; (c) to get an alternative audit tool.
2. Literature Review 2.1 Auditing with Computer Phases In general, there are six phases to conduct “audit with computer” i.e.: plan the audit, acquire the data, access the data, verify the integrity of the data, analyze the data, and report the findings. Activities perform within planning the audit are identifying the audit objectives, identifying the technical requirements, and identifying analytical procedures. In acquiring the data, physical data and logical data are gained by identifying the location and the format of the required source data. Activities in accessing the data include adding the data to the audit project so the tools could read them. Verify the integrity of the data ensure that the data does not contain corrupt elements and it is properly constructed included test for uniqueness, data relationships, and reliability. Analyze the data consist of interrogate and manipulate the data to identify exceptions. Report the findings mean prepare the results for
formal presentation. 2.2 Structured Query Language (SQL) SQL was developed by IBM and has been endorsed by the ANSI SQL-92 standard. All DBMS products process SQL, i.e.: Access, SQL Server, and Oracle. This study use Microsoft Access 2003. Kroenke (2006) mentions that SQL statements are divided into two categories: Data Definition Language (DDL) and Data Manipulation Language (DML). DDL statements are used for creating tables, relationships, and another structures. Where as, DML are used for querying and modifying data. In general, the SQL statement shows in Figure 1. Figure 1. SQL Statement SELECT [predicate] { * | table.* | [table.]field1 [AS alias1] [, [table.]field2 [AS alias2] [, ...]]} FROM tableexpression [, ...] [IN externaldatabase] [WHERE...] [GROUP BY...] [HAVING...] [ORDER BY...]
The minimum syntax for a SELECT statement is SELECT fields FROM table. Predicate is used to restrict the number of records returned, such as: ALL, DISTINCT, DISTINCTROW, or TOP. If none is specified, the default is ALL. In addition, the notation “*” is used to specify all fields from the selected table or tables. Where table is the table name that contains the fields from which records are selected. Moreover, field1 and field2 are the names of the fields containing the retrieved data. If more than one field will be retrieved they must be in the order list. alias1 and alias2, as well, are the names of the column headers instead of the original column names in table. Furthermore, Tableexpression is the name of the table or tables containing the retrieved data. Finally, Externaldatabase is the name of the database containing the tables in tableexpression if they are not in the current database. If a field name is included in more than one table in the FROM
2
clause, precede it with the table name and the “.” operator. Furthermore, WHERE clause is used to specify which records from the tables listed in the FROM clause are affected by a SELECT statement. In addition, GROUP BY clause is used to combine records with identical values in the specified field list into a single record. A summary value is created for each record if an SQL aggregate function (such as: Sum or Count) is included in the SELECT statement. HAVING clause, additionally, specify which grouped records are displayed in a SELECT statement with a GROUP BY clause. After GROUP BY combines records, HAVING displays any records grouped by the GROUP BY clause that satisfy the conditions of the HAVING clause. At last, ORDER BY clause is used to sort a query's resulting records on a specified field or fields in ascending or descending order.
3. Problem and Discussion This research uses the ACL Version 8 data tutorial, concerning employees and credit card transaction of a factious company, Metaphor Corporation. Most employees have a company credit card. When an employee purchases product or services for the company, they must use a company credit card. The Corporation incurs significant expenses in several categories: travel, entertainment, client service, professional development, and internal office expenses. 3.1 Plan the Project The audit objectives in this research are examines employee profile data and analyze the credit card transactions of Metaphor employees to find transactions that are contrary to policy and transactions that might be erroneous or fraudulent. Technical assessment includes: (1) checking profile of employee data and credit card data, (2) searching detail information about expense and pattern of company expenditure, (3) analyzing whether there is transaction which is contrary to company policy and transactions that might be erroneous or fraudulent. After specify
technical steps, hence identify analytical procedures to reach the audit objectives by using SQL. 3.2 Acquire the Data In auditing it is important to understand the type of needed data and its source. Data that used in auditing Metaphor Corporation comes from various file type: Acceptable_Codes.mdb (Access database file has a list of acceptable codes from the Merchant Category Code list), Credit_Cards_Metaphor.xls (Excel worksheet file that lists the credit card information), Company_Departments.txt (Tab-delimited file, contains a list of departments and their internal numbers), Employees.cvs (Comma-delimited text file that lists the employee names, employee numbers, and credit card numbers), Trans_April.xls (Excel worksheet file that lists credit card transactions of April 2003), and Unacceptable_Codes.txt (Tab-delimited file, contains a list of unacceptable codes from the Merchant Category Code). 3.3 Access the Data To combine all of the Metaphor data into a database, choose File>>New>>Blank database in Access. Fill the database name in “File Name” and click Create. Next process, import all files that will be combined, by choosing File>>Get External Data>>Import. Checking and modification of Data Type and Field Properties is required to all tables that have been imported in Design View. For further information about create database, import data, modification table structure, view data see Grauer (200). 3.4 Verify the Integrity of the Data To ensure the employee table contains the correct data and number of records, 200. We use SQL statement as shown in Figure 2. The figure shows all fields and records. In the record status, lower left corner, shows 200 records automatically. It means the table contains the complete record. SQL statement for counting the records without viewing them is shown in Figure
3
3. Another way to verify the data integrity is numeric totals. It matches the control total provided by the data owner. For example, see
Figure 4.
Figure 2. SQL Statement for Viewing Employee Data SELECT * FROM Employees
...
Figure 3. SQL Statement for Counting Employee Data SELECT Count(*) AS [Total Number of Employee] FROM Employees;
Figure 4. SQL Statement for Employee Statistical SELECT Min(Bonus_2002) AS [Min Bonus 2002], Max(Bonus_2002) AS [Max Bonus 2002], Avg(Bonus_2002) AS [Rata-rata Bonus 2002], Sum(Bonus_2002) AS [Jumlah Bonus 2002], StDev(Bonus_2002) AS [StDev Bonus 2002] FROM Employees;
In addition, to ensure the integrity of the data is a duplicate record checking. One employee might be listed under two names or under the same name twice. For instance, Figure 5 shows
SQL statement for checking duplicate last names. Two employees might have been assigned the same employee number inadvertently. For example, see SQL statement in Figure 6.
Figure 5. SQL Statement for Looking Duplicate Last Names SELECT Last_Name, Bonus_2002, CardNum, EmpNo, First_Name, HireDate, Salary FROM Employees ... WHERE Last_Name In (SELECT Last_Name FROM Employees As Tmp GROUP BY Last_Name HAVING Count(*)>1 ) ORDER BY Last_Name; Figure 6. SQL Statement for Looking Duplicate Employee Numbers SELECT EmpNo, First_Name, Last_Name, CardNum FROM Employees WHERE EmpNo In (SELECT EmpNo FROM Employees As Tmp GROUP BY EmpNo HAVING Count(*)>1 ) ORDER BY EmpNo;
3.5 Analyze the Data 3.5.1 Examine employee data This section discusses the Metaphor Corporation employee profile, such as: examining bonuses, displaying salary, hiring dates, and other human resources.
Figure 4 shows the examination of bonuses paid in 2002. In addition, the SQL statement to view the salaries in descending order is shown in Figure 7. Moreover, Figure 8 shows the SQL statement for viewing the employees who hired in
4
2002. Furthermore, the statement to determine bonus as a percentage of salary is shown in
Figure 9.
Figure 7. SQL Statement for Viewing Employee Descending Order by Salary SELECT EmpNo, First_Name, Last_Name, Salary FROM Employees ORDER BY Salary DESC;
...
Figure 8. SQL Statement for Viewing Employee Hired in 2002 SELECT EmpNo, First_Name, Last_Name, HireDate FROM Employees WHERE Year(HireDate)=2002;
...
Figure 9. SQL Statement for Determining Bonus as a Percentage of Salary SELECT EmpNo, First_Name, Last_Name, Bonus_2002, Salary, Bonus_2002/Salary AS [Ratio of Bonus to Salary] FROM Employees; ...
3.5.2 Simple analysis This section expresses the power SQL to look at the credit limits and the credit card balances to get information about financial liability and credit card usage patterns. Figure 10 shows the command for determining the total credit exposure. In addition, the SQL command to extract expiring card numbers is
shown in Figure 11. Moreover, to check the credit card balances use SQL statement in Figure 12. Furthermore, several expenditures related to customer number 444413 have been warned so some information about the transaction associated with that customer number is needed, see Figure 13.
Figure 10. SQL Statement for Determining the Total Liability SELECT Sum(CREDLIM) AS [Total Cedit Limits] FROM CreditCards;
5
Figure 11. SQL Statement for Extracting the Expired Card Numbers SELECT CARDNUM, CREDLIM, EmpNo, EXPDT, FINCHG, MINPYMTDUE, NEWBAL, PASTDUEAMT, PMTDUEDT, PREVBAL, RATE, STMTDT FROM CreditCards WHERE EXPDT1000) OR (FINCHG>0) OR (PASTDUEAMT>0) ORDER BY NEWBAL DESC;
...
Figure 13. SQL Statement for Finding Transaction By Customer Number SELECT CARDNUM, AMOUNT, TRANS_DATE, CODES, CUSTNO, DESCRIPTION FROM [Transaction] WHERE CUSTNO=”444413”;
...
3.5.3 Examine expense patterns This section provides information about spending patterns in the April credit card transaction for Metaphor accounting department. Therefore, Metaphor might be able to economize by choosing a single vendor in some cases, or by obtaining bulk discounts, or by further limiting the acceptable categories of transactions. In addition, expenses per customer can be used to determine whether the money is being spent effectively.
Summarizing the transaction expenses for each category code is used to show how much money was spent specifically, such as: airlines, hotel chains, and restaurant expenses. For example, SQL statement to find the total expenses per category code, see Figure 14. Metaphor wants to look closely at the total amount spent on out-of-town stays in April, specifically on airfare, accommodation, and rental cars. Hotels, motels, rental cars, and airfare fall
6
exclusively in the code range 3000-3750. All transactions with these codes should relate to travel by metaphor employees. The filtering and displaying all transactions with codes between and including 3000 to 3750 is shown in Figure 15. Metaphor also wants to look at the total expenses related to golf and drinking
establishments. The SQL statement in Figure 16 shows the isolated transactions with the golf and drinking establishment merchant category code, i.e.: 5813 or 7992. At last, Metaphor want to determine the total transaction amount for each credit card number for the month of April, see Figure 17.
Figure 14. SQL Statement for Summarizing the Total Expenses per Category SELECT CODES, DESCRIPTION, Count(CARDNUM) AS [Total of Trasaction], Sum(AMOUNT) AS [Total of Amount] FROM Transaction GROUP BY CODES, DESCRIPTION ORDER BY Sum(AMOUNT) DESC;
...
Figure 15. SQL Statement for Filtering the Travel-related Expenses SELECT CARDNUM, AMOUNT, TRANS_DATE, CODES, CUSTNO, DESCRIPTION FROM Transaction WHERE CODES Between "3000" And "3750" ORDER BY CODES;
... Isolate particular recreational expenses Figure 16. SQL Statement for Filtering the Golf and Drinking Expenses SELECT CARDNUM, AMOUNT, TRANS_DATE, CODES, CUSTNO, DESCRIPTION FROM [Transaction] WHERE CODES IN ("5813", "7992") ORDER BY CODES;
...
7
Figure 17. SQL Statement for Listing the Amounts per Card Number SELECT CARDNUM, Count(CODES) AS COUNT, Sum(Transaction.AMOUNT) AS AMOUNT FROM Transaction ... GROUP BY CARDNUM;
3.5.4 Analyze transaction So far we have demonstrated a preliminary investigation and analysis of the Metaphor data in SQL projects. Now, we determine whether Metaphor employees are using their company credit cards to make unapproved purchases and whether they are using their company credit cards to buy specifically forbidden items and services. Metaphor Corporation has created three
categories of transaction codes, based on the merchant category codes list, i.e.: acceptable, unacceptable, and conditional (requires prior approval). In this section, we demonstrate how to find all unacceptable transactions, see Figure 18. Furthermore, Metaphor wants to identify who made these purchases and which department these employees belong. The SQL statement is shown in Figure 19.
Figure 18. SQL Statement for Determining the Unacceptable Transactions SELECT CARDNUM, AMOUNT, TRANS_DATE, Transaction.CODES, CUSTNO, Transaction.DESCRIPTION FROM Transaction WHERE Transaction.CODES In (SELECT UnAcceptable.Codes FROM UnAcceptable);
Figure 19. SQL Statement for Identifying the Employeen Who Made the Unacceptable Transactions SELECT First_Name, Last_Name, DeptName, AMOUNT, Transaction.DESCRIPTION, TRANS_DATE, Transaction.CARDNUM, Transaction.CODES, Transaction.CUSTNO FROM UnAcceptable, Transaction, Employees, Departments WHERE (CUSTNO=EmpNo) AND (UnAcceptable.Codes=Transaction.CODES) AND (Left(EmpNo,1)=DeptCode);
3.6 Report the Finding To report the finding of unacceptable transactions including employee information
whose make those transaction, we use report object in Access. The design view and report view of audit finding is shown in Figure 20.
8
Figure 20. Design View and Print Preview of Unacceptable Transactions
4. Conclusion Several steps in audit with computer can be skipped or eliminated if companies or governments have already used database. Therefore, auditors do not combine various files from different storage media or computer with various file type. Moreover, auditors do not verify data type and data format. DBMS verifies primary key field automatically for checking duplication in every additional data. SQL can facilitate and minimize technical phase in audit. However, auditors still have to understand the structure of data and tables relationship. We agree with several Accounting Majors over Database Management course. In short, there are several ACL commands that still cannot be running by using SQL, such
as: stratified summary, producing aged, and sampling. Moreover, summary statistics on numeric field in ACL can be done automatically to several numeric fields, while in SQL must be done one by one. So far, the limitations do not significant as an alternative audit tool. As a result, companies/institutions can maximize the usage of their DBMS and do not need additional expenses to perform good governance.
5. References Achwan, Rochman. (2000). Good Governance: Menifesto Politik Abad ke-21. Kompas 28 Juni 2000, 39. Anonim. (2000). Pertamina, Bulog, dan BI Sarang KKN Terbesar. Kompas 28 Juni 2000, 13.
9
Astrahan, M.M. & Chamberlin, D.D. (1975). Implementation of a Structured English Query Language. Journal of Communications of the ACM, 18 (10), 580-588 Chamberlin, Donald D. & Boyce, Raymond F. (1974). SEQUEL: A Structured English Query Language. Proceeding of the ACM-SIGMOD workshop on Data Description, Access, and Control, 249-264 Chapman, Christy. (2002). Power tools: 2002 audit software usage survey. http://Findarticles.com/p/articles/mi_m4153/is _4_59/ai_90257860 Grauer Robert T. and Maryann Barber. (2002). Exploring Microsoft Access 2002, Prentice Hall, Upper Saddle River, NJ. Handayani, RR. Sri. (2000). Pengaruh Kemajuan Teknologi Informasi terhadap Perkembangan Akuntansi. Media Akuntansi 9, I-VII. http://accounting.petra.ac.id/e-sia_tabel.html Irwan, Alexander. (2000). Clean Government dan Budaya Bisnis Asia. Jurnal Reformasi Ekonomi, 1 (1), 56-63. Kroenke, David M. (2006). Database Processing Fundamentals, Design, and Implementation 10th edition. Pearson Prentice Hall, New Jersey Lanza, Richard B. (2006). Using Excel as an Audit Software (Audit Software Professionals,
www.auditsoftware.net) Meidawati, Neni. (2002). Peran Auditor dalam Lingkungan Teknologi Informasi: Suatu Pendekatan Pada Auditing Berbasis Komputer. Media Akuntansi 23, 60-65. Purba, Marisi P. (2002). Audit Berbasis Teknologi Informasi: Paradigma Abad 21. Media Akuntansi 27, 6-11. Shunglu, V. K. (2000). The Role of The Auditor in Promoting: Good Governance. International Journal of Governament Auditing, April 1998, 18-19. Susilo, Y. Sri. (2001). Mampukah Ikatan Akuntansi Indonesia (IAI) Menjadi Salah Satu “Pillars of Integrity” http://www.transparansi.or.id/artikel/artikel_pk /artikel_02.html Welty, Charles & Stemple, David W. (1981). Human Factors Comparison of a Procedural and Nonprocedural Query Language. Journal of ACM Transactions on Database Systems, 6 (4), 626-649 www.atmajaya.ac.id/content.asp?f=1&katsus=51 www.fe.ui.ac.id/programakademik/S1/reguler/ak untansi/ www.uajy.ac.id/fe_ak_kur.asp
10
