MODULE 6- AUDITING BUSINESS.pdf

Full Transcript

MODULE 6: AUDITING BUSINESS
PROCESSES PART 1
Overview:
Economic enterprises, both for-profit and not-for-profit, generate revenues through business
processes that constitute their revenue cycle. In its simplest form, the revenue cycle is the direct
exchange of finished goods or services for cash in a single transaction between a seller and a
buyer. More complex revenue cycles process sales on credit. Many days or weeks may pass
between the point of sale and the subsequent receipt of cash.

The objective of the expenditure cycle is to convert the organization’s cash into the physical
materials and the human resources it needs to conduct business. In this module, we
concentrate on systems and procedures for acquiring raw materials and finished goods from
suppliers. Most business entities operate credit basis and do not pay for resources until after
acquiring them.

The auditor's objective in an audit of internal control over financial reporting is to express an
opinion on the effectiveness of the company's internal control over financial reporting. Because
a company's internal control cannot be considered effective if one or more material weaknesses
exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to
obtain appropriate evidence that is sufficient to obtain reasonable assurance 5 about whether
material weaknesses exist as of the date specified in management's assessment.

Course Materials:

The revenue cycle is a recurring set of business activities and related information processing
operations associated with providing goods and services to customers and collecting cash in
payment for those sales. The basic activities in the revenue cycle are: order entry - soliciting
and processing customer activities- filling customer orders and shipping merchandise- invoicing
customers and maintaining customer accounts collections - the cashier handles remittances and
deposits them in the bank; accounts receivable personnel credits customer accounts for the
payments received.

The sales department receives the order information from the customer, either by mail, phone,
or in person. Information is captured on a sales order form which includes customer name,
account number, name, number and description of items ordered, quantities and unit prices plus
taxes, shipping info, discounts, freight terms.

This form is usually prepared in multiple copies that are used for credit approval, packing, stock
release, shipping, and billing. The credit department provides transaction authorization by
approving the customer for a credit sale and returns and allowances.

The shipping department receives information from the sales department in the form of packing
slip and shipping notice. When the goods arrive from the warehouse, the documents are
reconciled with the stock release papers. The goods are packed and labeled. The packing slip
is included. The shipping notice is sent to billing. A bill of lading is prepared to accompany the
shipment.

The following are the threats and related controls for Revenue Cycle:
Threat 1: Sales to customers with poor credit
Controls: Having an independent credit approval function and maintaining good customer
accounting can help
to prevent problems.
Threat 2: Shipping errors
Controls: Reconciling shipping notices with picking tickets; bar-code scanners; and data entry
application controls will help to catch these errors.
Threat 3: Theft of inventory
Controls: Secure the location of inventory and document transfers; release only with valid
shipping orders; have good accountability for picking and shipping; and finally, periodically
reconcile records with a physical count.
Threat 4: Failure to bill customers
Controls: Separating shipping and billing and pre-numbering of shipping documents helps along
with reconciliation of all sales documents.
Threat 5: Billing errors
Controls: Reconciliation of picking tickets and bills of lading with sales orders; data entry edit
controls; and price lists may prevent billing errors.
Threat 6: Theft of cash
Controls: Segregation of duties is essential to prevent this serious problem (the following duties
should be separate: handling cash and posting to customer accounts; handling cash and
authorizing credit memos and adjustments; issuing credit memos and maintaining customer
accounts); use of lockboxes for receipts and electronic fund transfer (EFT) for disbursements;
mailing customer statements monthly; use cash registers in retail operations where cash
payments are received; deposit cash daily in the bank; and have the bank reconciliation function
performed by independent third parties.
Threat 7: Posting errors in updating accounts receivable
Controls: Use of editing and batch totals is essential here.
Threat 8: Loss of data
Controls: Regular backups are essential with one copy stored off-site; and logical and physical
access controls to prevent leakage to competitors and irregularities.
Threat 9: Poor performance
Controls: Use sales and profitability analyses; accounts receivable aging; and cash budgets to
track operations.

Expenditure Cycle
The expenditure cycle is a recurring set of business activities and related data processing
operations associated with the purchase of and payment for goods and services. The basic
activities in the expenditure cycle are: Requesting the purchase of needed goods. Ordering
goods to be purchased. Receiving ordered goods. Approving vendor invoices for payment.
Paying for goods purchased.
Inventory control monitors inventory and authorizes restocking with a purchase requisition. A
copy is retained and one is sent to accounts payable. Purchasing acts on the purchase
requisition and prepares a purchase order. The original is sent to a vendor. Copies go to
inventory control and accounts payable. A blind copy is sent to receiving and another is filed in
purchasing.

When the goods are received, the receiving staff count and inspect the goods. The blind PO
tells what goods were ordered. The count is a significant control check. Receiving prepares a
receiving report. One copy accompanies the goods to the storeroom. Other copies go to
purchasing, inventory control, and accounts payable.Accounts payable reconciles the purchase
requisition, purchase order and receiving report. When the vendor invoice arrives, it is examined
thoroughly and reconciled and if all documents agree, the transaction is recorded in the
purchases journal and the accounts payable subsidiary ledger. The information is filed until the
time arises to make payment. The general ledger department receives a journal voucher from
AP and a summary from inventory control. The inventory and accounts payable control
accounts are updated.

For the disbursements, accounts payable reviews the documents related to a liability: purchase
requisition, purchase order, receiving report, and vendor invoice. If proper, cash disbursements
department is authorized to make payment. Cash disbursements prepares the check, a
separate person signs it, sends it to the vendor, and notifies accounts payable. At the end of the
period, cash disbursements and accounts payable send summary information to general ledger.

The following are the threats and related controls for Expenditure Cycle:
Threat 1: Stock-outs
Controls: Inventory control system; accurate perpetual inventory; and vendor performance
analysis is needed to prevent this problem
Threat 2: Requesting goods not needed
Controls: Review and approval by supervisors; use of pre-numbered requisition forms; and
restricted access to blank purchase orders
Threat 3: Purchasing goods at inflated prices
Controls: Competitive bidding and proper supervision; approved purchase orders; and price list
consultations are needed to prevent this problem
Threat 4: Purchasing goods of inferior quality
Controls: Use experienced buyers who know good vendors; review purchase orders; and
incorporate approved vendor list into formal procedures
Threat 5: Purchasing from unauthorized vendors
Control: Pre-numbered purchase orders should be approved; restrict access to approved
vendor list and have procedures in place for any change to the list
Threat 6: Kickbacks paid to buyers to influence their decisions
Controls: Clear conflict of interest policy prohibiting the acceptance of any gift from vendors;
disclosure of financial interest policy for purchasing agents; and vendor audits
Threat 7: Receiving unordered goods
Controls: Receiving department must reject any goods for which there is no approved purchase
order
Threat 8: Errors in counting goods received
Controls: Use "blind" P.O. copies to force receiving personnel to actually count goods; provide
incentives for counting goods
Threat 9: Theft of inventory
Controls: Secure inventory storage locations; make transfers of inventory with proper approval
and documentation; do periodic physical count and reconciliation with recorded amounts
Threat 10: Errors in vendor invoices
Controls: Invoice accuracy should be verified and compared to P.O.s and receiving report data
Threat 11: Paying for goods not received
Controls: Voucher package and original invoice should be necessary for payments
Threat 12: Failure to take available purchase discounts
Controls: File approved invoices by due date; track invoices by due date; use a cash budget to
plan for cash needs
Threat 13: Paying same invoice twice
Controls: Invoices should be approved only with a full voucher package and paid ones should
be canceled so they cannot be used again; do not pay invoices marked "Duplicate" or "Copy"
Threat 14: Recording and posting errors for purchases and payments
Controls: Data entry controls, and periodic reconciliation of subsidiary ledger with general ledger
control account
Threat 15: Misappropriation of cash by paying fictitious vendors and alteration of checks
Controls: Restrict access to cash, blank checks, and check signing machine; use check
protection, prenumbered checks, and imprinted amounts on checks to cut down on forgery and
fraud; use petty cash fund for small expenditures only; have proper segregation of duties and
independent bank reconciliation function
Threat 16: Theft associated with Electronic Fund Transfer (EFT) use
Controls: Access controls to the system; encryption of transmissions; timestamp and number
transmissions;
control group should monitor all EFT activity
Threat 17: Loss of data
Controls: Use file labels, back up of all data files regularly; and, use access controls

Financial Reporting Control Considerations

Segregation of Duties
Dividing up responsibility for internal controls is essential. For example, if one person runs the
cash register for a shift, you want at least one other person who's checking the till until the end.
It's not only a matter of preventing fraud. Even if the cashier is honest, two sets of eyes have a
better chance of catching mistakes.

Prevent and Detect
Some internal controls make it harder for anyone to commit fraud. Controlling access to your
accounting software and digital records is one way to do this. If you only have a few people who
can enter data, you'll only have a few who can alter it.

Monitoring performance can also be a way to detect errors. If the cash flow for the quarter is
way off from what you had budgeted, the reason could be unexpected expenses or income. It
could also be that someone made a major error in entering the quarterly data.

Controlling the Controls
It's not enough to set up rules for internal controls. You need to go the extra mile to determine if
these internal controls work. Periodic internal audits and monitoring should look at whether
employees comply with internal controls or whether they find ways to get around them. If
exceptions and problems crop up, do employees report these problems? If you have staff
turnover, are the new employees properly briefed as to your control requirements? These are
among the problems you need to prepare for.