Chapter 9: Auditing the Revenue Cycle

1
Chapter 9Auditing the Revenue Cycle

• IT Auditing Assurance, 2e, Hall Singleton

2
MANUAL PROCEDURES

• Processing shipping orders
• 4 copies of Sales Order to warehouse packing
  slip, shipping notice, stock release, file copy
• Locate and pick goods using Stock Release
  package them with packing slip
• Reconcile documents and goods, sign Shipping
  Notice, prepare Bill of Lading multiple copies
  Figure 9-3
• Transfer custody of goods (packing slip inside)
  and 2 copies of Bill of Lading to carrier
• Record shipment in shipping log
• Send shipping notice to Billing Dept.
• File Stock Release, 1 BOL, File Copy

3
LEGACY SYSTEM PROCEDURES

• Keypunch batch of shipping notices
• Edit run program, correct any errors
• Field checks
• Limit tests
• Range tests
• Price times quantity extensions
• Sort run on batches by AR account number
• Legacy systems store records in sequential
  manner, usually tape
• Next process is to post individual shipping
  notices to appropriate individual AR accounts
• AR update billing run Figure 9-4
• Updates AR file becomes new AR file
• Billing would be printing invoices to be mailed
• Sales journal file or printout
• Journal voucher for AR DR and sales CR

4
LEGACY SYSTEM PROCEDURES

• Re-sort by inventory item why?
• Same reason but this process is to update
  Inventory Items
• Inventory update run Figure 9-5
• Reduce quantity on hand for items shipped,
  generate a new Inventory file
• Compare On Hand quantity with Reorder Point
  to identify items needing replenishment file or
  printout
• Journal voucher for Cost of Goods Sold DR and
  Inventory CR
• Sort journal entries by GL
• Run general ledger update
• Management reports

5
BATCH CASH RECEIPTS SYSTEMS WITH DIRECT ACCESS
FILES

• See Figure 9-6
• Discrete events that naturally fit the batch
  approach
• Update Procedures
• Mail Room
• Receives checks and Remittance Advices.
• Separates checks from Remittance Advices
• Prepares a Remittance List multiple copies
• Copy of Remittance List and checks go to Cash
  Receipts Dept.
• Remittance Advices and copy of Remittance List go
  to AR Dept.
• Last copy of Remittance List to Controllers
  Office

6
REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS

• See Figure 9-7
• Sales procedures
• Transactions are processed as they occur,
  separately
• Credit check is performed online by the system
• If approved, system checks availability of
  inventory
• If available, system
• Transmits electronic stock release to warehouse
  dept
• Transmits electronic packing slip to shipping
  dept
• Updates inventory file records for depletion
• Records sale in open sales order computer file

7
REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS

• Warehouse procedures
• Produces hard copy of stock release
• Clerk picks goods, sends them with a copy of
  stock release to shipping dept.
• Shipping procedures
• Reconciles goods, stock release, packing slip
  from system.
• Online, IS prepares Bill of Lading for shipment,
  and shipping notice for DP Dept.
• Select carrier and prepare goods for shipment,
  along with packing slip and Bill of Lading
• Stock release form is filed

8
FEATURES OF REAL-TIME PROCESSING

• Events Database
• Traditional accounting does not have to exist in
  per se (in traditional form)
• General Ledger can be derived at any time from a
  compilation from the events database
• Advantages
• Greatly shortens the cash cycle of the firm
• Can give a firm a competitive advantage (e.g.,
  managing inventory better)
• Real-time editing permits the identification of
  many kinds of errors as they occur, greatly
  reducing the efficiency and effectiveness of
  business processes
• Reduces the amount of paper documents
• Electronic audit trails are possible in real-time
  computer-based systems

9
MANAGEMENT ASSERTIONS AND REVENUE CYCLE AUDIT
OBJECTIVES

• Existence / Occurrence
• VERIFY AR balance represents amounts actually
  owed as of Balance Sheet date
• Establish sales represents goods shipped and/or
  services rendered during period of financials
• Completeness
• Determine all amounts owed organization are
  included in AR
• VERIFY shipped goods, services rendered, and/or
  returns and allowances for period are included in
  financials
• Accuracy
• VERIFY revenue transactions are accurately
  computed, based on correct prices and quantities
• Ensure AR subsidiary ledger, sales invoice file,
  remittance file are mathematically correct .. And
  agree with GL accounts
• Rights Obligations
• Determine organization has legal right to AR
• VERIFY accounts sold or factored have been
  removed from AR
• Valuation or Allocation
• Determine AR balance stated in net realizable
  value
• Establish allocation for uncollectible accounts
  is appropriate
• Presentation and Disclosure
• VERIFY AR and revenues for period are properly
  described and classified

10
INPUT CONTROLS

• Purpose
• Ensure creditworthiness of customers
• Control techniques vary considerably between
  batch systems and real-time systems
• Credit authorization procedures
• Credit worthiness of customer
• Batch and manual systems use credit dept.
• Real-time systems use programmed decision rules
• Testing credit procedures
• Verify effective procedures exist
• Verify information is adequately communicated
• Verify effectiveness of programmed decision rules
  (test data, ITF)
• Verify that authority for making credit decisions
  is limited to authorized credit
  personnel/procedures
• Perform Substantive Tests of Detail
• Review credit policy periodically and revise as
  necessary

11
INPUT CONTROLS

• Data Validation Controls
• To detect transcription errors in data as it is
  processed
• Batch after shipment of goods
• Error logs
• Error correction computer processes
• Transaction resubmission procedures
• Real-Time Errors handled as they occur
• Missing data checks presence of blank fields
• Numeric-Alphabetic data checks correct form of
  data
• Limit checks value does not exceed max for the
  field
• Range checks data is within upper and lower
  limits
• Validity checks compare actual values against
  known acceptable values
• Check digit identify keystroke errors by
  testing internal validity
• Testing Data Validation Controls
• Verify controls exist and are functioning
  effectively
• Validation of program logic can be difficult
• If Controls over system development and
  maintenance are NOT weak, testing data
  editing/programming logic more efficient than
  substantive tests of details (test data, ITF)
• Some assurance can be gained through the testing
  of error lists and error logs (detected errors
  only)

12
INPUT CONTROLS

• Batch controls
• Manage high volumes of similar transactions
• Purpose Reconcile output produced by system with
  the original input
• Controls continue through all computer (data)
  processes
• Batch transmittal sheet
• Unique batch number
• Batch date
• Transaction code
• Record count
• Batch control total (amount)
• Hast totals (e.g., account numbers)
• Testing data validation controls
• Failures of batch controls indicates data errors
• Involves reviewing transmittal records of batches
  processed and reconcile them to the batch control
  log (batch transmittal sheet)
• Examine out-of-balance conditions and other
  errors to determine cause of error
• Review and reconcile transaction listings, error
  logs, etc.

13
PROCESS CONTROLS

• Computerized procedures for file updating
• Restricting access to data
• Techniques
• File update controls -- Run-to-run batch control
  data to monitor data processing steps
• Transaction code controls to process different
  transactions using different programming logic
  (e.g., transaction types)
• Sequence check controls sequential files,
  proper sorting of transaction files required
• Testing file update controls results in errors
• Testing data that contains errors (incorrect
  transaction codes, out of sequence)
• Can be performed in ITF or test data
• CAATTs requires careful planning
• Single audit procedure can be devised that
  performs all tests in one operation.

14
ACCESS CONTROLS

• Prevent and detect unauthorized and illegal
  access to firms systems and/or assets
• Warehouse security
• Depositing cash daily
• Use safe deposit box, night box, lock cash
  drawers and safes
• Accounting records
• Removal of an account from books
• Unauthorized shipments of goods using blank sales
  orders
• Removal of cash, covered by adjustments to cash
  account
• Theft of products/inventory, covered by
  adjustments to inventory or cash accounts
• Testing access controls heart of accounting
  information integrity
• Absence thereof allows manipulation of invoices
  (i.e., fraud)
• Access controls are system-wide and
  application-specific
• Access controls are dependent on effective
  controls in O/S, networks, and databases

15
PHYSICAL CONTROLS

• Segregation of duties
• Rule 1 Transaction authorization separate from
  transaction processing
• Rule 2 Asset custody separate from
  record-keeping tasks
• Rule 3 Organization structured such that fraud
  requires collusion between two or more people
• Supervision
• Necessary for employees who perform incompatible
  functions
• Compensates for inherent exposure from
  incompatible functions
• Can be supplement when duties are properly
  segregated
• Prevention vs. detection of fraud and crime is
  objective supervision can be effective
  preventive control

16
PHYSICAL CONTROLS

• Independent verification
• Review the work of others at critical points in
  business processes
• Purpose Identify errors or possible fraud
• Examples
• Shipping dept. verifies goods sent from warehouse
  dept. are correct in type and quantity
• Billing dept. reconciles shipping notice with
  sales notice to ensure customers billed correctly
• Testing physical controls
• Review organizational structure for incompatible
  tasks
• Tasks normally segregated in manual systems get
  consolidated in DP systems.
• Duties of design, maintenance, and operations for
  computers need to be separated
• Programmers should not be responsible for
  subsequent program changes.

17
OUTPUT CONTROLS

• PURPOSE Information is not lost, misdirected, or
  corrupted that the system output processes
  function properly
• Controls are designed to identify potential
  problems
• Reconciling GL to subsidiary ledgers
• Maintenance of the audit trail that is the
  primary way to trace the source of detected
  errors
• Details of transactions processed at intermediate
  points
• AR change report
• Transaction logs permanent record of valid
  transactions
• Transaction listings successfully posted
  transactions
• Log of automatic transactions
• Unique transaction identifiers
• Error listings
• Testing output controls
• Reviewing summary reports for accuracy,
  completeness,timeliness, and relevance for
  decisions
• Trace sample transactions through audit trails
  including transaction listings, error logs, and
  logs of resubmitted records
• ACL is very helpful in this process

18
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• PURPOSE Determine the nature, timing, and extent
  of substantive tests using auditors assessment
  of inherent risk, unmitigated control risk,
  materiality considerations, and efficiency of the
  audit.
• Concern Overstatement or understatement of
  revenues?
• Focus on large and unusual transactions,
  especially near period-end
• Recognizing revenues from sales that did not
  occur
• Recognizing revenues BEFORE they are realized
• Failing to recognize cutoff points
• Underestimating allowance for doubtful accounts
• Shipping unsolicited products to customers,
  subsequently returned
• Billings customers for products held by seller
• Tests of controls and substantive tests
• Credit limit logic may be effective but cut-off
  of AR may be error
• Substantive testing of AR may give assurance
  about accuracy of total AR but does not offer
  assurance about collectibility

19
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• Understanding data
• VERIFY data used in CAATTs (e.g., ACL) is
  accurate
• VERIFY adequate setup of files from originals
  (e.g., ACL and Profilecommand)
• Relationships and data from see Figure 9-10
• Customer file
• Sales Invoice file
• Line item file
• Inventory file
• Shipping log file
• File preparation procedures

20
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• Accuracy/completeness assertion
• Analytical review of account balances
• Overall perspective for trends in sales, cash
  receipts, sales returns, and AR
• Provides first-level assurance that amounts are
  reasonably stated and reasonably complete
• If so, may reduce the extent of substantive
  testing
• Review sales invoices for unusual trends and
  exceptions
• Scanning data files using CAAT (e.g., ACL and
  stratify and possibly filters - see Figure 9-11)
• Reveals all errors or raises questions?

21
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• Accuracy/completeness assertion
• Review sales invoice and shipping log files
• Missing and duplicate transactions see Table
  9-2
• Questions/survey
• Are procedures in place to document and approve
  voided invoices?
• How are gaps in sales invoice numbers
  communicated to management?
• What physical controls exist over access to sales
  invoice source documents?
• If applicable, are batch totals used to control
  batch transactions during each processing step?
• Are transaction listings reconciled and reviewed
  by management?
• Review line item and inventory files for pricing
  accuracy
• ACL allows auditor to compare prices on invoices
  with inventory using JOIN see example on page
  413
• Testing unmatched records (complement)

22
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• Existence assertion
• Confirmation of AR SAS 67
• Not required if
• AR is immaterial
• Assessed Control Risk is low
• Confirmation process will be ineffective
• CAATTs to use for this function?
• Steps
• Select accounts to confirm
• Consolidate invoices (not AR subsidiary) using
  CLASSIFY (filter) and SUMMARIZE (amount) see
  Tables 9-3 and 9-4
• Why?
• JOIN the CUSTOMER file with the new consolidated
  invoice file
• Prepare confirmation requests see Figure 9-12
• Positive and Negative Confirmations (ACL, EXPORT)
• Evaluating and controlling responses
• Retain custody of the confirmation letters until
  mailed
• The letters should be addressed to the auditor,
  not client org.
• The replies should be mailed to the auditor, not
  client org.
• Discrepancies should be investigated.

23
SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

• Valuation/allocation assertion
• Corroborate or refute AR is stated at reasonable
  Net Realizable Value
• AGING AR
• ACL, AGE see Table 9-7
• Is allowance for doubtful accounts reasonable
  compared to prior years and based on composition
  of AR portfolio
• Confirmation process will be ineffective
• Review past-due balances
• Conference with credit manager to determine
  collectibility
• Determine if methods used to estimate allowance
  for doubtful accounts is adequate, not the
  collectibility of each account
• Determine if overall allowance is, therefore,
  reasonable

24
IS Controls

• Access Controls
• Site
• System
• File
• Record
• Rights and privileges

25
Controls for Automated Systems

• General and application controls for IS
• Transaction tags
• Transaction logs
• Increased supervision
• Online validation and authentication
• Rotation of duties
• Authorizations and automated rules
• Continuous auditing techniques

26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
Chapter 9Auditing the Revenue Cycle

• IT Auditing Assurance, 2e, Hall Singleton