FINAL REPORT

Chapter 13:
Part II
Auditing Business
Functions and Activities

by Laiza Joyce H. Sales

 1. Accounting, Finance, and
Today's Treasury Operations;
Discussion 2. Information Technology;
3. Foundations;
4. Auditing Management;
5. Ethics Hotline; and
6. Production
Accounting, Finance, and
Treasury Operations;
1. Treasury
2. Payroll
3. Accounts Payable
4. Accounts Receivable
5. Fixed Assets
6. Inventory
1. Treasury
Key Objectives

The organization’s funds are The organization engages in

appropriately managed and suitable and secure
provide adequate levels of investments to support
working capital. operational and strategic
goals.
 1. Treasury
Key Risks

The organization is
Company Company
affected by financial
resources are resources are
losses due to
stolen through
misused. unexpected market
fraud. fluctuations
1. Treasury
Typical Controls
All treasury activities are defined by
up-to-date policies, procedures,
laws, and regulations.

An authorization and escalation

matrix is in place

Application and access controls

regulate the type and amount of
treasury transactions
2. Payroll
Key Objectives

Only valid employees are The calculation of all

paid and at the correct and payments and deductions are
authorized rate. correct and in accordance
with the relevant taxation and
other regulations.
Key Risks 2. Payroll

Fictitious Discrepancies Unauthorized

employees are exist between individuals create,
created to extract payroll and other modify, or otherwise
a rent from the deduction access the records of
organization. amounts employees
2. Payroll
Typical Controls
Specific roles, responsibilities, and
authorization elements have been
defined

Payroll system controls prevent

unauthorized access to the payroll
system and related data
Monthly reconciliation of
timesheets and worker activity
3. Accounts Payable
Key Objectives

Payments are only made to Payments are correct and

valid and approved reflected accurately in the
vendors. accounting records
Key Risks 3. Accounts Payable

The organization The organization Invoice payments are

pays for goods and pays multiple made to invalid,
services not times for the same unapproved, or
received. items. unauthorized vendors.
3. Accounts Payable
Typical Controls
All invoices are authorized at the
appropriate level before payment

A monthly reconciliation confirms

the accuracy of financial reporting.

All checks, electronic funds

transfers (EFTs), or other forms of
payment, are confirmed as correct
and authorized by an appropriate
manager before release.
4. Accounts Receivables
Key Objectives

Transactions are posted Credit is granted based on

accurately and in time in the buyer’s risk profile.
financial statements
Key Risks 4. Accounts Receivables

Customers with
Deposit of Fraud is perpetrated
poor credit
customer against the
worthiness and
payments is organization
lacking financial
delayed.
stability are
granted credit
4. Accounts Receivables
Typical Controls
Credit limits are based on credit
worthiness.

Access controls on accounts

receivable system and data.

Delinquent and uncollectable

balances are researched and
appropriately acted on
5. Fixed Assets
Key Objectives

Assets are reflected Capital expenses are justified

correctly and accurately in and approved.
the accounting records
Key Risks 5. Fixed Assets

Depreciation Assets are Asset valuation

charges are stolen, lost, is inaccurate.
inaccurate and damaged.
5. Fixed Assets
Typical Controls
Automated controls in the system
calculate asset depreciation

Periodic reconciliations identify the

loss, misplacement or obsolescence
of assets

Key assets are adequately insured

6. Inventory
Key Objectives

All inventory values and Inventory quantities are

quantities are accurate in sufficient to meet operating
inventory accounts needs
Key Risks 6. Inventory

Inventory account Inventory is The location or

amounts and stolen, condition of
quantities are inventory items is
damaged, or
inaccurate. unknown
misplaced.
6. Inventory
Typical Controls
The organization conducts periodic
cycle counts and physical counts

Appropriate segregation of duties

exists

Write-offs and disposals of

inventory items require
authorization.
INFORMATION
TECHNOLOGY
1. IT Processing Operations
2. Backups and Storage
3. IT Access
4. Personal Devices
5. Systems Development
 1. IT PROCESSING
OPERATIONS
yeK
sevitcejbO All IT processing activities are

valid, authorized, and accurate.

Data and operating systems are

reliable.
1. IT PROCESSING
OPERATIONS

Key Risks
System
performance is
Staff lacks the Unauthorized
below operating
skills to perform individuals have
needs.
their duties access to data,
information, and
resources
1. IT PROCESSING
OPERATIONS

TYPICAL CONTROLS

OPERATING DATA AND STAFF IS

SYSTEMS ARE OPERATING ADEQUATELY

CONFIGURED SYSTEMS ARE TRAINED AND

FOR MAXIMUM PROTECTED FROM THEIR ACTIONS

PERFORMANCE UNAUTHORIZED ARE IDENTIFIED

AND INTEGRITY ACCESS AND USE AND TRACKED

 2. BACKUPS AND
STORAGE
yeK
sevitcejbO The organization’s data are

protected from loss, damage, and

theft.

Data storage facilities provide the

appropriate conditions to prevent

data deterioration or damage.

 2. BACKUPS AND
STORAGE

Key Risks
Necessary data
are disposed of
Data loss Infected media
prematurely or
are transferred.
inappropriately.
2. BACKUPS AND
STORAGE

TYPICAL CONTROLS

WORKERS ARE ALL MEDIA AND PHYSICAL AND

TRAINED UPON DATA ARE LOGICAL

HIRE AND ACCURATELY ACCESS TO

ANNUALLY AFTER IDENTIFIED, COMPUTING

THAT TRACKED, AND FACILITIES IS

ACCOUNTED FOR LIMITED.

 3. IT ACCESS
yeK
sevitcejbO Systems and data are secure from

unauthorized access and usage

Management selects and

develops policies to restrict

access rights
 3. IT ACCESS

Key Risks
User behavior Unauthorized individuals
endangers have access to
organizational organizational hardware,
data. software, and data.
3. IT ACCESS

TYPICAL CONTROLS

CORPORATE ACCESS RIGHTS PERIODIC REVIEWS

STANDARDS AND ASSOCIATED ARE CONDUCTED

HAVE BEEN RECORDS FOR ALL TO VERIFY

ESTABLISHED EMPLOYEES ARE ACCESS RIGHTS

FOR PASSWORDS KEPT UP TO DATE ARE ACCURATE

AND RELEVANT
 4. PERSONAL DEVICES
yeK
sevitcejbO The use of all personal devices is

justified and authorized.

All personal devices and

accessories are protected from

loss, theft, and damage.

4. PERSONAL DEVICES

Key Risks
The organization
pays excessively
Devices are lost Substandard
for equipment,
containing equipment is in
software, and
substandard safety use limiting the
licenses.
protocols in place. staff’s ability
4. PERSONAL DEVICES

TYPICAL CONTROLS

A PURCHASING UTILITIES A POLICY IS IN

POLICY DEFINES THE REGULARLY BACK PLACE

PROCEDURES TO UP AND SECURELY OUTLINING

ACQUIRE AND STORE USER DATA. EMPLOYEES’

REPLACE PERSONAL RIGHTS AND

DEVICES. OBLIGATIONS
 5. SYSTEMS
DEVELOPMENT
yeK
sevitcejbO System development projects are

authorized and support the

organization’s strategic objectives.

All system developments are

assessed and justified in terms of

costs and benefits.

 5. SYSTEMS
DEVELOPMENT

Key Risks
Poor change
management and
System development Poor quality
rollout practices
efforts result in systems are
limit the use of
failed projects developed and
systems.
deployed.
 5. SYSTEMS
DEVELOPMENT

TYPICAL CONTROLS

ALL SYSTEM
SUFFICIENT AND ALL SYSTEMS ARE
DEVELOPMENTS ARE
SKILLED FULLY AND
SUBJECT TO FORMAL
DEVELOPMENT SATISFACTORILY
FEASIBILITY STUDIES,
STAFF IS RETAINED TESTED BEFORE
FINANCIAL ASSESSMENTS,
GOING LIVE
AND AUTHORIZATION BY

SENIOR MANAGEMENT.
 Foundations

INCREASE
ORGANIZATIONAL MAKE SURE
INFLUENCE AND FUNDS ARE USED
REPUTATION AS INTENDED

KEY OBJECTIVES
KEY RISKS
Funds are misused

The organization acts

unethically and
damages its reputation

Funds are curtailed

Foundations
 TYPICAL CONTROLS

The organization Cash balances, other

Segregation of duties,
communicates its assets, and
access controls,
ethical principles and endowment funds, if
reconciliations, and
business objectives to any, are reconciled
approval levels limit
internal and external monthly
the ability to use funds
inappropriately stakeholders

Foundations
 Auditing Management

ORGANIZATION
AUTHORITY AND MANAGEMENT RESPONDS
ACCOUNTABILITY ESTABLISHES QUICKLY TO
ARE CLEARLY CLEAR CUSTOMER
DEFINED EXPECTATIONS NEEDS AND
AND LEADS BY CONCERNS
EXAMPLE

KEY OBJECTIVES
KEY RISKS
Reputation damage

Inability to recruit or
retain needed staf

Reduction in sales
leading to a drop in
profits, market share, or
Auditing Management insolvency
 TYPICAL CONTROLS

Training Organizational Code of ethics

programs structure

Auditing Management
 Ethics Hotline

THE ETHICS THE ETHICS

THE HOTLINE IS WIDELY
HOTLINE IS A KEY KNOWN, HIGHLY
COMPONENT OF ORGANIZATION REGARDED, AND
THE PROTECTS ACCESSIBLE TO
ORGANIZATION’S WHISTLE EMPLOYEES AND
ETHICS PROGRAM BLOWERS OTHERS

KEY OBJECTIVES
 Employees do not know
KEY RISKS
or forget how to contact
the hotline

Employees are
uncomfortable or afraid
of communicating issues

Individuals who file sincere

allegations suffer negative
consequences from using
the hotline
Ethics Hotline
 TYPICAL CONTROLS

The organization Performance Annual surveys are

posts hotline program reports are conducted to
information generated, assess employee
prominently within
reviewed, and acted opinions regarding
and outside the
upon. the hotline.
organization.

Ethics Hotline
 Production

PRODUCTION LINES
ARE EFFECTIVE, PRODUCT LINES PRODUCTION LINES
EFFICIENT, OPERATE
ECONOMICALLY AND DO NOT BECOME OPERATE
SAFELY, AND DELIVER OBSOLETE CONSISTENTLY
WITH HIGH QUALITY PREMATURELY.

KEY OBJECTIVES
 Delays,
KEY RISKS
miscommunication, and
inefficiencies

Production facilities are

uncomfortable or
unsafe for workers

Production methods result

in excessive waste, delays,
bottlenecks, and
emergency jobs
Production
 TYPICAL CONTROLS

Sales forecasts and Production Safety protocols

performance are procedures and and instructional
monitored closely training are materials are in
and inform
provided to workers place
production decisions.

Production
 The
End
Thank you for listening!