Audit Detail

Audit Detail

-

English
14 Pages
Read
Download
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov VENDOR MASTER TESTING (VM) Detailed Testing - VM - Vendor Master Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly. If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them. Scope: Select transactions from the most recent months. Detailed Testing - 1. VM create walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Select a sample of vendor master records created by both Finance and Housing and: • trace information to vendor master form • verify proper authorization • search for duplicate vendor records • verify the user that made the change has the appropriate SAP user profile • verify that all required information was input Detailed Testing - 2. VM user profile analysis Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain list of Citywide user profiles with Vendor Master access. Review the list for: • reasonableness of access related to job duties • employees that no longer need access (i.e. chg of duties, left City) • conflicting ...

Subjects

Informations

Published by
Reads 34
Language English
Report a problem
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov VENDOR MASTER TESTING (VM)  Detailed Testing - VM - Vendor Master  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly.  If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them.  Scope  : Select transactions from the most recent months.  Detailed Testing - 1. VM create walk-through  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Select a sample of vendor master records created by both Finance and Housing and: trace information to vendor master form verify proper authorization search for duplicate vendor records verify the user that made the change has the appropriate SAP user profile  erify that all required information was input v   Detailed Testing - 2. VM user profile analysis  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain list of Citywide user profiles with Vendor Master access. Review the list for: reasonableness of access related to job duties employees that no longer need access (i.e. chg of duties, left City) conflicting access (i.e. Create vendor & AP duties) proper approval of authorization
Page 1  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov VENDOR MASTER TESTING (continued)  Detailed Testing - 3. VM input observation  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Observe a user creating a Vendor Master Record and verify: mandatory fields are required  -name  -address  -grace days due date  -cash discount terms displayed  -amount  -percentage  -cash discount adjusted to  -specifications for posting residual items from payment differences  payment advice tolerances for outstanding payables --tolerance group  the vendor's 1099 is used for input the user checks for same name/duplicate record invalid information is not accepted  override authorization (if any) error/warning appears when erroneous information is entered, or when required information is omitted naming conventions are used vendor is blocked for payment if information is missing vendor coding form is used as source document   Detailed Testing - 4. VM vendor master change report  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Verify that the AP staff reviews report RFKABL00 to review modifications to vendor information   
Page 2  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov VENDOR MASTER (continued)  Detailed Testing - 5. VM alternative payee  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain a list of all Vendor Master Records with an alternative payee. Select a sample from the list and review supporting documentation for accuracy and proper approval.  
Page 3  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov  INVOICE PROCESSING  Detailed Testing - IP - Invoice Processing  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly.  If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them.  Scope  : Select transactions from the most recent 6 months.   Detailed Testing - 1. IP create walk-through  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Select a sample of invoices and:  e ify proper dept approval v r verify proper AP approval  ace informat on to supporting documentation tr i verify that the posting to the vendor account agrees to the g/l posting verify documents were stored properly verify the RF was properly reduced (if applicable)  verify mathematical accuracy of the invoice invoice is stamped "Paid "    
Page 4  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov INVOICE PROCESSING (continued)  Detailed Testing - 2. IP user profile analysis  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain list of Central AP user profiles with Invoice create/change/approve access. Review the list for: reasonableness of access related to job duties employees that no longer need access (i.e. chg of duties, left City) conflicting access (i.e. Invoice create & warrant distribution)  p oper approval of authorization r   Detailed Testing - 3. IP input observation  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Observe users creating, changing and approving an Invoice and verify: posting keys are limited to document type  SAP automatically selects posting keys SAP requires debit and credit entries to net to zero before posting payee or amount cannot be changed after supervisor has released PCD each line is being reviewed by Finance AP staff mandatory fields are required invalid information is not accepted AP staff checks for a PO before approving  AP staff checks commodity invoices for a PO, COR or DPO AP staff checks for an RF# before approving SAP does not allow the same invoice to be entered if the following are the same: -Invoice number   -Vendor number  -Invoice date Finance AP staff can not change a payee or amount after the invoice is posted SAP gives a warning if Business Area and Cost Center are not compatible  
Page 5  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov INVOICE PROCESSING (continued)  Detailed Testing - 4. IP duplicate invoice testing  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Document and review the system checks for identifying duplicate invoices.  Review copies of the duplicate invoice report from SAP, and verify that Finance staff is taking appropriate action.  Use ACL to verify SAP does not allow duplicate invoices to be entered if the following information is the same:  oice number inv vendor number invoice date   Detailed Testing - 5. IP timeliness  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  A. Review cycle time information kept by the Finance Dept on the timeliness of invoice input.  B. Obtain a report for invoices entered for a period of time, and determine the percent of invoices paid late.  C. Review the dept's use of the following reports: Vendor Account Balance (RFKSLD00)  Vendor Line Items (RFKEPL00) Vendor Purchase List (RFKUML00) invoices parked or held   
Page 6  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov INVOICE PROCESSING (continued)  Detailed Testing - 6. IP reversal entries  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step  : Verify that only Finance AP Supervisors have access to reverse a document.  Document and test AP staff controls to detect reversal entries.   Detailed Testing - 7. IP MM documents keyed in FI  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain the most recent reconciliation of g/l account 291000, and verify AP staff review of outstanding items   Detailed Testing - 8. IP invoices against RFs  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain a list of documents with RF numbers referred to in the user-defined field.  Select a sample of documents, and verify that the RF was properly reduced.  
Page 7  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov  INVOICE VERIFICATION  Detailed Testing - IV - Invoice Verification  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly.  If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them.  Scope:  Select transactions from the most recent 6 months.   Detailed Testing - 1. IV create walk-through  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Rely on Observation and GR/IR reconciliation tests (items IV 3&4)   Detailed Testing - 2. IV user profile analysis  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain list of Central AP user profiles with Invoice Verification change/approve access. Review the list for: reasonableness of access related to job duties employees that no longer need access (i.e. chg of duties, left City) conflicting access (i.e. Invoice Verification & Goods Receipt create) proper approval of authorization  
Page 8  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov INVOICE VERIFICATION (continued)  Detailed Testing - 3. IV input observation  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Observe users changing and approving invoices and verify: each line is being reviewed by Finance AP staff mandatory fields are required   nval d information is not accepted i i SAP displays PO line items automatically SAP gives a warning if the tolerance limit is exceeded AP clerk notifies Purchasing of exceptions SAP automatically (or AP clerk manually) blocks the invoice if tolerance is exceeded AP clerk checks invoice for a PO reference AP clerk looks for PO, COR, and DPO for commodities invoices   Detailed Testing - 4. IV GR/IR reconciliation  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  1. Run the tolerance limit report to verify SAP MM/FI-AP tolerance limits.  2. Review the GR/IR g/l account (#291000), and discuss with AP staff  (GR = Goods Receipt; IR = Invoice)
Page 9  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov  DISBURSEMENT  Detailed Testing - D - Disbursement  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly.  If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them.  Scope:  Select transactions from the most recent 6 months.   Detailed Testing - 1. D pmt run walk-through  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Select a sample payment run and: verify any changes were made by authorized users verify supervisory approval of the payment run  verify all invoices due for that day were included in the payment run document procedures to review Payment Proposal List and Exception List verify that each invoice paid is assigned a clearing document number, date and check number verify that no cleared items were paid verify that the print file disappears after it is printed  document any "check print restart" events, and verify spoiled checks were retained and checks were completed verify blocked payments were not paid verify invoices were properly posted in FI-GL, using g/l account 220000 verfiy check register includes all check numbers verify check register is reconciled with the Job Run verify all voided checks are included on the print report verify checks are mailed out or secure after printing verify Admin Accounts review of checks => $100,000 verify Collections review of checks  
Page 10  08/30/01
SAP R/3 Accounts Payable Application Controls Audit Program Contributed August 29, 2001 by julia.bird@phoenix.gov DISBURSEMENT (continued)  Detailed Testing - 2. D manual check walk-through  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step  : Inventory all manual checks and verify that missing check numbers are in SAP  Verify blank checks are secure  Verify that the City Controller requires SAP Check List prior to signing the manual checks  Verify independent review of the manual check log  Verify that the signature stamp is secure  Select a sample of invoices paid via manual check, and trace the manual check number to the clearing document in SAP  Verify manual checks are pre-numbered  Detailed Testing - 3. D user profile analysis  Purpose/Objective: To determine that controls/ procedures are functioning as documented.  Detailed Step:  Obtain list of Citywide user profiles with disbursement-related access. Review the list for: reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City) conflicting access (i.e. disbursement preparation & disbursement approval) proper approval of authorization  Obtain a list of Citywide user profiles with Payment Output authorization, and review the list for: reasonableness of access related to job duties employees that no longer need access (i.e. chg of duties, left City) conflicting access (i.e. disbursement preparation & disbursement approval) proper approval of authorization
Page 11  08/30/01