SlideShare a Scribd company logo

STIl-Test control report

CA Gourang Shah
CA Gourang Shah
1 of 6
Download to read offline
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Section 6 Test of controls 01. Executive summary 02. Organisation Structure – Steel and Tube Industries Limited 03. Business process flow chart and documentation 04. SWOT Analysis 05. Stores management 06. Test of controls 63
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 IT general and business activity test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required User Access Control Access log-ins done by users 1. Access to system by different users on a user id 1. Some users pc names are created with personal names, some with designations, difficult to trace the department and their users 2. More than one action users accessed by multiple clients 3. Frequent password changes are not seen 4. Users often do not log off each time they log into the SAP. 5. There is also an over ride of user rights even when a user is on leave 1. Creating department wise ids and all pc names should be with department works assigned – Sales executive 1, Sales executive 2, Accounts 1, Accounts 2 etc 2. Inquiry by IT on a weekly basis if any other pc access the other user id from their pc. Cash control 1. There are transactions that were identified to be with no user signature appended to them Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software User access log cash control_user signature 64
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Sales Sales order Missing sales order numbers No risk detected Sales Sales invoices & reserve invoices Missing sales invoice and reserve invoice number 1. There is a serial number break as the invoice no's attached are dated back in 2012 yet Invoice no’s before them are dated as those of the current year 2. Also some of the invoices are missing in the invoice no series specifically for outlet sales Sales Credit notes 1. There is a serial number break as the credit memo no's attached are dated back in 2012 2. Credit memo No. 1939 has been raised and approved with 1% discount without mapping to the related invoice No.41917 Sales Delivery Notes No risk detected Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Missing sales credit memos Missing Sales invoices 65
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Purchases Purchase order No risk detected Purchases Purchase invoices & reserve invoices 1. These were identified as missing in the series of the current year 2. Some are traced back to the previous year Purchases Purchase Credit Memos 1. There is a serial number break as the credit memo No's attached are dated back in 2012 Purchases Goods receipt PO 1. There is a serial number break as the Receipt No's attached are dated back in 2012 Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Goods Reciept PO Missing purchase credit memos Missing purchase invoices 66
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Production Production order Missing production order series from the system There is a serial number break as the Production Order No's attached are dated back in 2012 There is also an issue with the user signature as in the attached Production Receipt from production Missing receipt numbers as aligned with production orders raised in system These were identified as missing in the series of the current year but some are found to belong to the previous year Production Issue for production Missing production series for items issued for production These were identified as missing in the series of the current year but some are found to belong to the previous year Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Production orders Missing reciepts from production Missing issues for production 67
© 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 HR Activity – Biometric time registration test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Human resource activity Leaves 1. Leaves as per details captured from bio metric system against actual leave applications or leave roaster updates 1. According to the HR policy, there should be a leave roster to be maintained for each division. From the records it is identified for most cases the leave rosters are not utilized or are not followed rigorously 2. Only a few employees fill in delegation of authority forms 1. Define strict policies for leave management and to ensure that the payrolls are accurately processed against the leaves taken 2. Every employee and department heads to be trained and informed on the STIL's policy of leave approvals and their impact of not following strictly on their payrolls Human resource activity 1. Biometric attendance 1. User signature 2. Authorisation status 1. There are many absenteeism as per the attached report from system and we could not trace any actions taken against the same 2. Employees at times do not swipe out on the biometric scan at the end of the day 1. Swipe in and swipe out should be mandatory to adhere strong control on their attendance as well as knowing their overtime in organisation 2. Absents should be strictly be addressed for knowing the leave status or the actual status Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Leave_sample_Au gust biometric scan_august 68

Recommended

IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 
Internal Control Questionnaires
Internal Control QuestionnairesInternal Control Questionnaires
Internal Control QuestionnairesAhmad Tariq Bhatti
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
Internal Control Questionnaires for Construction Companies
Internal Control Questionnaires for Construction CompaniesInternal Control Questionnaires for Construction Companies
Internal Control Questionnaires for Construction CompaniesAhmad Tariq Bhatti
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
KPI
KPIKPI
KPImajesty380
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingBharath Rao
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 

Recommended

IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 
Internal Control Questionnaires
Internal Control QuestionnairesInternal Control Questionnaires
Internal Control QuestionnairesAhmad Tariq Bhatti
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
Internal Control Questionnaires for Construction Companies
Internal Control Questionnaires for Construction CompaniesInternal Control Questionnaires for Construction Companies
Internal Control Questionnaires for Construction CompaniesAhmad Tariq Bhatti
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
KPI
KPIKPI
KPImajesty380
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingBharath Rao
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Audit 2
Audit 2Audit 2
Audit 2RikechServices
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Information Audit
Information AuditInformation Audit
Information AuditDivyanshu Gupta
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guideCenapSerdarolu
 
The Project (Final)
The Project (Final)The Project (Final)
The Project (Final)George Brounos
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Accounting system and control
Accounting system and controlAccounting system and control
Accounting system and controlRaziya Hameed
 
Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)William Jordan
 
Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Ahmad Tariq Bhatti
 
Chap 2 procedure
Chap 2 procedureChap 2 procedure
Chap 2 procedureDr Manu H Natesh
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Audit:2
Audit:2Audit:2
Audit:2Lalatendu Mishra
 
Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Clinton Jones
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymondspencerharry
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Hutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin KhuralHutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin KhuralTuguldurTurbat
 
2015.ii shinjilgee
2015.ii shinjilgee2015.ii shinjilgee
2015.ii shinjilgeeUkhnaa Tungalag
 
нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2Erke Gul
 

More Related Content

What's hot

Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Accounting system and control
Accounting system and controlAccounting system and control
Accounting system and controlRaziya Hameed
 
Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)William Jordan
 
Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Ahmad Tariq Bhatti
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Clinton Jones
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymondspencerharry
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 

What's hot (19)

Audit 2
Audit 2Audit 2
Audit 2
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Information Audit
Information AuditInformation Audit
Information Audit
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
The Project (Final)
The Project (Final)The Project (Final)
The Project (Final)
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Accounting system and control
Accounting system and controlAccounting system and control
Accounting system and control
 
Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)Chic Paints Ltd (3) (1)
Chic Paints Ltd (3) (1)
 
Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)
 
Chap 2 procedure
Chap 2 procedureChap 2 procedure
Chap 2 procedure
 
Information System audit
Information System auditInformation System audit
Information System audit
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
 
Audit:2
Audit:2Audit:2
Audit:2
 
Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymond
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 

Viewers also liked

Hutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin KhuralHutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin KhuralTuguldurTurbat
 
нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2Erke Gul
 
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...Bruce Mita
 
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëü
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëüÍèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëü
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëüzaluu_medleg
 
Tercera unidad
Tercera unidadTercera unidad
Tercera unidadEmilioGS
 
Webd aguulga uguh_shaardlaga
Webd aguulga uguh_shaardlagaWebd aguulga uguh_shaardlaga
Webd aguulga uguh_shaardlagaUkhnaa Tungalag
 
DJI Event "Flight Safety"
DJI Event "Flight Safety"DJI Event "Flight Safety"
DJI Event "Flight Safety"Heli Copter
 
Dadlagin hicheel 7
Dadlagin hicheel 7Dadlagin hicheel 7
Dadlagin hicheel 7erdmon
 
Закон Ома
Закон ОмаЗакон Ома
Закон Омаzubova
 
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨР
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨРСУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨР
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨРBatnasan Byambasuren
 
Lecture 1
Lecture 1Lecture 1
Lecture 1tsdnsrn
 

Viewers also liked (20)

Hutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin KhuralHutulbur Turiin Ordon Bayariin Khural
Hutulbur Turiin Ordon Bayariin Khural
 
2015.ii shinjilgee
2015.ii shinjilgee2015.ii shinjilgee
2015.ii shinjilgee
 
нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2нүднүүдийг нэгтгэх 2
нүднүүдийг нэгтгэх 2
 
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...
Draft - Email to Rt Hon John Key DBA Prime Minister NZ Govt - Statutory Deman...
 
Perfect Day
Perfect DayPerfect Day
Perfect Day
 
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëü
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëüÍèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëü
Íèéëìýë öàõèëãààí õýëõýý, Êèðõãîôûí õóóëü
 
Tercera unidad
Tercera unidadTercera unidad
Tercera unidad
 
Webd aguulga uguh_shaardlaga
Webd aguulga uguh_shaardlagaWebd aguulga uguh_shaardlaga
Webd aguulga uguh_shaardlaga
 
Bienvenida de la Biblioteca de Químicas (UCM) 2016
Bienvenida de la Biblioteca de Químicas (UCM) 2016Bienvenida de la Biblioteca de Químicas (UCM) 2016
Bienvenida de la Biblioteca de Químicas (UCM) 2016
 
DJI Event "Flight Safety"
DJI Event "Flight Safety"DJI Event "Flight Safety"
DJI Event "Flight Safety"
 
Dadlagin hicheel 7
Dadlagin hicheel 7Dadlagin hicheel 7
Dadlagin hicheel 7
 
Закон Ома
Закон ОмаЗакон Ома
Закон Ома
 
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨР
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨРСУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨР
СУМЫН ХӨГЖЛИЙН ТӨЛӨВЛӨГӨӨ, ХӨТӨЛБӨР
 
Social Media Marketing Tools
Social Media Marketing ToolsSocial Media Marketing Tools
Social Media Marketing Tools
 
HubSpot CRM сургалт
HubSpot CRM сургалтHubSpot CRM сургалт
HubSpot CRM сургалт
 
хийн мандал 1
хийн мандал 1хийн мандал 1
хийн мандал 1
 
механик хөдөлгөөн
механик хөдөлгөөнмеханик хөдөлгөөн
механик хөдөлгөөн
 
Budget sample
Budget sampleBudget sample
Budget sample
 
"Санхүүгийн үндэс" Хичээл - 2
"Санхүүгийн үндэс" Хичээл - 2"Санхүүгийн үндэс" Хичээл - 2
"Санхүүгийн үндэс" Хичээл - 2
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 

Similar to STIl-Test control report

Clear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfClear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfSubrat Kumar Dash
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docxeugeniadean34240
 
Charlotte FENG - What you need to know in 2014!
Charlotte FENG - What you need to know in 2014!Charlotte FENG - What you need to know in 2014!
Charlotte FENG - What you need to know in 2014!Ken Witt
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'Cognizant
 
Planning visit
Planning visitPlanning visit
Planning visitJeamsVidal
 
Intoduction to management accounting (MAF251)
Intoduction to management accounting (MAF251)Intoduction to management accounting (MAF251)
Intoduction to management accounting (MAF251)Ismail Noordin
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Controlmandalina landy
 
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...GoLeanSixSigma.com
 
Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise xMatters Inc
 
B R O N Z E R O C K E T
B R O N Z E R O C K E TB R O N Z E R O C K E T
B R O N Z E R O C K E TDavid Boone
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Controlguest441011
 

Similar to STIl-Test control report (20)

Clear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfClear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdf
 
Functional Audit
Functional AuditFunctional Audit
Functional Audit
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx
1Running head BUSINESS ANALYTICS IMPLEMENTATION PLANBusin.docx
 
The Decision Management Manifesto Explained
The Decision Management Manifesto ExplainedThe Decision Management Manifesto Explained
The Decision Management Manifesto Explained
 
Building cbis, mis, csvtu
Building cbis, mis, csvtuBuilding cbis, mis, csvtu
Building cbis, mis, csvtu
 
Charlotte FENG - What you need to know in 2014!
Charlotte FENG - What you need to know in 2014!Charlotte FENG - What you need to know in 2014!
Charlotte FENG - What you need to know in 2014!
 
Audit Report Model and Sample
Audit Report Model and SampleAudit Report Model and Sample
Audit Report Model and Sample
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'From 'Zero Defect Software' to 'First Time Right with Business'
From 'Zero Defect Software' to 'First Time Right with Business'
 
Why management system fails
Why management system failsWhy management system fails
Why management system fails
 
Task 2 planning
Task 2 planningTask 2 planning
Task 2 planning
 
Planning visit
Planning visitPlanning visit
Planning visit
 
Intoduction to management accounting (MAF251)
Intoduction to management accounting (MAF251)Intoduction to management accounting (MAF251)
Intoduction to management accounting (MAF251)
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Control
 
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...
Webinar: How Tax Preparers & Accountants Can Increase Their Profitability Usi...
 
Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise
 
B R O N Z E R O C K E T
B R O N Z E R O C K E TB R O N Z E R O C K E T
B R O N Z E R O C K E T
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Control
 

More from CA Gourang Shah

MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????
MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????
MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????CA Gourang Shah
 

More from CA Gourang Shah (8)

Sepnewsletter
SepnewsletterSepnewsletter
Sepnewsletter
 
Sample SOP
Sample SOPSample SOP
Sample SOP
 
STIl-Audit report
STIl-Audit reportSTIl-Audit report
STIl-Audit report
 
Sample SOP
Sample SOPSample SOP
Sample SOP
 
STIl-Audit report
STIl-Audit reportSTIl-Audit report
STIl-Audit report
 
Budget sample
Budget sampleBudget sample
Budget sample
 
MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????
MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????
MISSED INCOMETAX RETURN FILLING DUE DATE, NOW WHAT????
 
Budget synopsis
Budget synopsisBudget synopsis
Budget synopsis
 

STIl-Test control report

  • 1. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Section 6 Test of controls 01. Executive summary 02. Organisation Structure – Steel and Tube Industries Limited 03. Business process flow chart and documentation 04. SWOT Analysis 05. Stores management 06. Test of controls 63
  • 2. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 IT general and business activity test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required User Access Control Access log-ins done by users 1. Access to system by different users on a user id 1. Some users pc names are created with personal names, some with designations, difficult to trace the department and their users 2. More than one action users accessed by multiple clients 3. Frequent password changes are not seen 4. Users often do not log off each time they log into the SAP. 5. There is also an over ride of user rights even when a user is on leave 1. Creating department wise ids and all pc names should be with department works assigned – Sales executive 1, Sales executive 2, Accounts 1, Accounts 2 etc 2. Inquiry by IT on a weekly basis if any other pc access the other user id from their pc. Cash control 1. There are transactions that were identified to be with no user signature appended to them Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software User access log cash control_user signature 64
  • 3. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Sales Sales order Missing sales order numbers No risk detected Sales Sales invoices & reserve invoices Missing sales invoice and reserve invoice number 1. There is a serial number break as the invoice no's attached are dated back in 2012 yet Invoice no’s before them are dated as those of the current year 2. Also some of the invoices are missing in the invoice no series specifically for outlet sales Sales Credit notes 1. There is a serial number break as the credit memo no's attached are dated back in 2012 2. Credit memo No. 1939 has been raised and approved with 1% discount without mapping to the related invoice No.41917 Sales Delivery Notes No risk detected Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Missing sales credit memos Missing Sales invoices 65
  • 4. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Purchases Purchase order No risk detected Purchases Purchase invoices & reserve invoices 1. These were identified as missing in the series of the current year 2. Some are traced back to the previous year Purchases Purchase Credit Memos 1. There is a serial number break as the credit memo No's attached are dated back in 2012 Purchases Goods receipt PO 1. There is a serial number break as the Receipt No's attached are dated back in 2012 Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Goods Reciept PO Missing purchase credit memos Missing purchase invoices 66
  • 5. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 Duplicate names/numbers test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Production Production order Missing production order series from the system There is a serial number break as the Production Order No's attached are dated back in 2012 There is also an issue with the user signature as in the attached Production Receipt from production Missing receipt numbers as aligned with production orders raised in system These were identified as missing in the series of the current year but some are found to belong to the previous year Production Issue for production Missing production series for items issued for production These were identified as missing in the series of the current year but some are found to belong to the previous year Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Production orders Missing reciepts from production Missing issues for production 67
  • 6. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013 HR Activity – Biometric time registration test of controls The company is using SAP – Business once for administering its business processes across the organisation. The importance of having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported Process Head Sub-Process Control parameter tested Detailed report Risk Rating GT observations Management actions required Human resource activity Leaves 1. Leaves as per details captured from bio metric system against actual leave applications or leave roaster updates 1. According to the HR policy, there should be a leave roster to be maintained for each division. From the records it is identified for most cases the leave rosters are not utilized or are not followed rigorously 2. Only a few employees fill in delegation of authority forms 1. Define strict policies for leave management and to ensure that the payrolls are accurately processed against the leaves taken 2. Every employee and department heads to be trained and informed on the STIL's policy of leave approvals and their impact of not following strictly on their payrolls Human resource activity 1. Biometric attendance 1. User signature 2. Authorisation status 1. There are many absenteeism as per the attached report from system and we could not trace any actions taken against the same 2. Employees at times do not swipe out on the biometric scan at the end of the day 1. Swipe in and swipe out should be mandatory to adhere strong control on their attendance as well as knowing their overtime in organisation 2. Absents should be strictly be addressed for knowing the leave status or the actual status Test of controls Key:  High  Medium  Low Notes: This data has been extracted from 1-01-2013 to 309-09-2013 Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software Leave_sample_Au gust biometric scan_august 68