Download as xlsx, pdf, or txt
Download as xlsx, pdf, or txt
You are on page 1of 51

CONTROL ACTIVITY

REVENUE TO RECEIVABLE

Process Sub-process Control Objectives

Revenue & Orders are recorded


Order Processing
Receivables completely and accurately.

Revenue & Duplicate sales are not


Order Processing
Receivables recorded.

Sales terms and prices are


Revenue & approved by the
Order Processing
Receivables appropriate level of
management.
Sales terms and prices are
Revenue & approved by the
Order Processing
Receivables appropriate level of
management.

Revenue & Customers' credit limits


Order Processing
Receivables are controlled.

Revenue & Duties are adequately


Order Processing
Receivables segregated.

Revenue & Distribution and Goods are completely and


Receivables Delivery accurately recorded.

Revenue & Distribution and Only goods ordered are


Receivables Delivery shipped.

All work orders or


Revenue & Distribution and
shipment of goods are
Receivables Delivery
input for processing.
Revenue & Distribution and Duties are adequately
Receivables Delivery segregated.

Sales invoice is generated


Revenue & for every approved
Invoicing
Receivables shipment and recorded in
the proper period.

Price, amount, and other


Revenue &
Invoicing information on the invoice
Receivables
are correct.

Revenue & Duplicate recording of


Invoicing
Receivables invoices is prevented.

Periodic updates for batch


Revenue &
Invoicing processing are complete
Receivables
and accurate.

Correct postings, are made


Revenue & to sales and receivables
Invoicing
Receivables and are recorded in the
proper period.

Revenue & Duties are adequately


Invoicing
Receivables segregated.

Unauthorized access to the


Revenue &
Invoicing accounting records is
Receivables
prevented and detected.

Cash receipts are


Revenue &
Cash Receipting accurately recorded and in
Receivables
the proper period.

Cash receipts relate to


Revenue & sales and are recorded
Cash Receipting
Receivables against the correct
customer account.

Periodic updates for batch


Revenue &
Cash Receipting processing are complete
Receivables
and accurate.

Correct postings are made


Revenue & to cash and accounts
Cash Receipting
Receivables receivable in the general
ledger
Revenue & Duties are adequately
Cash Receipting
Receivables segregated.

Adjustments and Approved adjustments are


Revenue &
Ledger input for processing
Receivables
Maintenance completely and accurately.

Adjustments and Approved adjustments are


Revenue &
Ledger input for processing
Receivables
Maintenance completely and accurately.

Adjustments and Approved adjustments are


Revenue &
Ledger input for processing
Receivables
Maintenance completely and accurately.

Adjustments and
Revenue &
Ledger Adjustments are approved.
Receivables
Maintenance

Unauthorized access to the


Revenue & Standing Data
accounting records is
Receivables Maintenance
prevented and detected.
Example Control Activities Information Contribution to
Processing statement as
C A V R*2 A C

The order entry system automatically validates sales order data input (e.g.
customer name and number, prices, terms, and credit limits) against master file
data. Entries with invalid, missing or incomplete information are rejected for re-
entry or stored in a suspense file for follow-up.

Sales orders are sequentially prenumbered/ automatically numbered by the


system. Missing or duplicate sales orders are investigated and followed-up by
the sales supervisor.

Sales orders over a set threshold require approval by management before


acceptance by the system. The lack of approval creates a suspense file that is
reviewed by management for clearance on a regular basis.

Management review and approve discounts and allowances in excess of


predefined limits.

Credit limits are established as part of accepting new customers. Sale orders and
outstanding receivables are compared to established credit limit before a new
order is processed. Orders in excess of credit limit are stored in a suspense file
to be resolved on a timely basis.

Appropriate segregation of duties should be maintained. Specifically whether the


order entry, credit, shipping and invoicing functions are segregated from
accounts receivable, general ledger and cash functions.

The shipping system automatically generates work orders or inventory “pick”


documents based on feeds from the sales order system. Edit checks against the
sales order system checks that these documents are complete and accurate.

The work orders or inventory “pick” documents are sequentially numbered and
accounted for. A manual or system check is performed to check that the
numerical sequence of these documents is maintained. All rejected, suspense, or
missing items are researched, corrected and re-entered on a timely basis by
appropriate personnel.

Warehouse employees complete the work order or “pick” the items from
inventory and stage the item(s) for shipping on the shipping dock. Subsequently,
the shipping manager performs a one-for–one check between the completed
work orders or inventory “pick” documents and the item(s). Any discrepancies
are identified and resolved. The check occurs again.

Once the check is completed and approved, the work order or inventory “pick”
document is noted as “completed” in the shipping system which generates the
appropriate shipping document(s).

On a daily basis, a system report of all open work orders or inventory “pick”
documents is provided to the shipping department manager. All items are
investigated and resolved as appropriate.
Appropriate segregation of duties should be maintained. Specifically whether
inventory custody and shipping is segregated from the order entry and invoicing
functions.

Upon approved release of a shipment from the warehouse the system


automatically produces invoices with the same date. Shipping dates cannot be
modified without approval by the appropriate levels of management.

Invoices are sequentially pre-numbered and accounted for. A manual or system


check is performed to check that documents are not missing or duplicated or fall
outside of a specified range of numbers. All rejected, suspense, or missing items
are researched, corrected and re-entered on a timely basis.

System edits exist to validate invoice data input (for example, customer name
and number, pricing, amounts and other information) against approved
standing data and the sales order system. Invalid data is rejected for re-entry or
stored in a suspense file where it is researched, corrected and re-entered on a
timely basis to provide completeness.

The invoicing system automatically generates invoices as soon as the sales order
has been shipped or the service has been performed. Invoices are sequentially
prenumbered / numbered by the system. Missing and duplicate invoices are
reported and investigated.
The invoicing system automatically generates reports of shipments that remain
unbilled for an unreasonable length of time. Management review the unbilled
shipments report and follow-up outstanding items with the distribution and
sales departments.

Upon approved release of a shipment from the warehouse the system


automatically produces invoices. The invoicing system then appropriately
updates Sale/receivable accounting records.

Appropriate segregation of duties should be maintained. Specifically whether the


credit, invoicing and cash functions are segregated.

Access controls such as user IDs and passwords are utilized and specific to each
application. Multiple failures to log on invalidate the user ID and is reported via
an exception report. Management investigates and resolves all items.

Cash receipts are deposited daily. Total cash deposits are matched to cash
receipts as part of the day-end process. Unmatched cash receipts are reported
and investigated on the next working day.

Detailed accounts receivable aging by customer is reviewed monthly and any


long outstanding balances or other unusual balances (i.e. credit balances) are
investigated.

The accounts receivable sub-ledger is reconciled to the general ledger monthly.


Reconciling items are investigated and reviewed by the Finance Manager and
referred to the Sales Manager as appropriate.

Bank statements are reconciled to general ledger accounts daily/weekly.


Reconciling items are investigated and reviewed by management.
Appropriate segregation of duties should be maintained. Specifically whether
cash receipts functions are segregated from those cash disbursements, and both
are segregated from all related functions. Cash receipts functions are segregated
from bank reconciliation preparation and approval functions. Cash collection
and deposit preparation functions are segregated from those for recording cash
receipts and general ledger entries

Credit memos are sequentially prenumbered and missing credit memos are
investigated and reported to management.

Provision amounts and write-offs are recorded and approved by appropriate


management based on their delegated authority.

A daily accounts receivables adjustments report is printed and reviewed by


management on a sample basis against supporting documentation. Adjustments
without appropriate supporting documents are investigated and corrected as
appropriate.
The appropriate level of management must approve all adjustments.
Management’s review includes an examination of source documentation.
Discrepancies are resolved.

Access controls such as user IDs and passwords are utilized and specific to each
application. Multiple failures to log on invalidate the user ID and is reported via
an exception report. Management investigates and resolves all items.
Contribution to financial Automated Preventive
statement assertions or Manual or Detective
CO E/O PD RO V A M P D
CONTROL ACTIVITY
PURCHASE TO PAYABLE

Process Sub-process Control Objectives

Valid purchase orders are


Purchases &
Ordering input for processing
Payables
completely and accurately.

Valid purchase orders are


Purchases &
Ordering input for processing
Payables
completely and accurately.

Purchase orders are


Purchases & entered into the system
Ordering
Payables accurately and in the
proper period.
Purchase orders are
Purchases & entered into the system
Ordering
Payables accurately and in the
proper period.

Periodic updates for batch


Purchases &
Ordering processing are complete
Payables
and accurate.

Long outstanding open


Purchases &
Ordering purchase orders are
Payables
investigated and resolved.

Long outstanding open


Purchases &
Ordering purchase orders are
Payables
investigated and resolved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.
Purchases & Purchase transactions are
Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.
Purchases & Purchase transactions are
Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Purchases & Purchase transactions are


Ordering
Payables approved.

Ability to enter orders is


Purchases &
Ordering restricted to authorized
Payables
users.

Ability to enter orders is


Purchases &
Ordering restricted to authorized
Payables
users.

Purchases & Duties are adequately


Ordering
Payables segregated.

Receiving reports are input


Purchases &
Goods Receipts for processing completely
Payables
and accurately.

Receiving reports are input


Purchases &
Goods Receipts for processing completely
Payables
and accurately.

Receiving reports are input


Purchases &
Goods Receipts for processing completely
Payables
and accurately.
Receiving reports are input
Purchases &
Goods Receipts for processing completely
Payables
and accurately.

Receiving reports are input


Purchases &
Goods Receipts for processing completely
Payables
and accurately.

Good received are


Purchases &
Goods Receipts recorded in the proper
Payables
period.

Good received are


Purchases &
Goods Receipts recorded in the proper
Payables
period.

Long outstanding open


Purchases &
Goods Receipts receiving reports are
Payables
investigated and resolved.

Periodic updates for batch


Purchases &
Goods Receipts processing are complete
Payables
and accurate.

Periodic updates for batch


Purchases &
Goods Receipts processing are complete
Payables
and accurate.

Periodic updates for batch


Purchases &
Goods Receipts processing are complete
Payables
and accurate.

Purchases & Goods received or services


Goods Receipts
Payables performed were ordered.

Purchases & Goods received or services


Goods Receipts
Payables performed were ordered.

Purchases & Goods received or services


Goods Receipts
Payables performed were ordered.

Purchases & Goods received or services


Goods Receipts
Payables performed were ordered.

Ability to enter goods


Purchases &
Goods Receipts receipts is restricted to
Payables
authorized users.
Purchases & Duties are adequately
Goods Receipts
Payables segregated.

Purchases & Invoice All invoices received are


Payables Processing input for processing.

Purchases & Invoice Invoices are input for


Payables Processing processing correctly.

Purchases & Invoice Invoices are input for


Payables Processing processing correctly.

Periodic updates for batch


Purchases & Invoice
processing are complete
Payables Processing
and accurate.

Periodic updates for batch


Purchases & Invoice
processing are complete
Payables Processing
and accurate.

Periodic updates for batch


Purchases & Invoice
processing are complete
Payables Processing
and accurate.

Purchases & Invoice Duplicate recording of


Payables Processing invoices are prevented.

Purchases & Invoice Duplicate recording of


Payables Processing invoices are prevented.

Purchases & Invoice Duplicate recording of


Payables Processing invoices are prevented.
Postings to expense and/or
Purchases & Invoice inventory in the general
Payables Processing ledger are complete,
accurate and valid.

Postings to expense and/or


Purchases & Invoice inventory in the general
Payables Processing ledger are complete,
accurate and valid.

Postings to expense and/or


Purchases & Invoice inventory in the general
Payables Processing ledger are complete,
accurate and valid.

Postings to expense and/or


Purchases & Invoice inventory in the general
Payables Processing ledger are complete,
accurate and valid.

Purchases & Invoice Entries to incorrect vendor


Payables Processing accounts are detected.

Duties and taxes on


Purchases & Invoice
purchases are accounted
Payables Processing
for correctly.

Duties and taxes on


Purchases & Invoice
purchases are accounted
Payables Processing
for correctly.

Purchases & Invoice Input is restricted to


Payables Processing authorized users.

Purchases & Invoice Input is restricted to


Payables Processing authorized users.

Duties are adequately


Purchases & Invoice segregated. Fraudulent
Payables Processing invoices could not be
created.

Purchases & Disbursements are input


Payments
Payables for processing completely.

Purchases & Disbursements are input


Payments
Payables for processing completely.
Purchases & Disbursement is for the
Payments
Payables correct invoice.

Purchases & Disbursement is for the


Payments
Payables correct invoice.

Purchases & Disbursement is to the


Payments
Payables correct payee and vendor.

Purchases & Disbursement is to the


Payments
Payables correct payee and vendor.

Purchases & Disbursement input is for


Payments
Payables the correct amount.

Purchases & Disbursement input is for


Payments
Payables the correct amount.

Purchases & Disbursement input is for


Payments
Payables the correct amount.

Purchases & Disbursement input is in


Payments
Payables the proper period.

Purchases & Disbursement input is in


Payments
Payables the proper period.

Correct postings are made


Purchases & to the purchase ledger
Payments
Payables control account and cash
in the general ledger.

Correct postings are made


Purchases & to the purchase ledger
Payments
Payables control account and cash
in the general ledger.

Correct postings are made


Purchases & to the purchase ledger
Payments
Payables control account and cash
in the general ledger.

Purchase discounts are


Purchases &
Payments accurately calculated and
Payables
properly recorded.

Signed cheques are mailed


Purchases &
Payments out promptly to the correct
Payables
payee.
Signed cheques are mailed
Purchases &
Payments out promptly to the correct
Payables
payee.
Missing, duplicate or long
Purchases &
Payments outstanding cheques are
Payables
investigated.

Missing, duplicate or long


Purchases &
Payments outstanding cheques are
Payables
investigated.

Periodic updates for batch


Purchases &
Payments processing are complete
Payables
and accurate.

Purchases &
Payments Cash payments
Payables
Purchases &
Payments Cash payments
Payables

Purchases & Electronic funds transfers


Payments
Payables are controlled.

Payments made are for


Purchases & goods or services actually
Payments
Payables ordered or rendered and
received.

Purchases & Urgent payment requests


Payments
Payables are approved.

Access to unissued
Purchases & cheques and cheque
Payments
Payables signing machines is
restricted.
Access to unissued
Purchases & cheques and cheque
Payments
Payables signing machines is
restricted.
Access to unissued
Purchases & cheques and cheque
Payments
Payables signing machines is
restricted.
Input and generation of
Purchases &
Payments payments is restricted to
Payables
authorized users.

Purchases & Duties are adequately


Payments
Payables segregated.

Adjustments & Approved adjustments are


Purchases &
Ledger input for processing
Payables
Maintenance completely and accurately.

Postings to the accounts


Adjustments & payable and expense
Purchases &
Ledger accounts in the general
Payables
Maintenance ledger are complete and
accurate.

Postings to the accounts


Adjustments & payable and expense
Purchases &
Ledger accounts in the general
Payables
Maintenance ledger are complete and
accurate.

Adjustments & Adjustment is made to the


Purchases &
Ledger correct accounts and in the
Payables
Maintenance proper period.

Adjustments & Adjustment is made to the


Purchases &
Ledger correct accounts and in the
Payables
Maintenance proper period.

Adjustments & Adjustment is made to the


Purchases &
Ledger correct accounts and in the
Payables
Maintenance proper period.

Adjustments &
Purchases &
Ledger Adjustments are approved.
Payables
Maintenance

Adjustments & Credits for returned goods,


Purchases &
Ledger allowances, and other
Payables
Maintenance adjustments are recorded.
Adjustments & Credits for returned goods,
Purchases &
Ledger allowances, and other
Payables
Maintenance adjustments are recorded.

Adjustments & Credits for returned goods,


Purchases &
Ledger allowances, and other
Payables
Maintenance adjustments are recorded.

Adjustments & Credits for returned goods,


Purchases &
Ledger allowances, and other
Payables
Maintenance adjustments are recorded.

Adjustments & Returns, allowances, or


Purchases &
Ledger other adjustments are
Payables
Maintenance approved.
Adjustments & Returns, allowances, or
Purchases &
Ledger other adjustments are
Payables
Maintenance approved.

Adjustments &
Purchases & Duties are adequately
Ledger
Payables segregated.
Maintenance

Ability to post to the


Adjustments &
Purchases & accounting records is
Ledger
Payables restricted to authorized
Maintenance
users.

Adjustments & Unauthorized access to the


Purchases &
Ledger accounting records is
Payables
Maintenance prevented and detected.

Approved changes are


Purchases & Standing Data
input for processing
Payables Maintenance
completely and accurately.

Approved changes are


Purchases & Standing Data
input for processing
Payables Maintenance
completely and accurately.

Periodic updates to
Purchases & Standing Data standing data via batch
Payables Maintenance processing are complete
and accurate.
Ability to post to the
Purchases & Standing Data accounting records is
Payables Maintenance restricted to authorized
users.

Unauthorized access to the


Purchases & Standing Data
accounting records is
Payables Maintenance
prevented and detected.

Purchases & Information & Duties are adequately


Payables Technology segregated.
Example Control Activities Information Contribution to fin
Processing statement assert
C A V R*2 A C

Purchase orders are sequentially numbered so that purchase orders are not
duplicated or fall outside the expected range of purchase order numbers (i.e. are
out of sequence). All rejected, suspense or missing items are researched,
corrected and re-entered on a timely basis.

There is a procedure to send copies of purchase orders directly to the accounts


payable and receiving departments or via an automatic system interface. (See C A A C
controls listed in “goods receipt” and “invoicing” sections.)

A one-to-one check between the entered information and the source documents
occurs for accuracy of key data fields including date. Any discrepancies are A A
reentered and subject to the same control.

The reports detailing differences between planned purchase orders, purchase


requisitions and purchase orders are reviewed regularly and differences are
investigated on a timely basis.

For systems where purchase orders are input into a temporary file, batch totals
are utilized before processing is complete. Input documents are grouped and a
numerical total is calculated (i.e. number of documents, dollar amount, hash
totals). These totals are compared to post input/update reports. All out of
balance conditions are researched and re-entered on a timely basis.

Open purchase orders are reviewed (weekly or monthly). Any purchase order
over 30 days old is followed up to determine if the order is valid and if not the
purchase order is removed.

Purchase orders are time sensitive and voided by the system if not fulfilled after
V A
a given period.

Purchase orders cannot be processed without using an approved vendor from


V
the vendor master file.
Purchase orders with new vendors require review and approval from
management and update to the vendor master file. Management reviews the V
vendor master file quarterly.

Standard purchase order terms and conditions are reviewed by the appropriate
V
personnel so that they comply with legal and regulatory requirements.

Criteria for supplier selection are defined and communicated by management so


V
that goods and services are obtained only from properly approved suppliers.
Proper competitive bidding procedures are performed when required by
V
organization policy or by federal procurement requirements.
Documented and enforced procedures exist to evaluate and approve that long-
term supply contracts are in accordance with the business strategy for the V
company.
Purchasing policy states that ethical and procedural requirements must be met
when evaluating vendors. Buyers will not show favoritism, whether due to
V
nepotism or personal benefit. Buyers will not accept gifts in any form from
suppliers.
Systematic inventory re-order points are monitored and controlled. Access to
V
change the re-order points is limited to management.
All changes to purchase orders require formal approval from management. V A

Established policies and procedures define spend limits and approval


procedures for purchase orders. These are systematically applied and attempts V
to override are prevented.

Approval limits are configured in the system, which allow authorized users to
approve orders or requisitions within the approved limits. These are V
systematically applied and attempts to override are prevented.

Authority limits are established. Approved purchase orders are reviewed by


appropriate management to determine that they comply with the authority
limits.
Purchase orders are reviewed for accuracy and approved by the manager of the
A V A
department of the requesting persons.
Formal authorization is required for access to the purchasing module of the
system. Management reviews access rights periodically so that only authorized
individuals have access and for segregation of duties. Discrepancies and R
exceptions are promptly investigated. Orders over certain amounts need to be
entered or approved by a VP.

Only authorized persons have rights to access vendor information and change or
add new vendors

Initiation of and editing of purchase requisitions or orders is restricted to


authorized users independent from vendor maintenance, goods receipts, R
accounts payable and processing disbursements.

Goods received are matched to purchase orders upon receipt and entered into
the system for processing. Receipts are reviewed daily for completeness and all
unmatched goods are investigated and resolved. The system is configured to C V C
require a valid purchase order in order to receive goods. Purchase orders are
automatically closed when all the goods are received.

Receiving enters the purchase order number and quantity for all goods received.
Quantity is matched with the purchase order by the system and a variance report
is produced. Key fields are tested for values within a specified range
C A A C
automatically. Data input that is out of range produces an error and prohibits
processing until it is corrected. The variance report is reviewed and followed up
by management daily.

Standard reports are created for differences in price and/or quantity between
goods received and goods ordered are reviewed regularly and differences are
investigated on a timely basis by management.
Goods received notes are signed by the store keeper as evidence that goods
received are in good condition and in accordance with the purchase order.

Goods received notes are prenumbered. Accounting clerk checks that all goods
received notes are used in sequence and recorded into the accounts payable
system.

A one for one check is completed of goods received and entered in the system to
check the correct receiving date and receiving information (quantity, amounts,
A A
vendor). All incorrect items are researched, corrected and re-entered on a timely
basis.
Goods received are date stamped by the system when entered for proper period
recording. Procedures exist to confirm all receipts are entered into the system A A
during period cut-offs (month/year end).

Open receipts are reviewed daily. All open receipts greater than a day are
followed up for clearance.

For goods received that are input into a temporary file before sub-ledger updates
- batch totals are utilized before processing is complete. Input documents are
grouped and a numerical total is calculated (i.e. number of documents, dollar C A A C
amount, hash totals). These totals are compared to post input/update reports.
All out of balance conditions are researched and re-entered on a timely basis.

Accounting system accepts the entries only when debit balance equals credit
A A
balance.

Invoices are recorded in the general ledger on a daily basis.

All goods received are matched to an open purchase order and management
reviews any exception. All goods not matched to a valid purchase order are
V
placed in a suspense file and followed up by management. Any unsubstantiated
deliveries are returned.

Receipts that bypass central receiving are subject to validation (of receipt or
V
performed service) and properly approved prior to vouching.

Appropriate tolerance limits are established for key receiving system inputs.
Over deliveries are automatically blocked for investigation if they are not within V
the delivery tolerance.

An exception report is reviewed to identify instances where over delivery


tolerances have been overridden when raising purchase requisition or purchase V
order. Discrepancies are followed up on a timely basis by management.

Formal authorization is required for access to the purchasing module of the


system and key transactions. Management reviews access rights periodically so R
that only authorized individuals have access and for segregation of duties.
Initiation of and editing of purchase requisitions or orders is restricted to
authorized users independent from vendor maintenance, goods receipts,
accounts payable and processing disbursements. Incompatible functions and R
related duties are subject to a regular review by management. Discrepancies and
exceptions noted are promptly investigated.

Accounts Payable personnel reconcile batch totals of the invoices entered for the
day with a post input report of invoices entered into the Accounts Payable
C C
system. All out of balance conditions are researched, corrected and re-entered
on a timely basis. Batch totaling is completed for the re-entered data.

System edits checks that vendors, quantities, price, extensions, footings,


payment terms (including available discounts), supplier name and code, PO
reference and accuracy of the account distribution are agreed between the
invoice, receiving report and purchase order. Items that do not match are
researched, corrected and re-entered prior to approving the invoice for payment. A V A
Duplicate invoices numbers are not permitted. Incorrect entry of price,
quantity, amounts, vendor or general account numbers is prevented or detected;
and mismatched purchase orders or receiving reports are investigated and
resolved.

Mismatched purchase orders and receiving reports are investigated by the


accounts payable clerk and explanation of the differences are noted on the
reports.

For systems where invoice are input into a temporary file, batch totals are
utilized before processing of invoices is complete. Input documents are grouped
and a numerical total is calculated (i.e. number of documents, dollar amount, C A C
hash totals). These totals are compared to post input/update reports. All out of
balance conditions are researched and re-entered on a timely basis.

During receipt processing, a valid open approved purchase order number must
A V A
be entered and matched by the system before further processing can occur.

Accounting system accepts the entries only when debit balance equals credit
A A
balance.

Once a purchase order is matched to an invoice, the system identifies the


purchase order as 'closed'. Closed purchase orders are not available to be
A A
selected again for matching. Invoices and supporting documents are stamped as
“entered” to prevent re-submission for payment.

Only original invoice is used for recording invoice into the general ledger. A A

Supplier invoice number is a required field in the system. Duplicate invoice


number is not accepted by the system.
A monthly report is generated that lists receipts for which a supplier invoice has
not been received. This report is utilized by the accounts payable to accrue for C A V C
these materials/services in the month of their receipt.

Procedures exist to provide period end reconciliation of account payable ledger


to general ledger and that cut-off errors are corrected on a timely basis. Accounts C A A C
payable suspense accounts are included in the period end reconciliation process.

The system updates inventory and accounts payable simultaneously with


updates to the subsidiary ledgers. Reconciliations are performed to determine V A
that the transactions are properly posted.

Mismatched items between goods received notes and supplier invoices are
reviewed and explanations noted.

All invoices released for payment are reviewed and compared to the accounts
C A V A C
payable sub-ledger before preparing cheques for payments.

Tax per invoice is compared to estimated tax per the initial purchase order. The
initiator of the purchase order and the tax department reviews significant A V A
variances. Due to complexity, the tax department reviews all foreign taxes.

All payments are reviewed so that tax is appropriately accounted for. The person
who performs this function is qualified.

Accounts Payable personnel that update invoice information should be different


R
than those that sign checks.

Attempts to access the system are prevented if access isn’t authorized. (Note,
depending on the system, determining segregation of duties and authorization of
accesses requires use of a SPA resource due to the complexity of the system as
R
access may be obtained indirectly – which can only be determined with a system
access review. Also, note that seeing an approved access form does not mean
other incompatible access for the person do not still exist.)

Invoice processing is restricted to authorized users independent from vendor


maintenance, goods receipts, and processing disbursements. Incompatible
functions and related duties are subject to a regular review by management.
Discrepancies and exceptions noted are promptly investigated.

An accounts payable aging is reviewed periodically to determine that payments


C C
have been recorded.

Payment vouchers as recorded in the general ledger are reconciled to the cheque
register by the supervisor to determine that all disbursements are recorded and
C C
in the correct period. Differences are investigated and reported to the
accounting manager for correction.
Payments are not made on invoices that have not been matched to a receiving
report and purchase order. Determine if this is an Automated processes, and if
A V A
so how the system is configured to allow payments. Also, determine who can
alter or override those configurations.

Original supplier invoices are compared with and attached to payment vouchers
for approval. Cheque preparer uses the information of the original supplier
invoices to prepare cheques.

Payees name and address are automatically pulled from the approved vendor
A A
master file.

Statements received from suppliers are reconciled to the supplier’s accounts in


C A A C
the accounts payable sub ledger regularly and differences are investigated.

Any differences between the payment amount and the invoice amount are
automatically put into a suspense file. Management must clear suspense file
items.

Payment amount information is automatically input from the invoice matching


A A
process.

Payment vouchers once reviewed and approved, are input into the general ledger
A A
immediately.

The system does not allow for any differences between the payment date and the
date of the cheque. Management approval is required for any override of this A V A
control.
Overdue accounts payable report is reviewed on a monthly basis. Long
outstanding items are investigated and followed up.

The system updates the corresponding cash and accounts payable accounts as of
the cheque run date. Reconciliations are performed to determine that the
transaction properly posted.

A listing of outstanding purchase orders for which ownership of goods is


transferred prior to delivery is prepared for accrual purposes; management C A V A C
reviews and approves the listing.

Bank reconciliation is reviewed by independent officer on a monthly basis. All


reconciling items as presented on the bank reconciliation are reviewed by the
general ledger supervisor for missing, duplicate, long outstanding cheques and C A V A C
large amounts. Explanation is provided on the bank reconciliation for unusual
items.

The system is configured to calculate applicable discounts per management


policy. If the discount policy can be overridden, monitoring procedures exist for C A A C
detection and resolution.

Bank reconciliations are performed to check for old reconciling items.


Exceptions are investigated and corrected as necessary.

An accounts payable aging is reviewed periodically to determine that payments


C C
have been recorded.
Payments for an invoice close the invoice, and the system does not allow the
payment to be made again. Cheques outstanding >30 days are reviewed and C C
resolved on a monthly basis.

All cheques must be paid on sequentially numbered cheques. Bank


reconciliations are performed to determine outstanding cheques and old C A A C
reconciling items. Exceptions are investigated and corrected as necessary.

For systems where disbursements are input into a temporary file, batch totals
are utilized before processing of payments is complete. Input documents are
grouped and a numerical total is calculated (i.e. number of documents, dollar C A A C
amount, hash totals). These totals are compared to post input/update reports.
All out of balance conditions are researched and re-entered on a timely basis.

Impress system is used for petty cash fund with appropriate authority limit for
R
payment.
Cashier reviews appropriate approval and related supporting documentation
A V A
attached to petty cash vouchers before payment.
One-time and initial standing wire transfer requests are accompanied by
appropriate supporting documentation. Only authorized treasury personnel
initiate wire transfers and bank callback verification procedures are in place. All V
bank accounts are reconciled on a timely basis with all wire transfer activity
properly accounted for.

Payments can only be made from 'closed' invoices. Invoices are closed after
matching to a receiving report and purchase order.

Requests for manual cheques are supported by purchase agreements, receiving


reports, original invoices, or other documentation that indicates the propriety of
the expenditures. The cheque request amount is compared to the initiator or
approvers maximum delegation amount to determine if a second signature is A V A
required. Cheques in excess of established dollar amounts (or equivalent) are
forwarded to a second designated cheque signer along with supporting
documentation, for additional approval.

Personnel separate from those that enter and match invoices approve the release
R
of cheques for printing and signing.

Access to cheque signing privileges is limited to a small number of people.


Multiple people must sign cheques over a certain amount. Two signatures by R
management are required for payments.

Cheque stock is sequentially prenumbered. Cheque numbers are reviewed and


reconciled on a regular basis. Any missing cheque numbers are researched
R
immediately. Cheque runs are reviewed for any inaccurate, spoiled or illegible
cheques.
Attempts to access the system are prevented if access isn’t authorized. (Note,
depending on the system, determining segregation of duties and authorization of
accesses requires use of a SPA resource due to the complexity of the system as
R
access may be obtained indirectly-which can only be determined with a system
access review. Also, note that seeing an approved access form does not mean
other incompatible access for the person do not still exist.)

Access to process disbursements is segregated from vendor maintenance,


purchasing, goods receipts, and accounts payable. Incompatible functions and
related duties are subject to a regular review by management. Discrepancies and
R
exceptions noted are promptly investigated. The disbursement approval
functions and the disbursement preparation functions are segregated. The
recording of cash disbursements is segregated from the general ledger function.

Where batch totals are utilized, input documents are grouped and a numerical
total is calculated (i.e. number of documents, dollar amount, hash totals). These
C A A C
totals are compared to post input/update reports. All out of balance conditions
are researched and re-entered on a timely basis.

Accounts payable sub-ledger system is fully integrated within the general ledger
system. Automated postings for payable transactions.

Accounts payable records are reconciled periodically with vendor statements. A

A one-to-one check of adjustments input into the system via a comparison


between post input/update reports to the adjustment source data for accuracy of C A A C
key data fields including date.

The general ledger supervisor reviews all journal vouchers to determine that
A A
appropriate accounts codes are given for the transactions.

As part of the month end process, the accounting staff sequentially check the
journal vouchers numbers used by comparing to the records in the general
ledger. Skipped and duplicate numbers are investigated.

The appropriate level of management must approve all adjustments.


Management’s review includes an examination of source documentation. A V A
Discrepancies are resolved.

Supplier statements are reviewed for past due items and open credits, to be
C A A C
resolved in a timely manner.
Goods returned memos are prenumbered. Missing or duplicate goods returned
memos are investigated and followed-up.

Goods returned memo is approved by the store manager and sent to accounting
department to follow up the credit note from suppliers.

Accounts payable reviews debit line items within an account at least quarterly
and requests remittance on debit amounts outstanding for over an established A
number of days.

Return approvals are created for each return request. Supporting documentation
V
is maintained in case of supplier dispute.

Debit memos are recorded by Accounts Payable and reconciled to hardcopy


A
debit provided by supplier.

Segregation of duties is maintained. Specifically whether the disbursement


preparation and disbursement approval functions are segregated from those for
recording cash disbursements and general ledger entries.

Formal authorization by application owner is required for access to specific


accounting records. Management reviews access rights periodically so that only
authorized individuals have access and for segregation of duties. Exceptions
noted are investigated and resolved. Note: Depending on the system,
authorization of user access and determining segregation of duties may require
V R
use of a SPA resource. Access may be obtained indirectly - which can only be
determined with a system access review. Also, observing an approved access
form does not mean that other incompatible access for the person does not exist.
Only by reviewing all access for a user is it possible to determine if segregation of
duties is maintained.

Access controls such as user IDs and passwords are utilized and specific to each
application. Multiple failures to log on invalidate the user ID and are reported R
via an exception report. Management investigates and resolves all items.

A one-to-one check of changes input into the system via a comparison between
post input/update reports to the change source documents for completeness and
C A C
accuracy. Discrepancies are resolved and the re-entered data is subject to the
same control.

The standing data owners complete a regular review so that data remains
accurate. Any changes noted by the owners are entered via the standard standing A A
data change process.

Where batch totals are utilized, input documents are grouped and a numerical
total is calculated (i.e. number of documents, dollar amount, hash totals). These
C A A C
totals are compared to post input/update reports. All out of balance conditions
are researched and re-entered on a timely basis.
Formal authorization by application owner is required for access to specific
accounting records. Management reviews access rights periodically so that only
authorized individuals have access and for segregation of duties. Exceptions
noted are investigated and resolved. Note: Depending on the system,
authorization of user access and determining segregation of duties may require
V R
use of a SPA resource. Access may be obtained indirectly – which can only be
determined with a system access review. Also, observing an approved access
form does not mean that other incompatible access for the person does not exist.
Only by reviewing all access for a user is it possible to determine if segregation of
duties is maintained.

Access controls such as user IDs and passwords are utilized and specific to each
application. Multiple failures to log on invalidate the user ID and are reported
via an exception report. Management investigates and resolves all items.

The adequacy of IT department controls in situations where we may rely on


computerised processing controls or functions, specifically: the adequacy of IT
R
operating procedures, the reliability of program change controls, the adequacy of
general access controls.
Contribution to financial Automated Preventive
statement assertions or Manual or Detective
CO E/O PD RO V A M P D

V A P

CO M D

E/O RO V A D

E/O A P

E/O M P

E/O M P

E/O M P
E/O M P

E/O M P

E/O M P

E/O A P

E/O V M P

E/O A P

E/O A P

E/O RO V M P

E/O A P

E/O A P

E/O A M D

V A D
E/O V M P

CO E/O V A P

V A D

V A P

E/O M D

E/O M P

E/O A P

E/O A P

E/O A P
E/O M P D

A D

E/O V A P

V A M D

E/O RO V A P

V A P

V A P

V M P
E/O V A D

CO E/O V M D

E/O RO A P

E/O RO V M P

E/O V M D

E/O M P

E/O A P

M D

CO M D
E/O V A M P

V A P

E/O RO V M D

V A P

V M P

CO E/O V A M

E/O V A P

E/O V M D

V A M P

M D
A M P D

V M D

V A M D

E/O M P

E/O V M P

E/O M P

E/O V M P

E/O M P

E/O M P

E/O M D
E/O A P

E/O M P

V A M D

E/O V M D

CO V M D

V M D

E/O V M P

M D
E/O V M D

E/O M P

E/O V M D

E/O M P

E/O A M P

V M D

V M D

V A M D
E/O M P D
CONTROL ACTIVITIES
PAYROLL PROCESS

Process Sub-process Control Objectives

All evidence of service


performed (e.g.
Payroll Time Recording
timesheets, clock cards) is
obtained

All evidence of service


performed (e.g.
Payroll Time Recording
timesheets, clock cards) is
obtained

All evidence of service


performed (e.g.
Payroll Time Recording
timesheets, clock cards) is
obtained
Employee services are
Payroll Time Recording recorded in the correct
period.

All employees' services


Payroll
Payroll (including overtime) is
Calculation
included in the calculation.

Payroll Applicable deductions are


Payroll
Calculation complete.

Rejected payroll data is


Payroll
Payroll analyzed and corrected in a
Calculation
timely manner.

Payroll Payroll is input in the


Payroll
Calculation proper period.

Payroll Gross pay and deductions


Payroll
Calculation are accurately calculated.

Payroll Gross pay and deductions


Payroll
Calculation are accurately calculated.

Payroll Gross pay and deductions


Payroll
Calculation are accurately calculated.
Errors are prevented or
detected in the input of
relevant payroll data (e.g.
Payroll
Payroll hours, pay rates,
Calculation
withholding rates,
deductions, vacation,
accrual rates, etc.).

Payroll taxes are accurately


Payroll determined and accounted
Payroll
Calculation for in accordance with
local laws and regulations.

Fictitious payroll data (i.e.


Payroll
Payroll bonuses etc) cannot be
Calculation
entered for employees.

Payroll Access to payroll records is


Payroll
Calculation appropriately restricted.

Payroll payments are


Payroll Payroll Payment processed completely and
accurately.

Payroll payments are


Payroll Payroll Payment processed completely and
accurately.

Total payments are equal


to the amounts updated to
Payroll Payroll Payment the cash accounts, payroll
expense and the general
ledger.

Payroll payments are


Payroll Payroll Payment recorded in the proper
period.

Payroll payments are made


Payroll Payroll Payment to the proper employee or
other recipient.

Payroll payments are made


Payroll Payroll Payment to the proper employee or
other recipient.

Electronic fund transfers


Payroll Payroll Payment (direct deposits) are
controlled.
Manual payroll cheques
Payroll Payroll Payment written between pay dates
are recorded.

Cash payments and


Payroll Payroll Payment employee advances are
approved.
Payroll assets cannot be
Payroll Payroll Payment
misappropriated.
Duties are adequately
Payroll Payroll Payment
segregated.

Adjustments and Approved adjustments are


Payroll Ledger input for processing
Maintenance completely and accurately.

Adjustments and Adjustment is made to the


Payroll Ledger correct accounts and in the
Maintenance proper period.

Adjustments and
Payroll Ledger Adjustments are approved.
Maintenance

Ability to post to the


Adjustments and
accounting records is
Payroll Ledger
restricted to authorized
Maintenance
users.

Approved changes are


Standing Data
Payroll input for processing
Maintenance
completely and accurately.

Approved changes are


Standing Data
Payroll input for processing
Maintenance
completely and accurately.

Periodic updates to
Standing Data standing data via batch
Payroll
Maintenance processing are complete
and accurate.

Standing Data Duties are adequately


Payroll
Maintenance segregated.
Information & Duties are adequately
Payroll
Technology segregated.
Example Control Activities Information Contribution to fin
Processing statement assert
C A V R*2 A C

Submitted time cards are matched against an active employee list. Managers
review all discrepancies.

An electronic card swipe machine or electronic palm reader is utilized that


uploads employee time information to the payroll application. This is often
done in a job cost manufacturing environment to capture direct labor costs to
specific jobs. If payroll is considered material for the audit, then an application
review of the Time and Attendance system should be performed by a SPA
professional.

Overtime/non-standard hours are authorized by supervisor beforehand.

A one-for-one check is performed at period end so that payroll expense through


the reporting period is properly recorded and any accruals, if appropriate, are
accurate.

Recorded amounts are compared to budgeted amounts and prior-period


amounts. Unusual items are researched and corrected as necessary.

Computer validation routines are in place to verify the completeness and


accuracy of deductions applied.

Suspended/invalid data is listed on reports that are periodically reviewed and


followed up within the current reporting period.

A one-for-one check is performed at period end so that payroll expense through


the reporting period is properly recorded and any accruals, if appropriate, are
recorded.
Controls are in place to maintain the integrity of payroll systems programs
including standing data Note: If the company performs changes to its payroll
software application, then General Computer Controls such as authorization for
program changes and security controls should be evaluated by a SPA
professional.
Recorded amounts are compared to budgeted amounts and prior-period
amounts at a disaggregated level. Unusual items are researched and corrected
as necessary.
Random checks are carried out to check calculation of pay/deductions for
employees chosen to supporting documentation (including employee contracts,
HR department forms, etc)
Computer validation routines are in place to detect invalid data. Business users
are notified either immediately through on-line error messages, or periodic
reports of the suspended transactions are produced. Suspended items are
researched and corrected on a timely basis.

On a regular basis, payroll tax rates are reviewed against current standards and
regulations. All changes are approved prior to update in standing data
accordingly.

Supervisors review reports of processed payroll to check that all payments are
approved. Unusual payments or amounts included in employee paychecks are
researched and corrected as necessary.

Adequate controls over critical records exist are in place including written
procedures regarding access, use of safes and locked cabinets or off-site storage,
access controls are in place over computerized records to restrict access to
master files.

For systems where payroll payments are input into a temporary file, batch totals
are utilized before processing is complete. Input documents are grouped and a
numerical total is calculated (i.e. number of documents, dollar amount, hash
totals). These totals are compared to post input/update reports. All out of
balance conditions are researched and re-entered on a timely basis.

The payroll manager reviews the payroll register after processing for
reasonableness prior to distribution. Any unusual results are researched and
corrected as necessary.

Payroll disbursements and deductions are reconciled with the payroll register
(which is reconciled to the general ledger) and actual disbursements. Cash is
reconciled to the general ledger. Any unusual items are researched and
corrected as necessary.

A one-for-one check is performed at period end so that payroll expense through


the reporting period is properly recorded and any accruals, if appropriate, are
recorded.

Employee names and other applicable information (i.e., address, bank account)
for EFT or actual cheque processing are pulled by the system from Employee
Master File.

All manual cheques are made “A/C Payee Only”

Reconciliations are performed between payments sent to the bank for direct
deposit and the amounts deposited into employee's accounts. Unusual items are
researched and corrected as necessary.
Monthly bank reconciliations are performed for the payroll bank account.
Reconciling items are researched and corrected as necessary.

Authorized individuals cannot grant cash payments and employee advances


without written approval.

Cash wages are avoided; signed receipts are required when wages are paid in
cash.
Individuals who process the payroll do not approve time reports, do not sign or
disburse paychecks, or reconcile payroll.

Where batch totals are utilized, input documents are grouped and a numerical
total is calculated (i.e. number of documents, dollar amount, hash totals). These
totals are compared to post input/update reports. All out of balance conditions
are researched and re-entered on a timely basis.

A one-to-one check of adjustments input into the system via a comparison


between post input/update reports to the adjustment source data for accuracy of
key data fields including date.

The appropriate level of management must approve all adjustments.


Management’s review includes an examination of source documentation.
Discrepancies are resolved.

Formal authorization by application owner is required for access to specific


accounting records. Management reviews access rights periodically so that only
authorized individuals have access and for segregation of duties. Exceptions
noted are investigated and resolved. Note: Depending on the system,
authorization of user access and determining segregation of duties may require
use of a SPA resource. Access may be obtained indirectly – which can only be
determined with a system access review. Also, observing an approved access
form does not mean that other incompatible access for the person does not exist.
Only by reviewing all access for a user is it possible to determine if segregation of
duties is maintained.

A one-to-one check of changes input into the system via a comparison between
post input/update reports to the change source documents for completeness and
accuracy. Discrepancies are resolved and the re-entered data is subject to the
same control.
For changes in certain types of standing data and /or changes outside certain
parameters the system produces a report of these changes and is forwarded to
management for their review. Acceptance of these changes by the system is
dependent upon management review of supporting documentation and
approval.

Where batch totals are utilized, input documents are grouped and a numerical
total is calculated (i.e. number of documents, dollar amount, hash totals). These
totals are compared to post input/update reports. All out of balance conditions
are researched and re-entered on a timely basis.

Segregation of duties is maintained between the update of standing data and the
maintenance of financial records (i.e. posting or authorization of adjustments,
reconciliations etc.). Exceptions noted are investigated and resolved. If
management accepts incompatible duties, appropriate mitigating controls exist.
The adequacy of IT department controls in situations where we may rely on
computerised processing controls or functions, specifically: the adequacy of IT
operating procedures, the reliability of program change controls, the adequacy of
general access controls.
Contribution to financial Automated Preventive
statement assertions or Manual or Detective
CO E/O PD RO V A M P D

You might also like