1 / 26

Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle. IT Auditing & Assurance, 2e, Hall & Singleton. PURCHASES: BATCH PROCESSING. Step 1: Data processing department – inventory control Purchasing Department Step 2: Data processing department – P.O. Receiving Department

nubia
Download Presentation

Chapter 10: Auditing the Expenditure Cycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 10:Auditing the Expenditure Cycle IT Auditing & Assurance, 2e, Hall & Singleton

  2. PURCHASES: BATCH PROCESSING • Step 1: Data processing department – inventory control • Purchasing Department • Step 2: Data processing department – P.O. • Receiving Department • Step 3: Data processing department – batch update of inventory • Accounts Payable • Step 4: Data processing department – validates vendors

  3. CASH DISBURSEMENT: BATCH PROCESSING • Step 5: Data processing department – scans for items due and prints checks for items received • Step 6: Cash disbursements department – reconciles checks, submits checks to management for signature • Step 7: Accounts payable – matches copies of checks with open vouchers, closes them and files documents • Concludes expenditure cycle

  4. CASH DISBURSEMENT: REENGINEERED—FULLY AUTOMATED • Data processing steps performed automatically: • Inventory file scanned for items and reorder points • Purchase requisition record for all items needing replenishment • Consolidate requisitions by vendor • Retrieve vendor mailing information • P.O. prepared and sent to vendor (EDI) • Open P.O. record added for each transaction • List of P.O. sent to purchasing department

  5. CASH DISBURSEMENT: REENGINEERED– FULLY AUTOMATED • Goods arrive at receiving department • Quantities received entered per item

  6. CASH DISBURSEMENT: REENGINEERED—FULLY AUTOMATED • Data processing steps performed automatically: • Quantities keyed matched to open P.O. record • Receiving report file record added • Update inventory subsidiary records • G.L. inventory updated • Record removed from open P.O. file and added to open A.P. file, due date established

  7. CASH DISBURSEMENT:REENGINEERED—FULLY AUTOMATED • Each day, due date filed of A.P. are scanned for items where payment is due

  8. CASH DISBURSEMENT: REENGINEERED—FULLY AUTOMATED • Data processing steps performed automatically: • Checks are printed, signed and distributed to mailroom (unless EDI/EFT) • Payments are recorded in check register file • Items paid are transferred from open A.P. to closed A.P. file • G.L.- A.P. and cash accounts are updated • Appropriate reports are transmitted to A.P. and cash disbursements departments for review

  9. CASH DISBURSEMENT:REENGINEERED—FULLY AUTOMATED • Control implications • General in nature • Similar to those of Chapter 9

  10. BATCH AUTOMATED SYSTEM VS. MANUAL BATCH • Improved inventory control • Better cash management • Less time lag • Better purchasing time management • Reduction of paper documents

  11. REENGINEERED SYSTEM VS.BATCH AUTOMATED SYSTEM • Segregation of duties • Accounting records and access controls

  12. PAYROLL PROCEDURES • Drawbacks to using regular A.P. and cash disbursements systems to do payroll • General expenditure procedures that apply to all vendors will not apply to employees • Writing checks to employees requires special controls • General expenditure procedures are designed to accommodate relatively smooth flow of transactions

  13. REENGINEERED PAYROLL SYSTEM • Often integrated with H.R. • Differs from previous automate system • Operations departments transmit transactions to D.P. electronically • Direct access to files are used for data storage • Many processes are now performed in real time

  14. REENGINEERED PAYROLL SYSTEM • Personnel • Cost accounting • Timekeeping • Data processing • Labor costs are distributed to accounts • Online labor distribution summary • Online payroll register • Employee records are updated • Payroll checks are prepared and signed • Disbursement system generates check to fund the payroll imprest account • G.L. updated

  15. EXPENDITURE CYCLE AUDIT OBJECTIVES • Input controls • Data validation controls • Testing validation controls • Batch controls • Testing batch controls • Purchases authorization controls • Testing purchases authorization controls • Employee authorization • Testing employee authorization procedures

  16. EXPENDITURE CYCLE AUDIT OBJECTIVES • Process controls • File update controls • Sequence check control • Liability validation control • Valid vendor file • Testing file update controls • Access controls • Warehouse security • Moving assets promptly when received • Paying employees by check vs. cash • Risks • Employees with access to A.P. subsidiary file • Employees with access to attendance records • Employees with access to both cash and A.P. records • Employees with access to both inventory and inventory records • Testing access controls

  17. EXPENDITURE CYCLE AUDIT OBJECTIVES • Process controls • Physical controls • Purchase system controls • Segregation of inventory control from warehouse • Segregation of G.L. and A.P. from cash disbursements • Supervision of receiving department • Inspection of assets • Theft of assets • Reconciliation of supporting documents: P.O., receiving report, supplier’s invoice • Payroll System controls • Verification of timecards • Supervision • Paymaster • Payroll imprest account • Testing of physical controls

  18. EXPENDITURE CYCLE AUDIT OBJECTIVES • Process controls • Output controls • A.P. change report • Transaction logs • Transaction listing • Logs of automatic transactions • Unique transaction identifiers • Error listing • Testing output controls

  19. EXPENDITURE CYCLE SUBSTANTIVE TESTS • Risks and audit concerns • Understanding data • Inventory file • Purchase order file • Purchase order line item file • Receiving report file • Disbursement voucher file • File preparation procedures

  20. EXPENDITURE CYCLE SUBSTANTIVE TESTS • Testing accuracy and completeness assertions • Review disbursement vouchers for unusual trends and exceptions • Accurate invoice prices • Testing completeness, existence, rights and obligations assertions • Searching for unrecorded liabilities • Searching for unauthorized disbursement vouchers • Review of multiple checks to vendors • Auditing payroll and related records

  21. Additional Cybercrime Info • The following slides are not in the text!

  22. Incident Response Mandates Gramm-Leach-Bliley Financial Institutions must … • Establish incident response capability • Perform prompt and reasonable investigation when sensitive customer info is accessed • Notify customers if misuse of info has or is likely to occur

  23. Incident Response Requirements ISO 17799 • ISO 17799 is international standard for IS best practices • Security framework must contain an effective incident response approach • In 2002, 22% companies with sales over $500 million had implemented ISO 17799 • Must collect information for three purposes … • Internal problem analysis • Use as evidence • Negotiation for compensation from software/service vendors

  24. Incident Response Requirements ISO 17799 • Response procedures should cover … • Analysis and identification of cause of incident • Planning and implementation of remedies • Collection of audit trails and similar evidence • Communication with those affected or involved with recovery • Reporting the action to the appropriate authority

  25. Best Practices • Imaging hard drive of employees who resign or are terminated (proactive) • Avoid “patch and proceed” response • Implement network forensics analysis with tools like EnCase • Focus on insider threats • Companies face increasing cyberliability claims stemming from security breaches

  26. Chapter 10:Auditing the Expenditure Cycle IT Auditing & Assurance, 2e, Hall & Singleton

More Related