Date post: | 08-Jan-2017 |
Category: |
Documents |
Upload: | ca-gourang-shah |
View: | 31 times |
Download: | 2 times |
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Section 6 Test of controls
01. Executive summary02. Organisation Structure – Steel and Tube Industries Limited03. Business process flow chart and documentation04. SWOT Analysis05. Stores management06. Test of controls
63
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
IT general and business activity test of controlsThe company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-ProcessControl parametertested Detailedreport Risk Rating GT observations Management actions required
User Access Control Access log-ins done by users
1. Access to systemby different users on a user id
1. Some users pc names are created with personal names, some with designations, difficult to trace the department and their users
2. More than one action users accessed by multiple clients
3. Frequent password changes are not seen
4. Users often do not log off each time they log into the SAP.
5. There is also an over ride of user rights even when a user is on leave
1. Creating department wise ids and all pc names should be with department works assigned – Sales executive 1, Sales executive 2, Accounts 1, Accounts 2 etc
2. Inquiry by IT on a weekly basis if any other pc access the other user id from their pc.
Cash control 1. There are transactions that were identified to be with no user signature appended to them
Test of controls
Key: High Medium Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
User access log
cash control_user signature
64
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controlsThe company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-ProcessControl parametertested Detailedreport Risk Rating GT observations Management actions required
Sales Sales order Missing sales order numbers
No risk detected
Sales Sales invoices &reserve invoices
Missing sales invoice and reserve invoice number
1. There is a serial number break as the invoice no's attached are dated back in 2012 yet Invoice no’s before them are dated as those of the current year2. Also some of the invoices are missing in the invoice no series specifically for outlet sales
Sales Credit notes 1. There is a serial number break as the credit memo no's attached are dated back in 2012
2. Credit memo No. 1939 has been raised and approved with 1% discount without mapping to the related invoice No.41917
Sales Delivery Notes No risk detected
Test of controls
Key: High Medium Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Missing sales credit memos
Missing Sales invoices
65
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controlsThe company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-ProcessControl parametertested Detailedreport Risk Rating GT observations Management actions required
Purchases Purchase order No risk detected
Purchases Purchase invoices &reserve invoices
1. These were identified as missing in the series of the current year
2. Some are traced back to the previous year
Purchases Purchase Credit Memos
1. There is a serial number break as the credit memo No's attached are dated back in 2012
Purchases Goods receipt PO 1. There is a serial number break as the Receipt No's attached are dated back in 2012
Test of controls
Key: High Medium Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Goods Reciept PO
Missing purchase credit memos
Missing purchase invoices
66
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controlsThe company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-ProcessControl parametertested Detailedreport Risk Rating GT observations Management actions required
Production Production order Missing production order series from the system
There is a serial number break as the Production Order No's attached are dated back in 2012 There is also an issue with the user signature as in the attached
Production Receipt from production
Missing receiptnumbers as aligned with production orders raised in system
These were identified as missing in the series of the current year but some are found to belong to the previous year
Production Issue for production Missing productionseries for items issued for production
These were identified as missing in the series of the current year but some are found to belong to the previous year
Test of controls
Key: High Medium Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Production orders
Missing reciepts from production
Missing issues for production
67
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
HR Activity – Biometric time registration test of controlsThe company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-ProcessControl parametertested Detailedreport Risk Rating GT observations Management actions required
Human resource activity
Leaves 1. Leaves as per details captured from bio metric system against actual leave applications or leave roaster updates
1. According to the HR policy, there should be a leave roster to be maintained for each division. From the records it is identified for most cases the leave rosters are not utilized or are not followed rigorously
2. Only a few employees fill in delegation of authority forms
1. Define strict policies for leave management and to ensure that the payrolls are accurately processed against the leaves taken
2. Every employee and department heads to be trained and informed on the STIL's policy of leave approvals and their impact of not following strictly on their payrolls
Human resource activity
1. Biometric attendance
1. User signature2. Authorisation
status1. There are many absenteeism as per the attached report from system and we could not trace any actions taken against the same2. Employees at times do not swipe out on the biometric scan at the end of the day
1. Swipe in and swipe out should be mandatory to adhere strong control on their attendance as well as knowing their overtime in organisation
2. Absents should be strictly be addressed for knowing the leave status or the actual status
Test of controls
Key: High Medium Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Leave_sample_August
biometric scan_august
68