Professional Documents
Culture Documents
Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Using a valid selection method, test items to verify that controls/
procedures are in place and functioning properly.
Scope:
Select transactions from the most recent months.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample of vendor master records created by both Finance and Housing
and:
* trace information to vendor master form
* verify proper authorization
* search for duplicate vendor records
* verify the user that made the change has the appropriate SAP user profile
* verify that all required information was input
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain list of Citywide user profiles with Vendor Master access. Review the
list for:
* reasonableness of access related to job duties
* employees that no longer need access (i.e. chg of duties, left City)
* conflicting access (i.e. Create vendor & AP duties)
* proper approval of authorization
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Observe a user creating a Vendor Master Record and verify:
* mandatory fields are required
-name
-address
-grace days due date
-cash discount terms displayed
-amount
-percentage
-cash discount adjusted to
-specifications for posting residual items from payment differences
-payment advice tolerances for outstanding payables
-tolerance group
* the vendor's 1099 is used for input
* the user checks for same name/duplicate record
* invalid information is not accepted
* override authorization (if any)
* error/warning appears when erroneous information is entered, or when
required information is omitted
* naming conventions are used
* vendor is blocked for payment if information is missing
* vendor coding form is used as source document
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Verify that the AP staff reviews report RFKABL00 to review modifications to
vendor information
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain a list of all Vendor Master Records with an alternative payee. Select
a sample from the list and review supporting documentation for accuracy and
proper approval.
INVOICE PROCESSING
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Using a valid selection method, test items to verify that controls/
procedures are in place and functioning properly.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample of invoices and:
* verify proper dept approval
* verify proper AP approval
* trace information to supporting documentation
* verify that the posting to the vendor account agrees to the g/l posting
* verify documents were stored properly
* verify the RF was properly reduced (if applicable)
* verify mathematical accuracy of the invoice
* invoice is stamped "Paid"
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain list of Central AP user profiles with Invoice create/change/approve
access. Review the list for:
* reasonableness of access related to job duties
* employees that no longer need access (i.e. chg of duties, left City)
* conflicting access (i.e. Invoice create & warrant distribution)
* proper approval of authorization
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Observe users creating, changing and approving an Invoice and verify:
* posting keys are limited to document type
* SAP automatically selects posting keys
* SAP requires debit and credit entries to net to zero before posting
* payee or amount cannot be changed after supervisor has released PCD
* each line is being reviewed by Finance AP staff
* mandatory fields are required
* invalid information is not accepted
* AP staff checks for a PO before approving
* AP staff checks commodity invoices for a PO, COR or DPO
* AP staff checks for an RF# before approving
* SAP does not allow the same invoice to be entered if the following are the
same:
-Invoice number
-Vendor number
-Invoice date
* Finance AP staff can not change a payee or amount after the invoice is
posted
* SAP gives a warning if Business Area and Cost Center are not compatible
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Document and review the system checks for identifying duplicate invoices.
Review copies of the duplicate invoice report from SAP, and verify that
Finance staff is taking appropriate action.
Use ACL to verify SAP does not allow duplicate invoices to be entered if the
following information is the same:
* invoice number
* vendor number
* invoice date
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
A. Review cycle time information kept by the Finance Dept on the timeliness
of invoice input.
B. Obtain a report for invoices entered for a period of time, and determine
the percent of invoices paid late.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Verify that only Finance AP Supervisors have access to reverse a document.
Detailed Step:
Obtain the most recent reconciliation of g/l account 291000, and verify AP
staff review of outstanding items
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain a list of documents with RF numbers referred to in the user-defined
field.
Select a sample of documents, and verify that the RF was properly reduced.
INVOICE VERIFICATION
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Using a valid selection method, test items to verify that controls/
procedures are in place and functioning properly.
Scope:
Select transactions from the most recent 6 months.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Rely on Observation and GR/IR reconciliation tests (items IV 3&4)
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain list of Central AP user profiles with Invoice Verification
change/approve access. Review the list for:
* reasonableness of access related to job duties
* employees that no longer need access (i.e. chg of duties, left City)
* conflicting access (i.e. Invoice Verification & Goods Receipt create)
* proper approval of authorization
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Observe users changing and approving invoices and verify:
* each line is being reviewed by Finance AP staff
* mandatory fields are required
* invalid information is not accepted
* SAP displays PO line items automatically
* SAP gives a warning if the tolerance limit is exceeded
* AP clerk notifies Purchasing of exceptions
* SAP automatically (or AP clerk manually) blocks the invoice if tolerance is
exceeded
* AP clerk checks invoice for a PO reference
* AP clerk looks for PO, COR, and DPO for commodities invoices
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
1. Run the tolerance limit report to verify SAP MM/FI-AP tolerance limits.
2. Review the GR/IR g/l account (#291000), and discuss with AP staff
DISBURSEMENT
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Using a valid selection method, test items to verify that controls/
procedures are in place and functioning properly.
Scope:
Select transactions from the most recent 6 months.
Detailed Step:
Select a sample payment run and:
* verify any changes were made by authorized users
* verify supervisory approval of the payment run
* verify all invoices due for that day were included in the payment run
* document procedures to review Payment Proposal List and Exception List
* verify that each invoice paid is assigned a clearing document number, date
and check number
* verify that no cleared items were paid
* verify that the print file disappears after it is printed
* document any "check print restart" events, and verify spoiled checks were
retained and checks were completed
* verify blocked payments were not paid
* verify invoices were properly posted in FI-GL, using g/l account 220000
* verify check register includes all check numbers
* verify check register is reconciled with the Job Run
* verify all voided checks are included on the print report
* verify checks are mailed out or secure after printing
* verify Admin Accounts review of checks => $100,000
* verify Collections review of checks
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Inventory all manual checks and verify that missing check numbers are in SAP
Verify that the City Controller requires SAP Check List prior to signing the
manual checks
Select a sample of invoices paid via manual check, and trace the manual check
number to the clearing document in SAP
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Obtain list of Citywide user profiles with disbursement-related access.
Review the list for:
* reasonableness of access related to job duties
* employees that no longer need access (i.e. chg of duties, left City)
* conflicting access (i.e. disbursement preparation & disbursement approval)
* proper approval of authorization
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Observe the entire payment run process and verify:
* the AP Supervisor reviews the Payment Proposal List and Exception List
* SAP automatically assigns sequential check numbers
* AP Supervisor reconciles the number of checks in the register to the number
recorded in the SAP Job Log
* voided and spoiled checks were properly handled
* Accounts Admin reviews all checks => $100,000
* Collections reviews all checks for PLT customers owing the City money
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Calculate the amount of discounts lost due to late payments.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample payment run and verify that:
* invoices were assigned a clearing document
* no cleared invoices were paid
* no blocked invoices were paid
* the print file disappears after the checks are printed
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Document the process for payment of credit memos
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample of payments made to employees, and verify proper
authorization.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Document segregation of duties between disbursements and bank reconciliation.
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample check run, and:
* verify Admin Accounts review of checks => $100,000
* verify Treasury review of checks => $100,000
Purpose/Objective:
To determine that controls/ procedures are functioning as documented.
Detailed Step:
Select a sample of re-issued checks and verify that the original warrant was
never cashed
Purpose/Objective:
To review checks listed as lost/stolen for proper documentation
Detailed Step:
Obtain a list of all checks listed as lost/stolen, and determine the reason.