The Internal Control Of Management Accounting Information Systems Of The State-Owned Enterprises In Indonesia

,


INTRODUCTION
The basic concept of internal control is a process, influenced by the board of directors of an entity, management and other personnel, which is designed to provide reasonable assurance of achieving the organization objectives, such as the effectiveness and efficiency of operations, the reliability of financial reporting and the compliance with laws and regulations (Coso, 2013). Internal control describes policies, plans, and procedures that are adopted by the management of an organization to protect its assets (Bagranoff et al, 2013:349), such as to oppose the takeover, use, or disposition of assets illegally and it is included the controls which are related to financial reporting and operations objectives (Messier et al, 2008:192). Thus, an effective internal control is the most appropriate way to reduce the chances of ethics violations or criminal (Edmonds et al, 2011:19).
COSO internal control framework emphasizes the importance of keeping information and support systems that fit the needs of company (Moeller, 2011:168). COSO internal control also emphasizes the importance of integrating information system automatically with other operations (Moeller, 2011:169). Thus, internal control structure which is proposed by COSO, especially in control environment is information systems control (Moeller, 2005:96). Internal control is necessary to ensure that accounting information system (both financial accounting and management accounting) works as it should so that the risk of deviation from the intended purpose can be avoided (Susanto, 2013:117).
Control in management accounting information system (MAIS) refers to a series of procedures, tools, performance measurement, and system which are used by company to give guidance and motivate all employees to achieve company's objectives (Atkinson et al, 2012:342). Information systems control should be developed to ensure data entry, processing techniques, storage methods, and information output appropriately, so that it can monitor and maintain the quality and safety of the input, process, output, and storage activities of information systems (O'Brien & Marakas, 2011:569).
In manual or automatic or computer-based information system control (Laudon & Laudon, 2012:308) can be categorized into two groups, namely general control and application control. General control applies to many functions of information systems to help ensure adequate control procedures for all applications. General controls govern the design, security, and use of computer programs and file security in general across the information technology infrastructure of organizations. While application controls are unique controls for each computerized application, including automated procedures and manual procedures that ensure that the authorized data are accurately and processed by the application.
The research result Danescu et al (2012) proved that to guarantee the function of a MAIS, is determined by the presence of adequate internal controls, both at the level of business entities as well as at the level of each of the activities, operations or processes carried out, as well as the acceptance of the benefits of information In order to be perceived completely in accordance with the economic reality presented. While in support of the general objectives of COSO's internal controls relating to financial reporting, Abbas & Iqbal (2012) find the importance of internal control systems help organizations reduce operational risk and improve the reliability of financial reporting to build shareholder confidence. Meanwhile Doyle et al (2007) found that firms with internal control over weak financial reporting generally have lower report quality. Thus, effective implementation of security and control, organizations can improve the quality and reliability of information systems (Laudon & Laudon 2012:320). This study will look at the role of internal control in management accounting information system in State Owned Enterprises (SOEs), the roles that can provide the functioning of a MAIS in the discharge of operational managers and decision-making of an action.

LITERATURE REVIEW Management Accounting Information Systems
Organizations adjust accounting information systems that users require, because accounting information systems varies greatly from one business to another (Kieso et al, 2011:88). This is in accordance with the contingency theory which says that no model or system that is universally accepted by organization, because the design of an organization depends on contingent factors which are relevant to the situation (Hoque, 2003:12).
Accounting information system is an integrated framework in company that uses physical resources to transform economic data into financial information, such as to operate and manage company's activities also to report achievements of the company to stakeholders (Wilkinson, 1989:4). Accounting information systems work to collect and process transaction data and then disseminate financial information to stakeholders (Kieso et al, 2011:88).
Accounting Information Systems harmonize all the components, both physical and nonphysical to process transaction data which is related to financial problems into financial information (Susanto, 2013:72). The accounting information system of an organization has two major subsystems: financial accounting information system and management accounting information systems, in which the two sub-accounting systems are distinguished on the goal, the input nature and the process type which are used to transform inputs into outputs (Hansen & Mowen 2007:7;Susanto, 2013:84). Further Hansen & Mowen (2007:7) say that financial accounting information systems produce the information that is used by external parties, by using economic events as input, and processed in accordance with the rules and certain principles. While management accounting information system is an integral part of an organizational structure and for monitoring process, to motivate, to provide performance measurement, such as authority delegation, to communicate goals, participation and information feedback (Jones, 1985). Belkaoui (2002:9) defines management accounting information system as ".... the set of human and capital resources within an organization that is responsible for the production and dissemination of information deemed relevant for internal decision making ". Thus, management accounting information system has a broad scope that allows managers to obtain information that is needed in economic decision making to success in long term (Hoque, 2003:6). Then, the quality of management accounting information system (MAIS) is a specification that can be used as a framework that is integrated within organization by utilizing the resources for providing relevant information to managers and employees in an organization, both financial and non-financial information, for decision making in achieving objectives particularly in organization (Napitupulu, 2015).
According to Laudon & Laudon (2012:530) in general information systems in business entities pay attention to five (5) measurement variables, namely: scope, time, cost, quality, and risk. Meanwhile in terms of quality of information systems, Stair & Reynolds (2010:57) describe in general the characteristics of the quality of the information system it is Flexible, Efficient, Accessible, and Timely. Kaplan & Atkinson (1998:1) examine management accounting information system whether it has motivated and assisted the manager or not in achieving organizational goals which can be viewed timely, efficient, and effective from the system. Meanwhile, Ong et al (2009) and the Wixom & Todd (2005) measure the quality of information systems by using dimensions of Reliability, Flexibility, Integration, Accessibility, and Timeliness. As according to Chang et al (2012) measure the quality of information systems with Security, Ease of Use and Efficiency. While specifically Heidmann et al (2008) measure the quality of management accounting information system by using dimensions of Integration, Flexibility, Accessibility, Formalization and Media richness.

Information System Control
Control is a mechanism that is applied to protect company from risks and to minimize the risks impact on the company if the risk occurs (McLeod & Schell, 2007:219). This is confirmed by Susanto (2013:117) who states that control covers all methods, policies and procedures of organization that ensure the security of company's assets, the accuracy and the reliability of data management and the operation standards of other management, in which the control is later known as internal control. Internal control describes policies, plans, and procedures that are adopted by the management of an organization to protect its assets (Bagranoff et al, 2013:349).
The definition of internal control according to Committee of Sponsoring Organizations of the Dalimunthe, A. R., Napitupulu, I. H., & Situngkir, A. (2018). The Internal Control Of Management Accounting Information Systems Of The State-Owned Enterprises In Indonesia. Archives of Business Research, 6(6), 303-314.
Treadway Commission (COSO) (Moeller, 2011:157) as follows: Internal control is a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.
Based on the above definitions and statements of internal control, the concept of internal control is associated with the quality of information system that is used by an entity, then the internal control which is meant is the information system control by using methods, policies and procedures that are implemented in an organization to minimize risk that would happen and to ensure the security of the company's assets, the accuracy and appropriateness of information that is presented in company's information systems, so that it can support the achievement of corporate goals and objectives. In the manual or automatic/computer-based information system control (Laudon & Laudon, 2012: 308), it can be categorized into two groups, namely general control and application control (Bodnar & Hopwood, 2013:149;Laudon & Laudon, 2012:308;Moeller, 2005:96;Wilkinson et al, 2000:268).
General Control is associated with all activities that involve the company accounting information systems and company's resources (assets) (Wilkinson et al, 2000:268). General control also governs the design, the safety, and the use of computer programs and file's security in general throughout the organization's information technology infrastructure (Laudon & Laudon, 2012:308). General control applies to many functions of information systems to help ensuring adequate control procedures for all applications (Moeller, 2005:96).
Here is the indicator of "general control" according to Bodnar & Hopwood (2013:149), Wilkinson et al (2000: 269) and Laudon & Laudon (2012: 308). Application controls are specific controls that are unique to each computerized applications, including automatic procedures and manual procedures that ensure that the authorized data is absolutely accurate and processed by the application (Laudon & Laudon, 2012: 308). This is in line with the statement of Sawyer et al (2006:155), application control is the control that gives a guarantee that a particular application will be processed in accordance with the specifications of the management and the processing is accurate, timely, authorized, and complete. Accordingly, application controls are designed to control accounting application to ensure the completeness and accuracy of transaction processing, authorization accuracy and validity (Nash & Heagy, 1993:485). Included in application control, it can be divided into three (3) parts, namely input control (Sawyer et al, 2006:155;Romney & Steinbart, 2012:295;Laudon and Laudon, 2012:308;Bodnar & Hopwood, 2013:151;Wilkinson et al, 2000:281). Application Control dimension is the most important factor in reflecting internal control effectiveness variable in SOEs .
In this study, it uses the dimensions of general controls and application controls that the indicators as like table:

Framework of the Control of Management Accounting Information Systems
Management accounting information systems (MAIS) control refers to a series of procedures, tools, performance measurement, and the system used by company to give guidance and motivate all employees to achieve company objectives (Atkinson et al, 2012:342). Control must be incorporated into each system and application to reduce the things that may arise as poor record, inappropriate accounting, business interruption, poor decision making, fraud and embezzlement, violation of of law or regulation provision, increased costs, loss of assets and loss of market competitive position (Sawyer et al, 2006:113). That is, the control of information system is concerned with the control of transaction process, the procedures which are designed to ensure that the elements of an organization's internal control process are implemented in the specific applications system contained in each organization transaction cycle (Bodnar & Hopwood, 2013:149).
Applying adequate control over computer-based accounting information systems and their facilities which are used to handle, record, process, store, and distribute information has become a necessity (Abu-Musa, 2007). Control of management accounting information system is needed in decision making company operation. The framework of control of management accounting information system can be seen in the following figure: RESEARCH METHODS This study uses descriptive method with a questionnaire research instruments. The target of the study population is 83 SOEs and the study samples are 56 SOEs. The respondents in this study are the operational managers. The reason is operational managers are the party that use information systems everyday as the tools to accomplish daily tasks. From the number of respondents who are listed, there are the details for each SOEs business sector as in the following table: The questionnaire has a value criterion as a base to see MAIS in SOEs wether it is into 'less good', 'good' or 'very good' category. The criteria values used in this study refer to the categorization principle of respondents average score in the adoption of Sugiyono (2011:135) it is based on the range of maximum score and minimum score divided by the number of the desired categories using the following formula: Each statement in the study questionnaire was given a score of 1 to the lowest value and a score of 5 for the highest value. From the assessment scores, they are synchronized in percentages, in which a score of 1 is equivalent to 20% and a score of 5 is equivalent to 100%. The categorization for each questionnaire item is divided into five (5) categories, which the interval range used is 16%. This value is obtained from the reduction of the highest value to the lowest value and then divided by the number of predefined categories, namely five (5) categories, as follows:

RESULTS AND DISCUSSION Result
The study results collect the answers of operational managers using a questionnaire. Operational Managers that contribute are obtained from various SOEs sectors. The SOEs sectors meant are processing industry; financial services and insurance industries; professional service and construction industries; wholesalers and retail industries; agriculture industry, forestry and fisheries and transportation and warehousing industries.
The results found that the effectiveness of internal controls in SOEs is in 'good' category with the score of 81.94%. Based on SOEs sectors, the lowest effectiveness of internal control is found in Professional Services and Construction sectors of 78.78% and the highest Operational Managers value is in Financial Services and Insurance sectors of 86.67%. This proves that the very high level of business risk is in Financial Services and Insurance sectors. Financial services and insurance sectors manage the most liquid assets, thus requiring extra security.
The effectiveness of internal controls is measured by two dimensions: general controls and application controls. General controls in SOEs are included in 'good' category with the score of 77.14% and application controls in SOEs have 'very good' category with the score of 88.26%. Operational Managers answers for each SOEs sector also each indicator measurements can be seen in the following table:

Discussion
The results showed that the effectiveness of internal control in information systems in general has 'good' category and based on SOEs sector, it is obtained the same results, it has 'good' category, even insurance and financial services sectors are in 'very good' category. The results are based on the dimensions of information system control that is used, ie each general controls and application controls result 'good' and 'very good' category. The difference between common control and application control is that the treatment at application control is very detailed and is associated with more specific responsibility which is done by every operational manager. This proves the theory that is put forward by Nash & Heagy (1993:485) that general controls will affect the effectiveness of application and transaction processing functions which are involved in using accounting information systems. So, what it is done by each respondents in general control will give special effect to application control.
The general controls based on SOEs sector was found that financial services and insurance sector have higher effectiveness level than other business sectors, while other sector showed the value below 80% even in the transportation and warehousing sector, are in 'less good' category. Insurance and financial services sectors are the business sectors that have higher business risk, because these businesses manage most liquid asset, the money of customers, so as to maintain the level of trust and maintain the stability of customer investment, then these sectors are very careful to manage it. The level of data security is necessary, so that the sectors have provision separately in terms of password replacement to access information system.
The effectiveness of application controls in 6 (six) SOEs sectors are in "very good" category. The effectiveness of applications control is in Professional Services and construction sector, while the highest value is in Financial Services and Insurance sectors. These results prove that the Financial Services and insurance sector actually check the accuracy and completeness of supporting documents before they are inputted, they do not allow to input data without completing the supporting documents in advance and they always compare the processed data with the output from the information system and concern the report completeness before handing to the party that needs it.
The study results also found some internal control weaknesses in SOEs, which is SOEs is less effective in assets controlling and data security controlling. Less good attention or less optimal of each SOEs in controlling its assets is known from the answers to the operational managers who said that is less good respondents' attention in conducting assets inventory that is registered in the system physically. This condition is contradictive to the concept of internal control which is proposed by Bagranoff et al and Messier et al, in which Bagranoff et al (2013:349) says that internal controls describe policies, plans and procedures that are adopted by management to protect its assets. Meissier et al (2008:192) also said that internal controls are safeguards of assets by opposing the take over, the use or the disposition of assets illegally and included the controls which are related to financial reporting and operations objectives. So, in the case which happened in these SOEs may cause the misuse of assets as feared by Meissier et al. In SOEs assets, inspection are done if there is an independent examiner or certain sections, while the parties or sections which use company assets are not active in the notice.
The SOEs sector that both concern to inventory asset and is in 'good' category, is in trade and financial services and insurance sector, while in other sectors it is in 'less good' category, even close to 'bad' category. It can be seen from the level of business risk that is undertaken and the level of the company's inventory use, so it needs special attention to determine the amount of inventory that is still eligible to be used as a support. However, the study also found a contradiction between empirical findings and internal control concept, namely in Transportation and Warehousing sectors, in which in real terms can be known that to conduct business activities, the business sector uses the company's inventory, but what happens is this sector has the control effectiveness of inventory that is in 'less good' category.
Beside the lack of effective control of the company's assets by the divisionss that use it, it was also found that the effectiveness of data security control in SOEs sector is still in 'less good' category. It is proved from the answers of the operational manager, ie the respondents seldom change the password to access computer. As we know that data is also the company asset which is very valuable, but partially, the respondents were not so necessary to do so, for accessing information systems, it can be used together, only in the Financial Services and insurance sector that password change is a necessity, because it concerns the business risks which are undertaken to maintain client assets that are the most liquid.
Some internal control deficiencies in SOEs affects the low integration of management accounting information system and the low value of management accounting information system efficiency in SOEs, especially in agriculture, forestry and fisheries sectors. Thus it can be said that SOEs internal controls had not been effective as an ideal internal control functions. While the concept of COSO internal control emphasizes the importance of integrating automatically information system with other operations.
Internal control deficiencies in SOEs in this study has proven the tests results which are carried out by the Auditor Board of Republic of Indonesia (2013), in which the Auditor Board of Republic of Indonesia did an examination with a specific purpose at 21 examination objects in SOEs and they found 510 cases consisting of 234 cases of internal control system weakness and 276 cases of non-compliance to the act provisions.

CONCLUSION
The quality of accounting information system is the specification that can be used as a framework that is integrated within a company by utilizing the resources for providing the relevant information to managers and employees in an organization, both financial and nonfinancial information, for decision-making in achieving objectives specifically in organization (Napitupulu, 2015). Internal control is necessary to run MAIS for the purpose of MAIS can be achieved, in which the purpose of MAIS is to petrify management to obtain relevant information to be used in decision-making, both in short-term and long-term decisions.
The results of this paper are based on the dimensions of information system control that is used, ie each general controls and application controls result 'good' and 'very good' category. The difference between general control and application control is that the treatment at application control is very detailed and is associated with more specific responsibility which is done by every operational manager. The study results found some internal control weaknesses in SOEs, which is SOEs is less effective in assets controlling and data security controlling. Less good attention or less optimal of each SOEs in controlling its assets is known from the answers to the operational managers who said that is less good respondents' attention in conducting assets inventory that is registered in the system physically.