Chapter 9:

Auditing the Revenue Cycle

IT Auditing & Assurance, 2e, Hall &

IT Auditing & Assurance, 2e, Hall & Singleton
Singleton
 MANUAL PROCEDURES
 Follow Figure 9-1
Obtaining & recording customers’
orders
 Document = SALES ORDER [Figure 9-2]
 One copy in “Open Order File”
 Approving credit
 One copy of sales order went to credit
dept.
 Returned authorized copy triggers
release of sales order into system
IT Auditing & Assurance, 2e, Hall & Singleton
 MANUAL PROCEDURES
 Processing shipping orders
 4 copies of Sales Order to warehouse; packing slip,
shipping notice, stock release, file copy
 Locate and “pick” goods using Stock Release; package
them with packing slip
 Reconcile documents and goods, sign Shipping Notice,
prepare Bill of Lading – multiple copies [Figure 9-3]
 Transfer custody of goods (packing slip inside) and 2
copies of Bill of Lading to carrier
 Record shipment in shipping log
 Send shipping notice to Billing Dept.
 File: Stock Release, 1 BOL, File Copy

IT Auditing & Assurance, 2e, Hall & Singleton

LEGACY SYSTEM PROCEDURES
 Keypunch batch of shipping notices
 Edit run program, correct any errors
 Field checks
 Limit tests
 Range tests
 Price times quantity extensions
 Sort run on batches by AR account number
 Legacy systems store records in sequential manner,
usually tape
 Next process is to “post” individual shipping notices to
appropriate individual AR accounts
 AR update & billing run [Figure 9-4]
Updates AR file becomes new AR file
 Billing would be printing invoices to be mailed
 Sales journal file or printout
 Journal voucher for AR [DR] and sales [CR]
IT Auditing & Assurance, 2e, Hall & Singleton
LEGACY SYSTEM PROCEDURES
 Re-sort by inventory item {why?}
 Same reason; but this process is to update Inventory
Items
 Inventory update run [Figure 9-5]
 Reduce quantity on hand for items shipped, generate a
new Inventory file
 Compare “On Hand” quantity with “Reorder Point” to
identify items needing replenishment; file or printout
 Journal voucher for Cost of Goods Sold [DR] and
Inventory [CR]
 Sort journal entries by GL #
 Run general ledger update
 Management reports
IT Auditing & Assurance, 2e, Hall & Singleton
BATCH CASH RECEIPTS SYSTEMS
WITH DIRECT ACCESS FILES
 See Figure 9-6
 Discrete events that naturally fit the batch
approach
 Update Procedures
 Mail Room
Receives checks and Remittance Advices.
Separates checks from Remittance Advices
Prepares a Remittance List – multiple copies
Copy of Remittance List and checks go to Cash
Receipts Dept.
Remittance Advices and copy of Remittance List go
to AR Dept.
Last copy of Remittance List to Controller’s Office
IT Auditing & Assurance, 2e, Hall & Singleton
BATCH CASH RECEIPTS SYSTEMS
WITH DIRECT ACCESS FILES
 Cash receipts dept.
 Reconciles checks and remittance list
 Prepares deposit slip – multiple copies
 Using terminal/IS, creates a journal
voucher of cash received; Cash [DR] and
AR [CR]
 End of day, deposit cash and Deposit
slips to the bank
 File copy of deposit slip

IT Auditing & Assurance, 2e, Hall & Singleton

BATCH CASH RECEIPTS SYSTEMS
WITH DIRECT ACCESS FILES
 AR Dept.
 Reconciles remittance advices and
remittance list
 Prepares batch for transactions
based on remittance advice data to
update AR subsidiary ledger
 Files remittance advices and
remittance list

IT Auditing & Assurance, 2e, Hall & Singleton

BATCH CASH RECEIPTS SYSTEMS
WITH DIRECT ACCESS FILES
 DP Dept.
 Accesses the two files created in cash receipts (journal
voucher) and AR (batch transaction file of CR)
 Reconciles the files
 Updates AR-SUB accounts
 Updates GL (AR, Cash)
 Creates a cash receipts journal
 System produces transaction listing that is sent to AR
dept. where AR clerk will reconcile against the
remittance list of file there
 More management reports

IT Auditing & Assurance, 2e, Hall & Singleton

REAL-TIME SALES ORDER ENTRY
AND CASH RECEIPTS
 See Figure 9-7
 Sales procedures
 Transactions are processed as they occur, separately
 Credit check is performed online by the system
 If approved, system checks availability of inventory
 If available, system:
Transmits electronic stock release to warehouse
dept
 Transmits electronic packing slip to shipping dept
 Updates inventory file records for depletion
 Records sale in open sales order computer file

IT Auditing & Assurance, 2e, Hall & Singleton

REAL-TIME SALES ORDER ENTRY
AND CASH RECEIPTS
 Warehouse procedures
 Produces hard copy of stock release
 Clerk picks goods, sends them with a copy of stock
release to shipping dept.
 Shipping procedures
 Reconciles goods, stock release, packing slip from
system.
 Online, IS prepares Bill of Lading for shipment, and
shipping notice for DP Dept.
 Select carrier and prepare goods for shipment, along
with packing slip and Bill of Lading
 Stock release form is filed

IT Auditing & Assurance, 2e, Hall & Singleton

REAL-TIME SALES ORDER ENTRY
AND CASH RECEIPTS
 Billing procedures
 Record sales invoice and shipment in IS
 Print invoice to be sent to customer
 Update shipping log and sale invoice files
 Delete shipment from open sales order file
 Cash receipts procedures
 Keypunch cash receipts using the remittance advice
into IS,matching it with the specific record in the sales
invoice file
 Keypunch any credit memos using similar process
 Generate a remittance file of posted transactions

IT Auditing & Assurance, 2e, Hall & Singleton

 FEATURES OF REAL-TIME
PROCESSING
 Events Database
 Traditional accounting does not have to exist in per se (in
traditional form)
 General Ledger can be derived at any time from a compilation from
the events database
 Advantages
 Greatly shortens the cash cycle of the firm
 Can give a firm a competitive advantage (e.g., managing inventory
better)
 Real-time editing permits the identification of many kinds of errors
as they occur, greatly reducing the efficiency and effectiveness of
business processes
 Reduces the amount of paper documents
 Electronic audit trails are possible in real-time computer-based
systems

IT Auditing & Assurance, 2e, Hall & Singleton

 MANAGEMENT ASSERTIONS AND
REVENUE CYCLE AUDIT OBJECTIVES
 Existence / Occurrence
 VERIFY AR balance represents amounts actually owed as of Balance Sheet date
 Establish sales represents goods shipped and/or services rendered during period of
financials
 Completeness
 Determine all amounts owed organization are included in AR
 VERIFY shipped goods, services rendered, and/or returns and allowances for period
are included in financials
 Accuracy
 VERIFY revenue transactions are accurately computed, based on correct prices and
quantities
 Ensure AR subsidiary ledger, sales invoice file, remittance file are mathematically
correct .. And agree with GL accounts
 Rights & Obligations
 Determine organization has legal right to AR
 VERIFY accounts sold or factored have been removed from AR
 Valuation or Allocation
 Determine AR balance stated in net realizable value
 Establish allocation for uncollectible accounts is appropriate
 Presentation and Disclosure
 VERIFY AR and revenues for period are properly described and classified

IT Auditing & Assurance, 2e, Hall & Singleton

 INPUT CONTROLS
 Credit authorization procedures
 Credit worthiness of customer
 Credit Department >> Batch systems with manual credit authorization
procedures
 Real-time systems use programmed decision rules
 Testing credit procedures
 Verify effective procedures exist
 Verify information is adequately communicated
 Verify effectiveness of programmed decision rules (test data, ITF)
 Verify that authority for making credit decisions is limited to authorized
credit personnel/procedures
 Perform Substantive Tests of Detail
 Review credit policy periodically and revise as necessary

IT Auditing & Assurance, 2e, Hall & Singleton

 INPUT CONTROLS
 Data Validation Controls
 To detect transcription errors in data as it is processed
 Batch: after shipment of goods
• Error logs
• Error correction computer processes
• Transaction resubmission procedures
 Real-Time: Errors handled as they occur
 Missing data checks – presence of blank fields
 Numeric-Alphabetic data checks – correct form of data
 Limit checks – value does not exceed max for the field
 Range checks – data is within upper and lower limits
 Validity checks – compare actual values against known acceptable values
 Check digit – identify keystroke errors by testing internal validity
 Testing Data Validation Controls
 Verify controls exist and are functioning effectively
 Validation of program logic can be difficult
 If Controls over system development and maintenance are NOT weak, testing
data editing/programming logic more efficient than substantive tests of details
(test data, ITF)
 Some assurance can be gained through the testing of error lists and error logs
(detected errors only)

IT Auditing & Assurance, 2e, Hall & Singleton

 INPUT CONTROLS
 Batch controls
 Manage high volumes of similar transactions
 Purpose: Reconcile output produced by system with the original
input
 Controls continue through all computer (data) processes
 Batch transmittal sheet:
 Unique batch number
 Batch date
 Transaction code
 Record count
 Batch control total (amount)
 Hast totals (e.g., account numbers)
 Testing data validation controls
 Failures of batch controls indicates data errors
 Involves reviewing transmittal records of batches processed and
reconcile them to the batch control log (batch transmittal sheet)
 Examine out-of-balance conditions and other errors to determine
cause of error
 Review and reconcile transaction listings, error logs, etc.
IT Auditing & Assurance, 2e, Hall & Singleton
 PROCESS CONTROLS
 Computerized procedures for file updating
 Restricting access to data
 Techniques:
 File update controls -- Run-to-run batch control data to monitor
data processing steps
 Transaction code controls – to process different transactions
using different programming logic (e.g., transaction types)
 Sequence check controls – sequential files, proper sorting of
transaction files required
 Testing file update controls – results in errors

Testing data that contains errors (incorrect transaction codes, out

of sequence)
Can be performed in ITF or test data
CAATTs requires careful planning
Single audit procedure can be devised that performs all tests in
one operation.
IT Auditing & Assurance, 2e, Hall & Singleton
 ACCESS CONTROLS
 Prevent and detect unauthorized and illegal access to
firm’s systems and/or assets
 Warehouse security
 Depositing cash daily
 Use safe deposit box, night box, lock cash drawers and safes
 Accounting records
 Removal of an account from books
 Unauthorized shipments of goods using blank sales orders
 Removal of cash, covered by adjustments to cash account
 Theft of products/inventory, covered by adjustments to inventory or
cash accounts
 Testing access controls – heart of accounting information integrity
 Absence thereof allows manipulation of invoices (i.e., fraud)
 Access controls are system-wide and application-specific
 Access controls are dependent on effective controls in O/S, networks,
and databases
IT Auditing & Assurance, 2e, Hall & Singleton
 PHYSICAL CONTROLS
 Segregation of duties
 Rule 1: Transaction authorization separate from
transaction processing
 Rule 2: Asset custody separate from record-keeping
tasks
 Rule 3: Organization structured such that fraud requires
collusion between two or more people
 Supervision
 Necessary for employees who perform incompatible
functions
 Compensates for inherent exposure from incompatible
functions
 Can be supplement when duties are properly segregated
 Prevention vs. detection of fraud and crime is objective:
supervision can be effective preventive control

IT Auditing & Assurance, 2e, Hall & Singleton

 PHYSICAL CONTROLS
 Independent verification
 Review the work of others at critical points in business processes
 Purpose: Identify errors or possible fraud
 Examples:
 Shipping dept. verifies goods sent from warehouse dept. are correct in
type and quantity
 Billing dept. reconciles shipping notice with sales notice to ensure
customers billed correctly

 Testing physical controls

 Review organizational structure for incompatible tasks
 Tasks normally segregated in manual systems get consolidated in
DP systems.
 Duties of design, maintenance, and operations for computers need
to be separated
 Programmers should not be responsible for subsequent program
changes.
IT Auditing & Assurance, 2e, Hall & Singleton
 OUTPUT CONTROLS
 PURPOSE: Information is not lost, misdirected, or corrupted; that the
system output processes function properly
 Controls are designed to identify potential problems
 Reconciling GL to subsidiary ledgers
 Maintenance of the audit trail – that is the primary way to trace the source
of detected errors
 Details of transactions processed at intermediate points
 AR change report
 Transaction logs: permanent record of valid transactions
 Transaction listings – successfully posted transactions
 Log of automatic transactions
 Unique transaction identifiers
 Error listings
 Testing output controls
 Reviewing summary reports for accuracy, completeness,timeliness, and
relevance for decisions
 Trace sample transactions through audit trails; including transaction
listings, error logs, and logs of resubmitted records
 ACL is very helpful in this process
IT Auditing & Assurance, 2e, Hall & Singleton
SUBSTANTIVE TESTS OF REVENUE
CYCLE ACCOUNTS
 PURPOSE: Determine the nature, timing, and extent of substantive tests
using auditor’s assessment of inherent risk, unmitigated control risk,
materiality considerations, and efficiency of the audit.
 Concern: Overstatement or understatement of revenues?
 Focus on large and unusual transactions, especially near period-end
 Recognizing revenues from sales that did not occur
 Recognizing revenues BEFORE they are realized
 Failing to recognize cutoff points
 Underestimating allowance for doubtful accounts
 Shipping unsolicited products to customers, subsequently returned
 Billings customers for products held by seller
 Tests of controls and substantive tests

IT Auditing & Assurance, 2e, Hall & Singleton

SUBSTANTIVE TESTS OF REVENUE
CYCLE ACCOUNTS
 Understanding data
 VERIFY data used in CAATTs (e.g., ACL) is accurate
 VERIFY adequate setup of files from originals
(e.g., ACL and Profilecommand)
 Relationships and data from [see Figure 9-10]:
Customer file
Sales Invoice file
Line item file
Inventory file
Shipping log file
 File preparation procedures

IT Auditing & Assurance, 2e, Hall & Singleton

SUBSTANTIVE TESTS OF REVENUE
CYCLE ACCOUNTS
 Accuracy/completeness assertion
 Analytical review of account balances
Overall perspective for trends in sales, cash
receipts, sales returns, and AR
Provides first-level assurance that amounts are
reasonably stated and reasonably complete
If so, may reduce the extent of substantive testing
 Review sales invoices for unusual trends and
exceptions
Scanning data files using CAAT
(e.g., ACL and stratify and possibly filters - see
Figure 9-11)
• Reveals all errors or raises questions?

IT Auditing & Assurance, 2e, Hall & Singleton

SUBSTANTIVE TESTS OF REVENUE
CYCLE ACCOUNTS
 Accuracy/completeness assertion
 Review sales invoice and shipping log files
 Missing and duplicate transactions [see Table 9-2]
 Questions/survey:
• Are procedures in place to document and approve voided
invoices?
• How are gaps in sales invoice numbers communicated to
management?
• What physical controls exist over access to sales invoice source
documents?
• If applicable, are batch totals used to control batch transactions
during each processing step?
• Are transaction listings reconciled and reviewed by management?
 Review line item and inventory files for pricing accuracy
 ACL allows auditor to compare prices on invoices with inventory – using
JOIN [see example on page 413]
 Testing unmatched records (complement)
IT Auditing & Assurance, 2e, Hall & Singleton
SUBSTANTIVE TESTS OF REVENUE
CYCLE
 Existence assertion
ACCOUNTS
 Confirmation of AR – SAS #67
 Not required if:
• AR is immaterial
• Assessed Control Risk is low
• Confirmation process will be ineffective
 CAATTs to use for this function?
• Steps:
• Select accounts to confirm
• Consolidate invoices (not AR subsidiary) using CLASSIFY (filter) and
SUMMARIZE (amount) [see Tables 9-3 and 9-4]
• Why?
• JOIN the CUSTOMER file with the new consolidated invoice file
 Prepare confirmation requests [see Figure 9-12]
• Positive and Negative Confirmations (ACL, EXPORT)
 Evaluating and controlling responses
• Retain custody of the confirmation letters until mailed
• The letters should be addressed to the auditor, not client org.
• The replies should be mailed to the auditor, not client org.
• Discrepancies should be investigated.
• Non responses to POSITIVE confirmation should be investigated

IT Auditing & Assurance, 2e, Hall & Singleton

SUBSTANTIVE TESTS OF REVENUE
CYCLE ACCOUNTS
 Valuation/allocation assertion
 Corroborate or refute AR is stated at reasonable Net
Realizable Value
AGING AR
• ACL, AGE [see Table 9-7]
Is allowance for doubtful accounts reasonable compared to
prior years and based on composition of AR portfolio
• Confirmation process will be ineffective
Review past-due balances
• Conference with credit manager to determine collectibility
• Determine if methods used to estimate allowance for doubtful
accounts is adequate, not the collectibility of each account
• Determine if overall allowance is, therefore, reasonable

IT Auditing & Assurance, 2e, Hall & Singleton

 Chapter 9:
Auditing the Revenue Cycle

IT Auditing & Assurance, 2e, Hall &

IT Auditing & Assurance,
Singleton 2e, Hall & Singleton