Chapter 9:

Auditing the Revenue Cycle

IT Auditing & Assurance, 2e, Hall &

IT Auditing
& Assurance, 2e, Hall & Singleton
Singleton

MANUAL PROCEDURES
Follow Figure 9-1
Obtaining & recording customers
orders
Document = SALES ORDER [Figure 9-2]
One copy in Open Order File

Approving credit
One copy of sales order went to credit

dept.
Returned authorized copy triggers
release of sales order into system
IT Auditing & Assurance, 2e, Hall

MANUAL PROCEDURES
Processing shipping orders
4 copies of Sales Order to warehouse; packing slip,

shipping notice, stock release, file copy

Locate and pick goods using Stock Release; package

them with packing slip

Reconcile documents and goods, sign Shipping Notice,

prepare Bill of Lading multiple copies [Figure 9-3]

Transfer custody of goods (packing slip inside) and 2

copies of Bill of Lading to carrier

Record shipment in shipping log
Send shipping notice to Billing Dept.
File: Stock Release, 1 BOL, File Copy

IT Auditing & Assurance, 2e, Hall

LEGACY SYSTEM PROCEDURES

Keypunch batch of shipping notices
Edit run program, correct any errors

Field checks
Limit tests
Range tests
Price times quantity extensions

Sort run on batches by AR account number

Legacy systems store records in sequential manner,

usually tape
Next process is to post individual shipping notices to
appropriate individual AR accounts

AR update & billing run [Figure 9-4]

Updates AR file becomes new AR file

Billing would be printing invoices to be mailed
Sales journal file or printout
Journal voucher for AR [DR] and sales [CR]
IT Auditing & Assurance, 2e, Hall

LEGACY SYSTEM PROCEDURES

Re-sort by inventory item {why?}
Same reason; but this process is to update Inventory

Items

Inventory update run [Figure 9-5]

Reduce quantity on hand for items shipped, generate a

new Inventory file

Compare On Hand quantity with Reorder Point to
identify items needing replenishment; file or printout
Journal voucher for Cost of Goods Sold [DR] and
Inventory [CR]

Sort journal entries by GL #

Run general ledger update
Management reports
IT Auditing & Assurance, 2e, Hall

BATCH CASH RECEIPTS SYSTEMS

WITH DIRECT ACCESS FILES
See Figure 9-6
Discrete events that naturally fit the batch
approach
Update Procedures
Mail Room
Receives checks and Remittance Advices.
Separates checks from Remittance Advices
Prepares a Remittance List multiple copies
Copy of Remittance List and checks go to Cash
Receipts Dept.
Remittance Advices and copy of Remittance List go
to AR Dept.
Last copy of Remittance List to Controllers Office
IT Auditing & Assurance, 2e, Hall

BATCH CASH RECEIPTS SYSTEMS

WITH DIRECT ACCESS FILES
Cash receipts dept.
Reconciles checks and remittance list
Prepares deposit slip multiple copies
Using terminal/IS, creates a journal

voucher of cash received; Cash [DR] and

AR [CR]
End of day, deposit cash and Deposit
slips to the bank
File copy of deposit slip

IT Auditing & Assurance, 2e, Hall

BATCH CASH RECEIPTS SYSTEMS

WITH DIRECT ACCESS FILES
AR Dept.
Reconciles remittance advices and

remittance list
Prepares batch for transactions

based on remittance advice data to

update AR subsidiary ledger
Files remittance advices and

remittance list
IT Auditing & Assurance, 2e, Hall

BATCH CASH RECEIPTS SYSTEMS

WITH DIRECT ACCESS FILES
DP Dept.
Accesses the two files created in cash receipts (journal

voucher) and AR (batch transaction file of CR)

Reconciles the files
Updates AR-SUB accounts
Updates GL (AR, Cash)
Creates a cash receipts journal
System produces transaction listing that is sent to AR
dept. where AR clerk will reconcile against the
remittance list of file there
More management reports
IT Auditing & Assurance, 2e, Hall

REAL-TIME SALES ORDER ENTRY

AND CASH RECEIPTS
See Figure 9-7
Sales procedures

Transactions are processed as they occur, separately

Credit check is performed online by the system
If approved, system checks availability of inventory
If available, system:
Transmits electronic stock release to warehouse
dept
Transmits electronic packing slip to shipping dept
Updates inventory file records for depletion
Records sale in open sales order computer file
IT Auditing & Assurance, 2e, Hall

REAL-TIME SALES ORDER ENTRY

AND CASH RECEIPTS
Warehouse procedures
Produces hard copy of stock release
Clerk picks goods, sends them with a copy of stock

release to shipping dept.

Shipping procedures
Reconciles goods, stock release, packing slip from

system.
Online, IS prepares Bill of Lading for shipment, and
shipping notice for DP Dept.
Select carrier and prepare goods for shipment, along
with packing slip and Bill of Lading
Stock release form is filed
IT Auditing & Assurance, 2e, Hall

REAL-TIME SALES ORDER ENTRY

AND CASH RECEIPTS
Billing procedures

Record sales invoice and shipment in IS

Print invoice to be sent to customer
Update shipping log and sale invoice files
Delete shipment from open sales order file

Cash receipts procedures

Keypunch cash receipts using the remittance advice

into IS,matching it with the specific record in the sales

invoice file
Keypunch any credit memos using similar process
Generate a remittance file of posted transactions
IT Auditing & Assurance, 2e, Hall

FEATURES OF REAL-TIME
PROCESSING
Events Database

Traditional accounting does not have to exist in per se (in

traditional form)
General Ledger can be derived at any time from a compilation from
the events database

Advantages

Greatly shortens the cash cycle of the firm

Can give a firm a competitive advantage (e.g., managing inventory
better)
Real-time editing permits the identification of many kinds of errors
as they occur, greatly reducing the efficiency and effectiveness of
business processes
Reduces the amount of paper documents
Electronic audit trails are possible in real-time computer-based
systems

IT Auditing & Assurance, 2e, Hall

MANAGEMENT ASSERTIONS AND

REVENUE CYCLE AUDIT OBJECTIVES
Existence / Occurrence

VERIFY AR balance represents amounts actually owed as of Balance Sheet date

Establish sales represents goods shipped and/or services rendered during period of
financials

Completeness

Determine all amounts owed organization are included in AR

VERIFY shipped goods, services rendered, and/or returns and allowances for period
are included in financials

Accuracy

VERIFY revenue transactions are accurately computed, based on correct prices and
quantities
Ensure AR subsidiary ledger, sales invoice file, remittance file are mathematically
correct .. And agree with GL accounts

Rights & Obligations

Determine organization has legal right to AR

VERIFY accounts sold or factored have been removed from AR

Valuation or Allocation

Determine AR balance stated in net realizable value

Establish allocation for uncollectible accounts is appropriate

Presentation and Disclosure

VERIFY AR and revenues for period are properly described and classified

IT Auditing & Assurance, 2e, Hall

INPUT CONTROLS
Purpose
Ensure creditworthiness of customers
Control techniques vary considerably between batch systems and

real-time systems
Credit authorization procedures
Credit worthiness of customer
Batch and manual systems use credit dept.
Real-time systems use programmed decision rules

Testing credit procedures

Verify effective procedures exist
Verify information is adequately communicated
Verify effectiveness of programmed decision rules (test data, ITF)
Verify that authority for making credit decisions is limited to authorized
credit personnel/procedures
Perform Substantive Tests of Detail
Review credit policy periodically and revise as necessary

IT Auditing & Assurance, 2e, Hall

INPUT CONTROLS
Data Validation Controls
To detect transcription errors in data as it is processed
Batch: after shipment of goods

Error logs
Error correction computer processes
Transaction resubmission procedures

Real-Time: Errors handled as they occur

Missing data checks presence of blank fields

Numeric-Alphabetic data checks correct form of data
Limit checks value does not exceed max for the field
Range checks data is within upper and lower limits
Validity checks compare actual values against known acceptable values
Check digit identify keystroke errors by testing internal validity

Testing Data Validation Controls

Verify controls exist and are functioning effectively

Validation of program logic can be difficult

If Controls over system development and maintenance are NOT weak, testing
data editing/programming logic more efficient than substantive tests of details
(test data, ITF)
Some assurance can be gained through the testing of error lists and error logs
(detected errors only)

IT Auditing & Assurance, 2e, Hall

INPUT CONTROLS
Batch controls
Manage high volumes of similar transactions
Purpose: Reconcile output produced by system with the original

input
Controls continue through all computer (data) processes
Batch transmittal sheet:
Unique batch number
Batch date
Transaction code
Record count
Batch control total (amount)
Hast totals (e.g., account numbers)

Testing data validation controls

Failures of batch controls indicates data errors
Involves reviewing transmittal records of batches processed and

reconcile them to the batch control log (batch transmittal sheet)

Examine out-of-balance conditions and other errors to determine
cause of error
Review and reconcile transaction listings, error logs, etc.

IT Auditing & Assurance, 2e, Hall

PROCESS CONTROLS
Computerized procedures for file updating
Restricting access to data
Techniques:
File update controls -- Run-to-run batch control data to monitor

data processing steps

Transaction code controls to process different transactions
using different programming logic (e.g., transaction types)
Sequence check controls sequential files, proper sorting of
transaction files required
Testing file update controls results in errors

Testing data that contains errors (incorrect transaction codes, out

of sequence)
Can be performed in ITF or test data
CAATTs requires careful planning
Single audit procedure can be devised that performs all tests in
one operation.

IT Auditing & Assurance, 2e, Hall

ACCESS CONTROLS
Prevent and detect unauthorized and illegal access to
firms systems and/or assets

Warehouse security
Depositing cash daily
Use safe deposit box, night box, lock cash drawers and safes
Accounting records
Removal of an account from books
Unauthorized shipments of goods using blank sales orders
Removal of cash, covered by adjustments to cash account
Theft of products/inventory, covered by adjustments to inventory or
cash accounts

Testing access controls heart of accounting information integrity

Absence thereof allows manipulation of invoices (i.e., fraud)
Access controls are system-wide and application-specific
Access controls are dependent on effective controls in O/S, networks,
and databases

IT Auditing & Assurance, 2e, Hall

PHYSICAL CONTROLS
Segregation of duties

Rule 1: Transaction authorization separate from

transaction processing
Rule 2: Asset custody separate from record-keeping
tasks
Rule 3: Organization structured such that fraud requires
collusion between two or more people

Supervision

Necessary for employees who perform incompatible

functions
Compensates for inherent exposure from incompatible
functions
Can be supplement when duties are properly segregated
Prevention vs. detection of fraud and crime is objective:
supervision can be effective preventive control

IT Auditing & Assurance, 2e, Hall

PHYSICAL CONTROLS
Independent verification
Review the work of others at critical points in business processes
Purpose: Identify errors or possible fraud
Examples:
Shipping dept. verifies goods sent from warehouse dept. are correct in
type and quantity
Billing dept. reconciles shipping notice with sales notice to ensure
customers billed correctly

Testing physical controls

Review organizational structure for incompatible tasks
Tasks normally segregated in manual systems get consolidated in

DP systems.
Duties of design, maintenance, and operations for computers need
to be separated
Programmers should not be responsible for subsequent program
changes.

IT Auditing & Assurance, 2e, Hall

OUTPUT CONTROLS
PURPOSE: Information is not lost, misdirected, or corrupted; that the
system output processes function properly
Controls are designed to identify potential problems
Reconciling GL to subsidiary ledgers
Maintenance of the audit trail that is the primary way to trace the source

of detected errors
Details of transactions processed at intermediate points
AR change report
Transaction logs: permanent record of valid transactions
Transaction listings successfully posted transactions
Log of automatic transactions
Unique transaction identifiers
Error listings

Testing output controls

Reviewing summary reports for accuracy, completeness,timeliness, and

relevance for decisions

Trace sample transactions through audit trails; including transaction
listings, error logs, and logs of resubmitted records
ACL is very helpful in this process

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE ACCOUNTS
PURPOSE: Determine the nature, timing, and extent of substantive tests
using auditors assessment of inherent risk, unmitigated control risk,
materiality considerations, and efficiency of the audit.
Concern: Overstatement or understatement of revenues?
Focus on large and unusual transactions, especially near period-end
Recognizing revenues from sales that did not occur
Recognizing revenues BEFORE they are realized
Failing to recognize cutoff points
Underestimating allowance for doubtful accounts
Shipping unsolicited products to customers, subsequently returned
Billings customers for products held by seller
Tests of controls and substantive tests
Credit limit logic may be effective but cut-off of AR may be error
Substantive testing of AR may give assurance about accuracy of
total AR but does not offer assurance about collectibility

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE ACCOUNTS
Understanding data
VERIFY data used in CAATTs (e.g., ACL) is accurate
VERIFY adequate setup of files from originals

(e.g., ACL and Profilecommand)

Relationships and data from [see Figure 9-10]:
Customer file
Sales Invoice file
Line item file
Inventory file
Shipping log file

File preparation procedures

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE ACCOUNTS
Accuracy/completeness assertion
Analytical review of account balances
Overall perspective for trends in sales, cash
receipts, sales returns, and AR
Provides first-level assurance that amounts are
reasonably stated and reasonably complete
If so, may reduce the extent of substantive testing

Review sales invoices for unusual trends and

exceptions

Scanning data files using CAAT

(e.g., ACL and stratify and possibly filters - see
Figure 9-11)
Reveals all errors or raises questions?

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE ACCOUNTS
Accuracy/completeness assertion
Review sales invoice and shipping log files
Missing and duplicate transactions [see Table 9-2]
Questions/survey:
Are procedures in place to document and approve voided
invoices?
How are gaps in sales invoice numbers communicated to
management?
What physical controls exist over access to sales invoice source
documents?
If applicable, are batch totals used to control batch transactions
during each processing step?
Are transaction listings reconciled and reviewed by management?

Review line item and inventory files for pricing accuracy

ACL allows auditor to compare prices on invoices with inventory using
JOIN [see example on page 413]
Testing unmatched records (complement)

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE
ACCOUNTS
Existence assertion
Confirmation of AR SAS #67
Not required if:

AR is immaterial
Assessed Control Risk is low
Confirmation process will be ineffective

CAATTs to use for this function?

Steps:
Select accounts to confirm
Consolidate invoices (not AR subsidiary) using CLASSIFY (filter) and
SUMMARIZE (amount) [see Tables 9-3 and 9-4]
Why?
JOIN the CUSTOMER file with the new consolidated invoice file

Prepare confirmation requests [see Figure 9-12]

Positive and Negative Confirmations (ACL, EXPORT)

Evaluating and controlling responses

Retain custody of the confirmation letters until mailed

The letters should be addressed to the auditor, not client org.
The replies should be mailed to the auditor, not client org.
Discrepancies should be investigated.
Non responses to POSITIVE confirmation should be investigated

IT Auditing & Assurance, 2e, Hall

SUBSTANTIVE TESTS OF REVENUE

CYCLE ACCOUNTS
Valuation/allocation assertion
Corroborate or refute AR is stated at reasonable Net

Realizable Value
AGING AR

ACL, AGE [see Table 9-7]

Is allowance for doubtful accounts reasonable compared to

prior years and based on composition of AR portfolio
Confirmation process will be ineffective

Review past-due balances

Conference with credit manager to determine collectibility

Determine if methods used to estimate allowance for doubtful
accounts is adequate, not the collectibility of each account
Determine if overall allowance is, therefore, reasonable

IT Auditing & Assurance, 2e, Hall

Chapter 9:
Auditing the Revenue Cycle

IT Auditing & Assurance, 2e, Hall &

IT Auditing
Singleton& Assurance, 2e, Hall & Singleton