e-ticketing audit programme e-ticketing audit work program - version to... · e-ticketing audit...

E-Ticketing AUDIT PROGRAMME

of 39

Auditor Responsible Audit Reviewed by

Audit Month/Year Estimated Man Days

OBJECTIVE The E-ticketing work program is developed in order to assess controls in the e-ticketing process, aiming at: • Completeness, accuracy and timeliness of revenues related to e-ticketing; • Reliability and availability of IT systems involved in e-ticketing.


of 39

Introduction This E-Ticketing work program is the outcome of an IAAIA workshop dedicated to e-ticketing, which was conducted on March 17 and March 18 in Schiphol, Netherlands. The work program is a so-called ‘integrated work program’, with elements from financial, operational and IT auditing. As the manners in which airlines execute processes differ from airline to airline, the applicability of this work program for a specific audit must be carefully assessed. Some risks may not be applicable and other risks may not have been listed. Likewise, controls mentioned may not be applicable and other controls may be in place. Implementing all controls mentioned in this work program will not always be necessary and may even lead to an over-complete control environment. Several ways can be followed to implement controlled processes and – deliberately – no selection of controls has been made in this program. Consequently, tailoring the work program will be necessary to match the audit procedures with the specific situation within your company. This work program is focused specifically on E-Ticketing and is not suitable for audits on paper ticket processes. Participants of the IAAIA E-Ticketing workshop: • Iyimola Akinbola - Virgin Nigeria Airways • Bashar Al Qudah - Royal Jordanian Airlines • Bodosahondra Andriamialison - Air Madagascar • Genevieve Braganza - Jet Airways • Michelle Au-Chan - WestJet • John Dunker - Surinam Airways • Roshni Jagannathan – Emirates • Kishore Kanojia - Emirates

• Mohamed Khalaf Hasan - Gulf Air • Suvi Kruse - Finnair • Pauline Liew - Royal Brunei Airlines • Syed Abdul Qader Mohd Ansari - Malaysia

Airlines • Kim Nehls - Scandinavian Airlines System • Bartosz Ryters - LOT Polish Airlines • Gudny Sigurdardottir - Fjarvakur

• Geoffrey Smith - Air Canada • Stefan Stapfer - Swiss International Air Lines • Sharon Ti Lien Heng - Malaysia Airlines • Angelique Cue-Tinsay - Philippine Airlines • Anna Gudrun Tomasdottir - Icelandair • Vivek Tuli - Qatar Airways • Antony Wamatu - Kenya Airways • Margaret Zimunhu - British Airways

Facilitators: • Robert Engelbarts – KLM Royal Dutch Airlines

• Jacqueline Holla – KLM Royal Dutch Airlines

• Sjoerd Jansen – KLM Royal Dutch Airlines


of 39

S.No Area of Audit

A Reservation, booking and airport handling

B Revenue Recognition

C Revenue controls and monitoring (e.g. flown not sold, sold not flown)

D Manual interventions and critical transactions

E Electronic miscellaneous documents (EMDs)

F Interline / Non interline

G Management information


of 39

A. Reservation, booking and airport handling Potential Risk Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

Not all E-Tickets are paid for • Issuance without payment • Duplicating paid E-Tickets

(2 usable tickets, 1 payment)

• IT control preventing issuance of E-Tickets without payment record

• IT control preventing issuance of earlier issued E-Ticket

Assess and test design and actual functionality of application

Report that matches E-tickets with payments

Assess whether a control that matches issued tickets with payments is available and used

Ticketing systems and reservation systems not fully integrated

Detailed analysis of compatibility of systems performed before linking systems

Assess whether analysis of compatibility has been (adequately) performed

Execution of tests before implementing a link between systems

• Assess whether tests before implementation have been (adequately) performed (e.g. the user organisation was involved in developing test scenarios en signing off on test results)

• Perform sample testing on accuracy of key functionalities (e.g. change in booking leads to change in ticket, payment makes ticket available for use etc.)

E-Ticketing is not applied on all routes

IT control preventing the issuance of E-Ticketing on not E-Enabled routes

• Assess maintenance of list of non E-Enabled routes • Test of one by trying to book an E-Ticket for a non E-Enabled

route

Ticketing systems and DCS’s not fully integrated

See above See above

Mismatch between booking data and ticketing data

Application, database and interface design preventing such occurrences

Assess application, database and interface design (e.g. what is regarded as primary source of data and what is done to prevent mutation of data in other sources?)


of 39

Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date

Initials

Interface controls Assess whether data transfers are automatically checked for completeness, accuracy and timeliness and whether follow-up of exceptions occurs

Restricted access to database and logging of database administrators activity

• Assess whether database administrator access is limited (need to have)

• Assess whether critical changes to database records are logged and reviewed

Incomplete and/or incorrect data entry

Input validations • Assess whether required fields cannot be left empty • Assess whether input is subject to automated validity checks

(e.g. date formatting check, inability to make a booking for a flight in the past, etc.)

Lack of audit trail (e.g. log files)

Logging and audit requirements established by management (preferably in design phase of systems)

• Assess whether logging and audit trails were addressed in the design phase of systems and agreed upon by those that need them (revenue assurance, anti-fraud department, etc.)

• Assess whether logging and audit trails were implemented as designed, saved to a secure location and used

Malperformance of third parties (e.g. GDSs) • data integrity • contingency

Agreed IT controls ensuring data integrity and contingency

Assess whether a control framework ensuring data integrity and contingency has been agreed upon with the GDS and has been formalised in the contract

Right to audit or SAS 70 / ISAE 3402

• Assess whether a right to audit the GDS on (amongst others) data integrity and contingency is present in the contract or

• Assess whether a SAS 70 Type II / ISAE 3402 statement with a relevant scope is periodically provided

• In case of a right to audit, perform an audit focusing on data integrity and contingency at the GDS

Boarding passes are issued without a ticket (e.g. by airline check-in staff, IT staff) and used

Queries on boarding passes without valid reference to ticket

Assess whether reports of boarding passes without a valid reference to a ticket are available and used


of 39


Initials

Multiple boarding passes for same stretch refer to a single e-ticket

Queries on repeated use of e-tickets on same stretch

Assess whether reports of repeated use of e-tickets on the same stretch are available and used

Status change from Flown to Open and subsequently reused or refunded

Restricted access to status change function at application level

Assess whether access is restricted to those that need to perform related tasks in order to do their jobs




Lists of suspicious status changes

Assess whether suspicious status changes are listed and follow-up takes place

Tickets voided after flown See above See above Passengers are incorrectly identified

Instruction of staff in contact with passengers

Assess whether staff is trained and periodically reminded on the importance of proper identification of passengers

Redundancy (identification both at check-in and at boarding)

• Assess whether procedures (and IT in case of check-in kiosk) support redundant identification

• Assess whether working practice is according to procedure

Disclosure of booking code – name combination

Restricted access to PNR Assess whether access is restricted to those that need to view PNRs in order to do their jobs

Non-disclosure agreement (internally and with other parties handling PNRs)

Assess whether non-disclosure agreements are signed by all parties working with PNRs

Procedures regarding distribution of booking codes

Assess whether a procedure is in place and followed to properly identify the passenger before communicating the booking code

Secure exchange of data between systems

Assess whether exchanged data is adequately encrypted or adequate secure channels (VPN) are used


of 39


Initials

Abuse of credit card data Restricted access • Assess whether credit card details cannot be made visible (on screen, in print, through exports, etc.) with standard transactions

• Assess whether each retrieval of credit card data (also at database level) is logged and whether this logging is reviewed

• Assess whether credit card details are stored in an encrypted manner

• Assess whether database administrator access is restricted; • Assess the progress and outstanding issues of the PCI-DSS

compliancy project.

Discounted fare control in fully automated process (seamen, missionary, senior, staff, etc.)

Verification of legitimacy of use of discounted fares (issuer’s agent code, passport, seaman’s passport, personnel ID, etc.)

• Assess the presence of automated controls for verifying the legitimacy of discounted fares (e.g. by checks with reference data)

• Assess whether ground handling staff is instructed to verify the legitimacy of discounted fares

• Assess whether ground handling staff verifies the legitimacy of use of discounted fares and takes appropriate action in case of (probable) misuse

Passenger shows up for cancelled / rescheduled flights

SMS service, email • Assess whether passengers are recommended to leave their contact details at the time of booking

• Assess whether a procedure regarding passengers showing up for rescheduled / cancelled flights is in place and is followed up

Incorrect claim on inventory (e.g. duplicate booking)

Cancellations of unpaid bookings within x hours

Assess whether unpaid reservations are automatically cancelled after a certain amount of time

Lack of e-Ticket interline agreements and as a consequence settlement issues

System does not allow E-Ticketing for stretches flown by airlines that do not have an interline agreement

Verify that ticketing application does not allow the issuing of e-tickets for stretches flown by airlines that do not have an E-Ticket interline agreement


of 39


Initials

System control: no check-in for non-interlined passenger allowed (or other interline restrictions)

Verify that passengers with electronic ticket of airline with no E-Ticket interline agreement cannot check-in with E-Ticket

No collection of service fees from agents (service fees received from agents not included in fare amount (in some cases manually registered under remarks))

Consistent coding of service fees in one of the ticket fields

Assess whether instructions were provided to agents regarding how to report collected service fees on tickets

Matching of received services fees with tickets and reporting unmatched tickets

Assess whether matching takes places and reports of unmatched tickets are followed up

Incomplete revenue accounting

Interface controls Assess whether controls on the interface between the e-ticketing environment (e.g. sequence checks) and the revenue accounting environment are in place and exception reporting is followed up.

Check on presence of pax boarding status data for each executed flight

Assess whether a match between flight schedule execution and boarding reports is made and mismatches are reported and followed up

Check on completeness of accounting for each individual flight leg

Assess the existence and use of control query that checks whether for each flown leg on non-free tickets a revenue > 0 has been calculated

Abuse of IT systems, leading to unauthorised transactions that involve revenue leakage (e.g. changes to bookings, generation of boarding passes without ticket reference)

Role based access, Segregation of Duties

• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised bookings (e.g. segregation between creation and approval of exceptional bookings)

• Assess whether conflicting profiles are not granted to a single person

Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs


of 39


Initials

Authentication of users of IT systems

• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)

• Assess whether accounts are locked after repeated failed login attempts

Maintenance of access rights to IT systems

• Assess whether granting of access rights is only executed after approval of designated authorising managers

• Assess whether leaves and staff transfers lead to revocation of access rights

• Assess whether outstanding access rights are periodically reviewed by management

Logging of critical activities Assess whether critical activities are logged, log files are archived and reviewed, and access to log files is restricted




Unavailability of reservation and booking systems

Redundancy of IT servers, storage, power and network elements

• Assess hardware, networking and power supply for absence of single points of failure. In case single points of failure exist, verify whether the related risk is consciously accepted by management

• Obtain comfort from external providers regarding their redundancy

Continuity plans to minimise adverse effects of outages

Assess whether continuity plans are present, up-to-date and tested

Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed


of 39


Initials

Loss of application and data Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location

• Assess whether back-ups are scheduled and execution is monitored

• Assess whether recovery tests are performed

Process Notes & Test Results


of 39

B. Revenue Recognition Potential Risk Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

Incorrect revenue accounting (e.g. cut-off)

Follow the accounting rules of the company set in the financial policy

• Assess testing of application before it was implemented • Compare system rules to what has been set in the accounting

policy

Rule in the system: • correct classification of

earned and unearned revenue

• correct cut off rules in the system

• Assess reports of tests executed prior to implementation • Perform sample testing of correct cut of flight(s)

Restricted access to application parameters

Assess whether access to application parameters that influence the accounting method is restricted (need to have)

Management reporting is provided for review

• Test to determine whether management reviewed management reporting

• Test whether systems provide adequate management reports

Unrecognized/overrecognized revenue

Proration rate/agreement according to IATA and SPA

• Check the correctness/completeness of the proration parameters (comparison with agreement)

• Perform sample testing of correct proration calculation

Reconciliation of unbalanced coupon batches

Review reporting provided by the system identifying unbalanced coupon batches (exception reporting). Ensure that appropriate actions are taken by management.

Management reporting is provided for review

• Test to determine whether management reviewed management reporting

• Test whether systems provide adequate management reports

Presentation of revenues (pax versus ancillary)

System mapping based on accounting policy of the company.

• Assess testing of application before it was implemented • Compare system rules to what has been set in the accounting

policy


of 39


Initials

Pricing inaccuracies – tickets are priced higher or lower than your published fares

Fare audits Assess scope (sufficient coverage of sales), quality of execution and follow-up on fare audits

Exception report • Review exception report for fare discrepancies and justification

• Ensure ADMs were issues and collected on a timely basis

System controls Assess whether a system control is implemented which ensures compliance with the pricing policy Assess whether automated pricing and ticket module for reissue and revalidation is in place (if possible)

Pricing policy Assess whether a policy regarding pricing and manual tariffication exists and is implemented

Incomplete revenue accounting

Interface controls Assess whether controls on the interface between the e-ticketing environment (e.g. sequence checks) and the revenue accounting environment are in place and exception reporting is followed up.

Restricted access to database Assess whether access to the database of the revenue accounting system is limited (need to have)

Check on presence of pax boarding status data for each executed flight

Assess whether a match between flight schedule execution and boarding reports is made and mismatches are reported and followed up

Check on completeness of accounting for each individual flight leg

Assess the existence and use of control query that checks whether for each flown leg on non-free tickets a revenue > 0 has been calculated

Loss of application and data

Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location



Unavailability of revenue accounting system




of 39


Initials


Untrained use or abuse of IT systems, leading to transactions that involve revenue leakage (e.g. with regard to interline settlement)

Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs (e.g. changing pro-rate settings)














of 39

C. Revenue controls and monitoring (e.g. flown not sold, sold not flown) We ran out of time during the workshop to touch this topic. Please feel free to come up with potential risks and related controls and audit tests / questions. Potential Risk Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

Flights are made with unsold tickets

Reporting and follow-up on ‘flown not sold’ tickets

Assess whether the ticket numbers of flown coupons are matched with the related booking and payment, and coupons that cannot be matched are investigated

No insight in aging of ‘obligation’ towards customers

Aging analysis of that have been sold but not yet used

Assess whether a ‘sold not flown’ aging analysis exists and is reviewed by management

Incomplete measurement of revenue

Sequence check on issued e-tickets

Assess whether a sequence check on issued e-tickets is performed and that any gaps are investigated

Coupon status of flying passenger not changed

Reconciliation of sum of e-ticket list and gathered coupons with passenger name list

Assess whether the sum of the e-ticket list and the paper tickets for a flight is reconciled with the number of passengers on the passenger name list and whether discrepancies are investigated

Expired tickets are not closed Check periodically for expired tickets in operational database and take corrective action in line with general terms and conditions (ticket data must remain available for refunds)

Assess whether periodical check and corrective action takes place



of 39

D. Manual interventions and critical transactions (refunds, flight disruption, charge backs, flight interruption manifest (FIMs), etc.) Manual interventions and refunds appeared to be key risks related to E-Ticketing. A good practice (best practice?) appears to be: 1. Try to reduce the need for manual interventions as much as possible by creating (critical) application transactions for actions that are frequently

performed; 2. Keep the group that performs manual interventions as small as possible; 3. Keep the group that performs critical transactions as small as possible; 4. Control these small groups well. Potential Risks – high level Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

Unauthorised manual (database) changes, e.g. changes from final status (flown / exchanged / refunded) to open

Periodical review of database authorisations

Assess whether authorisations for manual changes at database level are periodically reviewed

Logging of manual changes Assess whether manual changes are logged and logs cannot be manipulated

Periodical review of executed changes

Assess whether these logs are periodically reviewed / analysed

Coupons remaining in database with intermediate status

• Query of coupons that have intermediate status for more than x hours / days

• Follow-up on query

Assess whether coupons with an intermediate status for a long time that are in the database are queried and corrective action is taken

Unauthorised critical transactions

Periodical review of transaction authorisations

Assess whether authorisations for critical transactions are periodically reviewed

Logging of critical transactions Assess whether critical transactions are logged and logs cannot be manipulated

Periodical review of executed transactions

Assess whether these logs are periodically reviewed / analysed


of 39

Potential Risks – high level Expected Controls Audit Testing/ Questions WP Ref./ Completion Date

Initials

Process Notes & Test Results Manual interventions (not exhaustive): • Changing bookings • Manual pricing • Special offers/discounts • Promotional tickets • Coupon status changes • Re-issues • Exchanges • Refunds • Waiving of fees • Flight Interruption • Upgrades/downgrades • SSR’s • Booking class changes and restrictions • Out of sequence coupons • Revalidation of e-tickets • Frequent flyer manipulation • PNR Changes

• Booking class changes and restrictions • Out of sequence coupons • Revalidation of e-tickets • Extension of ticket validity/fare validity • Ancillary fee manipulation • Checking in e-ticket passengers as paper tickets • Baggage allowance limits (printed on ticket) • Re-routing • Frequent flyer manipulation • PNR Changes • Extension of ticket validity/fare validity • Ancillary fee manipulation • Checking in e-ticket passengers as paper tickets • Exchanging e- to p-tickets • Baggage allowance limits (printed on ticket) • Re-routing


of 39

Potential Risk – more detailed

Expected Controls Audit Testing/ Questions WP Ref./ Completion Date

Initials

Identical manual interventions are very frequently executed

Report and root cause analysis of most frequently executed interventions

• Assess whether the most frequent interventions by type are reported an known to management

• Assess whether the root cause for these interventions is analysed

Research into possibility of reducing the number of manual interventions

Assess whether management researched the possibility of reducing the number of manual interventions (e.g. by tightening procedures, storing more fares or automating the intervention)

No revenue due to issuance of a ticket without a booking (Is this possible? Booking open segments is possible)

Each ticket has a PNR Query the ticket database for issued tickets without PNR

Incorrect issuance of open segment ticket

Applicable fare for open tickets permits electronic issuance with open segment, consequently reducing the need for manual fare adjustments for open tickets

Assess ticketing business rules and fare filing relative to total of fares offered (the more fares filed, the less need for manual fare adjustments)


of 39



Initials

Loss of revenue due to unauthorized booking class changes and removal of fare restrictions

• System reports to identify magnitude of lost revenue and frequency of such transactions on an agent/base basis

• Access controls and audit trails

• Preventive controls in system for changes and collection

• Policies and procedures with respect to booking classes and changes to fare restrictions

• Automated re-issuance of tickets with new booking class

• Fare controls • Sample testing of fares • System automatically

compares PNR booking class against the e-ticket and identifies exceptions for management review

• Compare class data according to DCS with class data according to ticket. Additional information required regarding frequent flyers (frequent flyer database) and involuntary upgrades (e.g. due to a/c change or cancellation)

• Trend analyses and comparisons between stations • Check who is authorised to grant upgrades and check

whether he/she is fed back on excessive amount of upgrades • Review reports for evidence of management review • Review access controls for reasonability against policies • Review for evidence of monitoring of audit trails • Tests of one for application controls (preventive controls over

changes and collection, automated re-issuance of tickets with new booking class, system auto compares PNR booking class against the e-ticket)

• Review fare audit results (ensure audit coverage is appropriate) and perform sample testing


of 39



Initials

Circumstances of downgrades not documented, leading to incorrect or double complaint handling

• Entering remarks to support claim handling and compensation

• Central complaint registry and agreements regarding complaint handling for flights by other airlines

• Check for duplicate claims (station plus headquarters or even other airlines)

• Spot checks on claims • Assess whether policy and process manual are in place and

followed • Check for recurrence of same credit card number, bank

account number, booker’s IP address, etc.

Unauthorised application of special fares

Authorisation code reconciliation

• Fare audit procedure • Check on recurring use of authorisation code • Obtain list of special fares, including group fares, with details

(period, station, etc.) • Group fares by group

Authorising party for special fares needs to pay / is charged the discount amount

• Audit the charge account setup (are correct accounts / cost centres charged?)

• Reviewing follow-up on unauthorised application of discounts

Interface between revenue accounting system and fare filing database (enabling automated fare audit, e.g. by SIRAX)

• Assess interface controls • Assess follow-up on exceptions

Unauthorised application of tour codes (auto quoted)

Authorisation code (tour code) reconciliation

Compare list of authorisation codes floating in the market with authorisation codes on ticket


of 39



Initials

Out of sequence coupons

• System controls to automatically suspend the ticket based on chronological error

• System voids out of sequence coupons

• Access controls limit ability to perform this function (Help Desk users only, for example)

• Reporting out of system to identify out of sequence transactions for management review

• Test of one over application controls (auto suspension of out of sequence coupons, system voids out of sequence coupons)

• Review access controls • Review management review of out of sequence transactions

Misalignment of information where there is a separate reservation and e-ticketing database system

• System prompts • System reports on

discrepancies between the reservation and e-ticketing databases

• Test of one over application controls (system prompts) • Review management’s review of reports regarding

discrepancies

Frequent flyer program manipulation (fraud risk – e.g. agents inputting their own account number for bookings)

• System has a name check function to ensure that name on program account matches that on the e-ticket

• If system does not have name check functionality, review report detailing account usage/points acquired over a period of time

• Test of one over application controls (system check on names)

• Review management’s review of account usage/points (high frequency and/or high points accumulation as compared to average) acquired reporting


of 39



Initials

Extension of ticket validity/fare validity

• system prevents ability to extend ticket/fare validity (including differences in validity based on fare class)

• System produces report of exceptions for management review

• Test of one (prevent ability to extend ticket/fare validity, prevent creation of booking where fare class/date of travel does not match with e-ticket validity)

• Evidence of management review *** Is a re-issue the same as an exchange? Need to confirm vs. IATA standard ***

Checking in e-ticket passengers as paper tickets (coupon status remains as not flown)

• Post-flight procedures will show how many passengers are paper vs. e-ticket. These numbers are reconciled against the system.

• System generates report to facilitate reconciliation of passengers manifested against ETL/paper coupons collected and management reviews this report

Review reconciliation performed post-departure with respect to paper vs. e-ticket passengers and manifest

Incorrect change of coupon status

Segregation of Duties Check for conflicting authorisations with one user Audit trail Check presence, retrievability and usability of logs Exception reporting Follow-up on exception reporting Review and feedback Assess existence and use of reports regarding coupon status

changes

Incorrect reissues Fare audits Assess scope, quality of execution and follow-up on fare audits Automated controls (in transaction)

Assess whether automated controls that minimise the risk of incorrect reissues are implemented

Four eyes (check by second person)

Check whether the retained copy of a reissued ticket is accompanied by 2 names and signatures

Incorrect exchanges of tickets See Expected Controls for reissued tickets

See Audit Testing / Questions for reissued tickets


of 39



Initials

Exchanging e- to paper tickets without a status change made to the e-ticket

System report that shows paper tickets with exchange value equalling to an e-ticket number. Report is reviewed and transactions validated.

Review report for evidence of management review

Baggage allowance limits (printed on ticket)

System report identifies where baggage allowance on the ticket database does not match with prescribed limit. This report is reviewed.

Review report for evidence of management review

‘Unnecessary’ waiving of change / cancellation fees

Audit trail in application Assess the adequacy of the scope of the audit trail in the application (are all waivers logged in sufficient detail for further analysis?

Authority list showing who is authorised to wave fees

Obtain access control list and verify that rights to waive are only assigned to those that must be able to waive in order to perform their duties

Investigating legitimacy of reason for waving fee

Obtain evidence for waiving fee (based on principle that not documenting reason is a control exception)

Collecting (or deducting from refund) the wrong change / cancellation fee

Preventive IT controls (feasible due to dependency from GDSs?)

• Assess whether prescribed fees per type of change can be overruled and if yes, by whom. For those who can change prescribed fees, assess a sample of tickets changed / cancelled by the persons that can overrule the prescribed fees

• Assess whether rights to overrule are limited to those that need to be able to overrule and that an audit trail is in place and usable

• Take a sample of changed / cancelled tickets and compare actual collection / deduction with prescribed fees for the change / cancellation performed

Mix-up of fees, taxes and fare Fare audit (detective control) • Recalculate historic refunds


of 39



Initials

in refund Calculating fare per segment • Check that calculation of refund is based on fares and taxes per segment

System controls • Check that pricing elements (fees, taxes, fare) are classified correctly

Incorrect refunding Refunding only after showing ID (refund to same person)

• Check existence of procedure • Assess presence of copies of IDs in refund administration

Refunding on same form of payment (same credit card, same bank account, etc.)

• Check existence of procedure and supporting IT controls (application does not allow refund to different account / credit card)

• Test application controls are take a sample of refunds to check for refund on same form of payment

Obtaining authorisation from and calculation of amount from issuing office

• Check enforcement of authorisation from issuing office by procedure or workflow in application

• Take a sample of refunds to check for presence of authorisation or test automated workflow

Ancillary fee manipulation

• System reports identifying where fields have been changed. Reports are reviewed.

• System automatically generates fees, as required.

• Fee overrides are monitored and reviewed.

• Review report for evidence of management review • Test of one (System automatically generate fees, as required)

Re-routing • Access controls restrict which users are able to execute re-routing transactions.

• System reports when re-routing has occurred. These reports are reviewed.

• Review access controls against prescribed policies • Review report for evidence of management review


of 39



Initials

Tickets are unvoided Application design / IT control that prevents unvoiding

Test of one to ensure that system control works as intended

Voiding tickets with used segments

Application design / IT control that prevents voiding of tickets with used segmants

Test of one to ensure system control works as intended

Incorrect processing of flight interruptions

FIM is auto-generated with e-tickets

Remark: Involuntary reissuing of tickets also applied instead of FIMS

Excessive SSRs that cannot be accommodated for flight safety reasons

Counters on excessive requests

Review SSR types on each flight (sample basis) for reasonability

Unintended use of SSRs (e.g. wheelchair in order to use the fast lane)

Require official documentation to request SSR

Select a sample of tickets with SSRs and obtain supporting documentation

Requesting a Special Service which was not requested (and paid if applicable)

Putting proof of request on ticket (as a surcharge / tax code)

Review system workflows to determine whether proof of request is printed on ticket

Showing MCO at check-in Observe procedures at check-in to determine whether agents request to see MCO’s

Marry MCO to ticket in DCS (check-in agent sees what service is requested)

Test system configuration

Ticket and MCO are linked Test system configuration Fill in MCO details in endorsement field of e-ticket (system requires this)

Test of one

Unauthorised interventions, leading to revenue leakage

Minimal or no interventions by customer-facing employees front office)

Assess whether the possibility to execute manual interventions is restricted to supervisors or is taken away from all customer facing staff (back office only) if feasible


of 39



Initials


• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised bookings










Logging of critical activities Assess whether critical interventions are logged, log files are archived and reviewed, and access to log files is restricted

Legitimacy checks Assess whether checks regarding the legitimacy of interventions are executed





of 39



Initials

Unavailability of systems Redundancy of IT servers, storage, power and network elements









No downstream updates of intervened records (bookings, coupons etc.)

Flagging and interfacing of changed records

Assess whether changed intervened records are flagged and downstream systems (e.g. departure control, revenue accounting) are informed about the intervention whenever necessary



of 39

E. EMD’s • not available on a widespread basis yet • MCOs • Link EMDs to ticket numbers to facilitate proper revenue recognition • There are some services for which the MCO is not initially linked to the ticket number – need a trigger for this link to occur • MCO purpose will define revenue recognition • Value is linked so that when utilized is properly recognized • Need to reconcile to form of payment and ensure that payment is collected • Change of coupon status (if MCO is not marked as used can be available for refunds) Objective – to ensure completeness and accuracy of revenue associated with EMD, ensure there are adequate controls over the accuracy of MCOs (in particular, fraud risk), ensure collection for fees over MCOs, accountability over MCOs and proper authorization, revenue leakage Potential Risk Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

EMD utilization status is not reflective of the e-ticket status

System automatically associates EMD(s) with an e-ticket. Status of EMD is then reflective of e-ticket status.

Perform a test of one to check whether EMD(s) is automatically associated with an e-ticket

System report identifies EMDs that have a status that is not the same as the associated e-ticket. Report is reviewed.

Review management’s review of system report

Sequence controls in the system for EMDs issued.

Assess whether a sequence control in the system for EMDs is present

Fraudulent use of EMDs System report to identify EMDs unused for extended period of time. Report is reviewed.

• Assess whether a report that lists unused EMDs is in place • Review management’s review of system report


of 39


Initials

EMD is not linked to an e-ticket System report identifies EMDs that to not have an associated e-ticket. Report is reviewed.

• Assess whether a report that lists all EMDs without associated tickets is in place

• Review management’s review of system report

Improper revenue recognition for amounts associated with EMDs

EMDs are coded to identify purpose.

Assess whether EMDs are coded in such a manner that the purpose can be easily / automatically identified

Accounting research is performed to identify proper revenue recognition method for each EMD type.

Review accounting research memo

System maps appropriate revenue recognition for each EMD type according to accounting policy.

Verify whether accounting department was involved in design of system and signed off on acceptance testing

Coupon status change makes EMD available for use more than once

System controls that prevent duplicate utilization.

Assess whether system blocks used EMDs for further use

Access controls limit the number of users that can make coupon status changes.

Review access levels and compare against policy and procedures. Ensure that an appropriate authority approved the access levels.

System generates an exception list that identifies coupons that have changed statuses. List is reviewed for reasonability and follow-up occurs.

Review management’s review of system report

Unauthorized issuance of EMDs

Stock control, including counts and reconciliation. Executed by Station Manager.

Review stock control and reconciliation working papers prepared by the Station Manager(s).


of 39


Initials

Over-utilization of EMDs Values of EMDs are automatically loaded in the system and usage amounts are automated/linked to e-ticket usage

Assess whether EMDs are automatically valued

Improper refunding of EMDs Reconciliation between form of payment and form of refund

Assess whether form of payment and form of refund are reconciled and reviewed by management

Policies and procedures are in place that govern the appropriate refunding of EMDs

Review policies and procedures for reasonability and approval.

Policy defines that refund location must be the same location as sale of the EMD (where currency restrictions exist)

Review policies and procedures for reasonability and approval.

System generates exception reporting that shows transactions where original form of payment is not where the refund is processed. This report is monitored and reviewed by management

Assess whether location of payment and refund are reconciled and reviewed by management

Revenue from EMDs are not complete or do not exist

Reconciliation of EMD amounts per the system to form of payment

Review reconciliation of system amount with form op payment and ensure that reconciling items are appropriately dealt with and/or accounted for.

Abuse of IT systems, leading to unauthorised EMD transactions that involve revenue leakage


• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised EMDs (e.g. segregation between creation and approval of exceptional EMDs)



of 39


Initials




















of 39


Initials




EMDs are not updated when related tickets are changed

Flagging and interfacing of changed tickets

Assess whether changed tickets are flagged and EMD system is informed about the change whenever necessary



of 39

F. Interline / Non interline Potential Risk Expected Controls Audit Testing/ Questions WP Ref./

Completion Date

Initials

Bookings made for OAL stretches for which endorsement is not allowed

System does not accept bookings on stretches for which endorsement is not allowed

• Assess whether the system rejects bookings on stretches when endorsement (for e-tickets) is not allowed / arranged

• Assess whether the list of non-endorsable stretches in the system is kept up-to-date

Passenger shows up with valid OAL reference but ticket cannot be found in DCS (interline tickets not existing)

Known procedure regarding verifying validity of OAL tickets not in DCS

Assess whether a procedure is in place for verifying the validity of OAL reference (e.g through e-ticketing backoffice with access to GDSs and OAL backoffices)

Contract incorrectly implemented in system

Verification of with contract during acceptance testing

Assess whether acceptance testing did include verification with the contract

Available date insufficient to live up to data exchange agreed in contract

Persons in charge of concluding contracts verify with information managers what information can be exchanged

Assess whether information managers reviewed contract proposals for possibility to implement proposed data exchange

Outdated or lack of interline agreement governing relationship for e-ticketing purposes

Contract management system/database that alerts stakeholders as to when contract term end is near (define period)

• Check for availability of contract register • Review alignment of booking classes with other airlines and

compare to what has been entered in to your prorate engine

Review significant interline agreements on a regular basis to determine whether re-negotiation is required

Review agreements on a sample basis


of 39


Initials

Lack of integrity of data Proration method needs to be registered

• Assess whether proration methods are contractually agreed upon

• Review alignment of booking classes with other airlines and compare to what has been entered in to your prorate engine

• Sample testing to confirm whether proration is appropriately calculated (to be performed in cooperation with Revenue Accounting department)

Non-acceptance of tickets Availability of reports on number of rejected tickets on both a coupon and total value basis. Reports are reviewed.

Assess whether reports regarding rejected tickets are in place and reviewed by management

Inability of system to take control of coupons

Compare boarded pax figures versus boarded e-tickets to identify discrepancies

Assess whether failures to change coupon status for boarded passengers are identified, reported and solved

Policy and procedures exist to dictate required actions when there is inability to take control of coupons

Assess whether procedures regarding solving coupon control issues are in place and followed

Billing is not timely and/or complete

System parameters have been set to identify required billing and complete billing

• Verify that system parameters that identify required billing are in place

• Verify that aging reports regarding unbilled coupons are in place and reviewed

Billing delays Monitoring and prompt follow-up on rejected invoices

Assess whether rejected invoices are timely identified and prompt follow-up takes place

Overbilling by partners Tickets require SAC code or they are withheld for payment until further investigation ensues

• Assess whether the system refuses payment for tickets without SAC code

• Review investigation procedures


of 39


Initials

Revenue accounting system identifies inaccurate billing by identifying unreported sales (including auto-rejection)

Assess whether revenue accounting system rejects tickets of which no sale is reported

Interline FIMs Reporting of FIMs issued by airport staff in order to map against billings from other airlines.

Review reporting and mapping performed by management.

FIM is mapped to an e-ticket Assess whether automatic mapping of FIMs to e-tickets is in place

Sequential control over the issuance of FIMs

Assess whether a sequence control in the system for FIMs is present

FIMs are issued but status of e-ticket has not been changed

System control that automatically updates coupon status when FIMs are issued

• Assess whether coupon status is automatically updated at issuance of FIMs

• Where system controls are unavailable, perform sample testing of transactions

Use Ticket Exchanger (include in service provider agreements)

Review service provider agreements

Abuse of IT systems, leading to unauthorised transactions that involve revenue leakage


• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised transactions




of 39


Initials



















of 39


Initials




EMDs are not updated when related tickets are changed

Flagging and interfacing of changed tickets

Assess whether changed tickets are flagged and EMD system is informed about the change whenever necessary

Incomplete and inaccurate exchange of interline coupon data, leading to incomplete / incorrect settlement

Interface controls • Assess whether accuracy checks on exchanged data are in place (e.g. checksums)

• Assess whether completeness checks on exchanged data are in place (e.g. sequential numbering of data files)

• Assess whether double processing of data (at data file and coupon level) cannot occur



of 39

G. Management Information Purpose of management information: proper management and ability to steer a process. The following reports provide management information regarding E-Ticketing: 1. Unused MPDs 2. Non-existing staff IDs 3. Reissued ticket with name change 4. Manual pricing 5. Portion of paper ticket 6. Reason for use of paper ticket 7. Leakages 8. Sector mismatch 9. Class mismatch 10. Out of sequence usage (first coupon not used) 11. Tickets with unfiled fares (fare mismatch) Report Required KPI Indicator of possible fraud 1. Unused MPDs Report on unused MPDs Unused MPD by station Unreasonable/unexpected trending results

Unused MPD by type Unreasonable growth rates Aging of MPDs Usage of unused MPDs by staff (especially

refunds) 2. Non-existing staff IDs Report on activities by terminated staff Obtain IP address used to perform transaction Access to systems by staff who have been

terminated Number of free and/or reduced tickets being issued

High number or frequency of free and/or reduced fare tickets being issued by specific agents

Tickets issued/other benefits offered to terminated staff

Report on employee who actioned transaction on behalf of terminated employee

Personnel number on ticket does not appear as active employee in HR system


of 39

3. Reissued ticket with name change Report identifying any reissued tickets where characters in name fields have changed

Frequency of reissued tickets with changes to name on a staff basis

Staff who perform this function on a frequent basis

4. Manual Pricing Report on all tickets with manual pricing Percentage of manually priced fares by country High percentage of manually priced fares compare

to prior periods or average Manually priced fares that have not been audited through fare audit

Time lag for audit of manually priced fares Unexplainable fare audit scope exclusions Percentage of issued ADMs Low percentage of ADMs (indicates

incompleteness) 5. Proportion of paper tickets Report on percentage of paper tickets versus e-tickets

Less than x% paper tickets (percentage is dependent on staff travel and regions you operate in)

High percentage of paper tickets

Reason why paper tickets are needed Invalid reasons for usage of paper tickets 6. Reason for use of paper ticket Breakdown of issued paper ticket per: • Origin & destination • Issuer • Special add-ons / requests • Carrier involved

% of paper tickets relative to total of issued tickets

Unnecessary issuances of paper tickets

Number of stretches and add-ons that require paper tickets

Unnecessary issuances of paper tickets

7. Revenue leakage Report on out of sequence coupons Number and percentage of out of sequence

coupons per base as compared to previous periods

High number and/or variance compared to previous periods

Cross border sales Number and percentage of cross border sales by country as compared to previous periods

High number and/or variance compared to previous periods

8. Sector Mismatch Report identifying when re-routing or changes to flight paths have been made.

Instances of where system has been overwritten without appropriate authorization and/or fare collected

Non-collection of fees and/or additional fare


of 39

9. Class Mismatch Report identifying where there are discrepancies between class purchased versus what is actually flown

Number of instances or percentage of occurrence where there is a class mismatch

High number of transactions that do not comply with policy

Report comparing original ticket with go-show ticket to search for class mismatch

Excessive amount of go-shows High number of go-shows with a different class than booked for one specific employee or passenger

10. Out of sequence usage Breakdown of tickets for which coupons were not used in sequence per: • Booking class • Issuer • Passenger • Origin & destination

Percentage / number of out of sequence uses per booking class

Out of sequence usages not permitted for applicable booking class High out of sequence usage of tickets issued by a single agent / ticket office High number of releases of out of sequence blocks for a single employee (in case check in system or DCS blocks such use)

11. Tickets with unfiled fares (fare mismatch) Number and total value of tickets with manual fares broken down per: • Origin & destination • Issuer • Booking class

Percentage of offerings for which no fare is filed Agents / ticket offices with high numbers of application of erroneous (lower) fares Agents / ticket offices with high numbers of overrulings (if possible) of autoquoted fares

e-ticketing audit programme e-ticketing audit work program - version to... · e-ticketing audit...

Documents