Evaluating Internal Control Effectiveness at PT Ultimo Clinic: A COSO-Based Case Study

Authors

  • Diah Amalia Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author
  • Naifa Nur Marischa Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author
  • Ine Azizah Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author
  • Salsabilla Meydiawanti Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author
  • Sofa Nabila Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author
  • Fitrina Kurniati Faculty of Economics and Business Education, Universitas Pendidikan Indonesia, Dr Setiabudi Street No. 229, Bandung Author

Keywords:

Internal Control, COSO Framework, Fraud Risk, Accounting Information Systems

Abstract

This study assesses the implementation and effectiveness of internal control systems within PT Ultimo Clinic’s operational processes, using the COSO Internal Control Framework as an analytical lens. Employing a qualitative case study design, data were collected between January and March 2025 through semi-structured interviews with eight key personnel, direct observation of routine procedures, and document analysis. Thematic analysis revealed four principal weaknesses: reliance on manual and spreadsheet-based records; inadequate segregation of duties and authorisation procedures; limited data security and backup practices; and inconsistent receivables management. These deficiencies compromise information reliability, weaken monitoring capacity, and elevate exposure to fraud risks by creating opportunities and pressures conducive to misconduct. The paper proposes targeted improvements, including system integration, formalised authorisation workflows, standardised credit policies, periodic internal audits, and automated backup protocols. By combining process mapping with control evaluation, the study contributes to AIS and internal control literature in developing-country contexts. It offers actionable recommendations for managerial practice in medium-scale healthcare providers.

Downloads

Published

2026-03-20

Issue

Vol. 4 No. 2 (2026): Proceedings of the 4th International Conference on Education, Economics, Business, Entrepreneurship, and Finance (ICEBEF 2026)

Section

Articles