Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9: Auditing the Revenue Cycle

Published byMervyn Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9: Auditing the Revenue Cycle"— Presentation transcript:

1 Chapter 9: Auditing the Revenue Cycle
IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton

2 IT Auditing & Assurance, 2e, Hall & Singleton
MANUAL PROCEDURES Processing shipping orders 4 copies of Sales Order to warehouse; packing slip, shipping notice, stock release, file copy Locate and “pick” goods using Stock Release; package them with packing slip Reconcile documents and goods, sign Shipping Notice, prepare Bill of Lading – multiple copies [Figure 9-3] Transfer custody of goods (packing slip inside) and 2 copies of Bill of Lading to carrier Record shipment in shipping log Send shipping notice to Billing Dept. File: Stock Release, 1 BOL, File Copy Processing Shipping Orders – the sales department sends the stock release (picking ticket) copy of the sales order to the warehouse. This document identifies the items of inventory that must be located and picked from the warehouse shelves. It also provides formal authorization for the warehouse clerk to release custody of the specified assets. The clerk then adjusts the stock records to reflect the reduction in inventory. The stock records are not the formal accounting records for these assets. Before the arrival of the goods and the stock release copy, the shipping department receives the packing slip and shipping notice copies from the sales department. The packing slip travels with the goods to the customer to describe the contents of the order. Upon receiving the goods from the warehouse, the shipping clerk reconciles the physical items with the stock release documents, the packing slip, and the shipping notice to verify the correctness of the order. The shipping clerk packages the goods, attaches the packing slip to the container, completes the shipping notice, and prepares a bill of lading, which is a formal contract between the seller and the shipping company to transport the goods to the customer. The shipping clerk transfer custody of the goods, the packing slip, and two copies of the bill of lading to the carrier and then performs the following tasks: Records the shipment in the shipping log. Sends the shipping notice to the billing department as proof of shipment. Files one copy each of the bill of lading, Stock Release, and file copy of the Sales Order. IT Auditing & Assurance, 2e, Hall & Singleton

3 LEGACY SYSTEM PROCEDURES
Keypunch batch of shipping notices Edit run program, correct any errors Field checks Limit tests Range tests Price times quantity extensions Sort run on batches by AR account number Legacy systems store records in sequential manner, usually tape Next process is to “post” individual shipping notices to appropriate individual AR accounts AR update & billing run [Figure 9-4] Updates AR file becomes new AR file Billing would be printing invoices to be mailed Sales journal file or printout Journal voucher for AR [DR] and sales [CR] Automated Procedures – a legacy system employs sequential file structures for its accounting records. This approach is labor intensive and expensive. Most organizations that still use sequential files store them on disks that are permanently connected (on-line) to the computer system and require no human intervention. Keystroke – the process begins with the arrival of batches of shipping notices from the shipping department. The keystroke clerks receive and convert batches of shipping notices to magnetic media. The resulting transaction file will thus contain many separate batches of sales orders. Batch control totals are calculated for each batch on the file. Edit Run – periodically, the batch sales order system is executed. The process may take place only once or several times a day. The edit run is the 1st run in the batch process. This process validates transactions by testing each record for the existence of clerical or logical errors. The edit program recalculates the batch control totals to reflect changes due to the removal of error records. Sort Run – at this point, the sales order file is in no useful sequence. The sort run program physically arranges the sales order transaction file sequentially. AR Update and Billing Run – the AR update program posts to accounts receivable by sequentially matching the Account Number key in each sales order record with the corresponding record in the AR-SUB master file. Some firms employ cycle billing of their customers. The update program searches the billing date field in the AR-SUB master file for those customers to be billed on that day of the month and prepare statements for the selected accounts. IT Auditing & Assurance, 2e, Hall & Singleton

4 LEGACY SYSTEM PROCEDURES
Re-sort by inventory item {why?} Same reason; but this process is to update Inventory Items Inventory update run [Figure 9-5] Reduce quantity on hand for items shipped, generate a new Inventory file Compare “On Hand” quantity with “Reorder Point” to identify items needing replenishment; file or printout Journal voucher for Cost of Goods Sold [DR] and Inventory [CR] Sort journal entries by GL # Run general ledger update Management reports Sort and Inventory Update Runs – the sort programs sorts the sales order file on the secondary key. The inventory update program reduces the Quantity On Hand filed in the affected inventory records. A new inventory master file is created in the process. The program compares values of the Quantity On Hand and the Reorder Sales Point fields to identify inventory items that need to be replenished. A journal voucher is prepared to reflect the cost of goods sold and the reduction in inventory. General Ledger Update Run – under the sequential file approach, the general ledger master file is not updated after each batch of transactions. Firms using sequential files typically employ separate end-of-day procedures to update the general ledger accounts. This program also generates a number of management reports. IT Auditing & Assurance, 2e, Hall & Singleton

5 BATCH CASH RECEIPTS SYSTEMS WITH DIRECT ACCESS FILES
See Figure 9-6 Discrete events that naturally fit the batch approach Update Procedures Mail Room Receives checks and Remittance Advices. Separates checks from Remittance Advices Prepares a Remittance List – multiple copies Copy of Remittance List and checks go to Cash Receipts Dept. Remittance Advices and copy of Remittance List go to AR Dept. Last copy of Remittance List to Controller’s Office Example of separation of duties and separating segments of process for integrity purposes. IT Auditing & Assurance, 2e, Hall & Singleton

6 REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS
See Figure 9-7 Sales procedures Transactions are processed as they occur, separately Credit check is performed online by the system If approved, system checks availability of inventory If available, system: Transmits electronic stock release to warehouse dept Transmits electronic packing slip to shipping dept Updates inventory file records for depletion Records sale in open sales order computer file This system provides real-time input and output with batch updating of only some of the master files. Order Entry Procedures Sales Procedures – under real-time processing, sales clerks receiving orders from customers process each transaction separately as it is received. The sales clerk also performs the following tasks: A credit check is performed on-line by accessing the customer credit file. If credit is approved, the clerk then accesses the inventory master file and checks the availability of the inventory. The system automatically transmits an electronic stock release record to the warehouse and a shipping notice to the shipping department, and records the sale in the open sales order file. IT Auditing & Assurance, 2e, Hall & Singleton

7 REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS
Warehouse procedures Produces hard copy of stock release Clerk picks goods, sends them with a copy of stock release to shipping dept. Shipping procedures Reconciles goods, stock release, packing slip from system. Online, IS prepares Bill of Lading for shipment, and shipping notice for DP Dept. Select carrier and prepare goods for shipment, along with packing slip and Bill of Lading Stock release form is filed This system provides real-time input and output with batch updating of only some of the master files. Order Entry Procedures Warehouse Procedures – produces a hard copy printout of the electronically transmitted stock release document. The clerk then picks the goods and sends them, along with a copy of the stock release document, to the shipping department. Shipping and Billing – reconciles the goods, the stock release document, and the hard copy packing slip produced on the terminal. The clerk then selects the carrier and prepares the goods for shipment. IT Auditing & Assurance, 2e, Hall & Singleton

8 FEATURES OF REAL-TIME PROCESSING
Events Database Traditional accounting does not have to exist in per se (in traditional form) General Ledger can be derived at any time from a compilation from the events database Advantages Greatly shortens the cash cycle of the firm Can give a firm a competitive advantage (e.g., managing inventory better) Real-time editing permits the identification of many kinds of errors as they occur, greatly reducing the efficiency and effectiveness of business processes Reduces the amount of paper documents Electronic audit trails are possible in real-time computer-based systems Features of Real-Time Processing – a central feature of the system is the use of an events database. Traditional accounting records may not exist per se. In theory, such a system does not even need a general ledger since sales, sales returns, accounts receivable-control, and cost of goods sold can all be derived from the invoices in the events database. This system has the following advantages: Greatly shortens the cash cycle of the firm. Can give a firm a competitive advantage in the marketplace by maintaining current inventory information, the sales staff can know immediately if inventories are in stock. Real-time editing permits the identification of many kinds of errors when they occur and greatly improves the efficiency and the effectiveness of operations. Reduces the amount of paper documents in a system. Hard copy documents are expensive to produce and clutter the system. Documents in electronic format are efficient, effective, and adequate for most audit trails. IT Auditing & Assurance, 2e, Hall & Singleton

9 MANAGEMENT ASSERTIONS AND REVENUE CYCLE AUDIT OBJECTIVES
Existence / Occurrence VERIFY AR balance represents amounts actually owed as of Balance Sheet date Establish sales represents goods shipped and/or services rendered during period of financials Completeness Determine all amounts owed organization are included in AR VERIFY shipped goods, services rendered, and/or returns and allowances for period are included in financials Accuracy VERIFY revenue transactions are accurately computed, based on correct prices and quantities Ensure AR subsidiary ledger, sales invoice file, remittance file are mathematically correct .. And agree with GL accounts Rights & Obligations Determine organization has legal right to AR VERIFY accounts sold or factored have been removed from AR Valuation or Allocation Determine AR balance stated in net realizable value Establish allocation for uncollectible accounts is appropriate Presentation and Disclosure VERIFY AR and revenues for period are properly described and classified Relationship Between Management Assertions and Revenue Cycle Audit Objectives [Table 9-1, p.393] Existence or Occurrence – verify that the accounts receivable balance represents amounts actually owed to the organization at the balance sheet date. Establish that revenue from sales transactions represent goods shipped and services rendered during the period covered by the financial statements. Completeness – determine that all amounts owed to the organization at the balance sheet date are reflected in accounts receivable. Verify that all sales for shipped goods, all services rendered, and all returns and allowances for the period are reflected in the financial statements. Accuracy – verify that revenue transactions are accurately computed and based on current prices and correct quantities. Ensure that the accounts receivable subsidiary ledger, the sales invoice file, and the remittance file are mathematically correct and agree with general ledger accounts. Rights and Obligations – determine that the organization has a legal right to recorded accounts receivable. Customer accounts that have been sold or factored have been removed from the accounts receivable balance. Valuation or Allocation – determine that accounts receivable balance states its net realizable value. Establish that the allocation for uncollectible accounts is appropriate. Presentation and Disclosure – verify that accounts receivable and revenues reported for the period are properly described and classified in the financial statements. IT Auditing & Assurance, 2e, Hall & Singleton

10 IT Auditing & Assurance, 2e, Hall & Singleton
INPUT CONTROLS Purpose Ensure creditworthiness of customers Control techniques vary considerably between batch systems and real-time systems Credit authorization procedures Credit worthiness of customer Batch and manual systems use credit dept. Real-time systems use programmed decision rules Testing credit procedures Verify effective procedures exist Verify information is adequately communicated Verify effectiveness of programmed decision rules (test data, ITF) Verify that authority for making credit decisions is limited to authorized credit personnel/procedures Perform Substantive Tests of Detail Review credit policy periodically and revise as necessary Input Controls – designed to ensure that transactions are valid, accurate, and complete. Control techniques vary considerably between batch and real-time systems. The following input controls relate to revenue cycle operations. Credit Authorization Procedures – purpose of the credit check is to establish the creditworthiness of the customer. In batch systems with manual credit authorization procedures, the credit department (or credit manager) is responsible for implementing the firm’s credit policies. Testing Credit Procedures – the auditor needs to determine that effective procedures exist to establish appropriate customer credit limits; communicate this information adequately to the credit policy decision –makers; review credit policy periodically and revise it as necessary; and monitor adherence to current credit policy. The auditor can verify the correctness of programmed decision rules by using either the test data or integrated test facility (ITF) approaches to directly test their functionality. This can be done by creating several dummy customer accounts and running test transactions and then analyzing the rejected transactions to determine if the computer application correctly applied the credit policy. The integrity of reference data is an important element in testing credit policy controls. The auditor needs to verify that authority for making line-of-credit changes is limited to authorized credit department personnel. Performing substantive tests of detail to identify customers with excessive credit limits can do this. IT Auditing & Assurance, 2e, Hall & Singleton

11 IT Auditing & Assurance, 2e, Hall & Singleton
INPUT CONTROLS Data Validation Controls To detect transcription errors in data as it is processed Batch: after shipment of goods Error logs Error correction computer processes Transaction resubmission procedures Real-Time: Errors handled as they occur Missing data checks – presence of blank fields Numeric-Alphabetic data checks – correct form of data Limit checks – value does not exceed max for the field Range checks – data is within upper and lower limits Validity checks – compare actual values against known acceptable values Check digit – identify keystroke errors by testing internal validity Testing Data Validation Controls Verify controls exist and are functioning effectively Validation of program logic can be difficult If Controls over system development and maintenance are NOT weak, testing data editing/programming logic more efficient than substantive tests of details (test data, ITF) Some assurance can be gained through the testing of error lists and error logs (detected errors only) Input Controls – designed to ensure that transactions are valid, accurate, and complete. Control techniques vary considerably between batch and real-time systems. The following input controls relate to revenue cycle operations. Data Validation Controls – intended to detect transcription errors in transaction data before they are processed. In the batch system data validation occurs only after the goods have been shipped. Extensive error logs, error correction, and transaction resubmission procedures characterize such systems. Validity tests performed in real-time deal with most errors as they occur. The following are validity tests that pertain to the revenue cycle: Missing Data Checks – used to examine the contents of a filed for the presence of blank spaces. Numeric-Alphabetic Data Checks – determine whether the correct form of data is in a field. Limit Checks – determine if the value in the field exceeds an authorized limit. Range Checks – assign upper and lower limits to acceptable data values. Validity Checks – compare actual values in a field against known acceptable values. Check Digit – controls identify keystroke errors in key fields by testing their internal validity. Testing Validation Controls – the central audit issue is whether the validation programs in the data editing system are functioning correctly and have continued to function as intended throughout the period. Testing the logic of a validation program however represents a significant undertaking. The auditor may decide to rely on the quality of other controls to provide the assurance needed to reduce substantive testing. If controls over systems development and maintenance are weak, the auditor may decide that testing the data editing controls would be more efficient that performing extensive substantive tests of details. ITF or the test data approach would enable the auditor to perform explicit tests of logic. The auditor may achieve some degree of assurance by reviewing error listings and error logs. Error listings and logs do not provide evidence of undetected errors. An analysis of error conditions not present in the listing can be used to guide the auditor in designing substantive tests to perform. IT Auditing & Assurance, 2e, Hall & Singleton

12 IT Auditing & Assurance, 2e, Hall & Singleton
INPUT CONTROLS Batch controls Manage high volumes of similar transactions Purpose: Reconcile output produced by system with the original input Controls continue through all computer (data) processes Batch transmittal sheet: Unique batch number Batch date Transaction code Record count Batch control total (amount) Hast totals (e.g., account numbers) Testing data validation controls Failures of batch controls indicates data errors Involves reviewing transmittal records of batches processed and reconcile them to the batch control log (batch transmittal sheet) Examine out-of-balance conditions and other errors to determine cause of error Review and reconcile transaction listings, error logs, etc. Input Controls – designed to ensure that transactions are valid, accurate, and complete. Control techniques vary considerably between batch and real-time systems. The following input controls relate to revenue cycle operations. Batch Controls – used to manage high volumes of transaction data through a system. The objective is to reconcile output produced by the system with the input originally entered into the system. The controls continue through all phases of data processing. An important element of batch control is the batch transmittal sheet, which captures relevant information about the batch such as a unique batch number, batch date, transaction code, record count, batch control total, and hash totals. Testing Batch Controls – the failure of batch controls to function properly can result in records being lost or processed multiple times. Testing batch controls involves reviewing transmittal records of batches processed throughout the period and reconciling them to the batch control log. The auditor needs to investigate out-of-balance conditions to determine the cause. The auditor should be able to obtain answers to these questions by reviewing and reconciling transaction listings, error logs, and logs or resubmitted records. IT Auditing & Assurance, 2e, Hall & Singleton

13 IT Auditing & Assurance, 2e, Hall & Singleton
PROCESS CONTROLS Computerized procedures for file updating Restricting access to data Techniques: File update controls -- Run-to-run batch control data to monitor data processing steps Transaction code controls – to process different transactions using different programming logic (e.g., transaction types) Sequence check controls – sequential files, proper sorting of transaction files required Testing file update controls – results in errors Testing data that contains errors (incorrect transaction codes, out of sequence) Can be performed in ITF or test data CAATTs requires careful planning Single audit procedure can be devised that performs all tests in one operation. Process Controls – process controls include computerized procedures for file updating and restricting access to data. The following are techniques related to file updating and access controls; File Update Controls – run-to-run controls use batch control data to monitor the batch as it moves from one run to another. These controls ensure that each run in the system processes the batch correctly and completely. Transaction Code Controls – revenue cycle systems are often designed to process multiple record types. The actual tasks performed by the application are determined by a transaction code assigned to each record. Sequence Check Control – in systems that use sequential master files, the order of the transaction records in the batch is critical to correct and complete processing. As the batch moves through the process, it must be re-sorted in the order of the master file. A sequence check control should be in place to compare the sequence of each record in the batch with the previous record to ensure that proper sorting took place. Testing File Update Controls – the failure of a file update control to function properly can result in records going unprocessed, being processed incorrectly, or being posted to the wrong customer’s account. Tests of file update controls provide the auditor with evidence relating to the assertions of existence, completeness, and accuracy. Testing run-to-run controls is a logical extension of these procedures and needs no further explanation. Tests of transaction codes and sequence checks can be performed using ITF or the test-data approach. The auditor should create test data that contain records with incorrect transaction codes and records that are out of sequence in the batch and verify that each was handled correctly. The efficient use of logic-testing CAATTs like ITF requires careful planning. By determining in advance the input and process controls to be tested, a single audit procedure can be devised that performs all tests in one operation. IT Auditing & Assurance, 2e, Hall & Singleton

14 IT Auditing & Assurance, 2e, Hall & Singleton
ACCESS CONTROLS Prevent and detect unauthorized and illegal access to firm’s systems and/or assets Warehouse security Depositing cash daily Use safe deposit box, night box, lock cash drawers and safes Accounting records Removal of an account from books Unauthorized shipments of goods using blank sales orders Removal of cash, covered by adjustments to cash account Theft of products/inventory, covered by adjustments to inventory or cash accounts Testing access controls – heart of accounting information integrity Absence thereof allows manipulation of invoices (i.e., fraud) Access controls are system-wide and application-specific Access controls are dependent on effective controls in O/S, networks, and databases Access Controls – prevent and detect unauthorized and illegal access to the firm’s assets. Traditional techniques used to limit access to these assets include warehouse security, depositing cash daily, using a safe or night deposit box, locking cash drawers and safes. Controlling access to accounting records is no less important. The following are risks associated with the revenue cycle 1.       Removal of one’s account or someone else’s from the books. 2.       Unauthorized individual can trigger shipment of a product. 3.       Removal of cash from the firm to cover the act by adjusting the cash account. 4.       Steal products and adjust the records to cover the theft. Testing Access Controls - access control is at the heart of accounting information integrity. In the absence of controls, invoices can be deleted, added, or falsified. Computer access controls are both system-wide and application-specific. Access control over revenue cycle applications depends upon effectively controlling access to the operating systems, the networks, and the databases with which they interact. IT Auditing & Assurance, 2e, Hall & Singleton

15 IT Auditing & Assurance, 2e, Hall & Singleton
PHYSICAL CONTROLS Segregation of duties Rule 1: Transaction authorization separate from transaction processing Rule 2: Asset custody separate from record-keeping tasks Rule 3: Organization structured such that fraud requires collusion between two or more people Supervision Necessary for employees who perform incompatible functions Compensates for inherent exposure from incompatible functions Can be supplement when duties are properly segregated Prevention vs. detection of fraud and crime is objective: supervision can be effective preventive control Physical Controls Segregation of Duties – ensures that no single individual or department processes a transaction in its entirety. Rule 1: Transaction authorization should be separate from transaction processing. Rule 2: Asset custody should be separate from the record-keeping tasks. Rule 3: The organization should be so structured that the perpetration of a fraud requires collusion between two or more individuals. Supervision – by closely supervising employees who perform potentially incompatible functions, a firm can compensate for the exposure inherent in a system. Supervision can also provided control in systems that are properly segregated. Detecting crimes after the fact accomplishes little. Prevention is the best solution. The deterrent effect of supervision can provide an effective preventive control. IT Auditing & Assurance, 2e, Hall & Singleton

16 IT Auditing & Assurance, 2e, Hall & Singleton
PHYSICAL CONTROLS Independent verification Review the work of others at critical points in business processes Purpose: Identify errors or possible fraud Examples: Shipping dept. verifies goods sent from warehouse dept. are correct in type and quantity Billing dept. reconciles shipping notice with sales notice to ensure customers billed correctly Testing physical controls Review organizational structure for incompatible tasks Tasks normally segregated in manual systems get consolidated in DP systems. Duties of design, maintenance, and operations for computers need to be separated Programmers should not be responsible for subsequent program changes. Independent Verification – the purpose is to review the work performed by others at key junctures in the processes to identify and correct errors. Two examples: The shipping dept verifies that the goods sent from the warehouse are correct in type and quantity. The billing dept reconciles the shipping notice with the sales notice to ensure that customers are billed only for the items and quantities that were actually shipped. Testing Physical Controls – the auditor’s review of organizational structure should disclose the more gregarious examples of incompatible tasks. Covert relationships that lead to collusion may not be apparent from an organizational chart. Many tasks that are normally segregated in manual systems are consolidated in the data processing function of computer-bases systems. Duties pertaining to the design, maintenance, and operation of computer programs need to be separated. Programmers who write original computer programs should not be responsible for making program changes. IT Auditing & Assurance, 2e, Hall & Singleton

17 IT Auditing & Assurance, 2e, Hall & Singleton
OUTPUT CONTROLS PURPOSE: Information is not lost, misdirected, or corrupted; that the system output processes function properly Controls are designed to identify potential problems Reconciling GL to subsidiary ledgers Maintenance of the audit trail – that is the primary way to trace the source of detected errors Details of transactions processed at intermediate points AR change report Transaction logs: permanent record of valid transactions Transaction listings – successfully posted transactions Log of automatic transactions Unique transaction identifiers Error listings Testing output controls Reviewing summary reports for accuracy, completeness,timeliness, and relevance for decisions Trace sample transactions through audit trails; including transaction listings, error logs, and logs of resubmitted records ACL is very helpful in this process Output Controls – designed to ensure that information is not lost, misdirected, or corrupted and that system processes function as intended. Output control can be designed to identify potential problems. The following are examples of audit trail output controls. Reconciling the general ledger is an output control that can detect certain types of transaction processing errors. Maintenance of an audit trail. To resolve transaction processing errors, each detected error needs to be traced to its source. Details of transaction processing produced at intermediate points can provide an audit trail that reflects activity through every stage of operations. Accounts Receivable Change Report – shows the overall change to accounts receivable from sales orders and cash receipts. These numbers should reconcile with total sales, total cash receipts (on account), and the general ledger. Transaction Logs – every transaction successfully processed by the system should be recorded on a transaction log, which serves as a journal. A transaction log serves 2 purposes: Permanent record of valid transactions and contains only successful transactions, none that were partially processed. Transaction Listings – system should produce a transaction listing of all successful transactions. Log of Automatic Transactions – some transactions are triggered internally by the system. To maintain an audit trail of these activities, all internally generated transactions must be placed in a transaction log, and a listing or these transactions should be sent to the appropriate managers. Unique Transaction Identifiers – each transaction processed by the system must be uniquely identified with a transaction number. This is the only practical means of tracing a particular transaction. Error Listing – a listing of all errors should go to the appropriate user to support error correction and resubmission. Testing Output Controls – testing output controls involves reviewing summary reports for accuracy, completeness, timeliness, and relevance to the decisions that they are intended to support. The auditor should trace sample transactions through audit trail reports, including transaction listings, error logs, and logs of resubmitted records. In modern systems, audit trails are usually stored on-line in text files. Data extraction software such as ACL can be used to search log files for specific records to verify the completeness and accuracy of output reports. IT Auditing & Assurance, 2e, Hall & Singleton

18 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
PURPOSE: Determine the nature, timing, and extent of substantive tests using auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and efficiency of the audit. Concern: Overstatement or understatement of revenues? Focus on large and unusual transactions, especially near period-end Recognizing revenues from sales that did not occur Recognizing revenues BEFORE they are realized Failing to recognize cutoff points Underestimating allowance for doubtful accounts Shipping unsolicited products to customers, subsequently returned Billings customers for products held by seller Tests of controls and substantive tests Credit limit logic may be effective but cut-off of AR may be error Substantive testing of AR may give assurance about accuracy of total AR but does not offer assurance about collectibility SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS The strategy used in determining the nature, timing, and extent of substantive tests derives from the auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and the need to conduct the audit in an efficient manner. Revenue Cycle Risks and Audit Concerns – pertain to the potential for overstatement of revenues and accounts rather than their understatement. The auditor should focus attention on large and unusual transactions at or near period-end. The auditor will see evidence by performing a combination of tests of internal controls and substantive tests. While positive results from such a test may enable the auditor to reduce the degree of substantive testing needed to gain assurance about the mathematical accuracy of account processing, they offer no assurance about the collectibility of those accounts receivable. Similarly, ITF can be used to test the credit-limit logic of the edit program to provide assurance that the organization’s credit policy is being properly implemented. This test, however, provides no evidence that proper cutoff procedures were followed in calculating the total value of accounts receivable. IT Auditing & Assurance, 2e, Hall & Singleton

19 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
Understanding data VERIFY data used in CAATTs (e.g., ACL) is accurate VERIFY adequate setup of files from originals (e.g., ACL and Profilecommand) Relationships and data from [see Figure 9-10]: Customer file Sales Invoice file Line item file Inventory file Shipping log file File preparation procedures SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS Understanding Data – the auditor needs to understand the systems and controls that produced the data, as well as the physical characteristics of the files that contain them. The auditor must verify that he or she is working with the correct version of the file to be analyzed. ACL can read most sequential files and relational database tables directly, but esoteric and/or complex file structures may require flattening before they can be analyzed. The auditor must verify that the correct version of the original file was used and that all relevant records from the original were transferred to the copy for analysis. The audit procedure described are based on the file structure indicate the key data and logical linkages between files. o        Customer File – contains address and credit information about customers and is used to validate sales transactions. o        Sales Invoice File – captures sales transaction data for the period. The sales invoice file contains summary data for each invoice. o        Line Item File – contains a record for every product sold. These data also provide audit evidence needed to corroborate the accuracy of price times quantity calculations that are summarized in the sales invoices. o        Inventory File – contains quantity, price, supplier, and warehouse location data for each item of inventory. o        Shipping Log File – a record of all sales orders shipped to customers. These data can also be used to determine if customer orders are being shipped in a timely manner. o        File Preparation Procedures – each file needs to be defined in terms of its physical location and its structure. When the file definition is completed, it is saved under a unique name assigned by the auditor. Sometimes the contents of a data filed are different from what they are supposed to be. Prior to performing any substantive tests on a new file, it is important to validate its contents. ACL’s verify command analyzes the data fields in the selected fields in the selected file to ensure that their contents are consistent with the field type in the file definition. IT Auditing & Assurance, 2e, Hall & Singleton

20 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
Accuracy/completeness assertion Analytical review of account balances Overall perspective for trends in sales, cash receipts, sales returns, and AR Provides first-level assurance that amounts are reasonably stated and reasonably complete If so, may reduce the extent of substantive testing Review sales invoices for unusual trends and exceptions Scanning data files using CAAT (e.g., ACL and stratify and possibly filters - see Figure 9-11) Reveals all errors or raises questions? SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS The strategy used in determining the nature, timing, and extent of substantive tests derives from the auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and the need to conduct the audit in an efficient manner. Testing the Accuracy and Completeness Assertions – auditors often precede substantive tests of detail with an analytical review of account balances. This review will provide the auditor with an overall perspective for trends in sales, cash receipts, sales returns, and accounts receivable. Analytical procedures can provide assurance that transactions and accounts are reasonably stated and complete and may thus permit the auditor to reduce substantive tests of details on these accounts. o        Review Sales Invoices for Unusual Trends and Exceptions – a useful audit procedure for identifying potential audit risks involves scanning data files for unusual transactions and account balances. The auditor can use ACL’s stratify feature to identify such anomalies. This function groups data into predetermined intervals and counts the number of records that fall into each interval. The auditor can use other ACL features to seek answers to questions raised by the preceding analysis. Although the auditor cannot specifically identify from the stratification which records are causing the anomalies, the potential problem has been flagged. ACL provides a filter capability that can be used to select or ignore specific records from an entire file. Raises questions, points auditor in the direction of possible, or potential, anomalies. IT Auditing & Assurance, 2e, Hall & Singleton

21 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
Accuracy/completeness assertion Review sales invoice and shipping log files Missing and duplicate transactions [see Table 9-2] Questions/survey: Are procedures in place to document and approve voided invoices? How are gaps in sales invoice numbers communicated to management? What physical controls exist over access to sales invoice source documents? If applicable, are batch totals used to control batch transactions during each processing step? Are transaction listings reconciled and reviewed by management? Review line item and inventory files for pricing accuracy ACL allows auditor to compare prices on invoices with inventory – using JOIN [see example on page 413] Testing unmatched records (complement) SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS   o        Review Sales Invoice and Shipping Log Files for Missing and Duplicate Items – searching for missing and/or duplicate transactions is another important test that helps the auditor corroborate or refute the completeness and accuracy assertions. ACL is capable of testing a designated field for out-of-sequence records, gaps in sequence numbers, and duplicates for the entire file. The auditor can scan the Invoice Number field of all records in the Sales Invoice file. The auditor will need to interview management and employees involved in the process and seek answers to the following types of questions: Are procedures in place to document and approve voided invoices? How are gaps in sales invoices communicated to management? What physical controls exist over access to sales invoice source documents? Are batch totals used to control total transactions during data processing? Are transaction listings reconciled and reviewed by management? o        Review Line Item and Inventory Files for Sales Price Accuracy – auditors would verify pricing accuracy by comparing sales prices on the invoices with the published price list. ACL allows the auditor to compare the prices charged on every invoice in the file for the period under review. This procedure involves a few simple steps. First, notice that the actual sales price charged is stored in the Sales Price field in the Line Item file. Both files need to be ordered according to their common key. The next step is to combine the two files to create a third. ACL accomplishes this with its Join feature. ACL’s join feature permits the auditor to specify the fields from the two input files that are passed to the new output file. o        Testing for Unmatched Records - by selecting a different join option, the auditor can produce a new file of only unmatched records. IT Auditing & Assurance, 2e, Hall & Singleton

22 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
Existence assertion Confirmation of AR – SAS #67 Not required if: AR is immaterial Assessed Control Risk is low Confirmation process will be ineffective CAATTs to use for this function? Steps: Select accounts to confirm Consolidate invoices (not AR subsidiary) using CLASSIFY (filter) and SUMMARIZE (amount) [see Tables 9-3 and 9-4] Why? JOIN the CUSTOMER file with the new consolidated invoice file Prepare confirmation requests [see Figure 9-12] Positive and Negative Confirmations (ACL, EXPORT) Evaluating and controlling responses Retain custody of the confirmation letters until mailed The letters should be addressed to the auditor, not client org. The replies should be mailed to the auditor, not client org. Discrepancies should be investigated. Non responses to POSITIVE confirmation should be investigated SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS The strategy used in determining the nature, timing, and extent of substantive tests derives from the auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and the need to conduct the audit in an efficient manner. Testing the Existence Assertion – one of the most widely performed tests of existence is the confirmation of accounts receivable. This test involves direct written contact between the auditors and the client’s customers to confirm account balances and transactions. Statement of Auditing Standards No. 67, The Confirmation Process, states that auditors should request confirmations of accounts receivable except in the following 3 situations: Accounts receivable is immaterial. Based on a review of internal controls, the auditor has assessed controls; the auditor has assessed control risk to be low. The confirmation process will be ineffective. Open Invoice System records invoices individually rather than being summarized or grouped by the creditor. The confirmation process involves 3 stages: Selecting Accounts to Confirm – obtaining a set of accounts for confirmation requires three steps: consolidate the invoices by customer, join the data from the two files, and select a sample of accounts from the joined file. Consolidate Invoices – consolidate all the open invoices for each customer. ACL’s classify command allows the auditor to set a filter to select only the open sales invoices and to summarize the Invoice Amount field for each record based on thee Customer Number. Join the Files – the next step in the confirmation process is to join the Classified Invoices files and the Customer file to produce another new file called Accounts Receivable. o        Preparing Confirmation Requests – involves preparing confirmation requests that contain the information captured in the AR-Sample file. The requests are drafted and administered by the auditor but are written in the client entity’s name. o        Positive and Negative Confirmations – in positive confirmations, the recipients are asked to respond whether their records agree or disagree with the amount stated. This is useful when the auditor suspects that a large number of accounts may be in dispute. A problem with positive confirmations is poor response rates. Negative confirmations request the recipient to respond only if they disagree with the amount shown in the letter. This technique is used primarily when accounts receivable consist of a large number of low-value balances and the control risk of misstatement is considered to be low. Once the creditor decides upon the nature and the wording of the confirmation letter, it can be created using a word processor. ACL’s export feature greatly facilitates the physical task of inserting the relevant financial data for each customer into the individual letters. o        Evaluating and Controlling Responses – maintaining control over the confirmation process is critical to its integrity. The auditor should take all reasonable steps to ensure the following procedures are observed. Retain custody of the confirmation letters until they are mailed. The letters should be addressed to the auditor, not the client organization. The confirmation letter replies should be mailed to the auditor, not the client organization. When the responses are returned to the auditor, discrepancies in the amount owed should be investigated. Non-responses to positive confirmations also need to be investigated. IT Auditing & Assurance, 2e, Hall & Singleton

23 SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS
Valuation/allocation assertion Corroborate or refute AR is stated at reasonable Net Realizable Value AGING AR ACL, AGE [see Table 9-7] Is allowance for doubtful accounts reasonable compared to prior years and based on composition of AR portfolio Confirmation process will be ineffective Review past-due balances Conference with credit manager to determine collectibility Determine if methods used to estimate allowance for doubtful accounts is adequate, not the collectibility of each account Determine if overall allowance is, therefore, reasonable SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS The strategy used in determining the nature, timing, and extent of substantive tests derives from the auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and the need to conduct the audit in an efficient manner. Testing the Valuation/Allocation Assertion – the auditor’s objective regarding proper valuation and allocation is to corroborate or refute that accounts receivable are stated at net realizable value. The auditor needs to review the accounts receivable aging process to determine that the allowance for doubtful accounts is adequate. Aging Accounts Receivable – as accounts age, the probability that they will ultimately be collected is decreased. The larger the number of older accounts that are included in an organization’s accounts receivable file, the larger the allowance for doubtful accounts needs to be to reflect the risk. A key issue for auditors to resolve is whether the allowance is calculated by the client is consistent with the composition of their organization’s accounts receivable portfolio and with prior years. Review Past-Due Balances - The auditor should review past-due balances with the credit manger to obtain information for basing an opinion on their collectibility. The auditor’s objective is not to assess the collectibility of each account, but to determine that the methods used by the credit manager to estimate the allowance for doubtful accounts is adequate and that the overall allowance is reasonable. IT Auditing & Assurance, 2e, Hall & Singleton

24 IT Auditing & Assurance, 2e, Hall & Singleton
IS Controls Access Controls Site System File Record Rights and privileges IT Auditing & Assurance, 2e, Hall & Singleton

25 Controls for Automated Systems
General and application controls for IS Transaction tags Transaction logs Increased supervision Online validation and authentication Rotation of duties Authorizations and automated rules Continuous auditing techniques IT Auditing & Assurance, 2e, Hall & Singleton

26 IT Auditing & Assurance, 2e, Hall & Singleton

27 IT Auditing & Assurance, 2e, Hall & Singleton

28 IT Auditing & Assurance, 2e, Hall & Singleton

29 IT Auditing & Assurance, 2e, Hall & Singleton

30 IT Auditing & Assurance, 2e, Hall & Singleton

31 IT Auditing & Assurance, 2e, Hall & Singleton

32 Chapter 9: Auditing the Revenue Cycle
IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton

Download ppt "Chapter 9: Auditing the Revenue Cycle"

Similar presentations

Chapter 14 Audit of the Sales and Collection Cycle

Chapter 14 Audit of the Sales and Collection Cycle
AUDITING THE REVENUE PROCESS

AUDITING THE REVENUE PROCESS
CHAPTER 14 AUDITING THE REVENUE CYCLE Fall 2007

CHAPTER 14 AUDITING THE REVENUE CYCLE Fall 2007
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Now is the time to test the details of balances.

Now is the time to test the details of balances.
Accounting Information Systems, 5th edition James A. Hall

Accounting Information Systems, 5th edition James A. Hall
Part I: Purchases and Cash Disbursements Procedures

Part I: Purchases and Cash Disbursements Procedures
Chapter 7 Customer Order and Account Management Business Processes

Chapter 7 Customer Order and Account Management Business Processes
BA 427 – Assurance and Attestation Services Lecture 4 Internal Controls: Sales and Receivables.

BA 427 – Assurance and Attestation Services Lecture 4 Internal Controls: Sales and Receivables.
16 When More Isn’t Better COMPLETING THE TESTS IN THE SALES AND COLLECTION CYCLE: ACCOUNTS RECEIVABLE COMPLETING THE TESTS IN THE SALES AND COLLECTION.

16 When More Isn’t Better COMPLETING THE TESTS IN THE SALES AND COLLECTION CYCLE: ACCOUNTS RECEIVABLE COMPLETING THE TESTS IN THE SALES AND COLLECTION.
Chapter 6 Audit of Cash Accounting 4081Chapter 6.

Chapter 6 Audit of Cash Accounting 4081Chapter 6.
Accounting Information Systems, 6 th edition James A. Hall COPYRIGHT © 2009 South-Western, a division of Cengage Learning. Cengage Learning and South-Western.

Accounting Information Systems, 6 th edition James A. Hall COPYRIGHT © 2009 South-Western, a division of Cengage Learning. Cengage Learning and South-Western.
The Islamic University of Gaza

The Islamic University of Gaza
Accounting Information Systems, 6 th edition James A. Hall COPYRIGHT © 2009 South-Western, a division of Cengage Learning. Cengage Learning and South-Western.

Accounting Information Systems, 6 th edition James A. Hall COPYRIGHT © 2009 South-Western, a division of Cengage Learning. Cengage Learning and South-Western.
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.

Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.
Accounts Receivable, Notes Receivable and Revenue

Accounts Receivable, Notes Receivable and Revenue
Chapter 4 The Revenue Cycle

Chapter 4 The Revenue Cycle
The Islamic University of Gaza

The Islamic University of Gaza
Sales & Cash Receipts Transactions By David N. Ricchiute

Sales & Cash Receipts Transactions By David N. Ricchiute

Similar presentations

Ads by Google