Audit Program Licensing Terms

1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.
2. You recognize that the product and its content are the sole property of AuditNet
(the Publisher), and that we have copyrighted the product.
3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there
is no guarantee that this product is totally error free. You further understand and
accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible
for any results obtained from the use of such information.
4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other
legal recourse.
Document Source: Internet Search
1. This document was obtained from the Internet by AuditNet using advanced search
techniques.
2. The document is from a site which has not identified restrictions on permitted use and are
sharing this information for the benefit of the audit community.
3. While we have attempted to provide accurate information no representation is made or
warranty given as to the completeness or accuracy of the document.
4. In particular, you should be aware that the document may be incomplete, may contain
errors, or may have become out of date.
5. While every reasonable precaution has been taken in the preparation of this document,
neither the author nor AuditNet assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein.
6. The information contained in this document is believed to be accurate.
7. No guarantee is provided.
8 Use this information at your own risk.
Audit Program Area:
Auditor
AUDIT PROCEDURES WP Ref Initials
Who Entered the Journal
Summarize journal entries based on who entered the journal (i.e., the
person listed as the one who typed in the journal entry) to determine if he or
she is authorized to do so. Identifying who entered the data can become a
bit complicated if data entry clerks are inputting the information rather than
an authorized manager. This is because the auditor will have to determine
who ordered the data clerk to perform the entry. Other factors that might
affect the amount of time it takes auditors to summarize journal entries
include the company's size the larger the company, the longer the
process can take to be completed - and whether the journal entry process is
manual rather than automated.
What Was Entered
Summarize journal entries by account and repetitive extracts (e.g., more
than 50 instances) and unique account sequences used in the journal entry
based on the first five debit and credit postings.
Extract nonstandard or manual journal entries for further analysis rather
than extracting an entry from a created system, such as an accounts
payable ledger posting.
Stratify the size of journal entries based on the journal entry amount, using
the debit side of the transaction.
Summarize general ledger activity on the amount field based on the
absolute value of the debit or credit to identify top occurring amounts.
Create a scatter-graph of the general ledger account that includes the
numbers of all transactions and debit and credit amounts separately.
When the Journal Was Entered
Extract journal entries posted on weekends and holidays.
Extract journal entries that were made immediately following the end of the
fiscal-year.
Summarize journal entry credits and debits processed by day, month, and
year.
Where the Journal Was Entered
Extract journal entries made to suspense accounts and summarize them
based on the person entering the journal entry and their corresponding
account numbers.
Extract journal entries to general ledger accounts that are problematic or
complex based on past issues at the company or the industry in general
(e.g., accounting journal errors subsequently corrected by accounting staff
or auditors) by reviewing previous audits or by asking management to
determine past issues.
Extract debits in revenue and summarize them by their corresponding
general ledger accounts.
Why the Journal Was Entered
Extract all general ledger transaction amounts, such as debits or credits,
that exceed the average amounts for the general ledger account by a
specified percentage five times the average is the default.
Extract journal entries that equate to round multiples of 10,000, 100,000,
and 1,000,000.
Extract journal entries using key texts, such as "plug" and "net-to-zero,"
anywhere in the record.
Extract journal entries that are made just below set accounting department
approval limits, especially multiple entries of amounts below such limits.
Extract journal entries where there is a credit to an expense account and no
corresponding debit to another expense account (i.e., illustrating
reclassification of expenses).
Extract journal entries where there is a debit to the revenue account and no
corresponding credit to another revenue account (i.e., illustrating
reclassification of expenses).
Extract journal entries with other major classification changes in the area of
assets, liabilities, net worth, and unbalanced fund transfers.
Extract other major classification changes in the area of assets, liabilities,
net worth, and unbalanced fund transfers.
Besides identifying fraud, internal auditors can use the five Ws when
determining the accuracy of financial statements.
Steps for Testing
1. To extract nonstandard or manual journal entries, the auditor can find
the field on the journal entry file that indicates a manual journal entry.
Once the auditor obtains the client's journal entry file, manual journal
entries need to be isolated using this identifier. The auditor can then
summarize the debit and credit amounts for all journal entries by their
general ledger account number and account description.
2. To scan and summarize the data quickly, auditors should determine the
number of journals falling into specific numeric intervals. For example, the
auditor can set up specific cut-off points (i.e., intervals) by which he or she
can categorize the data (i.e., separating journals into various dollar
categories). The auditor can then stratify journal entry amounts to count
the number of records that fall into a specific number of even intervals,
providing totals summarized by stratum (i.e., a collection of sampled units
defined by a specific characteristic). This will help the auditor better
understand how the data is structured. The auditor can start at a specific
point and set as many intervals as needed.
3. To summarize general ledger activity on the amount field, such as
absolute debit or credit values that identify the top occurring amounts,
auditors should begin by summarizing debit and credit totals by the journal
entry amount, using this field to base the summary. To do this, the auditor
will want to create a new field that contains the debit or credit entry. This
will enable the auditor to summarize the journal entries on one amount
field. The auditor should then review the summarized file and isolate the
journal entry amounts that occur 25 times or more, save these records in
a separate file, and join this file back to the journal entry detail to retrieve
the general ledger's account number and account description. Finally, the
auditors should summarize these journal entries by the journal entry
amount, general ledger account number, and general ledger account
description to obtain a final file showing the summarized activity for the top
25 used accounts.
4. To obtain a more visual picture of the data, the auditor may want to
graph results. For instance, the auditor can create a scatter graph
illustrating general ledger debit and credit amounts and the number of
transactions for each. To create the graph, auditors can summarize the
debit and credit amounts by placing the general ledger account number
and account description into separate files. Second, the auditor should
join both files together by the general ledger's account number and
account description to produce a comprehensive summarized file. Third,
the auditor can export the results into Excel using the "Chart" option in the
"Insert" drop-down menu to create an X-Y scatter graph that compares
the debit and credit values.
5. To isolate journal entries posted on weekends and holidays, the auditor
can set up a separate file containing the holidays for the year and create a
flag if the journal entry date matches those holiday dates. In addition, the
auditor can use functions to identify journal entry dates that occur during a
weekend. Auditors can use Excel to analyze the time-stamp field or to
obtain a date field by using the WEEKDAY() function - from the "Insert"
drop-down menu, select "Function," and search for WEEKDAY within the
"Insert Function Window." For instance, WEEKDAY(A1) will convert date
field cell A1 into the day of the week, using 1 for Monday, 2 for Tuesday,
and so on. By selecting the top of the column containing the WEEKDAY()
functions, the "Auto Filter" feature located under the "Data" menu item in
Excel, can be used to filter all WEEKDAY(Date_Field) values that are
equal to the program's default values of 6 or 7.
6. To extract journal entries that equate to round multiples of 10,000,
100,000, and 1,000,000, use the MOD() function, which provides the
remainder after the auditor divides a number by a divisor. For example,
say that $10,422 is in cell A1 and the function MOD(A1,1000) is placed in
cell B1. The result in B1 would be $422, because this would be the
remainder of dividing $10,422 by $1,000. Or, if cell A2 had $100,000 in it,
then MOD(A1,1000) would result in a zero value, which would indicate a
round number. Once the auditor uses the MOD() function for every
amount posted in the journal entry, he or she can filter all zero items using
the "AutoFilter" feature. Note: the function would be written as MOD(A2,
10000) for round multiples of $10,000.
Time Date Date Checked
Spent Expected Finished Remarks By:
General Ledger
Critical data fields
Unauthorized journal entry (JE)
JEs by unauthorized users
Duplicate JEs (same account/amount, same JE number/amount)
Split JEs (single JE/multiple accounts, multiple JEs/single account)
Segregation of duties (park vs. post, post vs. create account)
Dormant accounts
Even dollar JEs
Suspicious keyword in JE description
Duplicate GL accounts based on the account description
Purchase to Pay
Critical data fields (vendor master, requisition, purchase order (PO)
Split requisitions and POs
Stale requisitions and POs
Segregation of duties (requisitioner vs. approver, purchaser vs.
receiver, requisition approver vs. PO approver, purchaser vs. vendor
master administrator, purchaser vs. AP clerk)
PO date after invoice date
Invoice number sequence
Goods received quantity vs. invoice quantity
Employee and vendor matches by name and by address
Duplicate vendors (by name, address, bank account number)
Duplicate purchases (same vendor same invoice number, same
amount same GL account)
Payroll
Critical data fields (payroll master file)
Duplicate employees (same bank account or address)
Employee status not matching the termination date
Exempt hours worked vs. standard hours
Non-exempt hours worked vs. expected hours
Hours worked vs. hours paid
Employee start date after paycheck date
Terminations within 14 days of hire
Invalid pay rates (actual/calculated vs. master file)
Excessive gross pay
401k annual contribution limit, catch-up contribution limit and catch-up
age limit
Job record deletions (data corrections not using effective date)
Travel and Entertainment/Purchasing Card
Critical data fields (cardholder master, expense, etc.)
Invalid cardholder (no matching employee or terminated employee)
Duplicate cardholders (by employee ID or address)
Suspicious MCC
Suspicious keyword in the transaction description
Declined and disputed transactions
Split purchases
Duplicate purchases (same merchant same amount)
New cardholder watch list/cardholder watch list
Ghost card activities
Even/small dollar amount transactions
Weekend and holiday transactions
Potential duplicate reimbursements: gas with mileage or PCard with an
AP purchase
Spending limits on transactions (lavish hotel stays, dinners, etc.)
Order to Cash
Critical data fields (customer master, sales order, etc.)
Duplicate customers (on name or address)
Credit limits vs. orders
Segregation of duties (order entry vs. customer master, order entry vs.
product master)
Unauthorized/excessive commissions
Delivery quantity vs. sales order quantity
Shipment/sales order/price change by an unauthorized employee
Cash receipt vs. invoice amount
Shipment without a sales order
Days sales outstanding
Duplicate JEs (same account/amount, same JE number/amount)
Split JEs (single JE/multiple accounts, multiple JEs/single account)
Segregation of duties (park vs. post, post vs. create account)
Duplicate GL accounts based on the account description
Critical data fields (vendor master, requisition, purchase order (PO)
Segregation of duties (requisitioner vs. approver, purchaser vs.
receiver, requisition approver vs. PO approver, purchaser vs. vendor
master administrator, purchaser vs. AP clerk)
Goods received quantity vs. invoice quantity
Employee and vendor matches by name and by address
Duplicate vendors (by name, address, bank account number)
Duplicate purchases (same vendor same invoice number, same
Duplicate employees (same bank account or address)
Employee status not matching the termination date
Non-exempt hours worked vs. expected hours
Invalid pay rates (actual/calculated vs. master file)
401k annual contribution limit, catch-up contribution limit and catch-up
Job record deletions (data corrections not using effective date)
Critical data fields (cardholder master, expense, etc.)
Invalid cardholder (no matching employee or terminated employee)
Duplicate cardholders (by employee ID or address)
Suspicious keyword in the transaction description
Duplicate purchases (same merchant same amount)
New cardholder watch list/cardholder watch list
Potential duplicate reimbursements: gas with mileage or PCard with an
Spending limits on transactions (lavish hotel stays, dinners, etc.)
Critical data fields (customer master, sales order, etc.)
Segregation of duties (order entry vs. customer master, order entry vs.
Shipment/sales order/price change by an unauthorized employee
Client Name
Internal Control Framework

Completed By:
Reviewed By:
Question Yes No* Comments /Description
Name and Title of Person Completing Form (please print)
Date Completed:
To the best of my knowledge, the answers and comments noted above are accurate and reflect the current
Name and Title of Department Director (please print)
* For a No answer, cross-reference to either a compensating control or to audit work which has been performed
or is to be performed. Questionnaire
Signature of Person Completing Form
10/3/2014
Date Form Completed
Signature of Department Director
Date of Department Director's Signature
* For a No answer, cross-reference to either a compensating control or to audit work which has been performed
or is to be performed. Questionnaire
Employee Responsible for Task
To the best of my knowledge, the answers and comments noted above are accurate and reflect the current
Name and Title of Department Director (please print)
* For a No answer, cross-reference to either a compensating control or to audit work which has been performed
or is to be performed. Questionnaire
Signature of Department Director
Date of Department Director's Signature
* For a No answer, cross-reference to either a compensating control or to audit work which has been performed
or is to be performed. Questionnaire
Finding Ref # Control Testing Finding
Management Response & Treatment