Auditing Revenue Cycle

IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 9:Auditing the Revenue Cycle



MANUAL PROCEDURES Follow Figure 9-1 Obtaining & recording customers’

orders Document = SALES ORDER [Figure 9-2] One copy in “Open Order File”

Approving credit One copy of sales order went to credit

dept. Returned authorized copy triggers

release of sales order into system


MANUAL PROCEDURES Processing shipping orders

4 copies of Sales Order to warehouse; packing slip, shipping notice, stock release, file copy

Locate and “pick” goods using Stock Release; package them with packing slip

Reconcile documents and goods, sign Shipping Notice, prepare Bill of Lading – multiple copies [Figure 9-3]

Transfer custody of goods (packing slip inside) and 2 copies of Bill of Lading to carrier

Record shipment in shipping log

Send shipping notice to Billing Dept.

File: Stock Release, 1 BOL, File Copy


LEGACY SYSTEM PROCEDURES Keypunch batch of shipping notices Edit run program, correct any errors

Field checks Limit tests Range tests Price times quantity extensions

Sort run on batches by AR account number Legacy systems store records in sequential manner,

usually tape Next process is to “post” individual shipping notices to

appropriate individual AR accounts AR update & billing run [Figure 9-4]

Updates AR file becomes new AR file Billing would be printing invoices to be mailed Sales journal file or printout Journal voucher for AR [DR] and sales [CR]


LEGACY SYSTEM PROCEDURES Re-sort by inventory item {why?}

Same reason; but this process is to update Inventory Items

Inventory update run [Figure 9-5] Reduce quantity on hand for items shipped, generate a

new Inventory file Compare “On Hand” quantity with “Reorder Point” to

identify items needing replenishment; file or printout Journal voucher for Cost of Goods Sold [DR] and

Inventory [CR]

Sort journal entries by GL # Run general ledger update Management reports


BATCH CASH RECEIPTS SYSTEMS WITH DIRECT ACCESS FILES

See Figure 9-6 Discrete events that naturally fit the batch

approach Update Procedures

Mail RoomReceives checks and Remittance Advices.Separates checks from Remittance AdvicesPrepares a Remittance List – multiple copiesCopy of Remittance List and checks go to Cash

Receipts Dept.Remittance Advices and copy of Remittance List go

to AR Dept.Last copy of Remittance List to Controller’s Office


BATCH CASH RECEIPTS SYSTEMS WITH DIRECT ACCESS FILES Cash receipts dept.

Reconciles checks and remittance list Prepares deposit slip – multiple copies Using terminal/IS, creates a journal

voucher of cash received; Cash [DR] and AR [CR]

End of day, deposit cash and Deposit slips to the bank

File copy of deposit slip



AR Dept. Reconciles remittance advices and

remittance list

Prepares batch for transactions based on remittance advice data to update AR subsidiary ledger

Files remittance advices and remittance list



DP Dept. Accesses the two files created in cash receipts (journal

voucher) and AR (batch transaction file of CR) Reconciles the files Updates AR-SUB accounts Updates GL (AR, Cash) Creates a cash receipts journal System produces transaction listing that is sent to AR

dept. where AR clerk will reconcile against the remittance list of file there

More management reports


REAL-TIME SALES ORDER ENTRY AND CASH RECEIPTS

See Figure 9-7 Sales procedures

Transactions are processed as they occur, separately Credit check is performed online by the system If approved, system checks availability of inventory If available, system:

Transmits electronic stock release to warehouse dept

Transmits electronic packing slip to shipping dept Updates inventory file records for depletion Records sale in open sales order computer file



Warehouse procedures Produces hard copy of stock release Clerk picks goods, sends them with a copy of stock

release to shipping dept.

Shipping procedures Reconciles goods, stock release, packing slip from

system. Online, IS prepares Bill of Lading for shipment, and

shipping notice for DP Dept. Select carrier and prepare goods for shipment, along

with packing slip and Bill of Lading Stock release form is filed



Billing procedures Record sales invoice and shipment in IS Print invoice to be sent to customer Update shipping log and sale invoice files Delete shipment from open sales order file

Cash receipts procedures Keypunch cash receipts using the remittance advice

into IS,matching it with the specific record in the sales invoice file

Keypunch any credit memos using similar process Generate a remittance file of posted transactions


FEATURES OF REAL-TIME PROCESSING

Events Database Traditional accounting does not have to exist in per se (in

traditional form) General Ledger can be derived at any time from a compilation from

the events database

Advantages Greatly shortens the cash cycle of the firm Can give a firm a competitive advantage (e.g., managing inventory

better) Real-time editing permits the identification of many kinds of errors

as they occur, greatly reducing the efficiency and effectiveness of business processes

Reduces the amount of paper documents Electronic audit trails are possible in real-time computer-based

systems


MANAGEMENT ASSERTIONS AND REVENUE CYCLE AUDIT OBJECTIVES Existence / Occurrence

VERIFY AR balance represents amounts actually owed as of Balance Sheet date Establish sales represents goods shipped and/or services rendered during period of

financials Completeness

Determine all amounts owed organization are included in AR VERIFY shipped goods, services rendered, and/or returns and allowances for period

are included in financials Accuracy

VERIFY revenue transactions are accurately computed, based on correct prices and quantities

Ensure AR subsidiary ledger, sales invoice file, remittance file are mathematically correct .. And agree with GL accounts

Rights & Obligations Determine organization has legal right to AR VERIFY accounts sold or factored have been removed from AR

Valuation or Allocation Determine AR balance stated in net realizable value Establish allocation for uncollectible accounts is appropriate

Presentation and Disclosure VERIFY AR and revenues for period are properly described and classified


INPUT CONTROLS Purpose

Ensure creditworthiness of customers Control techniques vary considerably between batch systems and

real-time systems Credit authorization procedures

Credit worthiness of customerBatch and manual systems use credit dept.Real-time systems use programmed decision rules

Testing credit procedures

Verify effective procedures existVerify information is adequately communicatedVerify effectiveness of programmed decision rules (test data, ITF)Verify that authority for making credit decisions is limited to authorized

credit personnel/proceduresPerform Substantive Tests of DetailReview credit policy periodically and revise as necessary


INPUT CONTROLS Data Validation Controls

To detect transcription errors in data as it is processed Batch: after shipment of goods

• Error logs• Error correction computer processes• Transaction resubmission procedures

Real-Time: Errors handled as they occur Missing data checks – presence of blank fields Numeric-Alphabetic data checks – correct form of data Limit checks – value does not exceed max for the field Range checks – data is within upper and lower limits Validity checks – compare actual values against known acceptable values Check digit – identify keystroke errors by testing internal validity

Testing Data Validation Controls Verify controls exist and are functioning effectively Validation of program logic can be difficult

If Controls over system development and maintenance are NOT weak, testing data editing/programming logic more efficient than substantive tests of details (test data, ITF)

Some assurance can be gained through the testing of error lists and error logs (detected errors only)


INPUT CONTROLS Batch controls

Manage high volumes of similar transactions Purpose: Reconcile output produced by system with the original

input Controls continue through all computer (data) processes Batch transmittal sheet:

Unique batch numberBatch dateTransaction codeRecord count Batch control total (amount)Hast totals (e.g., account numbers)

Testing data validation controls Failures of batch controls indicates data errors Involves reviewing transmittal records of batches processed and

reconcile them to the batch control log (batch transmittal sheet) Examine out-of-balance conditions and other errors to determine

cause of error Review and reconcile transaction listings, error logs, etc.


PROCESS CONTROLS Computerized procedures for file updating Restricting access to data Techniques:

File update controls -- Run-to-run batch control data to monitor data processing steps

Transaction code controls – to process different transactions using different programming logic (e.g., transaction types)

Sequence check controls – sequential files, proper sorting of transaction files required

Testing file update controls – results in errors Testing data that contains errors (incorrect transaction codes,

out of sequence)Can be performed in ITF or test dataCAATTs requires careful planningSingle audit procedure can be devised that performs all tests in

one operation.


ACCESS CONTROLS Prevent and detect unauthorized and illegal access to

firm’s systems and/or assets Warehouse security Depositing cash daily Use safe deposit box, night box, lock cash drawers and safes Accounting records

Removal of an account from booksUnauthorized shipments of goods using blank sales ordersRemoval of cash, covered by adjustments to cash accountTheft of products/inventory, covered by adjustments to inventory or

cash accounts

Testing access controls – heart of accounting information integrity

Absence thereof allows manipulation of invoices (i.e., fraud)Access controls are system-wide and application-specificAccess controls are dependent on effective controls in O/S, networks,

and databases


PHYSICAL CONTROLS Segregation of duties

Rule 1: Transaction authorization separate from transaction processing

Rule 2: Asset custody separate from record-keeping tasks

Rule 3: Organization structured such that fraud requires collusion between two or more people

Supervision Necessary for employees who perform incompatible

functions Compensates for inherent exposure from incompatible

functions Can be supplement when duties are properly

segregated Prevention vs. detection of fraud and crime is objective:

supervision can be effective preventive control


PHYSICAL CONTROLS Independent verification

Review the work of others at critical points in business processes Purpose: Identify errors or possible fraud Examples:

Shipping dept. verifies goods sent from warehouse dept. are correct in type and quantity

Billing dept. reconciles shipping notice with sales notice to ensure customers billed correctly

Testing physical controls Review organizational structure for incompatible tasks Tasks normally segregated in manual systems get consolidated in

DP systems. Duties of design, maintenance, and operations for computers need

to be separated Programmers should not be responsible for subsequent program

changes.


OUTPUT CONTROLS PURPOSE: Information is not lost, misdirected, or corrupted; that the

system output processes function properly Controls are designed to identify potential problems

Reconciling GL to subsidiary ledgers Maintenance of the audit trail – that is the primary way to trace the source

of detected errors Details of transactions processed at intermediate points AR change report Transaction logs: permanent record of valid transactions Transaction listings – successfully posted transactions Log of automatic transactions Unique transaction identifiers Error listings

Testing output controls Reviewing summary reports for accuracy, completeness,timeliness, and

relevance for decisions Trace sample transactions through audit trails; including transaction

listings, error logs, and logs of resubmitted records ACL is very helpful in this process


SUBSTANTIVE TESTS OF REVENUE CYCLE ACCOUNTS

PURPOSE: Determine the nature, timing, and extent of substantive tests using auditor’s assessment of inherent risk, unmitigated control risk, materiality considerations, and efficiency of the audit.

Concern: Overstatement or understatement of revenues? Focus on large and unusual transactions, especially near period-end Recognizing revenues from sales that did not occur Recognizing revenues BEFORE they are realized Failing to recognize cutoff points Underestimating allowance for doubtful accounts Shipping unsolicited products to customers, subsequently returned Billings customers for products held by seller Tests of controls and substantive tests

Credit limit logic may be effective but cut-off of AR may be errorSubstantive testing of AR may give assurance about accuracy of

total AR but does not offer assurance about collectibility



Understanding data VERIFY data used in CAATTs (e.g., ACL) is accurate VERIFY adequate setup of files from originals

(e.g., ACL and Profilecommand) Relationships and data from [see Figure 9-10]:

Customer fileSales Invoice fileLine item fileInventory fileShipping log file

File preparation procedures



Accuracy/completeness assertion Analytical review of account balances

Overall perspective for trends in sales, cash receipts, sales returns, and AR

Provides first-level assurance that amounts are reasonably stated and reasonably complete

If so, may reduce the extent of substantive testing Review sales invoices for unusual trends and

exceptionsScanning data files using CAAT

(e.g., ACL and stratify and possibly filters - see Figure 9-11)

• Reveals all errors or raises questions?



Accuracy/completeness assertion Review sales invoice and shipping log files

Missing and duplicate transactions [see Table 9-2]Questions/survey:

• Are procedures in place to document and approve voided invoices?

• How are gaps in sales invoice numbers communicated to management?

• What physical controls exist over access to sales invoice source documents?

• If applicable, are batch totals used to control batch transactions during each processing step?

• Are transaction listings reconciled and reviewed by management?

Review line item and inventory files for pricing accuracyACL allows auditor to compare prices on invoices with inventory –

using JOIN [see example on page 413]Testing unmatched records (complement)



Existence assertion Confirmation of AR – SAS #67

Not required if:• AR is immaterial• Assessed Control Risk is low• Confirmation process will be ineffective

CAATTs to use for this function?• Steps:• Select accounts to confirm• Consolidate invoices (not AR subsidiary) using CLASSIFY (filter) and

SUMMARIZE (amount) [see Tables 9-3 and 9-4]• Why?• JOIN the CUSTOMER file with the new consolidated invoice file

Prepare confirmation requests [see Figure 9-12]• Positive and Negative Confirmations (ACL, EXPORT)

Evaluating and controlling responses• Retain custody of the confirmation letters until mailed• The letters should be addressed to the auditor, not client org.• The replies should be mailed to the auditor, not client org.• Discrepancies should be investigated.• Non responses to POSITIVE confirmation should be investigated



Valuation/allocation assertion Corroborate or refute AR is stated at reasonable Net

Realizable Value AGING AR

• ACL, AGE [see Table 9-7]

Is allowance for doubtful accounts reasonable compared to prior years and based on composition of AR portfolio

• Confirmation process will be ineffective

Review past-due balances• Conference with credit manager to determine collectibility• Determine if methods used to estimate allowance for doubtful

accounts is adequate, not the collectibility of each account• Determine if overall allowance is, therefore, reasonable


Chapter 9:Auditing the Revenue Cycle


Documents

Auditing Revenue Cycle