Internal Control Improvement for Creating Good Governance

Published Online May 2017 in MECS

• I.    Introduction

  Based on the recapitulation of cooperative data result on December 2015 by the Ministry of Cooperatives and SMEs, the number of active cooperatives in Indonesia amounted to 212.135 cooperatives and inactive cooperatives amounted to 150.223 [1]. Cooperative as the national economy support certainly needs special attention to realize the good economy.

It needs special attention because there are still many cooperatives that are categorized unsanitary.

Cooperative which unsanitary due to the weak governance of the cooperative. The weak governance causes several problems, among others, the difference nominal savings between the cooperative and its customers, the value of collateral for loans that are not in accordance with the loan fund, refund loans that is not ontime or late, embezzlement of customer funds in the form of investments that promises more profit-making but not can be satisfied cooperatives to the detriment the customers.

Those problems are source of critical point that needs to be given special attention in order to be prevented. This critical point occurs in the absence of internal control that can controls the business processes of the cooperative. Cooperative business processes related to the Standard Operating Procedure (SOP) that is used. SOP is in need of repair in order to prevent problem that happens [13].

The improvement carried out by assessing the parts that become the critical point so that it can be made an internal control in business processes. Internal control is used as a limit to a business process, so that the cooperative will have to make cooperative governance relatively well later. To continue the development of internal control, this study used several frameworks to guide the preparation of internal controls such as COBIT, COSO, ITIL and national regulations that are prevailing in Indonesia [2] [3].

• II.    Theoretical Framework

In this section, we discuss about cooperation and internal control framework used in the study

• A.    Cooperative

Cooperative derived from the word Co and Operation which means working together to make the goals. Cooperative is groups of people or legal entity that work together to gives freedom of incoming and outgoing as a member to improve the welfare of its members and the public [6].

Definition of the elements of Cooperative: (1) Consist of people or legal entity cooperative. Cooperative is a collection of people or legal entity cooperative. The legal entity is an entity that legally has rights and obligations as an entity / organization that can sue and be sued. (2) Joint ventures, The growth of cooperative is a business based on the similarity of the activities and economic interests of members.(3) The principle of family means that based on the principle of family and economic democracy and common interests of its members in a cooperative effort, and help among the members of the organization. (4) Activity is based on the principle of cooperation. Cooperative serves to defend the interest members and the cooperative needs to build itself into a strong and independent as the pillar of the national economy.

• B.    COBIT 5

COBIT 5 framework is comprehensive, which can help the company get its goals to check the governance and management of IT Companies. COBIT 5 general natures and useful for many kind of company size, both the commercial sector, the non-profit sector or the government or the public sector. Consider the interests of the internal and external stakeholders associated with IT, COBIT 5 enables IT to be managed and organized in a way that more thorough for the entire scope of the company, covering the entire scope of the business and the scope of the functional areas of IT. [2][12].

COBIT 5 have five major principles of governance and management of IT enterprise comprising (1) Meeting Stakeholder Need (2) Includes Enterprise End-to-end (3) Implementing the Integrated Framework One (4) Enable Holistic approach (5) Separating Governance From management [2][12].

• C.    COSO

COSO as an organization providing thought leadership and guidance on internal control, risk management and prevention of fraud can be used as a guideline [3].

COSO has five components that used to build a control. Control environment, including how management gives the authority and responsibility as well as organizing and developing its people. Risk assessment is an analysis of the risks associated with the achievement of goals and forms the basis for determining how risks should be managed. Control activities are policies and rules that help to make sure the management directives are appropriate. Information and communication that occur in all staff must receive a clear command from the top management that control responsibility must be taken seriously. The last, monitoring, that regular monitoring of the management and staff in carrying out their duties. COSO will be equipped with a standard framework for others, namely ITIL [4].

• D.    ITIL

IT Infrastructure Library (ITIL) is a standard framework that refers to the best practice processes and operational management rules. ITIL focuses on defining function, operational and organizational attribute for operational management can fully maximize into the two main IT activities management in corporate namely Service Support Management and Service Delivery Management [4] [5] .

• E.    Cooperative Regulations

  In connection with the cooperative there is regulation which is governing the good cooperative assessment Ruling Minister of Cooperatives and Small and Medium Enterprises of the Republic of Indonesia Number 06/Per/Der.6/IV/2016. Regulation of the Minister of Cooperatives and Small and Medium Enterprises of the Republic of Indonesia Number 06/Per/Der.6/IV/2016 about Guidelines for the Good of Savings and Loans Cooperative and Unit Saving and Loans Cooperative Assessment also serve as guidelines for the internal controls preparation in order not to violate applicable regulation [6].

One of them can be seen from the target associated with the assessment of the cooperative include secured assets business activities of savings and loans cooperative in accordance with the law and regulation, increasing transparency and accountability in the management of savings and loans cooperative activity, and increasing the benefit of economic members in the activity of savings and loans business by the cooperative. It is desirable in the preparation of the internal control goal that will be achieved later. The scope of the sanitary assessment of cooperative conducted on several aspects: financing, productive asset quality, management, efficiency, liquidity, independence and growth as well as the identity of cooperative [6].

• III.    Related Works

Wen-Hsien Tsai et.al [14] shows IT Management of COBIT 5 significant effect on IT governance objectives, internal control, business value and information quality. The Business value be affected by IT governance objectives, internal control and information quality. Yuni Rahayu Susanti et.al [11] Stakeholder Support has been investigated as criteria affecting the implementation of IT management followed by criteria IT Human Resources and Time. Haryo Laksono et.al [15] has stated COBIT 5 has a framework that focuses on information security in detail and practical for information security. Walid Al-Ahmad et.al [16] has found a code of practice for low-level activity on COBIT 5 is successfully manage information security within a company. Suryo Suminar et.al [17] has had Proces Assessment Model (PAM) to measure capability levels of a domain related in COBIT 5.

• IV.    Methods

• 5.    The goal of IT will shows the domain associated with the critical point [8] [13].

This research was conducted through several steps for the improvement of internal control so that be able to create a good cooperative [7]. The following flowchart depicts the step that is being taken in this study.

Fig.1. Research Methodology

The result of this survey indicated the problems that occurred in the cooperative. This issue will be formulated into a critical point that is used as a basis for mapping using the COBIT 5 framework. Mapping began from the critical point that associated with the Balanced Scorecard perspectives which became business goal. The result then showed two perspectives that are relevant; the risk management business primarily securing assets and financial transparency. The business goal then mapped to IT goals by using the guidelines contained in the COBIT

The next stage, assessing the level of significance to know the importance of the critical point impacts on the sustainability of the cooperative. Assessment the level of signifincance was performed by using a questionnaire with entities resource in associated such as the manager, accountant, credit department, supervisor, the collector, the administration, the cashier and the customers [8].

The critical point selected in accordance with the level of significance then mapped to the business process/ SOP in the cooperative. The result of the mapping will shows the weak points in the SOP that will be created for internal controls [7].

Internal control which imade will be guided by standards such as COSO and ITIL with due regard to the cooperative rules and regulations. COSO as an organization providing thought leadership and guidance on internal control, risk management and prevention of fraud can be used as a guideline. IT Infrastructure Library (ITIL) is a standard framework that refers to the best practice processes and operational management rules. Equipped with government regulations as national guidance [3][4].

• V.    Result and Analysis

The survey was conducted in 10 cooperatives spread in Denpasar, by conducting interviews, saw the log system and through questionnaires. The result is several issues that made the critical point in the cooperative which will be shown by the following table.

Table 1 shows the critical point cooperatives caused by internal and external factors. Internal factor that is affecting consisting of poor management, employees who lack discipline and competent, while external factor such as competition with other business entities, lack of public awareness about the importance of participating cooperative members and others. The critical point of the difference total amount of deposits among in contained in the cooperative system with a savings book. This problem occurred because there is rogue or collector (person in charge of taking the money savings from clients) that are not depositing money into savings cooperative honestly. This problem is caused by lack of competence the entities related in the business process.

Table 1. Critical Point in the Cooperative

No	Critical Point	Related SOP	Source Cooperative
1	The difference between the value of savings of the cooperative and customer	Savings	Cooperative A, B, C, D, E, F, G, H, I, J
2	The value of collateral that is not in accordance with the loan amount	Loan	Cooperative A, C, D, H, I, J
3	Repayment of loans by customers frequently being problem	Loan Installment	Cooperative A, B, C, D, E, F, G, H, I, J
4	Doubling customer’s savings book	Deposit Withdrawls	Cooperative B, C, E, F, G, I
5	Repairing system understood only by one person	Cooperative Management	Cooperative C, D, E, J, H
6	Recommendation to problematic customer	Loan	Cooperative A, B, C, D, H, I, J
7	Embezzlement of customer funds by employee of the cooperative	Client	Cooperative B, C, D, E, F, G, H

The nominal value of the loans is often greater than the value of the collateral provided by a customer. This problem occurred because there is a person who cooperated in conducting such fraud. Manager also can make the mistake of approving any kind of loans without seeing the guarantee provided.

The refund loans is often experiencing delays due to problematic customer. The reason is because there is a lack of control in lending to customer who has often problematic.

Withdrawal of savings using a savings book that has duplicated. Doubling the savings book is undertaken by irresponsible both from within and outside the cooperative. It needs for notice to the customer in every balance change happens.

In case of the problems with the cooperative system that is used, only one person who understands the improvement system. This critical point can disrupt the service in the cooperative because of the system that suffers damage can not be repaired immediately.

The lack of the notification in the problematic customer if the customer who has problem comes back to borrow money and with no notice about the problematic customer. This critical point occurs due to lack of decision-making system is based on accurate data.

Embezzlement of customer funds used by unscrupulous cooperative which is not the common significance. Manager might be invested in other businesses with greater profit so that cooperative member who wishes to borrow does not get the necessary funds because it was first invested. This action makes the cooperative become unsanitary because many cooperative member become unconvinced to the cooperative.

The above problems then will look for the level of significance by conducting survey. Survey that conducted will use the results of mapping the critical point by using the COBIT 5 framework. First, critical points are mapped to the perspective of the Balanced Scorecard which is being the goal of business. The result shows that two perceptive relevant; risk business management primarily in safekeeping of the asset and financial transparency. Business goal then mapped to IT goals by using the guidelines contained in the COBIT 5. The objective of IT will shows the domain associated with the critical point. Mapping process will be shown by the following table [2] [12].

Table 2. Mapping Critical Points to Enterprise Goals and IT Related Goals

Critical Points	No	Enterprise Goals	IT Related Goals
The difference between the value of savings of the cooperative and customer	3	Managed business risk (safeguarding of assets)	04, 10, 16
The value of collateral that is not in accordance with the loan amount	5	Financial transparency	6
Repayment of loans by customers frequently being problem	3	Managed business risk (safeguarding of assets)	04, 10, 16
Doubling customer’s savings book	3	Managed business risk (safeguarding of assets)	04, 10, 16
Repairing system understood only by one person	5	Financial transparency	6
Recommendation to problematic customer	3	Managed business risk (safeguarding of assets)	04, 10, 16
Embezzlement of customer funds by employee of the cooperative	5	Financial transparency	6

Mapping then performed with the results of table 2 by performing the mapping of IT goals to each Domain Process [11].

Tabel 3. Mapping COBIT 5 IT-related Goals to Processes

No	IT Goals	E D M	A P O	B A I	D S S	M E A
4	Managed       IT-related business risk	3	10 12 13	1 6	1,2 3,4 5,6	1 2 3
6	Transparency of IT costs, benefits and risk	2 3 5	6 12 13	9	-	-
10	Security of information, processing infrastructure and application	3	12 13	6	5	-
16	Competent and motivated business and IT personnel	4	1 7	-	-	-

The relationship between critical points with the associated domain can be indicated by mapping the IT goals. For more details will be shown by Table 4 below [2].

Table 4. Relationships Between Critical Points and COBIT 5 Domain Process

Critical Point	Related Process
The difference between the value of savings of the cooperative and customer	EDM04, APO12, DSS01, APO06, DSS03, DSS05, DSS06, MEA01, MEA02, MEA03
The value of collateral that is not in accordance with the loan amount	EDM02, EDM03, EDM05, APO12, APO13, BAI09, DSS01, APO07, DSS03, DSS05, DSS06
Repayment of loans by customers frequently being problem	EDM04, APO12 , APO13, BAI01, DSS01, DSS03, DSS04, DSS06, MEA01, MEA02, MEA03
Doubling customer’s savings book	EDM04, APO13, MEA01, MEA02, MEA03
Repairing system understood only by one person	EDM02, APO01, BAI01, APO06, APO07, APO13, BAI09, DSS03, DSS04, DSS05
Recommendation to problematic customer	EDM04, APO12, BAI06, DSS02, DSS04 DSS06, MEA01, MEA02, MEA03
Embezzlement of customer funds by employee of the cooperative	EDM02, EDM03, APO06, APO07, BAI09, APO10, APO12, APO13, DSS03, DSS05, MEA01, MEA02, MEA03

The result are mapping to each domain in table 4 will be used as the basis in making the questionnaire [10]. Hereafter devised a questionnaire which describes each domain to get the level of importance, that showed by Table 5 below.

Tabel 5. The Result of The Level of Importance

RANK	COBIT 5 PROCESS	TOTAL
1	APO 7	271
2	MEA 1	269
3	EDM 5	268
4	DSS 2	265
5	DSS 3	263
6	EDM 3	259
7	EDM 4	259
8	DSS 4	257
9	EDM 2	254
10	APO 6	252
11	APO 1	251
12	BAI 6	250
13	APO 12	246
14	DSS 6	235
15	MEA 3	173
16	DSS 5	164
17	BAI 1	162
18	DSS 1	159
19	MEA 2	159
20	BAI 9	95
21	APO 10	88
22	APO 13	68

Table 5 shows the results of the level of importance of the data using the 10 cooperatives with about 57 interviewees. The results of the level of importance in table 5 can be used as the domain focus that will be used next. From table 5, we will select the top 5 domains with the highest level of importance, consisting of [11]:

• (1)    APO07 Manage Human Resources

Optimizing human resource ability to carry out the company goal. This is done with the proper communication along with the division of tasks as well as the order competence to be served optimally [2] [12].

• (2)    MEA01 Monitor, Evaluate and Assess Performance and Conformance

Providing transparency of the performance and suitability in achieving the goal. Performance that has conducted in accordance with the collective agreement and there are regular reports and timely about achieving goals [2] [12].

• (3)    EDM05 Ensure Stakeholder Transparency

The communication with stakeholder is done effectively, to make sure if there is a change in the company's reports that are transparent and in line with the company’s goal [2] [12].

• (4)    DSS02 Manage Service Requests and Incidents

The increasing productivity and minimizing interference by providing prompt and effective resolution of an incident [2] [12].

• (5)    DSS03 Manage Problems

Identifying, classifying the problem, finding the cause and giving the proper resolution to prevent recurring incidents and giving the recommendations for improvement [2] [12].

The level of importance used as a measure of value for improving the internal control of the cooperative. Internal control will be added in the SOP cooperative. Improvement with the addition of internal controls in the SOP can be shown as follows [9].

• A.    Deposit of Standard Operating Procedure

The process of saving deposit has entities that are member cooperative, collector, cashier and accounting staff. The first process started with the setting up of cooperative members with deposited file those are savings book, deposit receipt, and the money that will be deposited. The collector then receives the file to be processed. The collector will take him to the cooperative to be processed by the cashier to verify the savings deposit slip. The verification is done by matching the data members as well as customer balances before making a transaction. The cashier will proceed to the accountancy to be recorded in the general ledger cooperative, if the verification result is valid. Meanwhile, if the result of the verification at the cashier does not match then the file will be returned to the collector to look for the cause of the discrepancy. In the accountancy before record-keeping were done, verify the data is still being done to comply with contained in the savings book and cooperative, and if it is found that the data does not match, then all the files will be returned to the cashier and then to the collector to find the cause of the discrepancy. Conversely, if the data is in conformity with the cooperative data, so that will be done with record-keeping transaction. The cashier will gives notification to the customer that the process has been successfully deposited savings and returns the savings book to the clients. Awarding notification will be easier for customer to get information related to the transactions, so the customer do not have to come to the cooperative.

The control that added in deposit of SOP to overcome the difference in value between cooperative and customer deposits can be overcome by adding the internal control. Addition of control that has to be guided on standards such as COSO, ITIL and government regulations. Manual in COSO indicated by the addition of data verification at the cashier and accountant who had been in accordance with the value of Risk Assessment, the difference of balance value’s risk assessment between the savings book and cooperative data that performed in every transaction. The assessment aims to find the source of the problem as detailed as possible when differences balance value arose

The using of ITIL is shown with the addition of a notification to the customer if the transaction has been successfully performed. The addition of this notification in accordance with the ITIL concept of Service Delivery Management, which provides a service that gives information that is required to the client to increase the confidence in the cooperative and also improve the IT service to provide notification of each transaction that is successfully done [4].

Fig.2. Repairing of Deposit Flowchart

Fig.3. Repairing of Deposit Flowchart Part 2

• B.    Withdrawal of Saving of SOP

The process of withdrawal of savings has five entities consisting of members of the cooperative, cashier, accountant, administrative of savings, and manager. First, the member of the cooperative have to prepare a document that will be used to form a withdrawal of savings book, a withdrawal receipt, and self-identity. The document then will be verified by the cashier and will get a unique code that is used to confirm the withdrawal of savings by the customer, if the code given is wrong then the process cannot be continued. Conversely, if the given code is correct then the document will be submitted to the administration department to check the balance of savings that available, if the balance is sufficient to withdrawal amount that requested, the documents will be submitted to a manager for approval or consent of withdrawal. By the time that the document was approved by the manager then it will be returned to the cashier and give notification to the customer that the withdrawal of the savings has been approved and payment made to the customer. It also conducted the daily recording of cash left and handed over to the accountant to do the daily recapitulation that will be shown to the end of each month.

Fig.4. Repairing of Withdrawal of Savings Flowchart

The addition of control that has to be guided on standards such as COSO, ITIL and government regulations. COSO guidance in use indicated by the addition of the customer’s data verification by sending the unique code to perform further processing in accordance with the value of control activities, such as adding data verification and withdrawals of saving’s approval activities by the manager.

The using of ITIL is shown with the addition of a notification to the customer if the transaction has successfully performed. The addition of this notification in accordance with the ITIL concept of Service Delivery Management, which provides a service that gives information required to the customer to increase the confidence in the cooperative and also improve the IT service to provide notification of each transaction that is successfully done [5].

Fig.5. Repairing of Withdrawal of Savings Flowchart Part2

The withdrawal of savings have a critical point in the form of multiplication problems of saings book carried out by person who is not responsible, so that the withdrawal of savings made by using a savings book that has been duplicated and this makes customers harmed. At the database level can be implemented with the addition of Store Procedure which serves to transmit a unique code to customers for withdrawing. For giving notification of successful withdrawal also uses the Store Procedure that will sends notification for each reduction in the balance value happens [4].

• C.    Loan Application of SOP

Loan application has five entities consisting of members of the cooperative, cashier, credit department, managers, and supervisors. First, the members of the cooperative / customers fill out the loan application form and give it to the cashier to verify the document. Then, there will be an evaluation by the credit department consisting of seeing the history of lending, loan amount assessment, assessment paychecks / loan guarantees. The results of the analysis will be awarded to the manager team or supervisor with considerations based on the value of the loan. Value of loans that are not too large, then the approval levels sufficient to the manager. Conversely, if the loan amount is relatively large then it will be the level of manager and supervisor approval. Loan applications that are approved by the manager and supervisor will be immediately processed to provide the terms and conditions applicable to the customer. Terms and conditions for the loan value of the customer were required to have insurance in case the customer dies. The customer who does not agree to the terms and conditions can applies for a loan back for analysis, and vice versa. If the customer agrees then the cashier will prepare the loan documents with the money that will be provided to customer.

Fig.6. Repairing of Loan Application Flowchart

Loan applications have problem about the differences of the nominal value of collateral and loan to the detriment of the cooperative then need an internal control to prevent it. The addition of control that has to be guided on standards such as COSO, ITIL and government regulations. COSO guidance that used is shown by the analysis, conducted by a team of credit that will generate the information used to make decisions on a management or supervisory level. The internal controls in accordance with COSO components namely Information and Communication as information media used in decision-making, but there is also a Control Activities component, such as adding data verification and approval activities of savings by the manager [3].

The using of ITIL is shown with the addition of a notification to the customer if the withdrawal of savings has been successfully performed. The addition of this notification in accordance with the concept of the ITIL Service Support Management, which provides information and accurate data can supports in decision-making by the manager or supervisor [4].

Fig.7. Repairing of Loan Application Flowchart Part 2

• VI. Conclusions

Based on this research, improvements of the expected SOP has been done to solve the problems contained in the cooperative, this SOP improvement needs to be applied directly to the cooperative business processes. Applications of others are at the database level by adding an internal control to limit fraud in the conduct of business in the cooperative process.