09.2 audit siklus pembelian dan pembayaran


Published on

Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

09.2 audit siklus pembelian dan pembayaran

  1. 1. Production Dept request for inventory Warehouse/ Inventory Purchase Requisition Check for the availability Inventory Warehouse/ Inventory Purchase Order Inventory Balance Inventory Receiving Depart Purchase Dept Inventory and Receiving Report Receiving Report Vendor Vendor’s Invoice A/P Dept Treasury Cash Disbursement Voucher
  2. 2. DFD of Purchases System
  3. 3. A Manual Purchases System • Begins in Inventory Control when inventory levels drop to reorder levels. • PR is prepared and copies sent to Purchasing and A/P • Purchasing prepares a PO for each vendor and sends copies to Inventory Control, A/P, and Receiving.
  4. 4. A Manual Purchases System • Upon receipt, Receiving counts and inspects the goods. – Blind copy of PO is used to force worker to count goods. • Rec report is prepared and copies sent to raw materials storeroom, Purchasing, Inventory Control, and A/P.
  5. 5. A Manual Purchases System • A/P eventually receives copies of the PR, PO, Rec Report, and the supplier’s invoice. • A/P reconciles these docs, posts to purchase journal, and records liability in the AP subsidiary ledger.
  6. 6. A Manual Purchases System • A/P periodically summarizes the entries in the purchases journal as a journal voucher which is sent to the General Ledger (G/L) department. Inv-Control or Purchases Accts Payable-Control DR CR • A/P also prepares a cash disbursements voucher and posts it in the voucher register.
  7. 7. A Manual Purchases System • G/L department: – posts from the accounts payable journal voucher to the general ledger – reconciles the inventory amount with the account summary received from inventory control
  8. 8. Manual Purchases Flowchart
  9. 9. DFD of Cash Disbursements System
  10. 10. A Manual Cash Disbursement System • Periodically, A/P searches the open vouchers payable file for items with payments due: – A/P sends the vendor’s voucher and supporting documents to Cash Disbursements – A/P updates the accounts payable subsidiary ledger
  11. 11. A Manual Cash Disbursement System • Cash Disbursements Departement: – prepares the check – records the information in a check register (cash disbursements journal) – returns paid vouchers to accounts payable, mails the check to the supplier – sends a journal voucher to G/L: Accounts Payable Cash DR CR
  12. 12. A Manual Cash Disbursement System • G/L department receives: – the journal voucher from cash disbursements – a summary of the accounts payable subsidiary ledger from A/P • The journal voucher is used to update the general ledger. • The accounts payable control account is reconciled with the subsidiary summary.
  13. 13. Cash Disbursements System
  14. 14. Computer-Based Accounting System • CBAS technology can be viewed as a continuum with two extremes: – automation - use technology to improve efficiency and effectiveness – reengineering – use technology to restructure business processes and firm organization
  15. 15. Levels of Automating and Reengineering Ordering Level 1: Computer generates PR – Purchases manually generates PO Level 2: Computer generates PO (no PR needed) – PO not sent until manually reviewed Level 3: Computer-generated PO is automatically sent without manual review Level 4: Electronic Data Interchange (EDI) – Computer-to-computer communication without PO
  16. 16. Expenditures Cycle Database • Other Files • Master Files – supplier reference and – supplier (vendor) master file history file – accounts payable master file – buyer file – merchandise inventory – accounts payable detail file master file • Transaction and Open Document Files – purchase order file • open purchase order file – supplier’s invoice file – open vouchers file – cash disbursements file
  17. 17. Automated Batch Purchases
  18. 18. Automated Batch Purchases
  19. 19. Reengineered Purchases/Cash Disbursements
  20. 20. Computer-Based Purchases • A Data Processing Dept. performs routine accounting tasks. • Purchasing - a computer program identifies inventory requirements • The following methods are used for authorizing and ordering inventories: – the system prepares POs and sends them to Purchases for review, signing, and distributing, or – the system distributes POs directly to the vendors and internal users, bypassing Purchases, or – the system uses electronic data interchange (EDI) and electronically places the order without POs
  21. 21. Computer-Based Purchases • Other tasks performed automatically by the computer: – Updates the inventory subsidiary file from Rec Report. – Calculates batch totals for general ledger update – Closes the correspond records in the open PO file to closed PO file – Validates the voucher records against valid vendor files
  22. 22. Computer-Based Cash Disbursements • Tasks performed automatically by the computer: – the system scans for vouchers currently due – prints checks for these vouchers – records these checks in the check register – batch totals are prepared for the general ledger update procedure
  23. 23. Advantages of Real-Time Input and Processing over Batch Processing • Shortens the time-lag in record-keeping; hence, records are more current • Eliminates much of the routine manual procedures, such as transcribing information onto paper documents • Eliminates much of the storage and shuffling of paper documents • Reduces data entry correction procedures
  24. 24. Summary of Internal Controls
  25. 25. General Internal Controls • Organization controls – segregation of duties • Documentation • Asset Accountability Controls • Management Practices • Data Center Operations Controls • Authorization Controls • Access Controls
  26. 26. Manual Authorization Controls • Purchases of inventory should be authorized by the Inventory Control department, not by purchasing agents • Accounts Payable authorizes the payments of bills, not the cash disbursements clerk, who writes the checks How do these controls change in a CBAS?
  27. 27. Computer-Based Authorization Controls • Authorizations are automated. – programmed decision rules must be debugged (find and reduce bug/ defect) • Automating inventory in EDI and JIT – faulty inventory model can lead to over-purchasing or under-purchasing • Cash disbursements may automate check printing and signing. – programming logic must be flawless – automated signing only below a dollar threshold
  28. 28. Traditional Segregation of Duties • Warehouse (stores) • Inventory control • Accounts payable • General ledger • Requisitioning • Purchases • Purchases returns and allowances • Cash disbursements
  29. 29. Manual Segregation of Duties • Custody of the asset, inventory, by the Warehouse must be separate from recordkeeping for the assets by the Inventory Control. • Custody of the asset, cash, by Cash Disbursements must be kept separate from recordkeeping for the asset by A/P. How do these controls change in a CBAS?
  30. 30. Computer-Based Segregation of Functions • Extensive consolidation by the computer of tasks traditionally segregated – computer programs authorize and process purchase orders (reduce order time-lag) – computer programs authorize and issue checks to vendors
  31. 31. Manual Supervision • Within the expenditure cycle, supervision is of highest importance in the Receiving department, where the inventory arrives and is logged in by a receiving clerk. Need to minimize: – failures to properly inspect the assets – theft of the assets How do these controls change in a CBAS?
  32. 32. Computer-Based Supervision • Automation often leads to a collapsing of the traditional segregation of duties. – requires greater supervision • Supervision takes on new aspects as technology advances. – electronic monitoring • Supervision because more difficult as the workplace becomes more sophisticated. – employees may have advanced IT training
  33. 33. Manual Accounting Records • Must maintain adequate records for: – accounts payable – vouchers payable – checks – general ledger – subsidiary ledgers How do these controls change in a CBAS?
  34. 34. Computer-Based Accounting Records • Accounting records rest on the reliability and security of stored digitalized data. – Accountants should be skeptical about the accuracy of hard-copy printouts. – Backups - the system needs to ensure that backups of all files are continuously kept. • Most automated systems still have a lot of paper documents. – This is good for audit trail purposes but is often inefficient. – As the system becomes increasing paperless, maintaining an audit trail becomes more difficult.
  35. 35. Manual Access Controls • Access to: – inventories (direct access to make fraud) – cash (direct access) – accounting records (indirect access) How do these controls change in a CBAS?
  36. 36. Computer-Based Access Controls • Magnetic records are vulnerable to both authorized and unauthorized exposure and should be protected – must have limited file accessibility – programs must be safeguarded and monitored
  37. 37. Manual Independent Verification • A/Payable Dept. verifies much of the work done within the expenditure cycle. – PR, PO, receiving reports, and suppliers’ invoices must be checked and verified by A/P. • G/Ledger Dept. verifies: – the total obligations recorded equal the total inventories received – the total reductions in accounts payable equal the total disbursements of cash How do these controls change in a CBAS?
  38. 38. Computer-Based Independent Verification • Automating the accounting function reduces the need for verification by reducing the chances of fraud and error in the expenditure cycle. • However, the need for verification shifts to the computer program and the programmers where fraud and error may still be present.
  39. 39. Threats in Ordering Goods  Threats in the process of ordering goods include: – THREAT 1: Stockouts and/or excess inventory – THREAT 2: Ordering unnecessary items – THREAT 3: Purchasing goods at inflated prices – THREAT 4: Purchasing goods of inferior quality – THREAT 5: Purchasing from unauthorized suppliers – THREAT 6: Kickbacks – EDI-Related threats – Threats related to purchases of services
  40. 40. Threats in Receiving and Storing Goods  The primary objectives of this process are to: – –  Verify the receipt of ordered inventory. Safeguard the inventory against loss or theft. Threats in the process of receiving and storing goods include: – THREAT 7: Receiving unordered goods – THREAT 8: Errors in counting received goods – THREAT 9: Theft of inventory
  41. 41. Threats in Approving and Paying Vendor Invoices The primary objectives of this process are to: – Pay only for goods and services that were ordered and received. – Safeguard cash.  Threats in the process of approving and paying vendor invoices include: – THREAT 10: Failing to catch errors in vendor invoices – THREAT 11: Paying for goods not received – THREAT 12: Failing to take available purchase discounts – THREAT 13: Paying the same invoice twice – THREAT 14: Recording and posting errors to accounts payable – THREAT 15: Misappropriating cash, checks, or EFTs 
  42. 42. EXPENDITURES CYCLE AUDIT OBJECTIVES, CONTROLS, AND TEST OF CONTROLS • Achieving audit obj require designing audit procedure to gather evidence that either corroborates or refutes mgt assertions. • It involves a combination of ToC and substantive tests of details. The specific controls addressed here are based on the application controls framework, which classifies controls into: input controls, process controls, and output controls. • Within this framework, we examine application controls, tests of controls, and the audit objectives to which they relate.
  43. 43. INPUT CONTROLS Input controls are designed to ensure that transactions are valid, accurate, and complete. • Data Validation Controls Input validation controls are intended to detect transcription errors in transaction data before they are processed.  Missing data checks: to examine the contents of a field for the presence of blank spaces.  Numeric-alphabetic data checks.  Limit checks.  Range checks assign upper and lower limits to acceptable data values.  Validity checks compare actual values in a field against known acceptable values.  Check digit controls.
  44. 44. INPUT CONTROLS  Testing Validation Controls Audit procedures provide evidence about the accuracy assertion:  The auditor may decide to rely on the quality of other controls to provide the assurance needed to reduce substantive testing. Ex: after reviewing systems development and maintenance controls, auditor may determine that controls over original program design and testing and subsequent changes to programs are effective.  ITF or the test data approach enable the auditor to perform explicit tests of the validation logic. This evidence help auditor determine the nature, timing, and extent of subsequent substantive tests.  The auditor can achieve some degree of assurance by reviewing error listings and error logs. These documents provide evidence of the effectiveness of the data entry process, the types and volume of errors encountered, and the manner in which the errors are
  45. 45. INPUT CONTROLS  Batch Controls  The objective of batch control is to reconcile output produced by the system with the input originally entered into the system.  The information contained in the transmittal sheet is entered as a separate control record that used to verify the integrity of the batch. Periodic reconciliation between the data in the transmittal record and actual processing results provides assurance of the following: All invoices that were entered into the system were processed. No invoices were processed and paid more than once. All invoices entered into the system are accounted for as either successfully processed or rejected because of errors.
  46. 46. INPUT CONTROLS  Testing Batch Controls  Tests of batch controls provide the auditor with evidence relating to the assertions of completeness and accuracy.  Testing batch controls involves reviewing transmittal records of batches processed throughout the period and reconciling them to the batch control log. The auditor needs to investigate out-of-balance conditions to determine their cause.
  47. 47. INPUT CONTROLS  Purchases Authorization Controls  Purchases authorization actually occurs in the revenue cycle when goods are sold to customers.  At that time, the system compares the quantity-on-hand with the reorder point to determine if the inventory needs to be reordered.  Testing Purchases Authorization Controls  The following tests of controls provide evidence pertaining to the accuracy and valuation assertions.  Since PReq are internally generated, they should be free from clerical errors and do not need validating. However, computer logic errors in this procedure can cause negative operational and financial consequences.  Testing these controls using CAATTs involves creating test inventory records and sales trans that reduce the inventory items below their reorder point. The resulting PReq and inventory records can then be examined for evidence of properly functioning controls.
  48. 48. INPUT CONTROLS  Employee Authorization  The personnel department: prepares and submits personnel action forms to the payroll department. These documents are used to effect changes in hourly pay rates, payroll deductions, and job classification. identify employees who are authorized to receive a paycheck. This information plays an important role in preventing errors and payroll fraud. A common form of fraud: overcharging or fictitiounus.  When employee authorization procedures are computerized, the payroll program matches each attendance record with a corresponding record in the current personnel action file. → Any attendance records that do not match should be rejected and investigated by management.
  49. 49. INPUT CONTROLS  Testing Employee Authorization Procedures  The following tests of controls provide evidence pertaining to the existence, accuracy, valuation, and rights and obligation assertions.  Using either the test data or integrated test facility (ITF) approaches: → the auditor can assess the correctness of programmed procedures that validate employee authenticity.  The auditor can obtain assurance that the file has integrity when the following controls exist: access to the authorized employee file is password controlled; additions to and deletions from the file are restricted to authorized individuals in the personnel department; and the employee records stored on the file are encrypted.
  50. 50. PROCESS CONTROLS  Process controls include computerized procedures for updating files and restricting access to data.  File Update Controls  Run-to-run controls use batch control data to monitor the batch as it moves from one programmed procedure (run) to another.  Sequence Check Control.  Liability Validation Control. An important control in purchases/accounts payable systems is the validation of the liability prior to making payment. The process involves reconciling supporting documents including the purchase order, receiving report, and supplier’s invoice.  Valid Vendor File. The valid vendor file is similar to the authorized employee file.
  51. 51. PROCESS CONTROLS  Process controls include computerized procedures for updating files and restricting access to data.  Testing File Update Controls.  Failure of file update controls can result in transactions (1) not being processed (liabilities are not recognized and recorded), (2) being processed incorrectly (i.e., payments are approved for unauthorized recipients), or (3) being posted to the wrong supplier’s account.  Tests of file update controls provide evidence relating to assertions of existence, completeness, rights and obligations, and accuracy.  Tests of sequence checks can be performed using either ITF or the test data approach.  Testing the liability validation logic requires understanding the decision rule for matching supporting documents. By creating test purchase orders, receiving reports, and supplier invoices, the auditor can verify whether decision rules are being correctly applied.
  52. 52. PROCESS CONTROLS  Access Controls  Access controls prevent and detect unauthorized and illegal access to the firm’s assets. An individual with unrestricted access to data can manipulate the assets of the firm and cause fs to be materially misstated.  The following are examples of risks specific to the expenditure cycle: 1. Once recognized by the system as a legitimate liability, the AP account will be paid even though no purchase transaction transpired. 2. Access to employee attendance cards may enable an unauthorized individual to trigger an unauthorized paycheck. 3. An individual with access to both cash and accounts payable records could remove cash from the firm and record the act as a legitimate disbursement. 4. An individual with access to physical inventory and inventory records can steal products and adjust the records to cover the theft.
  53. 53. PROCESS CONTROLS  Testing Access Controls  In the absence of adequate controls, supplier invoices can be deleted, added, or falsified. Individual payroll account balances can be erased or the entire accounts payable file can be destroyed.  Evidence gathered about the effectiveness of access controls tests the management assertions of existence, completeness, accuracy, valuation and allocation, rights and obligations, and presentation and disclosure.  Since payments to false vendors carries such potential for material loss, the auditor is concerned about the integrity of the valid vendor file. By gaining access to the file, a computer criminal can place his or her name on it and masquerade as an authorized vendor.  The auditor should therefore assess the adequacy of access controls protecting the file. These include password controls, restricting access to authorized managers, and using data encryption to prevent the file contents from being read or changed.
  54. 54. PROCESS CONTROLS  Physical Controls  Purchases System Controls Segregation of inventory control from the warehouse. Segregation of the GL and AP from cash disbursements. Supervision of receiving department, reduces the chances of failure to properly inspect the assets and the theft of assets. Inspection of assets. Receiving clerks must inspect items for proper quantities and condition (damage, spoilage, and so on), with a blind PO. Incoming goods are accompanied by a packing slip. A supervisor should take custody of the packing slip while receiving clerks count and inspect the goods. Reconciliation of supporting documents: PO, Receiving report, and supplier’s invoice.
  55. 55. PROCESS CONTROLS  Payroll System Controls Verification of timecards, verify their accuracy and sign them. Supervision / CCTV. Paymaster. The use of an independent paymaster to distribute checks (rather than the normal supervisor) helps verify the existence of the employees. Payroll imprest account. Employee paychecks are drawn on a special payroll imprest account at the bank, which is used only for payroll clearing.
  56. 56. PROCESS CONTROLS  Testing Physical Controls  The auditor’s review of organizational structure should disclose the more egregious examples of incompatible tasks, such as one individual opening and approving timecards, authorizing employee payments, and receiving and distributing the paychecks.  In automated environments, the auditor’s concern should focus on the integrity of the computer programs that perform these tasks. Is the logic of the computer program correct? Has anyone tampered with the application since it was last tested? Have changes been made to the program that could have caused an undisclosed error? Are there adequate formal procedures (i.e., supervision) to compensate for the lack of segregation of duties?  Answers to these questions come from the auditor’s review of systems development and maintenance controls and by reviewing organizational structure.
  57. 57. OUTPUT CONTROLS  Output controls are designed to ensure that information is not lost, misdirected, or corrupted and that system processes function as intended.  Invoice (AP) file listing past-due liabilities can identify discounts lost and help mgt assess the operational performance of the AP process.  Reconciling the GL can detect certain types of transaction errors. Example, total of all reductions to AP should = total cash disbursements to vendors.  Other important element of output control is the maintenance of an audit trail.  The following are examples of audit trail output controls.      Accounts Payable Change Report Transaction Logs Transaction Listing Log of Automatic Transactions Unique Transaction Identifiers
  58. 58. OUTPUT CONTROLS  Testing Output Controls  Evidence gathered through tests of output controls relates to the completeness and accuracy assertions.  Testing output controls involves reviewing summary reports for accuracy, completeness, timeliness, and relevance to the decision that they are intended to support.  In addition, the auditor should trace sample transactions through audit trail reports, including transaction listings, error logs, and logs of resubmitted records.  Alternatively, the auditor can test output controls directly using ITF. A well-designed ITF system will permit the auditor to produce a batch of sample transactions, including some error records, and trace them through all phases of processing, error detection, and output reporting.
  59. 59. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Expenditure Cycle Risks and Audit Concerns  External auditors are concerned primarily with the potential for understatement of liabilities and related expenses. Substantive tests of expenditure cycle accounts are therefore directed toward gathering evidence of understatement and omission of material items rather than their overstatement.  In resolving these concerns, the auditor will seek evidence by performing a combination of tests of internal controls and substantive tests. Tests of controls include testing both general controls and application controls.  In addition to tests of controls, the auditor must perform substantive tests to achieve audit objectives.
  60. 60. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Understanding Data  The substantive tests described in this section involve extracting data from accounting files for analysis.  The auditor must verify that he or she is working with the correct version of the file to be analyzed. To do so, the auditor must understand the file backup procedures and, if possible, work with the original files.  Data description of each file follows. Inventory File The Inventory file contains quantity, price, supplier, and warehouse location data for each item of inventory. When inventory items are sold or used in production, the Quantity-on-Hand field is reduced accordingly by a computer application. With each inventory reduction, the system tests for a “reorder” condition, which occurs when the quantity-on-hand falls below reorder point. The system prepares a PO, which is sent to the vendor, and adds a record to Purchase Order file.
  61. 61. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Understanding Data Purchase Order File This file contains records of purchases placed with suppliers. Purchase Order Line Item File The Line Item file contains a record of every item ordered. Receiving Report File When the ordered items arrive from the supplier, they are counted and inspected, and receiving documents are prepared. Disbursement Voucher File and Check Register File If the items, quantities, and prices match, then a record is added to the Disbursement Voucher File. Each payment day, the Cash Disbursement application selects the items due to be paid and adds a record to the Check Register File for each payment.
  63. 63. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Testing the Accuracy and Completeness Assertions The audit procedures described in this section provide evidence relating to management assertions of accuracy and completeness.  Review Disbursement Vouchers for Unusual Trends and Exceptions Auditor use ACL’s Stratify and Classify features to identify various characteristic and anomalies associated w/ AP. Excessive purchases from a single supplier reflect an unusual business dependency Large number of small volume suppliers is evidence of a highly inefficient purchasing.
  64. 64. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Testing the Accuracy and Completeness Assertions  Reviewing for Accurate Invoice Prices Comparing prices on supplier invoices to original PO prices provides evidence for testing the mgt assertion of accuracy. Significant discrepancies between expected prices and the prices actually charged may be due to: (1) clerical errors, (2) failure to review supporting documents before authorizing payment, or (3) AP personnel exceeding their authority in dealing with price discrepancies. Testing pricing accuracy involves matching records from the two files using ACL’s Join feature and creating a third output file.
  65. 65. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Testing the Completeness, Existence, and Rights and Obligations Assertions  The search for unrecorded liabilities provides evidence that tests the completeness, existence, and rights and obligations assertions.  Searching for Unrecorded Liabilities The search for unrecorded liabilities involves the Disbursement Voucher and Receiving Report files. Again, using the Join feature, the two files can be compared for the existence of mismatched records.  Searching for Unauthorized Disbursement Vouchers (prepared by?) Unsupported disbursement vouchers may signify an attempt at fraud or a poor control environment in which multiple payments are made for the same purchase.
  66. 66. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Testing the Completeness, Existence, and Rights and Obligations Assertions  Review for Multiple Checks to Vendors The auditor can test for duplicate records in a large file by employing ACL’s Duplicate feature. This technique is demonstrated below using the Disbursement Voucher file. Various fields or combination of fields may be used to test for duplicate records. The auditor needs to understand the relationship between the files to draw meaningful conclusions from the test results.
  67. 67. SUBSTANTIVE TESTS OF EXPENDITURE CYCLE  Auditing Payroll and Related Accounts Testing accrued payroll and related accounts for completeness and accuracy consist primarily of analytical procedures and reviews of cash disbursements made in the following period. The auditor should test the mathematical accuracy of payroll summaries and trace totals to the payroll records and to the general ledger accounts. The average salary per employee in the current period can be compared to the previous year’s averages. ACL’s Stratify feature can help the auditor detect unusual trends and abnormal balances in the payroll file.