Chapter 10 - Audit Review: Exploring Potential Risks and Control Activities

Segregation of duties within the revenue process

this is particularly important in the revenue process because of the potential for theft or fraud. Individuals involved in the order entry, credit, shipping, or billing functions should not have access to the accounts receivable records, the general ledger, or any cash receipts activities. There should also be proper segregation of duties within the IT department.

four key segregation of duties in the revenue process

1. the credit function should be segregated from the billing function (to prevent sales to be made to customers who are not creditworthy)

2. The accounts receivable function should be segregated from the general ledger function (to prevent an individual from concealing unauthorized shipments resulting in unrecorded sales transactions and theft of goods)

3. the shipping function should be segregated from the billing function (to prevent unauthorized shipments to be made and for the usual billing procedures being circumvented)

4. the cash receipts function should be segregated from the acc receivable function (to prevent cash from being diverted and the shortage of cash to be concealed)

receiving and preparing customer orders should be the responsibility of the ________ department

order entry

approving credit should be the responsibility of the ________ department

credit

shipping goods to customers and completing shipping document should be the responsibility of the ________ department

Shipping

preparing the customer invoice should be the responsibility of the ________ department

acc receivable and IT

updating accounts receivable records for sales should be the responsibility of the ________ department

acc receivable and IT

receiving customers remittance should be the responsibility of the ________ department

cash receipts dept

updating acc receivable for remittances should be the responsibility of the ________ department

acc receivable and IT

preparing acc receivable aged trial balance should be the responsibility of the ________ department

acc receivable and IT

authorization of accounts receivable write off should be the responsibility of the ________

treasurer

The four inherent risk factors that may affect the revenue process are:

1. Industry-related factors.

2. The complexity and contentiousness of revenue recognition issues.

3. The difficulty of auditing transactions and account balances.

4. Misstatements detected in prior audits.

Industry-related factors (3)

profitability and health of the industry in which an entity operates, the level of competition within the industry, and the industry rate of technological change ex. if the industry is experience a lack of demand, the entity may have declining sales, which can lead to operating losses. Competition within the industry can affect the entities pricing policies

The complexity and contentiousness of revenue recognition issues (&RMM)

for most entities the recognition of revenue is not a major problem because revenue is recognized when a product is shipped or a service provided, however some entities may use complex calculations to recognize revenue. Ex. long term construction contracts

risk of material misstatement should be assessed as high when auditors disagree with management about how revenue should be recognized

The difficulty of auditing transactions and account balances. (&RMM)

example: managements estimate for the allowance for uncollectible accounts and sales returns can be difficult to audit because of the subjectivity that may be involved in determining proper value.

the risk of material misstatement for these estimates is a function of the complexity of the customer base and the reliability of the data available to test accounts ex. credit history report not very reliable for predicting future payments

Misstatements detected in prior audits.

a good indicator that misstatements are likely to be present during the current aduit

Control Risk Assessment 3 steps

Understand and document the revenue process based on a reliance strategy.

Plan and perform tests of controls on revenue transactions.

Set and document the control risk for the revenue process.

You have to Understand and Document Internal Control for

All 5 Components of COSO:

Control Environment

Entity's Risk Assessment Process

Control Activities

Information System and Communication

Monitoring

Control Environment

Generally completed for overall entity, not just revenue process, so you could rely on that overall assessment in this area.

Entity's Risk Assessment Process

auditor must understand how management considers risks that are relevant to the revenue process. Auditor should estimate the significance and likelihood of misstatements in this area.

Control Activities

auditor would identify what controls ensure that the assertions for transactions and events are being met. Documentation of the auditors understanding can be accomplished using manuals, flowcharts, internal questionnaires

Information System and Communication (4)

auditor must understand:

1. the process by which sales, cash receipts, and sales returns and allowances are initiated

2. the accounting records, supporting documents, and accounts that are involved in processing sales, cash receipts, and sales returns and allowances transactions

3. the flow of each type of transaction from initiation to inclusion in the financial statements, including computer processing

4. the process used to prepare estimates for accounts such as the allowance for uncollectable accounts and sales returns.

Understanding can be gained using a walk through.

Monitoring

the auditor must understand how management assesses the design and operation of controls in the revenue process. Should include how supervisors review the person in charge of performing controls.

Plan and Perform Tests of Controls

The auditor systematically examines the entity's revenue process to identify relevant controls that help to prevent, or detect and correct, material misstatements.

The auditor conducts tests of controls to ensure that the controls in the revenue process operate effectively

In order to properly set control risk. . . (5)

the auditor must test controls over the revenue process. Such tests may include:

Inquiry of client personnel.

Inspection of documents and records.

Observations of the operation of the control.

Walkthroughs

Reperformance of the control activities.

Set and Document Control risk

once the tests of controls in the revenue process have been completed, the auditor sets the achieved level of control risk. (can be higher/lower/or the same as planned control risk, depending on results on control testing).

Occurrence Definition

All revenue and cash receipt transactions and events that have been recorded have occurred and pertain to the entity.

Completeness Definition (in terms of the revenue process) (& 1 example of possible misstatement)

All revenue and cash receipt transactions and events that should have been recorded have been recorded.

The major misstatement that concerns both management and the auditor is that goods are shipped or services are performed and no revenue is recognized.

Authorization Definition (in terms of the revenue process) (& 2 examples of possible misstatement)

All revenue and cash receipts transactions and events are properly authorized.

Possible misstatements due to improper authorization include shipping goods to, or performing services for, customers who are bad credit risks and making sales at unauthorized prices or terms.

Accuracy Definition (in terms of the revenue process) (& 2 examples of possible misstatement)

Amounts and other data relating to recorded revenue and cash receipt transactions and events have been recorded appropriately.

Revenue transaction recorded at an incorrect dollar amount, revenue transactions not posted correctly to the sales journal, customers accounts in account receivable subsidiary ledger, or general journal.

Cutoff Definition (in terms of the revenue process) (& 1 example of possible misstatement and its control)

All revenue and cash receipt transactions and events have been recorded in the correct accounting period

Sales may be recorded in the wrong accounting period unless proper controls are in place. All shipping documents should be forwarded to the billing department daily.

Classification Definition (in terms of the revenue process) (& 2 controls)

All revenue and cash receipt transactions and events have been recorded in the proper accounts.

The use of a chart of accounts and proper codes for recording transactions should provide adequate assurance about the proper classification of revenue transactions.

Occurrence (potential risks 2, control activities 4, example of tests of controls for revenue 4)

Potential Risks:

-sales to fictitious customers (fake revenue)

-recording of revenue when goods have not been shipped

Control activities:

-Segregation of duties

-sales recorded only with approved customer order and shipping document,

-accounting for numerical sequences of sales invoices

-monthly customer statements; complaints handled interdependently

Tests of Controls:

-Observation and evaluation of proper segregation of duties

-testing a sample of sales invoices for the presence of authorized customer order and shipping document

-review and testing of client procedures for accounting or numerical sequence of sales invoices

-review and testing of client procedures for mailing and handling of complaints about monthly statements.

Occurrence (potential risks 1, control activities 3, example of tests of controls for cash receipts 3)

Potential Risks:

cash receipts are recorded but not deposited in the entity's bank account

Control activities:

-Segregation of duties

-use of lock box system

-monthly bank reconciliations prepared and independently reviewed.

Tests of Controls:

-Observation and evaluation of proper segregation of duties

-inquiry of management about lock box system

-review of monthly bank reconciliations for indication of independent review

Completeness (potential risks 1, control activities 4, example of tests of controls for revenue 4)

Potential Risks:

that goods are shipped or services are performed and no revenue is recognized.

Control activities:

-accounting for numerical sequence of shipping documents and sales invoices

-matching shipping documents with sales invoices

-reconciling sales invoices to daily sales reports, and

-maintaining and reviewing the open-order file

Tests of Controls:

-review and testing of clients procedures for accounting for numerical sequence of shipping documents and sales invoices

-tracing of a sample of shipping documents to their respective sales invoices and to the sales journal

-testing a sample of daily reconciliations

-examination of open-order file for unfilled orders

Completeness (potential risks 1, control activities 4, example of tests of controls for cash receipts 4)

Potential Risks:

cash or checks are stolen or lost before being recorded in the cash receipts records

Control activities:

-Same as occurrence

-checks restrictively endorsed when received and daily cash list prepared

-daily cash receipts reconciled with posting to accounts receivable subsidiary ledger

-customer statements prepared on a regular basis; complaints handled independently

Tests of Controls:

-Same as occurrence

-observation of the endorsement of checks

-testing of the reconciliation of daily cash receipts with posting to accounts receivable subsidiary ledger

-inquiry of client personnel about handling of monthly statements and examination of resolution of complaints

Authorization (potential risks 2, control activities 2, example of tests of controls for revenue 3)

Potential Risks:

-shipping goods to, or performing services for, customers who are bad credit risks

-making sales at unauthorized prices or terms.

Control activities:

-proper procedures for authorizing credit and shipment of goods

-an authorized price list and specified terms of trade

Tests of Controls:

-review of clients procedures for granting credit

-examination of sales orders for evidence of proper credit approval

-comparison of prices and terms on sales invoices to authorized price list and specified terms of trade

Authorization (potential risks 1, control activities 1, example of tests of controls for cash receipts 1)

Potential Risks:

cash discounts not properly taken

Control activities:

procedures specifying policies for cash discounts

Tests of Controls:

testing a sample of cash receipts transactions for proper cash discounts

Accuracy (potential risks 2, control activities 5, example of tests of controls for revenue 4)

Potential Risks:

-revenue transactions recorded at an incorrect dollar amount

-revenue transactions not posted correctly

Control activities:

-an authorized price list and specified terms of trade

-each sales invoice agreed to shipping document and customer order for product type and quantity; mathematical accuracy of sales invoice verified

-sales invoices reconciled to daily sales report

-daily postings to sales journal reconciled with posting to subsidiary ledger

-subsidiary ledger reconciled to general ledger control account

Tests of Controls:

-comparison of prices and terms on sales invoices to authorized price list and specified terms of trade

-examination of sales invoice for evidence that client personnel verified mathematical accuracy

-re-computation of the information on a sample sales invoices

-review all the reconciliations

Accuracy (potential risks 2, control activities 2, example of tests of controls for cash receipts 1)

Potential Risks:

-The wrong amount of cash could be recorded from the remittance advice

-the receipt of cash could be incorrectly processed during data entry

Control activities:

-daily remittance reports should be reconciled to a control listing of remittance advice

-All bank statements should be reconciled monthly

Tests of Controls:

-review reconciliations

Cutoff (potential risks 1, control activities 2, example of tests of controls for revenue 2)

Potential Risks:

Sales may be recorded in the wrong accounting period

Control activities:

-All shipping documents should be forwarded to the billing department daily

-daily billing of goods shipped

Tests of Controls:

-comparison of the dates on sales invoices with the dates on the relevant shipping documents

-comparison of the dates on sales invoices with the dates they were recorded in the sales journal

Cutoff (potential risks 1, control activities 1, example of tests of controls for cash receipts 1)

Potential Risks:

Cash receipts recorded in the wrong period

Control activities:

If the entity uses a lockbox system or a control system to deposit cash daily in the bank

Tests of Controls:

examination of cash receipts for daily deposit

Classification (potential risks 1, control activities 1, example of tests of controls for revenue 2)

Potential Risks:

revenue transaction not properly classified

Control activities:

The use of a chart of accounts and proper codes for recording transactions

Tests of Controls:

-review of sales journal and general ledger for proper classification

-examination of sales invoices for proper classification

Classification (potential risks, control activities, example of tests of controls for cash receipts)

The auditor seldom has major concerns about cash receipts being recorded in the wrong financial statement account.

Potential Risks:

cash receipts being recorded in the wrong financial statement account.

Control activities:

The use of a chart of accounts

Tests of Controls:

-review of cash receipts journal for unusual items -tracing of cash receipts from listing to cash receipts journal for proper classification

lapping

when the entity odes not have adequate segregation of duties or if collusion is present, an employee has the ability to steal cash and manipulated the accounting records to hide the misstatements. Ex they steal $3,000 from customer 1, and when customer 2 makes a payment that cash is applied to customers 1's account (and so on).

if cash is stolen before it is recorded

the fraud is difficult and time consuming to detect

There is a much greater focus on ______

Occurrence, because we are much more concerned overstatement that understatement. The auditor needs assurance that all recorded revenue transactions are valid.

Control Activities and Tests of Controls Sales Returns and Allowances

Sales returns and allowances is usually not a material amount in the financial statements.

However, credit memoranda that are used to process sales returns can also be used to cover an unauthorized shipment of goods or conceal a misappropriation of cash. As a result, all credit memoranda should be properly authorized.

Two important controls for sales returns and allowances

1. credit memos are approved by someone other than the individual who initiated it

2. Should be supported by a receiving document indicating that the goods have been returned

for entities with few or immaterial sales returns and allowances

the auditor may decided only to gain an understanding of how such transactions are processed and not conduct tests of controls.

Substantive analytical procedures can then be used to provide sufficient evidence on the fairness of the sales returns and allowances account

Still learning (3)

You've started learning these terms. Keep it up!