The control goals listed across the top of the matrix are derived from the framework presented in CONTROLLING INFORMATION SYSTEMS: PROCESS CONTROLS. Effectiveness of operations shows only two representative operations process goals. Obviously, in actual billing processes, other operations process goals are possible. As mentioned in CONTROLLING INFORMATION SYSTEMS: PROCESS CONTROLS and reinforced in THE “ORDER-TO-CASH” PROCESS: PART I, MARKETING AND SALES (M/S), the resource security column should identify only the assets that are directly at risk. For that reason, cash is not listed because it is only indirectly affected by the validity of the billings. The resource of interest here is the accounts receivable master data. Controls should prevent unauthorized access, copying, changing, selling, or destruction of the accounts receivable master data.
To focus our discussion, we limit our coverage of process inputs to just the shipping notice. Note, however, that other process inputs could be included in the matrix. From the point of view of the billing process, valid bills are those that are properly authorized and reflect actual credit sales. For example, a bill should be supported by a proper shipping notification and should be billed at authorized prices, terms, freight, and discounts.