Docstoc

SAP Accounts Payable Audit Program

Document Sample
SAP Accounts Payable Audit Program Powered By Docstoc
					SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

VENDOR MASTER TESTING (VM) Detailed Testing - VM - Vendor Master Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly. If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them. Scope: Select transactions from the most recent months. Detailed Testing - 1. VM create walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Select a sample of vendor master records created by both Finance and Housing and:  trace information to vendor master form  verify proper authorization  search for duplicate vendor records  verify the user that made the change has the appropriate SAP user profile  verify that all required information was input

Detailed Testing - 2. VM user profile analysis Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain list of Citywide user profiles with Vendor Master access. Review the list for:  reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City)  conflicting access (i.e. Create vendor & AP duties)  proper approval of authorization

Page 1

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

VENDOR MASTER TESTING (continued) Detailed Testing - 3. VM input observation Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Observe a user creating a Vendor Master Record and verify:  mandatory fields are required -name -address -grace days due date -cash discount terms displayed -amount -percentage -cash discount adjusted to -specifications for posting residual items from payment differences -payment advice tolerances for outstanding payables -tolerance group  the vendor's 1099 is used for input  the user checks for same name/duplicate record  invalid information is not accepted  override authorization (if any)  error/warning appears when erroneous information is entered, or when required information is omitted  naming conventions are used  vendor is blocked for payment if information is missing  vendor coding form is used as source document

Detailed Testing - 4. VM vendor master change report Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Verify that the AP staff reviews report RFKABL00 to review modifications to vendor information

Page 2

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

VENDOR MASTER (continued) Detailed Testing - 5. VM alternative payee Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain a list of all Vendor Master Records with an alternative payee. Select a sample from the list and review supporting documentation for accuracy and proper approval.

Page 3

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE PROCESSING Detailed Testing - IP - Invoice Processing Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly. If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them. Scope: Select transactions from the most recent 6 months.

Detailed Testing - 1. IP create walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Select a sample of invoices and:  verify proper dept approval  verify proper AP approval  trace information to supporting documentation  verify that the posting to the vendor account agrees to the g/l posting  verify documents were stored properly  verify the RF was properly reduced (if applicable)  verify mathematical accuracy of the invoice  invoice is stamped "Paid"

Page 4

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE PROCESSING (continued) Detailed Testing - 2. IP user profile analysis Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain list of Central AP user profiles with Invoice create/change/approve access. Review the list for:  reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City)  conflicting access (i.e. Invoice create & warrant distribution)  proper approval of authorization

Detailed Testing - 3. IP input observation Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Observe users creating, changing and approving an Invoice and verify:  posting keys are limited to document type  SAP automatically selects posting keys  SAP requires debit and credit entries to net to zero before posting  payee or amount cannot be changed after supervisor has released PCD  each line is being reviewed by Finance AP staff  mandatory fields are required  invalid information is not accepted  AP staff checks for a PO before approving  AP staff checks commodity invoices for a PO, COR or DPO  AP staff checks for an RF# before approving  SAP does not allow the same invoice to be entered if the following are the same: -Invoice number -Vendor number -Invoice date  Finance AP staff can not change a payee or amount after the invoice is posted  SAP gives a warning if Business Area and Cost Center are not compatible

Page 5

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE PROCESSING (continued) Detailed Testing - 4. IP duplicate invoice testing Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Document and review the system checks for identifying duplicate invoices. Review copies of the duplicate invoice report from SAP, and verify that Finance staff is taking appropriate action. Use ACL to verify SAP does not allow duplicate invoices to be entered if the following information is the same:  invoice number  vendor number  invoice date

Detailed Testing - 5. IP timeliness Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: A. Review cycle time information kept by the Finance Dept on the timeliness of invoice input. B. Obtain a report for invoices entered for a period of time, and determine the percent of invoices paid late. C.     Review the dept's use of the following reports: Vendor Account Balance (RFKSLD00) Vendor Line Items (RFKEPL00) Vendor Purchase List (RFKUML00) invoices parked or held

Page 6

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE PROCESSING (continued) Detailed Testing - 6. IP reversal entries Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Verify that only Finance AP Supervisors have access to reverse a document. Document and test AP staff controls to detect reversal entries.

Detailed Testing - 7. IP MM documents keyed in FI Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain the most recent reconciliation of g/l account 291000, and verify AP staff review of outstanding items

Detailed Testing - 8. IP invoices against RFs Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain a list of documents with RF numbers referred to in the user-defined field. Select a sample of documents, and verify that the RF was properly reduced.

Page 7

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE VERIFICATION Detailed Testing - IV - Invoice Verification Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly. If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them. Scope: Select transactions from the most recent 6 months.

Detailed Testing - 1. IV create walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Rely on Observation and GR/IR reconciliation tests (items IV 3&4)

Detailed Testing - 2. IV user profile analysis Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain list of Central AP user profiles with Invoice Verification change/approve access. Review the list for:  reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City)  conflicting access (i.e. Invoice Verification & Goods Receipt create)  proper approval of authorization

Page 8

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

INVOICE VERIFICATION (continued) Detailed Testing - 3. IV input observation Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Observe users changing and approving invoices and verify:  each line is being reviewed by Finance AP staff  mandatory fields are required  invalid information is not accepted  SAP displays PO line items automatically  SAP gives a warning if the tolerance limit is exceeded  AP clerk notifies Purchasing of exceptions  SAP automatically (or AP clerk manually) blocks the invoice if tolerance is exceeded  AP clerk checks invoice for a PO reference  AP clerk looks for PO, COR, and DPO for commodities invoices

Detailed Testing - 4. IV GR/IR reconciliation Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: 1. Run the tolerance limit report to verify SAP MM/FI-AP tolerance limits. 2. Review the GR/IR g/l account (#291000), and discuss with AP staff (GR = Goods Receipt; IR = Invoice)

Page 9

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

DISBURSEMENT Detailed Testing - D - Disbursement Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Using a valid selection method, test items to verify that controls/ procedures are in place and functioning properly. If procedures are not occurring as documented, perform sufficient testing to determine actual procedures being performed & document them. Scope: Select transactions from the most recent 6 months.

Detailed Testing - 1. D pmt run walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Select a sample payment run and:  verify any changes were made by authorized users  verify supervisory approval of the payment run  verify all invoices due for that day were included in the payment run  document procedures to review Payment Proposal List and Exception List  verify that each invoice paid is assigned a clearing document number, date and check number  verify that no cleared items were paid  verify that the print file disappears after it is printed  document any "check print restart" events, and verify spoiled checks were retained and checks were completed  verify blocked payments were not paid  verify invoices were properly posted in FI-GL, using g/l account 220000  verfiy check register includes all check numbers  verify check register is reconciled with the Job Run  verify all voided checks are included on the print report  verify checks are mailed out or secure after printing  verify Admin Accounts review of checks => $100,000  verify Collections review of checks

Page 10

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

DISBURSEMENT (continued) Detailed Testing - 2. D manual check walk-through Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Inventory all manual checks and verify that missing check numbers are in SAP Verify blank checks are secure Verify that the City Controller requires SAP Check List prior to signing the manual checks Verify independent review of the manual check log Verify that the signature stamp is secure Select a sample of invoices paid via manual check, and trace the manual check number to the clearing document in SAP Verify manual checks are pre-numbered
Detailed Testing - 3. D user profile analysis Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Obtain list of Citywide user profiles with disbursement-related access. Review the list for:  reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City)  conflicting access (i.e. disbursement preparation & disbursement approval)  proper approval of authorization Obtain a list of Citywide user profiles with Payment Output authorization, and review the list for:  reasonableness of access related to job duties  employees that no longer need access (i.e. chg of duties, left City)  conflicting access (i.e. disbursement preparation & disbursement approval)  proper approval of authorization

Page 11

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

DISBURSEMENT (continued) Detailed Testing - 4. D input observation Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Observe the entire payment run process and verify:  the AP Supervisor reviews the Payment Proposal List and Exception List  SAP automatically assigns sequential check numbers  AP Supervisor reconciles the number of checks in the register to the number recorded in the SAP Job Log  voided and spoiled checks were properly handled  Accounts Admin reviews all checks => $100,000  Collections reviewes all checks for PLT customers owing the City money

Detailed Testing - 5. D discounts Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step: Calculate the amount of discounts lost due to late payments. Verify that SAP is properly calculating discounts at the time of payment.

Detailed Testing - 6. D duplicate payment testing Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Select a sample payment run and verify that:  invoices were assigned a clearing document  no cleared invoices were paid  no blocked invoices were paid  the print file disappears after the checks are printed

Page 12

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

DISBURSEMENT (continued) Detailed Testing - 7. D payment of credit memos Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Document the process for payment of credit memos
Detailed Testing - 8. D pmts to employees Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Select a sample of payments made to employees, and verify proper authorization. If possible, use ACL to subtotal checks to employees by employee name, and review the results.
Detailed Testing - 9. D bank reconciliation review Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Document segregation of duties between disbursements and bank reconciliation. Select a sample of reconciliations and review unreconciled items.
Detailed Testing - 10. D pmts > $100,000 Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Select a sample check run, and:  verify Admin Accounts review of checks => $100,000  verify Treasury review of checks => $100,000
Page 13

SAP R/3 Accounts Payable Application Controls Audit Program
Contributed August 29, 2001 by julia.bird@phoenix.gov

DISBURSEMENT (continued) Detailed Testing - 11. D reissued check review Purpose/Objective: To determine that controls/ procedures are functioning as documented. Detailed Step:

Select a sample of re-issued checks and verify that the original warrant was never cashed Agree check information to supporting documentation Verify supervisor approval on all re-issued checks.
Detailed Testing - Lost/stolen checks Purpose/Objective:

To review checks listed as lost/stolen for proper documentation
Detailed Step:

Obtain a list of all checks listed as lost/stolen, and determine the reason.

Page 14


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1362
posted:4/1/2009
language:English
pages:14