LA 9.2 Revenue & Receipt Process PDF
Document Details
Uploaded by GrandPoincare5182
null
UNIVERSITY OF PRETORIA
null
Tags
Summary
These slides cover internal audit procedures for the revenue and receipt cycle. They include a study of the revenue cycle, performing internal audit engagements, and the use of various auditing techniques.
Full Transcript
2024/10/07 IAU 200 LA 9.2 Revenue & receipt cycle Performing audit procedures Make today matter Sources ▪ Performing Internal Audit Engagements, 7th Edition, Chapter 3 ▪ Study Pack and suggested solutions ▪ Slides Reference for Learning Area 9: Revenue and receipts...
2024/10/07 IAU 200 LA 9.2 Revenue & receipt cycle Performing audit procedures Make today matter Sources ▪ Performing Internal Audit Engagements, 7th Edition, Chapter 3 ▪ Study Pack and suggested solutions ▪ Slides Reference for Learning Area 9: Revenue and receipts Chapter 3 – Sections A and B (par 3.1 – 3.5) – Was covered in LA6, but forms part of LA9 = Revenue and receipts process / systems description = Flow charts = Internal control objectives, key risks and key controls = People and divisions involved in different functions = Tx and balances = Documents and records Refer to Table 3.3 & 3.4 & 3.5 Chapter 3 – Section C – Was not covered in LA6, but forms part of LA9 = PAR 3.6 – Control effectiveness testing = PAR 3.7 – Compliance audits = EXCLUDE PAR 3.8 – Financial audits = IAU300 except Table 3.3 & 3.4 & 3.5 = EXCLUDE PAR 3.9 – Disposal of non-current assets = HONOURS program = PAR 3.10 – Documenting findings 3 1 2024/10/07 CYCLE APPROACH Understanding the system/process Studying the 7 main functions… LA6 Management LA9 hat Auditor hat 1 Ordering 7. Bad 2 debts 1. Granting ICOs Plan the Credit People audit TX&BAL 2. 6. Goods Revenue 3 D&R Risks Perform the audit Delivery of 3. returned goods / Other services Controls Communi cate results 5 4 Receipt of Recording payment & Invoicing 4 LA 9 - AUDITOR HAT – We are here! The auditor follows the internal audit process 1. Planning the engagement – How? (LA7) – What auditing tools and techniques can the internal auditor use? (LA8) 2. Perform the audit engagement – How? (LA7) – What auditing tools and techniques can the internal auditor use? (LA8) 3. Communicate the results of the audit – How? (LA7) – What auditing tools and techniques can the internal auditor use? (LA8) 5 1. PLAN THE ENGAGEMENT Steps HOW? (LA7) Audit tools & techniques E = engagement A = audit (LA8) WP – working papers 1 Obtain understanding of client & Industry research WP business process/activity Enquiry / Interviews Walk-through WP Systems / Process description WP 2 Provisional contact with engagement Client meeting client (Minutes of meeting WP) 3 Conduct risk assessment/use Risk-and-control matrix WP organisation's Internal control questionnaire WP 4 Determine EO, ES and EC or: Planning document WP AO, AS and AC 5 Identify and allocate resources needed to Planning document WP perform the engagement 6 Prepare engagement work programme Audit work programme WP 7 Obtain final confirmation from client to Signed engagement letter proceed with audit 6 2 2024/10/07 2. PERFORM THE ENGAGEMENT Steps HOW? (LA7) Audit tools & techniques (LA8) WP – working papers 1 Identify engagement / audit Enquiry and obtaining relevant documents and information records 2 Perform engagement procedures Audit work programme WP / audit procedures - Control effectiveness tests Enquiry, Observation, Inspection, Examination, Reperformance - Compliance procedures (Compliance audit) - Substantive procedures (Fin audit) 3 Analyse and evaluate the audit Effective or ineffective procedures? evidence Compliance or non-compliance? Misstatement and error in financial statements or fair of transactions (tx) and balances (bal)? 4 Draft findings Findings WP 5 Prepare working papers to Working papers (WP) document work performed 7 3. REPORTING AND FOLLOW-UP Communicate the results of the audit to senior management and board (including the audit committee) Steps How? (LA7) Audit tools & techniques (LA8) 1 Communicate results Audit report (IAU300) 2 Follow-up Follow-up report (IAU300) 8 AUDITOR HAT: PERFORMING AUDIT PROCEDURES There are different types of audit procedures: STUDY BOLD FOR IAU 200 Compliance audit Financial audit Operational audit OVERALL AUDIT OBJECTIVES To evaluate: To evaluate: To evaluate: 1. Adequacy and Fairness or Economy effectiveness of reasonableness of Efficiency controls financial information Effectiveness 2. Compliance to laws (TX and BAL) of operations and regulations AUDIT PROCEDURES 1.Control effectiveness Substantive tests of Operational audit tests transactions procedures 2.Compliance Substantive tests of procedures balances IAU 200 IAU 300 IAU 300 9 3 2024/10/07 COMPLIANCE AUDIT: CONTROL EFFECTIVENSS TESTS Typical exam type question: – GIVEN: Systems or process description – REQUIRED: Prepare an audit programme / engagement work programme, in working paper format, to tests the effectiveness of the controls relating to the: 1. Ordering function 2. Credit control function 3. Delivery function Usually two or three 4. Recording and invoicing function functions covered in 5. Receipt of payment function exam type question 6. Sales returns function 7. Bad debts function 10 GET FIT IN FORMULATING CONTROL EFFECTIVENESS TESTS Where do we start? Internal auditors usually follow a risk-based audit approach Therefore, start with the RISKS Then, ask yourself: – what CONTROLS are in place? – Are these CONTROLS ADEQUATE? (are they present in the system/process?) – If CONTROLS ARE INADEQUATE = = Weakness = Report as finding in audit report – If CONTROLS ARE ADEQUATE = TEST FOR EFFECTIVENESS – If CONTROLS ARE EFFECTIVE = = positive finding – If CONTROLS ARE INEFFECTIVE = = negative finding 11 FORMULATING CONTROL EFFECTIVENESS TESTS REFER TO PAR 3.6 Don’t study control effectiveness tests of by heart, rather ask yourself: – What controls ARE in place? – How will the internal auditor TEST the CONTROL for EFFECTIVENESS? RISK CONTROL Control effectiveness test What can go wrong? What action will reduce the How, what and why will risk? auditor test control? 12 4 2024/10/07 FORMULATING CONTROL EFFECTIVENESS TESTS General audit / engagement objective: – To test the adequacy and EFFECTIVENESS of controls – Format of control effectiveness tests / tests of controls: – HOW + WHAT + WHY 13 FORMULATING CONTROL EFFECTIVENESS TESTS – HOW = Action verb: Inspect – documents or records Enquire – from people / personnel Observe – a process or action eg. Segregation of duties Examine – documents or records Reperform – a procedure eg. Bank reconciliation Confirm – a process or action - NOT check or ask – WHAT = details of person / process / document – WHY = Specific audit objective (linked to internal control objective) Never use - to ensure … Always use – to test/assess/evaluate/determine … 14 FORMULATING CONTROL EFFECTIVENESS TESTS Lets start with the Credit Granting Function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will reduce How, what and why will wrong? the risk? auditor test control? Note: usually more than Note: Inspection, observation, one control per risk enquiry, confirmation and reperformance Credit granted to 1. Credit controller 1.? uncreditworthy exists separate from customers sales order function. 1. New debtors 2.? complete credit application form. 1. Credit record is 3.? checked at external 15 credit bureau. 5 2024/10/07 FORMULATING CONTROL EFFECTIVENESS TESTS Lets start with the Credit Granting Function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will reduce How, what (+detail) and why wrong? the risk? (ICO) will auditor test control? Credit granted 1. Credit controller 1. Observe segregation of to exists separate from duties between the credit uncreditworthy sales order function. control function and the sales customers order function to test that credit granting is valid. 1. New debtors 2. complete credit application form. 1. Credit record is 3. checked at external credit bureau. 16 FORMULATING CONTROL EFFECTIVENESS TESTS Lets start with the Credit Granting Function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will reduce How, what (+detail) and why wrong? the risk? (ICO) will auditor test control? Credit granted 1. Credit controller 1. Observe segregation of to exists separate from duties between the credit uncreditworthy sales order function. control function and the sales customers order function to test that credit granting process is valid. 1. New debtors complete 2. Obtain a list of new debtors credit application applicants and inspect a form. sample of completed applications (with supporting docs eg copy of ID, payslip) to 1. Credit record is test that credit granting checked at external process is valid. 17 credit bureau. FORMULATING CONTROL EFFECTIVENESS TESTS Lets start with the Credit Granting Function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will How, what (+detail) and why (ICO) will wrong? reduce the risk? auditor test control? Credit 1. Credit controller 1. Observe segregation of duties between granted to exists separate the credit control function and the sales uncreditwor from sales order order function to test that credit granting function. process is valid. thy customers 1. New debtors 2. Obtain a list of new debtors applicants complete credit and inspect a sample of completed application form. applications (with supporting docs eg copy of ID, payslip) to test that credit granting process is valid 1. Credit record is 3. Obtain a list of new debtors applicants checked at and inspect a sample of application forms external credit for details that credit check with external bureau. credit bureau was performed to test that credit granting process is valid. 18 6 2024/10/07 FORMULATING CONTROL EFFECTIVENESS TESTS Ordering function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will How, what (+detail) and why (ICO) will wrong? reduce the risk? auditor test control? Incorrect 1. Confirmation of 1. Observe whether customer sales orders order details information is confirmed by sales clerk with customer. to test that sales orders are complete, accurate and valid. 1. Use of authorised price list. 1. Prepare pre- numbered, authorised sales orders 19 FORMULATING CONTROL EFFECTIVENESS TESTS Ordering function (par 3.6) RISK CONTROL Control effectiveness test What can go What action (s) will How, what (+detail) and why (ICO) will wrong? reduce the risk? auditor test control? Incorrect 1. Confirmation of 1. Observe whether customer sales orders order details information is confirmed by sales clerk with customer. to test that sales orders are complete, accurate and valid. 1. Use of 2. Obtain a price list and confirm that all authorised price prices are authorised by a sales list. manager (or designated individual) to test that sales orders are accurate. 1. Prepare pre- numbered, authorised sales orders 20 FORMULATING CONTROL EFFECTIVENESS TESTS Ordering function (par 3.6) RISK CONTROL Control effectiveness test What can What action (s) will How, what (+detail) and why (ICO) will go wrong? reduce the risk? auditor test control? Incorrect 1. Confirmation of 1. Observe whether customer information sales order details is confirmed by sales clerk to test that orders with customer. sales orders are complete, accurate and valid. 1. Use of 2. Obtain a price list and confirm that all authorised price prices are authorised by a sales manager list. (or designated individual) to test that sales orders are accurate. 1. Prepare pre- 3. Inspect a sample of sales orders and numbered, confirm that SOs are issued in number authorised sequence and are authorised (sequence sales orders test and signature of approval (presence test) to test that all SOs are complete and 21 valid. 7 2024/10/07 FORMULATING CONTROL EFFECTIVENESS TESTS PAR 3.6 Credit control function Ordering (placing and processing of orders) function Discussed in Dispatching of products (delivery) and gate control class Invoicing and recording of sales Debtors control and collection of debtors payments Returning unsatisfactory goods (sales returns) Self-study Bad debts Cash sales, cash recons, safekeeping of cash and banking of cash RISK CONTROL Control effectiveness test What can What action (s) will How, what (+detail) and why (ICO) will go wrong? reduce the risk? auditor test control? 22 PAR 3.7 Compliance audits Audit objective = to test compliance with relevant laws and regulations (L&R) Auditor must know which laws and regulations are applicable to audit client’s industry (for example financial services industry) and business processes. Revenue and receipts process (possible L&R): VAT Act National Credit Act Agreements with customers (formal contractual debtors agreements) – also contract auditing For IAU200 – only study audit objective for compliance audits 23 Operational audits: Testing the 3 E’s 24 8 2024/10/07 PAR 3.10 Documenting the results (findings) of the audit Elements of a finding (6w) 1. Criteria 2. Condition 3. Cause 4. Effect 5. Significance rating 6. Recommendation 25 PAR 3.10 Documenting the results (findings) of the audit Elements of a finding Criteria What SHOULD be in place? Condition What IS in place? / What was discovered?/ Usually a weakness in process (lack of or inadequate controls) Cause What is the reason for the deviation? Effect What is the IMPACT of the deviation? Significance rating How do you evaluate the findings? Recommendation What is the recommendation that addresses the CAUSE? 26 PAR 3.10 Documenting the results (findings) of the audit Elements of a finding - example Criteria What SHOULD be in place? According to company policy, all doors should be locked 24/7. Condition What IS in place? / What was discovered?/ Usually a weakness in process (lack of or inadequate controls) During the audit, it was discovered the all doors are not locked. Only 40% of the sample of doors tested, were locked. Thus, a deviation rate of 60% Cause What is the reason for the deviation? Effect What is the IMPACT of the deviation? The lack of safeguarding of assets can cause theft, loss and damage. Significance rating How do you evaluate the findings? There is a high likelihood that assets could be lost as a result of condition and the impact would be devastating. Recommendation What is the recommendation that addresses the CAUSE? 27 9 2024/10/07 PAR 3.10 Documenting the results (findings) of the audit Elements of a finding - example Criteria What SHOULD be in place? According to company policy, all doors should be locked 24/7. Condition What IS in place? / What was discovered?/ Usually a weakness in process (lack of or inadequate controls) During the audit, it was discovered the all doors are not locked. Only 40% of the sample of doors tested, were locked. Thus, a deviation rate of 60% Cause What is the reason for the deviation? After discussions with management, the reason for the deviation appears to be an inadequate policy and instructions for replacement security staff. Effect What is the IMPACT of the deviation? The lack of safeguarding of assets can cause theft, loss and damage. Significance rating How do you evaluate the findings? There is a high likelihood that assets could be lost as a result of condition and the impact would be devastating. Recommendation What is the recommendation that addresses the CAUSE? The policy for replacement security staff should be updated and communicated. 28 PAR 3.10 Documenting the results (findings) of the audit IAU200 IAU300 29 PAR 3.11 Documenting the results (findings) of the audit 30 10 2024/10/07 EXAM TYPE QUESTION Prepare, in working paper format, a: – Audit programme OR Examples on next – Finding OR 2 slides – Flow chart OR – Internal Control Questionnaire Your working paper (for an audit programme) should include: Relevant heading One audit / engagement objective One risk Four (4) control effectiveness tests (usually 1 or 1.5 mark per test) Your working paper (for a finding) should include: Relevant heading One audit / engagement objective One / two finding(s) 31 EXAMPLE OF WORKING PAPER FORMAT WP 4-1 Auditee: (Name of client): Period audited: Quarter 1 of 2021 Auditor (prepared by): Date: Reviewed by: Date: Engagement scope: All credit sales orders (excl cash sales) Heading AUDIT PROGRAMME Audit objective: To test / evaluate / assess that all sales orders are authorised. Risk: Unauthorised orders Control effectiveness tests: 1 Select a sample of 10 sales orders and inspect that all SO are authorised by the sales manager. 2 3 4 32 ACTUAL CONTROL EFFECTIVENESS TEST Sales order numbers Authorised 1 SO124 √ 2 SO157 X 3 SO321 X 4 SO567 √ 5 SO243 X 6 SO456 √ 7 SO654 X 8 SO276 √ 9 SO457 X 10 SO425 √ 33 11 2024/10/07 EXAMPLE OF WORKING PAPER FORMAT WP 4-1 Auditee: (Name of client): Period audited: Quarter 1 of 2021 Auditor (prepared by): Date: Reviewed by: Date: Engagement scope: All credit sales orders (excl cash sales) Heading Engagement / audit objective: To test / evaluate / assess that all sales orders are authorised. FINDINGS Finding 1: All sales orders are not authorised. Criteria ………………… Condition ………………… Cause …………………... Effect ……………………. Recommendation ……………………….. 34 12