1 / 32

Chapter 9: Auditing the Revenue Cycle

Chapter 9: Auditing the Revenue Cycle. IT Auditing & Assurance, 2e, Hall & Singleton. MANUAL PROCEDURES. Processing shipping orders 4 copies of Sales Order to warehouse; packing slip, shipping notice, stock release, file copy

cleavon
Télécharger la présentation

Chapter 9: Auditing the Revenue Cycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 9:Auditing the Revenue Cycle IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton

  2. MANUAL PROCEDURES • Processing shipping orders • 4 copies of Sales Order to warehouse; packing slip, shipping notice, stock release, file copy • Locate and “pick” goods using Stock Release; package them with packing slip • Reconcile documents and goods, sign Shipping Notice, prepare Bill of Lading – multiple copies [Figure 9-3] • Transfer custody of goods (packing slip inside) and 2 copies of Bill of Lading to carrier • Record shipment in shipping log • Send shipping notice to Billing Dept. • File: Stock Release, 1 BOL, File Copy IT Auditing & Assurance, 2e, Hall & Singleton

  3. LEGACY SYSTEM PROCEDURES • Keypunch batch of shipping notices • Edit run program, correct any errors • Field checks • Limit tests • Range tests • Price times quantity extensions • Sort run on batches by AR account number • Legacy systems store records in sequential manner, usually tape • Next process is to “post” individual shipping notices to appropriate individual AR accounts • AR update & billing run[Figure 9-4] Updates AR file becomes new AR file • Billing would be printing invoices to be mailed • Sales journal file or printout • Journal voucher for AR [DR] and sales [CR] IT Auditing & Assurance, 2e, Hall & Singleton

  4. LEGACY SYSTEM PROCEDURES • Re-sort by inventory item {why?} • Same reason; but this process is to update Inventory Items • Inventory update run [Figure 9-5] • Reduce quantity on hand for items shipped, generate a new Inventory file • Compare “On Hand” quantity with “Reorder Point” to identify items needing replenishment; file or printout • Journal voucher for Cost of Goods Sold [DR] and Inventory [CR] • Sort journal entries by GL # • Run general ledger update • Management reports IT Auditing & Assurance, 2e, Hall & Singleton

  5. BATCH CASH RECEIPTS SYSTEMS WITH DIRECT ACCESS FILES • See Figure 9-6 • Discrete events that naturally fit the batch approach • Update Procedures • Mail Room • Receives checks and Remittance Advices. • Separates checks from Remittance Advices • Prepares a Remittance List – multiple copies • Copy of Remittance List and checks go to Cash Receipts Dept. • Remittance Advices and copy of Remittance List go to AR Dept. • Last copy of Remittance List to Controller’s Office IT Auditing & Assurance, 2e, Hall & Singleton

  6. REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS • See Figure 9-7 • Sales procedures • Transactions are processed as they occur, separately • Credit check is performed online by the system • If approved, system checks availability of inventory • If available, system: • Transmits electronic stock release to warehouse dept • Transmits electronic packing slip to shipping dept • Updates inventory file records for depletion • Records sale in open sales order computer file IT Auditing & Assurance, 2e, Hall & Singleton

  7. REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS • Warehouse procedures • Produces hard copy of stock release • Clerk picks goods, sends them with a copy of stock release to shipping dept. • Shipping procedures • Reconciles goods, stock release, packing slip from system. • Online, IS prepares Bill of Lading for shipment, and shipping notice for DP Dept. • Select carrier and prepare goods for shipment, along with packing slip and Bill of Lading • Stock release form is filed IT Auditing & Assurance, 2e, Hall & Singleton

  8. FEATURES OF REAL-TIME PROCESSING • Events Database • Traditional accounting does not have to exist in per se (in traditional form) • General Ledger can be derived at any time from a compilation from the events database • Advantages • Greatly shortens the cash cycle of the firm • Can give a firm a competitive advantage (e.g., managing inventory better) • Real-time editing permits the identification of many kinds of errors as they occur, greatly reducing the efficiency and effectiveness of business processes • Reduces the amount of paper documents • Electronic audit trails are possible in real-time computer-based systems IT Auditing & Assurance, 2e, Hall & Singleton

  9. MANAGEMENT ASSERTIONS AND REVENUE CYCLE AUDIT OBJECTIVES • Existence / Occurrence • VERIFY AR balance represents amounts actually owed as of Balance Sheet date • Establish sales represents goods shipped and/or services rendered during period of financials • Completeness • Determine all amounts owed organization are included in AR • VERIFYshipped goods, services rendered, and/or returns and allowances for period are included in financials • Accuracy • VERIFY revenue transactions are accurately computed, based on correct prices and quantities • EnsureAR subsidiary ledger, sales invoice file, remittance file are mathematically correct .. And agree with GL accounts • Rights & Obligations • Determineorganization has legal right to AR • VERIFY accounts sold or factored have been removed from AR • Valuation or Allocation • Determine AR balance stated in net realizable value • Establishallocation for uncollectible accounts is appropriate • Presentation and Disclosure • VERIFYAR and revenues for period are properly described and classified IT Auditing & Assurance, 2e, Hall & Singleton

  10. INPUT CONTROLS • Purpose • Ensure creditworthiness of customers • Control techniques vary considerably between batch systems and real-time systems • Credit authorization procedures • Credit worthiness of customer • Batch and manual systems use credit dept. • Real-time systems use programmed decision rules • Testing credit procedures • Verifyeffective procedures exist • Verifyinformation is adequately communicated • Verifyeffectiveness of programmed decision rules (test data, ITF) • Verifythat authority for making credit decisions is limited to authorized credit personnel/procedures • PerformSubstantive Tests of Detail • Reviewcredit policy periodically and revise as necessary IT Auditing & Assurance, 2e, Hall & Singleton

  11. INPUT CONTROLS • Data Validation Controls • To detect transcription errors in data as it is processed • Batch: after shipment of goods • Error logs • Error correction computer processes • Transaction resubmission procedures • Real-Time: Errors handled as they occur • Missing data checks – presence of blank fields • Numeric-Alphabetic data checks – correct form of data • Limit checks – value does not exceed max for the field • Range checks – data is within upper and lower limits • Validity checks – compare actual values against known acceptable values • Check digit – identify keystroke errors by testing internal validity • Testing Data Validation Controls • Verify controls exist and are functioning effectively • Validation of program logic can be difficult • If Controls over system development and maintenance are NOT weak, testing data editing/programming logic more efficient than substantive tests of details (test data, ITF) • Some assurance can be gained through the testing of error lists and error logs (detected errors only) IT Auditing & Assurance, 2e, Hall & Singleton

  12. INPUT CONTROLS • Batch controls • Manage high volumes of similar transactions • Purpose: Reconcile output produced by system with the original input • Controls continue through all computer (data) processes • Batch transmittal sheet: • Unique batch number • Batch date • Transaction code • Record count • Batch control total (amount) • Hast totals (e.g., account numbers) • Testing data validation controls • Failures of batch controls indicates data errors • Involves reviewing transmittal records of batches processed and reconcile them to the batch control log (batch transmittal sheet) • Examine out-of-balance conditions and other errors to determine cause of error • Review and reconcile transaction listings, error logs, etc. IT Auditing & Assurance, 2e, Hall & Singleton

  13. PROCESS CONTROLS • Computerized procedures for file updating • Restricting access to data • Techniques: • File update controls -- Run-to-run batch control data to monitor data processing steps • Transaction code controls – to process different transactions using different programming logic (e.g., transaction types) • Sequence check controls – sequential files, proper sorting of transaction files required • Testing file update controls – results in errors • Testing data that contains errors (incorrect transaction codes, out of sequence) • Can be performed in ITF or test data • CAATTs requires careful planning • Single audit procedure can be devised that performs all tests in one operation. IT Auditing & Assurance, 2e, Hall & Singleton

  14. ACCESS CONTROLS • Prevent and detect unauthorized and illegal access to firm’s systems and/or assets • Warehouse security • Depositing cash daily • Use safe deposit box, night box, lock cash drawers and safes • Accounting records • Removal of an account from books • Unauthorized shipments of goods using blank sales orders • Removal of cash, covered by adjustments to cash account • Theft of products/inventory, covered by adjustments to inventory or cash accounts • Testing access controls – heart of accounting information integrity • Absence thereof allows manipulation of invoices (i.e., fraud) • Access controls are system-wide and application-specific • Access controls are dependent on effective controls in O/S, networks, and databases IT Auditing & Assurance, 2e, Hall & Singleton

  15. PHYSICAL CONTROLS • Segregation of duties • Rule 1: Transaction authorization separate from transaction processing • Rule 2: Asset custody separate from record-keeping tasks • Rule 3: Organization structured such that fraud requires collusion between two or more people • Supervision • Necessary for employees who perform incompatible functions • Compensates for inherent exposure from incompatible functions • Can be supplement when duties are properly segregated • Prevention vs. detection of fraud and crime is objective: supervision can be effective preventive control IT Auditing & Assurance, 2e, Hall & Singleton

  16. PHYSICAL CONTROLS • Independent verification • Review the work of others at critical points in business processes • Purpose: Identify errors or possible fraud • Examples: • Shipping dept. verifies goods sent from warehouse dept. are correct in type and quantity • Billing dept. reconciles shipping notice with sales notice to ensure customers billed correctly • Testing physical controls • Review organizational structure for incompatible tasks • Tasks normally segregated in manual systems get consolidated in DP systems. • Duties of design, maintenance, and operations for computers need to be separated • Programmers should not be responsible for subsequent program changes. IT Auditing & Assurance, 2e, Hall & Singleton

  17. OUTPUT CONTROLS • PURPOSE:Information is not lost, misdirected, or corrupted; that the system output processes function properly • Controls are designed to identify potential problems • Reconciling GL to subsidiary ledgers • Maintenance of the audit trail – that is the primary way to trace the source of detected errors • Details of transactions processed at intermediate points • AR change report • Transaction logs: permanent record of valid transactions • Transaction listings – successfully posted transactions • Log of automatic transactions • Unique transaction identifiers • Error listings • Testing output controls • Reviewing summary reports for accuracy, completeness,timeliness, and relevance for decisions • Trace sample transactions through audit trails; including transaction listings, error logs, and logs of resubmitted records • ACL is very helpful in this process IT Auditing & Assurance, 2e, Hall & Singleton

  18. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • PURPOSE:Determine the nature, timing, and extent of substantive tests using auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and efficiency of the audit. • Concern: Overstatement or understatement of revenues? • Focus on large and unusual transactions, especially near period-end • Recognizing revenues from sales that did not occur • Recognizing revenues BEFORE they are realized • Failing to recognize cutoff points • Underestimating allowance for doubtful accounts • Shipping unsolicited products to customers, subsequently returned • Billings customers for products held by seller • Tests of controls and substantive tests • Credit limit logic may be effective but cut-off of AR may be error • Substantive testing of AR may give assurance about accuracy of total AR but does not offer assurance about collectibility IT Auditing & Assurance, 2e, Hall & Singleton

  19. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • Understanding data • VERIFY data used in CAATTs (e.g., ACL) is accurate • VERIFY adequate setup of files from originals (e.g., ACL and Profilecommand) • Relationships and data from [see Figure 9-10]: • Customer file • Sales Invoice file • Line item file • Inventory file • Shipping log file • File preparation procedures IT Auditing & Assurance, 2e, Hall & Singleton

  20. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • Accuracy/completeness assertion • Analytical review of account balances • Overall perspective for trends in sales, cash receipts, sales returns, and AR • Provides first-level assurance that amounts are reasonably stated and reasonably complete • If so, may reduce the extent of substantive testing • Review sales invoices for unusual trends and exceptions • Scanning data files using CAAT (e.g., ACL and stratify and possibly filters - see Figure 9-11) • Reveals all errors or raises questions? IT Auditing & Assurance, 2e, Hall & Singleton

  21. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • Accuracy/completeness assertion • Review sales invoice and shipping log files • Missing and duplicate transactions [see Table 9-2] • Questions/survey: • Are procedures in place to document and approve voided invoices? • How are gaps in sales invoice numbers communicated to management? • What physical controls exist over access to sales invoice source documents? • If applicable, are batch totals used to control batch transactions during each processing step? • Are transaction listings reconciled and reviewed by management? • Review line item and inventory files for pricing accuracy • ACL allows auditor to compare prices on invoices with inventory – using JOIN [see example on page 413] • Testing unmatched records (complement) IT Auditing & Assurance, 2e, Hall & Singleton

  22. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • Existence assertion • Confirmation of AR – SAS #67 • Not required if: • AR is immaterial • Assessed Control Risk is low • Confirmation process will be ineffective • CAATTs to use for this function? • Steps: • Select accounts to confirm • Consolidate invoices (not AR subsidiary) using CLASSIFY (filter) and SUMMARIZE (amount) [see Tables 9-3 and 9-4] • Why? • JOIN the CUSTOMER file with the new consolidated invoice file • Prepare confirmation requests [see Figure 9-12] • Positive and Negative Confirmations (ACL, EXPORT) • Evaluating and controlling responses • Retain custody of the confirmation letters until mailed • The letters should be addressed to the auditor, not client org. • The replies should be mailed to the auditor, not client org. • Discrepancies should be investigated. • Non responses to POSITIVE confirmation should be investigated IT Auditing & Assurance, 2e, Hall & Singleton

  23. SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS • Valuation/allocation assertion • Corroborate or refute AR is stated at reasonable Net Realizable Value • AGING AR • ACL, AGE [see Table 9-7] • Is allowance for doubtful accounts reasonable compared to prior years and based on composition of AR portfolio • Confirmation process will be ineffective • Review past-due balances • Conference with credit manager to determine collectibility • Determine if methods used to estimate allowance for doubtful accounts is adequate, not the collectibility of each account • Determine if overall allowance is, therefore, reasonable IT Auditing & Assurance, 2e, Hall & Singleton

  24. IS Controls Access Controls • Site • System • File • Record • Rights and privileges IT Auditing & Assurance, 2e, Hall & Singleton

  25. Controls for Automated Systems • General and application controls for IS • Transaction tags • Transaction logs • Increased supervision • Online validation and authentication • Rotation of duties • Authorizations and automated rules • Continuous auditing techniques IT Auditing & Assurance, 2e, Hall & Singleton

  26. IT Auditing & Assurance, 2e, Hall & Singleton

  27. IT Auditing & Assurance, 2e, Hall & Singleton

  28. IT Auditing & Assurance, 2e, Hall & Singleton

  29. IT Auditing & Assurance, 2e, Hall & Singleton

  30. IT Auditing & Assurance, 2e, Hall & Singleton

  31. IT Auditing & Assurance, 2e, Hall & Singleton

  32. Chapter 9:Auditing the Revenue Cycle IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton

More Related