Date post: | 01-Dec-2014 |
Category: |
Education |
Upload: | mulyadi-yusuf |
View: | 700 times |
Download: | 26 times |
Audit lap keuangan berbasis komputer –
Auditing revenue cycle
After studying this chapter, you should:
Understand the operational tasks associated with the revenue cycle under different levels of technology.
Understand audit objectives related to the revenue cycle.
Be familiar with revenue cycle control issues related to alternative technologies.
Recognize the relationship between revenue cycle audit objectives, controls, and tests of controls.
Understand the nature of substantive tests in achieving revenue cycle audit objectives.
Be familiar with common features and functions of ACL that are used to perform substantive tests..
Learning Objectives
Revenue Cycle Activities – PROCESS OVERVIEW
Revenue Cycle Activities – AUDIT OVERVIEW
Revenue Cycle Activities - Batch Processing Using Sequential Files—Manual Procedures
Understand the system process and control: order taking, credit checking, warehousing, and shipping are performed manually. Computer programs process the acc. records.
Revenue Cycle Activities - Batch Processing Using Sequential Files—Automated Procedures
Revenue Cycle: Audit Obj, Controls, and ToC
Summary of Internal Controls
Proper authorization of transactions (documentation) should occur so that only valid transactions get processed.
Within the revenue cycle, authorization should take place when:– a sale is made on credit (authorization)
– a cash refund is requested (authorization)
– posting a cash payment received to a customer’s account (cash pre-list)
1. Authorization Controls
Three Rules
2. Segregation of Function
• Sales Order Processing– Credit authorization separate from SO processing
– Inventory control separate from warehouse
– AR sub-ledger separate from general ledger control account
• Cash Receipts Processing– Cash receipts separate from accounting records
– AR sub-ledger separate from general ledger
Autho-rization
Record-ing
Separat-ed
Custody
Often used when unable to enact appropriate segregation of duties (as compesated control). Supervision of employees serves as a deterrent to dishonest acts and is particularly important in the mailroom.
3. Supervision
With a properly maintained audit trail, it is possible to track transactions through the systems and to find where and when errors were made:
4. Accounting Records
Program Error
– pre-numbered source doc
– special journals
– subsidiary ledgers
– general ledger
– files
Access to assets and information (accounting records) should be limited.
Within the revenue cycle:
The assets to protect are cash and inventories, and
Access to records such as the accounts receivable subsidiary ledger and cash journal should be restricted.
See:
IT-GC dan IT-AC: Access Controls
5. Access Controls
Physical procedures as well as record-keeping should be independently reviewed at various points in the system to check for accuracy and completeness:
– shipping verifies the goods sent from the warehouse are correct in type and quantity
– warehouse reconciles the stock release document (picking slip) and packing slip
– billing reconciles the shipping notice with the sales invoice
– general ledger reconciles journal vouchers from billing, inventory control, cash receipts, and accounts receivable
6. Independent Verification
Authorization - in real-time systems, authorizations are automated
– Programmed decision rules must be closely monitored.
Segregation of Functions - consolidation of tasks by the computer is common
– Protect the computer programs
– Coding, processing, and maintenance should be separated.
CBAS Control Considerations
Control Principles
Maintenance
Coding
Processing
Supervision
In POS systems, the cash register’s internal tape or database is an added form of supervision
Access Control
Magnetic records are vulnerable to both authorized and unauthorized exposure and should be protected
– Must have limited file accessibility
– Must safeguard and monitor computer programs
CBAS Control Considerations
Accounting Records - rest on reliability and security of stored digitalized data
– Accountants should be skeptical about the accuracy of hard-copy printouts.
– Backups - the system needs to ensure that backups of all files are continuously kept
Independent Verification – consolidating accounting tasks under one computer program can remove traditional independent verification controls. To counter this problem:
– perform batch control balancing after each run
– produce management reports and summaries for end users to review
CBAS Control Considerations
Used by small firms and some large decentralized firms
Allow one or few individuals to perform entire accounting function
Most systems are divided into modules controlled by a menu-driven program:
– general ledger– inventory control– payroll– cash disbursements– purchases and accounts payable– cash receipts– sales order
PC – Based Accounting Systems
Segregation of Duties
Tend to be inadequate and should be compensated for with increased supervision, detailed management reports, and frequent independent verification
Access Control
Access controls to the data stored on the computer tends to be weak; methods such as encryption and disk locking devices should be used
Accounting Records
Computer disk failures cause data losses; external backup methods need to be implemented to allow data recovery
PC – Control Issues
Revenue Cycle: Test of Controls
1. Input Controls
Input controls: to ensure that trans are valid, accurate, and complete. Control techniques vary considerably between batch and real-time systems.
Testing Credit Procedures
Credit Policy
Test the design, ex: credit limit
exessive?, allow mgt override?
Test the program, using test of data or ITF, ex: create several
dummy customer account, with various credit limit
Failure to apply imply to the adequacy of allowance of
bad ARAdequate?
Effective?
Analyze the result Conlusion
Revenue Cycle: Test of Controls
1. Input Controls
Testing Validation Controls (See: Validation Controls)
The procedures here provide evidence about the accuracy assertion.
ITF or the test data approach would enable the auditor to perform explicit tests of the program logic.
Example: Creates a comprehensive set of test trans that include valid and erroneous data value that fall within and outside of test parameter.
In addition to direct testing of program logic, the auditor can achieve some degree of assurance by reviewing error listings and error logs, but do not provide evidence of undetected errors.
An analysis of error conditions not present in the listing can be used to guide the auditor in designing substantive tests to perform.
Example: To determine whether material price discrepancies exist in the sales invoice file, auditor can perform substantive tests that compare the actual price charged with the suggested retail price.
1. Input Controls Testing Batch Controls (See Batch Control).
Tests of BC provide evidence relating to completeness and accuracy.
Example:
A batch’s transmittal record = 100 sales invoices, total $182,674.87, entered into system, but the completed batch log = only 96 records, total of $172,834.60. What caused this?
Revenue Cycle: Test of Controls
Answers to these questions by reviewing and reconciling trans listings, error logs, and logs of resubmitted record.
ACL commands PROFILE, TOTAL, and COUNT will provide the kind of inf necessary to adequately develop a set of batch controls.
Revenue Cycle: Test of Controls
2. Process Controls Testing File Update Controls (See File Update Controls).
The failure of FUC to function properly can result in records going unprocessed, being processed incorrectly (i.e., returns are treated as sales), or being posted to the wrong customer’s account.
Tests of FUC provide evidence relating to existence (sales but returns), completeness (all records processed), and accuracy (computation).
Testing run-to-run controls is a logical extension of Batch Control procedures and needs no further explanation.
Tests of trans codes and sequence checks can be performed using ITF or the tests–data approach. The auditor should create test data that contain records with incorrect trans codes and records that are out of sequence in the batch and verify that each was handled correctly.
Implicit in this test is verifying the mathematical correctness of the computer operation (test accuracy assertion)
Revenue Cycle: Test of Controls
2. Process Controls Testing Access Controls (See Access Controls).
Access control is at the heart of accounting information integrity.
In the absence of controls, invoices can be deleted, added, or falsified. Individual account balances can be erased, or the entire AR file can be destroyed.
Evidence gathered about existence, completeness, accuracy, valuation and allocation, right and obligations, and presentation and disclosure.
Access control over revenue cycle applications depends on effectively controlling access to the operating systems, the networks, and the databases with which they interact.
The control techniques—including PW, encryption, firewalls, and user views—apply also in preventing unauthorized access to revenue cycle processes. The auditors will typically test these controls as part of their review of general controls.
Revenue Cycle: Test of Controls
3. Output Controls Testing Output Controls (See Output Controls).
Evidence gathered through tests of output controls relates to the completeness and accuracy assertions.
Testing output controls involves reviewing summary reports for accuracy, completeness, timeliness, and relevance to the decisions that they are intended to support.
In addition, the auditor should trace sample transactions through audit trail reports, including transaction listings, error logs, and logs of resubmitted records.
Data extraction software such as ACL can be used to search log files for specific records to verify the completeness and accuracy of output reports. Alternatively, the auditor can test output controls directly using ITF. A well-designed ITF system will permit the auditor to produce a batch of sample transactions, including some error records, and trace them through all phases of processing, error detection, and output reporting.
Substantive Testof Revenue Cycle Activities
Tests of Controls:
To determine whether adequate IC are in place and functioning properly.
Substantive tests:
To determine whether accounting databases fairly reflect the organization’s transactions and account balances.
ISACA: CISA Study Guide
There 2 basic categories of audit testing:
Compliance Test
To test the presence of the absence of something.
Substantive Test
To verify the content and integrity of evidence.
Substantive Tests of Revenue Cycle Accounts
Substantive Tests of Revenue Cycle Accounts
Revenue Cycle Risk and Audit Concern
Auditor’s concerns in the revenue cycle pertain to the potential for overstatement of revenues and AR.
Examples of specific issues / risks:
Recognizing revenues from sales transactions that did not occur
Early or Failing to recognize period-end cutoff points (before or after point of sale).
Underestimating the allowance for doubtful accounts, thus AR
Shipping unsolicited products to customers in one period that are returned in a subsequent period
Billing sales to the customer that are held by the seller (may require no payment for a lengthy period of time.)
Substantive Tests of Revenue Cycle AccountsRevenue Cycle Risk and Audit Concern
Auditor will seek evidence by performing a combination of tests of IT-GC/IT-AC and substantive tests.
Example: Auditor may use ITF to test the accuracy of sales transaction postings to
AR file. However, the ITF offer no assurance about collectability of A/R.
ITF can be used to test the credit-limit logic to provide assurance that the credit policy is being implemented. This test, however, provides no evidence that proper cutoff procedures were followed in calculating AR.
From examples, we see that in addition to ToC, the auditor must perform substantive tests to achieve audit objectives.
Audit Objectives
Subs Test
TOCSubs Test
Understanding Data
To do substantive tests, auditor needs to understand the systems and controls that produced the data, as well as the physical characteristics of the files that contain them.
Substantive Tests of Revenue Cycle Accounts
First, auditors verify the correct version of the file to be analyzed. To do so, auditor must understand the file backup procedures and, if possible, work w/ the original files.
Second, ACL can read most sequential files and relational database tables directly, but complex file structures may require additional procedures to produce a copy of the original file in a format that ACL can accept.
Test of Control + Substantive Test
Understand System and Control
Understanding Data
Verifying the correctness of data/ file
analyzed
Understanding: DFD of Sales Order Processing
Substantive Tests of Revenue Cycle AccountsUnderstanding Data – Client’s File Structures for The Revenue Cycle
Contains address and credit inf. CL is used to validate sales trans.
Capture sales trans data for the period. SI file contains summary data for each invoice. Summing Invoice for all record in the file yields total sales.Customer payments are matched to the open invoice record, which is closed by placing date in Closed Date field. AR balance is calculated by summing
the Invoice Amount fields for all of the customer’s open invoices.
Contains a record of every product sold. These data also provide audit evidence needed to corroborate the accuracy of P X Q calculations that are summarized in the sales invoices.
Contains Q, P, supplier, and warehouse location data for each item of inventory. The Quantity on Hand field is increased by inventory receipts from suppliers.
(+)
( - ) sold
A record of all sales orders shipped to customers, verifying SI file and order is shipped in timely manner.
Testing the Accuracy and CompletenessReview Sales Invoices for Unusual Trends and Exceptions
Identifying potential audit risks involves scanning data files for unusual transactions and account balances.
Example: The auditor can use
ACL’s Stratify feature to identify anomalies.
Unusual trends and exceptions:Min invoice= (3,582.98)
and the max= $5,549.19.49 items constitute
$49,283 of (-) sales.74% of sales b/w $310
and $1,620.Only 2 items were sales
over $4,895.
it’s sales invoice file
Testing the Accuracy and CompletenessReview Sales Invoice and Shipping Log Files for Missing and Duplicate Items
Duplicate and missing trans in the revenue cycle may be evidence of over- or understated sales and AR.
ACL is capable of testing for out-of-sequence records, gaps, and duplicate values for the entire file.
For Shipping Log file, auditor would test the Invoice Number field for gaps and duplicate records.
Depending on the circumstances, sales and AR may be overstated.
Analyze another file/data for testing the accuracy and completeness assertion (see DB relation)
Testing the Accuracy and CompletenessReview Line Item and Inventory Files for Sales Price Accuracy
Pricing inconsistency in such a setting may indicate a computer program error or the use of obsolete pricing data.
Based on the file structures for the Line Item and Inventory files, the Sales Price and Retail Price fields can be compared for consistency, by combining the two files to create a third table.
Then, create a filter that will ignore all records in which Sales Price = Retail Price. The resulting file will thus contain only price discrepancies.
Using ACL feature, calculate price variance and determine its materiality.
Testing for Unmatched Records Inventory and Line Item: present (absence) of unmacthed records may indicates: The accuracy assertion.The valuation assertion.
Testing the Existence AssertionThe confirmation process involves three stages: selecting the accounts to confirm, preparing confirmation requests, and evaluating the responses.
1. Selecting Accounts to Confirm
Selecting AR for confirmation involves processing data in the Customer and the Sales Invoice files.
Requires 3 steps:
1. Consolidate Invoices. Using ACL’s Classify command (open invoice).
2. Join the Files. Join the Classified Invoices file and Customer file, for?
3. Select a Sample of Accounts: Record or MUS, consideration?
AR balance
Type of Confirmation:Positive confirmation:
nonresponses must be followed up by auditor, for example: review the following period’s closed invoices to determine if the accounts were
actually paid
Negative confirmation: all: (1) many small balances (coverage) AND (2) IR and CR are low
AND (3) high response rate to positive confirms in Previous Years
Obtain and evaluate AR confirmations
Timing:The most reliable evidence from confirmations is obtained whenthey are sent as close to the BS date as possible, as opposedto confirming the accounts several months before year-end.
Controlling: Confirmation letter retained and mailed by auditor, and sent bact directly to auditor
Testing the Valuation/Allocation AssertionReview Line Item and Inventory Files for Sales Price Accuracy
To assess AR valuation, auditor needs to review the AR aging process to determine that the allowance for doubtful accounts is adequate.
Aging Accounts Receivable As AR age, the AR collectibility is decreased. Economic condition also
has an impact to the AR collectibility. The total balance of AR =
$468,880.69, in which 17 invoices= 90 < x < 120 day past due, and 13 invoices > 120 days past due.
Auditor’s objective is to determine that the methods used by the credit manager to estimate the doubtful accounts is adequate and reasonable.
Informasi Lebih Lanjut,Hubungi: