ACCOUNTING CYCLES RISKS AND CONTROLS
EXPENDITURE CYCLE – PURCHASING/REQUISITIONING
Risk
Purchasing items that are not needed
Purchasing items that have high prices
Purchasing items of poor quality
Purchasing from unauthorized supplies
EXPENDITURE CYCLE – RECEIVING
Risk
Receiving unordered items
Receiving items of poor quality
Mistakes in inventory
Theft of inventory
EXPENDITURE CYCLE – ACCOUNTS PAYABLE
Risk
Vendor invoice errors
Accounts payable posting errors
Control(s) to mitigate that risk
Purchase orders must have the appropriate authorization
Vendors should be approved and purchase agents should only use vendors from the
approved vendor list. They can also improve by requesting competitive bids or request for
quotations directly from multiple vendors.
Vendors should be approved and purchase agents should only use vendors from the
approved vendor list. They can also improve by requesting competitive bids or request for
quotations directly from multiple vendors.
Vendors should be approved and purchase agents should only use vendors from the
approved vendor list. They can also improve by requesting competitive bids or request for
quotations directly from multiple vendors.
Control(s) to mitigate that risk
The receiving clerk should have an approved purchase order prior to receiving the items
The receiving clerks should count and properly inspect the goods for possible damage or
defects. The PO copy used by the Receiving Department should not include the quantity
that wasordered. Using bar codes to scan items reduces mistakes in counting.
The receiving clerks should count and properly inspect the goods for possible damage or
defects. The PO copy used by the Receiving Department should not include the quantity
that wasordered. Using bar codes to scan items reduces mistakes in counting.
Physical access to the warehouse should be restricted and inventory should be periodically
counted and reconciled to the accounting records.
Control(s) to mitigate that risk
The vendor invoice should be compared to the purchase order, to the receiving report, and
to a price list. The extensions and totals should be checked.
the date of the posting to accounts payable should be the date the goods are received, not
the invoice date.
EXPENDITURE CYCLE – CASH DISBURSEMENTS
Risk
Paying for items not received
Paying the same invoice twice
Theft of cash
REVENUE CYCLE – ORDER ENTRY AND CREDIT
Risk
Inaccurate/incomplete sales orders
Invalid/fake order
Uncollectible customer orders
Inventory stockouts
REVENUE CYCLE – WAREHOUSE AND SHIPPING
Risk
Picking the wrong items
Picking the wrong quantity of items ordered
Theft of inventory
Not shipping ordered items to customer
Shipping items to the wrong shipping address
REVENUE CYCLE – BILLING AND ACCOUNTS RECEIVABLE
Risk
Not billing the customer
Errors on invoice
Not posting transaction to the proper accounting period
Control(s) to mitigate that risk
An authorized check signer should review the supporting documentation (purchase order,
receiving report, and vendor invoice), to ensure invoice is apprpoved for payment.
After check is signed, all supporting documentation should be marked PAID.
Checks should be processed by a separate department or person that has no access to the
accounting records.
Control(s) to mitigate that risk
Computerized accounting systems include data entry controls, such as requiring all fields to
be completed before accepting the order.
All sales orders shoul be supported by a customer order for approval.
The customers credit must be approved before the goods are shipped.
Good inventory control practices (using a perpetual inventory method, automatic ordering
of items with low inventory, periodic inventory counts with reconciliation to the accounting
records.
Control(s) to mitigate that risk
Barcodes or RFID systems should be used with inventory.
Barcodes or RFID systems should be used with inventory.
Only authorized employees should be allowed in inventory storage areas.
Sales orders, picking tickets, packing slips and shipping documents should be
compared to ensure information is consistent.
Sales orders, picking tickets, packing slips and shipping documents should be
compared to ensure information is consistent.
Control(s) to mitigate that risk
Reconcile all itmes from shipping reports to invoices.
Review the accounts receivable aging report regularly.
Use data entry controls to automatically post to appropriate period.
Posting to the wrong customer account
REVENUE CYCLE – CASH RECEIPTS
Risk
Theft of cash
FIXED ASSETS CYCLE
Risk
Asset theft
Improperly accounting for the asset acquisition price
Improperly expensing or capitalizing repairs
Improperly calculating depreciation expense
Lack of authorization for asset acquisition/disposal
Inadequate insurance levels on assets
FINANCING CYCLE - EQUITY
Risk
Improperly accounting for equity
Improperly accounting for dividends
Improperly accounting for treasure stock
Improperly accounting for stock options
Use data entry controls to automatically post to appropriate period.
Control(s) to mitigate that risk
Use proper segregation duties or use a bank lockbox.
Control(s) to mitigate that risk
Proper authorization to aquire or dispose of assets, tagging, reconcile
physical list to the General Ledger.
Good asset policies and knowledgeable employees. Some exampales include
an appriopriate threshold amount that makes the company capitalize the
cost rather than expensing it. Also, having approval required for asset
acquisitions and having a budgeting process for asset acquisitions.
Good asset policies and knowledgeable employees. Some exampales include
an appriopriate threshold amount that makes the company capitalize the
cost rather than expensing it. Also, having approval required for asset
acquisitions and having a budgeting process for asset acquisitions.
Good asset policies and knowledgeable employees. Some exampales include
an appriopriate threshold amount that makes the company capitalize the
cost rather than expensing it. Also, having approval required for asset
acquisitions and having a budgeting process for asset acquisitions.
Proper authorization to acquire or dispost of assets, tagging, reconcoile
physical list to the General Ledger.
Annual review to ensure adequate coverage
Control(s) to mitigate that risk
Good corporate governance and a strong Board of Directors.
Transactions should be verified through board minutes
Transactions should be verified through board minutes
Proper authorization and segregation of duties
FINANCING CYCLE - DEBT
Risk
Improperly accounting for debt
Improperly classifying debt as short or long-term
Improperly calculating interest
Control(s) to mitigate that risk
Proper authorization
Verification through loan documents and use
Use of amortization tables provided by bank or leasing company

PAYROLL CYCLE
Risk Control(s) to mitigate that risk
Theft of cash Limiting access to authorized personnel. Use of an imprest account to limit
liability.
Unauthorized changes to the payroll system Proper authorization required for any changes. Payroll change report should
periodically be run and reviewed to prevent fraudulent payment or ‘ghost
employees’
Inaccurate wage or tax calculations Manager or automated system should review payroll before processing.
Variance analysis can identify any unexpected changes.
Incorrect posting to the wrong accounting period Manager or automated system should review payroll before processing.
Variance analysis can identify any unexpected changes.
Noncompliance with laws Management or third-party review

FINANCIAL REPORTING CYCLE

Risk Control(s) to mitigate that risk
Material misstatements Segregation of duties and thorough review and approval process