More Related Content
Similar to STIl-Test control report
Similar to STIl-Test control report (20)
More from CA Gourang Shah
More from CA Gourang Shah (8)
STIl-Test control report
- 1. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Section 6 Test of controls
01. Executive summary
02. Organisation Structure – Steel and Tube Industries Limited
03. Business process flow chart and documentation
04. SWOT Analysis
05. Stores management
06. Test of controls
63
- 2. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
IT general and business activity test of controls
The company is using SAP – Business once for administering its business processes across the organisation. The importance of
having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-Process
Control
parameter
tested
Detailed
report
Risk
Rating GT observations Management actions required
User Access Control Access log-ins done
by users
1. Access to system
by different users
on a user id
1. Some users pc names are created
with personal names, some with
designations, difficult to trace the
department and their users
2. More than one action users accessed
by multiple clients
3. Frequent password changes are not
seen
4. Users often do not log off each
time they log into the SAP.
5. There is also an over ride of user
rights even when a user is on leave
1. Creating department wise ids and all pc names should
be with department works assigned – Sales executive 1,
Sales executive 2, Accounts 1, Accounts 2 etc
2. Inquiry by IT on a weekly basis if any other pc access
the other user id from their pc.
Cash control 1. There are transactions that were
identified to be with no user
signature appended to them
Test of controls
Key: High
Medium
Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013
Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
User access log
cash control_user
signature
64
- 3. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controls
The company is using SAP – Business once for administering its business processes across the organisation. The importance of
having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-Process
Control
parameter
tested
Detailed
report
Risk
Rating GT observations Management actions required
Sales Sales order Missing sales order
numbers
No risk detected
Sales Sales invoices &
reserve invoices
Missing sales
invoice and reserve
invoice number
1. There is a serial number break as the
invoice no's attached are dated back in
2012 yet Invoice no’s before them are
dated as those of the current year
2. Also some of the invoices are missing
in the invoice no series specifically for
outlet sales
Sales Credit notes 1. There is a serial number break as the
credit memo no's attached are dated
back in 2012
2. Credit memo No. 1939 has been
raised and approved with 1%
discount without mapping to the
related invoice No.41917
Sales Delivery Notes No risk detected
Test of controls
Key: High
Medium
Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013
Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Missing sales
credit memos
Missing Sales
invoices
65
- 4. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controls
The company is using SAP – Business once for administering its business processes across the organisation. The importance of
having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-Process
Control
parameter
tested
Detailed
report
Risk
Rating GT observations Management actions required
Purchases Purchase order No risk detected
Purchases Purchase invoices &
reserve invoices
1. These were identified as missing in
the series of the current year
2. Some are traced back to the
previous year
Purchases Purchase Credit
Memos
1. There is a serial number break as the
credit memo No's attached are
dated back in 2012
Purchases Goods receipt PO 1. There is a serial number break as the
Receipt No's attached are dated
back in 2012
Test of controls
Key: High
Medium
Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013
Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Goods Reciept PO
Missing purchase
credit memos
Missing purchase
invoices
66
- 5. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
Duplicate names/numbers test of controls
The company is using SAP – Business once for administering its business processes across the organisation. The importance of
having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-Process
Control
parameter
tested
Detailed
report
Risk
Rating GT observations Management actions required
Production Production order Missing production
order series from
the system
There is a serial number break as the
Production Order No's attached are
dated back in 2012
There is also an issue with the user
signature as in the attached
Production Receipt from
production
Missing receipt
numbers as aligned
with production
orders raised in
system
These were identified as missing in the
series of the current year but some are
found to belong to the previous year
Production Issue for production Missing production
series for items
issued for
production
These were identified as missing in the
series of the current year but some are
found to belong to the previous year
Test of controls
Key: High
Medium
Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013
Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Production orders
Missing reciepts
from production
Missing issues for
production
67
- 6. © 2013 Grant Thornton Consulting Limited, Uganda | Business Process Audit | 30/10/2013
HR Activity – Biometric time registration test of controls
The company is using SAP – Business once for administering its business processes across the organisation. The importance of
having controls of system shall protect the financials, assign accountability and responsibility for work assigned and reported
Process Head Sub-Process
Control
parameter
tested
Detailed
report
Risk
Rating GT observations Management actions required
Human resource
activity
Leaves 1. Leaves as per
details captured
from bio metric
system against
actual leave
applications or
leave roaster
updates
1. According to the HR policy, there
should be a leave roster to be
maintained for each division. From
the records it is identified for most
cases the leave rosters are not
utilized or are not followed
rigorously
2. Only a few employees fill in
delegation of authority forms
1. Define strict policies for leave management and to
ensure that the payrolls are accurately processed against
the leaves taken
2. Every employee and department heads to be trained
and informed on the STIL's policy of leave approvals
and their impact of not following strictly on their
payrolls
Human resource
activity
1. Biometric
attendance
1. User signature
2. Authorisation
status
1. There are many absenteeism as per the
attached report from system and we
could not trace any actions taken against
the same
2. Employees at times do not swipe out
on the biometric scan at the end of the
day
1. Swipe in and swipe out should be mandatory to adhere
strong control on their attendance as well as knowing
their overtime in organisation
2. Absents should be strictly be addressed for knowing
the leave status or the actual status
Test of controls
Key: High
Medium
Low
Notes: This data has been extracted from 1-01-2013 to 309-09-2013
Sources: 1. Grant Thornton Consulting Limited data analysis 2. SAP- Business one software
Leave_sample_Au
gust
biometric
scan_august
68