Professional Documents
Culture Documents
Lesson G - 2 Ch09 2 Rev. Cycle Obj., Control, Test
Lesson G - 2 Ch09 2 Rev. Cycle Obj., Control, Test
OBJECTIVES, CONTROLS,
AND TESTS OF CONTROLS
Outline:
Auditing the Revenue Cycle
Revenue Cycle Activities and Revenue Cycle Audit Objectives,
Technologies Controls, and Tests of Controls
Hall, 3e 5
REVENUE CYCLE AUDIT OBJECTIVES,
CONTROLS, AND TESTS OF CONTROLS
• How to achieve these audit objectives?
– requires designing audit procedures to gather evidence
that either corroborates or refutes the management
assertions.
• Audit procedure involves a combination of:
– tests of controls
– substantive tests of details.
• Computer application controls fall into three broad
categories:
– input controls
– process controls
– output controls
REVENUE CYCLE AUDIT OBJECTIVES,
CONTROLS, AND TESTS OF CONTROLS
• Input controls • Process controls
– Credit Authorization Procedures (Batch & – File Update Controls
real time systems) • Run-to-run controls
• Management assertions: • Transaction Code Controls
– valuation/allocation audit objectives • Sequence Check Control
– accuracy • Management assertions:
– Data Validation Controls – Existence
• Missing data checks, numeric-alphabetic data – Completeness
checks, limit checks, range checks, validity – accuracy
checks, check digit – Access Controls
• Management assertion: • Management assertions:
– accuracy – Existence
– Batch Controls – Completeness
• Management assertion: – Accuracy
– completeness and accuracy. – valuation and allocation
– right and obligations
– Presentation and disclosure
– Physical Controls
• Segregation of Duties, Supervision,
Independent Verification
• Output controls - completeness and accuracy
– AR Change Report, Transaction Logs,
Transaction Listings, Log of Automatic
Transactions, Unique Transaction Identifiers,
Error Listing
Input Controls
• are designed to ensure that transactions are valid,
accurate, and complete.
• Control techniques vary considerably between batch
and real-time systems.
• The following input controls relate to revenue cycle
operations.
– Credit Authorization Procedures
• Testing Credit Procedures
– Data Validation Controls
• Missing data checks, numeric-alphabetic data checks, limit checks,
range checks, validity checks, check digit
• Testing Validation Controls
– Batch Controls
Input Controls:
Credit Authorization Procedures
• The purpose of the credit check
– is to establish the creditworthiness of the customer.
• Valid transaction:
– 1) meet the credit standards (credit policy)
• Only customer transactions that meet the organization’s credit
standards are valid and should be processed further.
• Failure to apply credit policy correctly and consistently has
implications for the adequacy of the allowance for uncollectible
accounts.
– 2) transaction authorization
Batch with manual systems use credit dept.
Real-time systems use programmed decision rules
Exception file (if exceeds limit, credit manager approves)
POS
validating credit card charges and establishing that the customer is the valid
user of the card.
Input Controls:
Credit Authorization Procedures
• Real-time systems use programmed decision rules
• When credit checks are computerized, the organization’s credit policy is
implemented through decision rules that have been programmed into the
system.
• 1) Current transaction + customer’s current AR bal > preestablished credit
limit
– For routine transactions, this typically involves determining if the current
transaction plus the customer’s current AR balance exceeds a preestablished
credit limit.
• 2) If credit limit exceeds – exception file
– If the credit limit is exceeded by the transaction, it should be rejected by the
program and passed to an exception file, where it can be reviewed by
management.
• 3) Credit manager decides – disapprove or extend the credit limit
– The credit manager will decide either to disapprove the sale or to extend the
credit limit consistent with the manager’s authority.
Input Controls:
Testing Credit Procedures
Audit Objectives Audit Procedures
Verify effective procedures exist
• The tests provide evidence Verify information is adequately
communicated
pertaining to the Verify effectiveness of programmed
decision rules (test data, ITF)
– valuation/allocation audit – Create several dummy customer accounts
with various lines of credit and then
objectives processing test transactions that will exceed
some of the credit limits.
– accuracy objective. – Then analyze the rejected transactions to
determine if the computer application
correctly applied the credit policy.