Module 6: Auditing Business Processes Part 1 PDF

Summary

This document is an overview of auditing business processes, focusing on internal controls in revenue and expenditure cycles. It details various threats and controls related to these cycles. It's aimed primarily at an undergraduate level.

Full Transcript

MODULE 6: AUDITING BUSINESS PROCESSES PART 1 Overview: Economic enterprises, both for-profit and not-for-profit, generate revenues through business processes that constitute their revenue cycle. In its simplest form, the revenue cycle is the direct exchange of finished goods or services for cash in...

MODULE 6: AUDITING BUSINESS PROCESSES PART 1 Overview: Economic enterprises, both for-profit and not-for-profit, generate revenues through business processes that constitute their revenue cycle. In its simplest form, the revenue cycle is the direct exchange of finished goods or services for cash in a single transaction between a seller and a buyer. More complex revenue cycles process sales on credit. Many days or weeks may pass between the point of sale and the subsequent receipt of cash. The objective of the expenditure cycle is to convert the organization’s cash into the physical materials and the human resources it needs to conduct business. In this module, we concentrate on systems and procedures for acquiring raw materials and finished goods from suppliers. Most business entities operate credit basis and do not pay for resources until after acquiring them. The auditor's objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company's internal control over financial reporting. Because a company's internal control cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain appropriate evidence that is sufficient to obtain reasonable assurance 5 about whether material weaknesses exist as of the date specified in management's assessment. Course Materials: The revenue cycle is a recurring set of business activities and related information processing operations associated with providing goods and services to customers and collecting cash in payment for those sales. The basic activities in the revenue cycle are: order entry - soliciting and processing customer activities- filling customer orders and shipping merchandise- invoicing customers and maintaining customer accounts collections - the cashier handles remittances and deposits them in the bank; accounts receivable personnel credits customer accounts for the payments received. The sales department receives the order information from the customer, either by mail, phone, or in person. Information is captured on a sales order form which includes customer name, account number, name, number and description of items ordered, quantities and unit prices plus taxes, shipping info, discounts, freight terms. This form is usually prepared in multiple copies that are used for credit approval, packing, stock release, shipping, and billing. The credit department provides transaction authorization by approving the customer for a credit sale and returns and allowances. The shipping department receives information from the sales department in the form of packing slip and shipping notice. When the goods arrive from the warehouse, the documents are reconciled with the stock release papers. The goods are packed and labeled. The packing slip is included. The shipping notice is sent to billing. A bill of lading is prepared to accompany the shipment. The following are the threats and related controls for Revenue Cycle: Threat 1: Sales to customers with poor credit Controls: Having an independent credit approval function and maintaining good customer accounting can help to prevent problems. Threat 2: Shipping errors Controls: Reconciling shipping notices with picking tickets; bar-code scanners; and data entry application controls will help to catch these errors. Threat 3: Theft of inventory Controls: Secure the location of inventory and document transfers; release only with valid shipping orders; have good accountability for picking and shipping; and finally, periodically reconcile records with a physical count. Threat 4: Failure to bill customers Controls: Separating shipping and billing and pre-numbering of shipping documents helps along with reconciliation of all sales documents. Threat 5: Billing errors Controls: Reconciliation of picking tickets and bills of lading with sales orders; data entry edit controls; and price lists may prevent billing errors. Threat 6: Theft of cash Controls: Segregation of duties is essential to prevent this serious problem (the following duties should be separate: handling cash and posting to customer accounts; handling cash and authorizing credit memos and adjustments; issuing credit memos and maintaining customer accounts); use of lockboxes for receipts and electronic fund transfer (EFT) for disbursements; mailing customer statements monthly; use cash registers in retail operations where cash payments are received; deposit cash daily in the bank; and have the bank reconciliation function performed by independent third parties. Threat 7: Posting errors in updating accounts receivable Controls: Use of editing and batch totals is essential here. Threat 8: Loss of data Controls: Regular backups are essential with one copy stored off-site; and logical and physical access controls to prevent leakage to competitors and irregularities. Threat 9: Poor performance Controls: Use sales and profitability analyses; accounts receivable aging; and cash budgets to track operations. Expenditure Cycle The expenditure cycle is a recurring set of business activities and related data processing operations associated with the purchase of and payment for goods and services. The basic activities in the expenditure cycle are: Requesting the purchase of needed goods. Ordering goods to be purchased. Receiving ordered goods. Approving vendor invoices for payment. Paying for goods purchased. Inventory control monitors inventory and authorizes restocking with a purchase requisition. A copy is retained and one is sent to accounts payable. Purchasing acts on the purchase requisition and prepares a purchase order. The original is sent to a vendor. Copies go to inventory control and accounts payable. A blind copy is sent to receiving and another is filed in purchasing. When the goods are received, the receiving staff count and inspect the goods. The blind PO tells what goods were ordered. The count is a significant control check. Receiving prepares a receiving report. One copy accompanies the goods to the storeroom. Other copies go to purchasing, inventory control, and accounts payable.Accounts payable reconciles the purchase requisition, purchase order and receiving report. When the vendor invoice arrives, it is examined thoroughly and reconciled and if all documents agree, the transaction is recorded in the purchases journal and the accounts payable subsidiary ledger. The information is filed until the time arises to make payment. The general ledger department receives a journal voucher from AP and a summary from inventory control. The inventory and accounts payable control accounts are updated. For the disbursements, accounts payable reviews the documents related to a liability: purchase requisition, purchase order, receiving report, and vendor invoice. If proper, cash disbursements department is authorized to make payment. Cash disbursements prepares the check, a separate person signs it, sends it to the vendor, and notifies accounts payable. At the end of the period, cash disbursements and accounts payable send summary information to general ledger. The following are the threats and related controls for Expenditure Cycle: Threat 1: Stock-outs Controls: Inventory control system; accurate perpetual inventory; and vendor performance analysis is needed to prevent this problem Threat 2: Requesting goods not needed Controls: Review and approval by supervisors; use of pre-numbered requisition forms; and restricted access to blank purchase orders Threat 3: Purchasing goods at inflated prices Controls: Competitive bidding and proper supervision; approved purchase orders; and price list consultations are needed to prevent this problem Threat 4: Purchasing goods of inferior quality Controls: Use experienced buyers who know good vendors; review purchase orders; and incorporate approved vendor list into formal procedures Threat 5: Purchasing from unauthorized vendors Control: Pre-numbered purchase orders should be approved; restrict access to approved vendor list and have procedures in place for any change to the list Threat 6: Kickbacks paid to buyers to influence their decisions Controls: Clear conflict of interest policy prohibiting the acceptance of any gift from vendors; disclosure of financial interest policy for purchasing agents; and vendor audits Threat 7: Receiving unordered goods Controls: Receiving department must reject any goods for which there is no approved purchase order Threat 8: Errors in counting goods received Controls: Use "blind" P.O. copies to force receiving personnel to actually count goods; provide incentives for counting goods Threat 9: Theft of inventory Controls: Secure inventory storage locations; make transfers of inventory with proper approval and documentation; do periodic physical count and reconciliation with recorded amounts Threat 10: Errors in vendor invoices Controls: Invoice accuracy should be verified and compared to P.O.s and receiving report data Threat 11: Paying for goods not received Controls: Voucher package and original invoice should be necessary for payments Threat 12: Failure to take available purchase discounts Controls: File approved invoices by due date; track invoices by due date; use a cash budget to plan for cash needs Threat 13: Paying same invoice twice Controls: Invoices should be approved only with a full voucher package and paid ones should be canceled so they cannot be used again; do not pay invoices marked "Duplicate" or "Copy" Threat 14: Recording and posting errors for purchases and payments Controls: Data entry controls, and periodic reconciliation of subsidiary ledger with general ledger control account Threat 15: Misappropriation of cash by paying fictitious vendors and alteration of checks Controls: Restrict access to cash, blank checks, and check signing machine; use check protection, prenumbered checks, and imprinted amounts on checks to cut down on forgery and fraud; use petty cash fund for small expenditures only; have proper segregation of duties and independent bank reconciliation function Threat 16: Theft associated with Electronic Fund Transfer (EFT) use Controls: Access controls to the system; encryption of transmissions; timestamp and number transmissions; control group should monitor all EFT activity Threat 17: Loss of data Controls: Use file labels, back up of all data files regularly; and, use access controls Financial Reporting Control Considerations Segregation of Duties Dividing up responsibility for internal controls is essential. For example, if one person runs the cash register for a shift, you want at least one other person who's checking the till until the end. It's not only a matter of preventing fraud. Even if the cashier is honest, two sets of eyes have a better chance of catching mistakes. Prevent and Detect Some internal controls make it harder for anyone to commit fraud. Controlling access to your accounting software and digital records is one way to do this. If you only have a few people who can enter data, you'll only have a few who can alter it. Monitoring performance can also be a way to detect errors. If the cash flow for the quarter is way off from what you had budgeted, the reason could be unexpected expenses or income. It could also be that someone made a major error in entering the quarterly data. Controlling the Controls It's not enough to set up rules for internal controls. You need to go the extra mile to determine if these internal controls work. Periodic internal audits and monitoring should look at whether employees comply with internal controls or whether they find ways to get around them. If exceptions and problems crop up, do employees report these problems? If you have staff turnover, are the new employees properly briefed as to your control requirements? These are among the problems you need to prepare for.

Use Quizgecko on...
Browser
Browser