Audit lap keuangan berbasis komputer –

Auditing revenue cycle

After studying this chapter, you should:

Understand the operational tasks associated with the revenue cycle under different levels of technology.

Understand audit objectives related to the revenue cycle.

Be familiar with revenue cycle control issues related to alternative technologies.

Recognize the relationship between revenue cycle audit objectives, controls, and tests of controls.

Understand the nature of substantive tests in achieving revenue cycle audit objectives.

Be familiar with common features and functions of ACL that are used to perform substantive tests..

Learning Objectives

Revenue Cycle Activities – PROCESS OVERVIEW

Revenue Cycle Activities – AUDIT OVERVIEW

Revenue Cycle Activities - Batch Processing Using Sequential Files—Manual Procedures

Understand the system process and control: order taking, credit checking, warehousing, and shipping are performed manually. Computer programs process the acc. records.

Revenue Cycle Activities - Batch Processing Using Sequential Files—Automated Procedures

Revenue Cycle: Audit Obj, Controls, and ToC

Summary of Internal Controls

Proper authorization of transactions (documentation) should occur so that only valid transactions get processed.

Within the revenue cycle, authorization should take place when:– a sale is made on credit (authorization)

– a cash refund is requested (authorization)

– posting a cash payment received to a customer’s account (cash pre-list)

1. Authorization Controls

Three Rules

2. Segregation of Function

• Sales Order Processing– Credit authorization separate from SO processing

– Inventory control separate from warehouse

– AR sub-ledger separate from general ledger control account

• Cash Receipts Processing– Cash receipts separate from accounting records

– AR sub-ledger separate from general ledger

Autho-rization

Record-ing

Separat-ed

Custody

Often used when unable to enact appropriate segregation of duties (as compesated control). Supervision of employees serves as a deterrent to dishonest acts and is particularly important in the mailroom.

3. Supervision

With a properly maintained audit trail, it is possible to track transactions through the systems and to find where and when errors were made:

4. Accounting Records

Program Error

– pre-numbered source doc

– special journals

– subsidiary ledgers

– general ledger

– files

Access to assets and information (accounting records) should be limited.

Within the revenue cycle:

The assets to protect are cash and inventories, and

Access to records such as the accounts receivable subsidiary ledger and cash journal should be restricted.

See:

IT-GC dan IT-AC: Access Controls

5. Access Controls

Physical procedures as well as record-keeping should be independently reviewed at various points in the system to check for accuracy and completeness:

– shipping verifies the goods sent from the warehouse are correct in type and quantity

– warehouse reconciles the stock release document (picking slip) and packing slip

– billing reconciles the shipping notice with the sales invoice

– general ledger reconciles journal vouchers from billing, inventory control, cash receipts, and accounts receivable

6. Independent Verification

Authorization - in real-time systems, authorizations are automated

– Programmed decision rules must be closely monitored.

Segregation of Functions - consolidation of tasks by the computer is common

– Protect the computer programs

– Coding, processing, and maintenance should be separated.

CBAS Control Considerations

Control Principles

Maintenance

Coding

Processing

Supervision

In POS systems, the cash register’s internal tape or database is an added form of supervision

Access Control

Magnetic records are vulnerable to both authorized and unauthorized exposure and should be protected

– Must have limited file accessibility

– Must safeguard and monitor computer programs

CBAS Control Considerations

Accounting Records - rest on reliability and security of stored digitalized data

– Accountants should be skeptical about the accuracy of hard-copy printouts.

– Backups - the system needs to ensure that backups of all files are continuously kept

Independent Verification – consolidating accounting tasks under one computer program can remove traditional independent verification controls. To counter this problem:

– perform batch control balancing after each run

– produce management reports and summaries for end users to review

CBAS Control Considerations

Used by small firms and some large decentralized firms

Allow one or few individuals to perform entire accounting function

Most systems are divided into modules controlled by a menu-driven program:

– general ledger– inventory control– payroll– cash disbursements– purchases and accounts payable– cash receipts– sales order

PC – Based Accounting Systems

Segregation of Duties

Tend to be inadequate and should be compensated for with increased supervision, detailed management reports, and frequent independent verification

Access Control

Access controls to the data stored on the computer tends to be weak; methods such as encryption and disk locking devices should be used

Accounting Records

Computer disk failures cause data losses; external backup methods need to be implemented to allow data recovery

PC – Control Issues

Revenue Cycle: Test of Controls

1. Input Controls

Input controls: to ensure that trans are valid, accurate, and complete. Control techniques vary considerably between batch and real-time systems.

Testing Credit Procedures

Credit Policy

Test the design, ex: credit limit

exessive?, allow mgt override?

Test the program, using test of data or ITF, ex: create several

dummy customer account, with various credit limit

Failure to apply imply to the adequacy of allowance of

bad ARAdequate?

Effective?

Analyze the result Conlusion

Revenue Cycle: Test of Controls

1. Input Controls

Testing Validation Controls (See: Validation Controls)

The procedures here provide evidence about the accuracy assertion.

ITF or the test data approach would enable the auditor to perform explicit tests of the program logic.

Example: Creates a comprehensive set of test trans that include valid and erroneous data value that fall within and outside of test parameter.

In addition to direct testing of program logic, the auditor can achieve some degree of assurance by reviewing error listings and error logs, but do not provide evidence of undetected errors.

An analysis of error conditions not present in the listing can be used to guide the auditor in designing substantive tests to perform.

Example: To determine whether material price discrepancies exist in the sales invoice file, auditor can perform substantive tests that compare the actual price charged with the suggested retail price.

1. Input Controls Testing Batch Controls (See Batch Control).

Tests of BC provide evidence relating to completeness and accuracy.

Example:

A batch’s transmittal record = 100 sales invoices, total $182,674.87, entered into system, but the completed batch log = only 96 records, total of $172,834.60. What caused this?

Revenue Cycle: Test of Controls

Answers to these questions by reviewing and reconciling trans listings, error logs, and logs of resubmitted record.

ACL commands PROFILE, TOTAL, and COUNT will provide the kind of inf necessary to adequately develop a set of batch controls.

Revenue Cycle: Test of Controls

2. Process Controls Testing File Update Controls (See File Update Controls).

The failure of FUC to function properly can result in records going unprocessed, being processed incorrectly (i.e., returns are treated as sales), or being posted to the wrong customer’s account.

Tests of FUC provide evidence relating to existence (sales but returns), completeness (all records processed), and accuracy (computation).

Testing run-to-run controls is a logical extension of Batch Control procedures and needs no further explanation.

Tests of trans codes and sequence checks can be performed using ITF or the tests–data approach. The auditor should create test data that contain records with incorrect trans codes and records that are out of sequence in the batch and verify that each was handled correctly.

Implicit in this test is verifying the mathematical correctness of the computer operation (test accuracy assertion)

Revenue Cycle: Test of Controls

2. Process Controls Testing Access Controls (See Access Controls).

Access control is at the heart of accounting information integrity.

In the absence of controls, invoices can be deleted, added, or falsified. Individual account balances can be erased, or the entire AR file can be destroyed.

Evidence gathered about existence, completeness, accuracy, valuation and allocation, right and obligations, and presentation and disclosure.

Access control over revenue cycle applications depends on effectively controlling access to the operating systems, the networks, and the databases with which they interact.

The control techniques—including PW, encryption, firewalls, and user views—apply also in preventing unauthorized access to revenue cycle processes. The auditors will typically test these controls as part of their review of general controls.

Revenue Cycle: Test of Controls

3. Output Controls Testing Output Controls (See Output Controls).

Evidence gathered through tests of output controls relates to the completeness and accuracy assertions.

Testing output controls involves reviewing summary reports for accuracy, completeness, timeliness, and relevance to the decisions that they are intended to support.

In addition, the auditor should trace sample transactions through audit trail reports, including transaction listings, error logs, and logs of resubmitted records.

Data extraction software such as ACL can be used to search log files for specific records to verify the completeness and accuracy of output reports. Alternatively, the auditor can test output controls directly using ITF. A well-designed ITF system will permit the auditor to produce a batch of sample transactions, including some error records, and trace them through all phases of processing, error detection, and output reporting.

Substantive Testof Revenue Cycle Activities

Tests of Controls:

To determine whether adequate IC are in place and functioning properly.

Substantive tests:

To determine whether accounting databases fairly reflect the organization’s transactions and account balances.

ISACA: CISA Study Guide

There 2 basic categories of audit testing:

Compliance Test

To test the presence of the absence of something.

Substantive Test

To verify the content and integrity of evidence.

Substantive Tests of Revenue Cycle Accounts

Substantive Tests of Revenue Cycle Accounts

Revenue Cycle Risk and Audit Concern

Auditor’s concerns in the revenue cycle pertain to the potential for overstatement of revenues and AR.

Examples of specific issues / risks:

Recognizing revenues from sales transactions that did not occur

Early or Failing to recognize period-end cutoff points (before or after point of sale).

Underestimating the allowance for doubtful accounts, thus AR

Shipping unsolicited products to customers in one period that are returned in a subsequent period

Billing sales to the customer that are held by the seller (may require no payment for a lengthy period of time.)

Substantive Tests of Revenue Cycle AccountsRevenue Cycle Risk and Audit Concern

Auditor will seek evidence by performing a combination of tests of IT-GC/IT-AC and substantive tests.

Example: Auditor may use ITF to test the accuracy of sales transaction postings to

AR file. However, the ITF offer no assurance about collectability of A/R.

ITF can be used to test the credit-limit logic to provide assurance that the credit policy is being implemented. This test, however, provides no evidence that proper cutoff procedures were followed in calculating AR.

From examples, we see that in addition to ToC, the auditor must perform substantive tests to achieve audit objectives.

Audit Objectives

Subs Test

TOCSubs Test

Understanding Data

To do substantive tests, auditor needs to understand the systems and controls that produced the data, as well as the physical characteristics of the files that contain them.

Substantive Tests of Revenue Cycle Accounts

First, auditors verify the correct version of the file to be analyzed. To do so, auditor must understand the file backup procedures and, if possible, work w/ the original files.

Second, ACL can read most sequential files and relational database tables directly, but complex file structures may require additional procedures to produce a copy of the original file in a format that ACL can accept.

Test of Control + Substantive Test

Understand System and Control

Understanding Data

Verifying the correctness of data/ file

analyzed

Understanding: DFD of Sales Order Processing

Substantive Tests of Revenue Cycle AccountsUnderstanding Data – Client’s File Structures for The Revenue Cycle

Contains address and credit inf. CL is used to validate sales trans.

Capture sales trans data for the period. SI file contains summary data for each invoice. Summing Invoice for all record in the file yields total sales.Customer payments are matched to the open invoice record, which is closed by placing date in Closed Date field. AR balance is calculated by summing

the Invoice Amount fields for all of the customer’s open invoices.

Contains a record of every product sold. These data also provide audit evidence needed to corroborate the accuracy of P X Q calculations that are summarized in the sales invoices.

Contains Q, P, supplier, and warehouse location data for each item of inventory. The Quantity on Hand field is increased by inventory receipts from suppliers.

(+)

( - ) sold

A record of all sales orders shipped to customers, verifying SI file and order is shipped in timely manner.

Testing the Accuracy and CompletenessReview Sales Invoices for Unusual Trends and Exceptions

Identifying potential audit risks involves scanning data files for unusual transactions and account balances.

Example: The auditor can use

ACL’s Stratify feature to identify anomalies.

Unusual trends and exceptions:Min invoice= (3,582.98)

and the max= $5,549.19.49 items constitute

$49,283 of (-) sales.74% of sales b/w $310

and $1,620.Only 2 items were sales

over $4,895.

it’s sales invoice file

Testing the Accuracy and CompletenessReview Sales Invoice and Shipping Log Files for Missing and Duplicate Items

Duplicate and missing trans in the revenue cycle may be evidence of over- or understated sales and AR.

ACL is capable of testing for out-of-sequence records, gaps, and duplicate values for the entire file.

For Shipping Log file, auditor would test the Invoice Number field for gaps and duplicate records.

Depending on the circumstances, sales and AR may be overstated.

Analyze another file/data for testing the accuracy and completeness assertion (see DB relation)

Testing the Accuracy and CompletenessReview Line Item and Inventory Files for Sales Price Accuracy

Pricing inconsistency in such a setting may indicate a computer program error or the use of obsolete pricing data.

Based on the file structures for the Line Item and Inventory files, the Sales Price and Retail Price fields can be compared for consistency, by combining the two files to create a third table.

Then, create a filter that will ignore all records in which Sales Price = Retail Price. The resulting file will thus contain only price discrepancies.

Using ACL feature, calculate price variance and determine its materiality.

Testing for Unmatched Records Inventory and Line Item: present (absence) of unmacthed records may indicates: The accuracy assertion.The valuation assertion.

Testing the Existence AssertionThe confirmation process involves three stages: selecting the accounts to confirm, preparing confirmation requests, and evaluating the responses.

1. Selecting Accounts to Confirm

Selecting AR for confirmation involves processing data in the Customer and the Sales Invoice files.

Requires 3 steps:

1. Consolidate Invoices. Using ACL’s Classify command (open invoice).

2. Join the Files. Join the Classified Invoices file and Customer file, for?

3. Select a Sample of Accounts: Record or MUS, consideration?

AR balance

Type of Confirmation:Positive confirmation:

nonresponses must be followed up by auditor, for example: review the following period’s closed invoices to determine if the accounts were

actually paid

Negative confirmation: all: (1) many small balances (coverage) AND (2) IR and CR are low

AND (3) high response rate to positive confirms in Previous Years

Obtain and evaluate AR confirmations

Timing:The most reliable evidence from confirmations is obtained whenthey are sent as close to the BS date as possible, as opposedto confirming the accounts several months before year-end.

Controlling: Confirmation letter retained and mailed by auditor, and sent bact directly to auditor

Testing the Valuation/Allocation AssertionReview Line Item and Inventory Files for Sales Price Accuracy

To assess AR valuation, auditor needs to review the AR aging process to determine that the allowance for doubtful accounts is adequate.

Aging Accounts Receivable As AR age, the AR collectibility is decreased. Economic condition also

has an impact to the AR collectibility. The total balance of AR =

$468,880.69, in which 17 invoices= 90 < x < 120 day past due, and 13 invoices > 120 days past due.

Auditor’s objective is to determine that the methods used by the credit manager to estimate the doubtful accounts is adequate and reasonable.

Informasi Lebih Lanjut,Hubungi: