Audit Control Matrix

PROCESS 5.2.
1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK
1 A user may edit, modify or delete a matched invoice.
Adjustments may be approved that are not acceptable to management; this could affect operating
4
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
5
6
7
8
9
10
11
12 An adequate audit trail may not be available.
13 An incorrect purchase order is sent to a vendor.
19 An open, unresolved invoice may not be posted by the closing deadline.

Source: www.knowledgeleader.com Page 1

NO. RISK
Appropriate matching between invoices, receiving documents and purchase orders may not be
25
performed.
26
performed.
27
performed.
Cash may be disbursed and short pays may be resolved for goods and services never received
28
(or in advance of receipt).
29
30
31
32
33 Checks are paid in the wrong amount or to the wrong vendor.
34 Data inconsistency may exist between accounts payable and the general ledger.

NO. RISK
43 Detail activity may be incorrectly posted in the subsidiary ledger.
47 Discrepancies exist between amounts on supplier invoice and supporting documents.
51 Duplicate invoices are received and processed, leading to duplicate payments.
52 Duplicate invoices are received and processed, leading to duplicate payments.
53 Duties are not adequately segregated.

Employees do not complete a purchase request or an expense reimbursement is not approved by
57
the department manager.
58
59
Goods are received for unauthorized or invalid purchase orders and are not appropriately
60
recorded in the system.
61
62
63
64

NO. RISK
65 Invoice does not match the receiver documents.
66 Invoices are not properly authorized, complete, accurate and timely.




NO. RISK
Invoices for goods/services are paid in advance of the due date without regard to the time value
85
of money.
86
of money.
87
of money.
Invoices may be received but never reported or reported inaccurately; this could result in a
88
misstatement of unrecorded liabilities.
89
90
91 Misappropriations or fraudulent payments may be made.


NO. RISK
Payable and related accounts may be misstated because of incorrect adjustments or incorrect
113
reclassifications of distributed amounts.
114
115
116 Payment discounts are not maximized.
119 Payment may be disbursed for goods and services not received.
120 Payment may be made to the wrong person or a fraudulent/non-existent company.
125 Payments may not be made timely, resulting in lost discounts and late charges.
126 Policies and procedures do not exist to support the accounts payable function.

NO. RISK
Purchase order price differs from invoice price, resulting in price discrepancies that are resolved in
133
favor of the supplier.
134 Purchase orders, receivers and invoices are improperly processed, leading to variances.
135 Purchase orders, receivers and invoices are improperly processed, leading to variances.
136 Quantities received differ from quantities billed on the invoice.
140 Special terms are not taken into account.
143 Suppliers are paid an inaccurate amount due to improper tracking of account balances.
144 Suppliers are paid an inaccurate amount due to improper tracking of account balances.
Tax data (state and local tax [SALT], etc.) associated with an invoice is not accurate and
145
complete.
146 There are discrepancies in vendor/supplier management.

NO. RISK

161 There are misappropriations or fraudulent payments.

171 There is a discrepancy between the amounts on the supplier invoice and supporting documents.

NO. RISK
176 There is inadequate safeguarding of accounts payable documents.

183 Unauthorized checks are issued.

Unauthorized, fictitious or improper commitments or expenses may be incurred without
187
management's knowledge or approval.
188
189

CONTROL DESCRIPTION
The software/system logs user entry activity, including time stamp and entry activity.
Rights are restricted within the accounts payable user structure to limit powerful commands (batch approvals, add/del/mod/invoice, etc.).
Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance info, etc.
The company has established tolerances for commodity purchases as appropriate. Receipts in excess of the tolerances may be returned
to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled. The system generates the next check
number, which must match the check number in the routing code at the bottom of the check.
Only managers can review, approve and code professional services and capital invoices for payment.
Trends in amounts and types of adjustments are periodically analyzed.

User access is designed and configured to support the segregation of duties between procurement, receiving, invoice processing, payment
processing and the vendor master.
Regular reporting, investigation and follow-up on backlog of unprocessed vendor invoices, receiving reports or rejected data occurs.
A currency threshold is established for checks requiring two signatures (either two manual signatures or one manual signature and one
computer-generated signature).
The disbursement process is automated to generate checks based on invoice payment due date and post the appropriate accounting
entries.
All invoice batches are entered with a standard naming convention.
Purchase orders are reviewed for accuracy and approved by an officer before they are submitted by the purchasing manager (PM).
The system/software requires that all fields are completed to initiate a purchase order.
Generation of purchase orders is restricted to appropriate personnel.
Changes to purchase orders are reviewed and approved by management prior to mailing to the supplier/vendor.
The staff member who initiates the initial purchase order is responsible for comparing rates and other important information to vendor
contracts.
The accounting manager reviews the PO Request Form, checks the account coding and signs off on the PO Request Form.
The software/system tracks all open invoice issues and is reviewed by the accounts payable supervisor at the end of each month to ensure
open items are cleared.
Invoices which are held from payment due to system or processing errors are required to be resolved within a certain number of days.
Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance info, etc.
Error messages by the system indicate greater than acceptable tolerance levels, etc.
Invoices without purchase orders are routed to the appropriate cost center manager for resolution.
Payments are posted prior to being released for payment.

CONTROL DESCRIPTION
A limited number of suppliers are authorized for automatic release of payment. Tolerance levels are established for these vendors.
The system/software provides for matching of purchase orders, receipts and invoices for central supply. Payment can not be processed on
unmatched documents.
Units of measure conversion tables are used to ensure proper matching of purchase orders and invoices, as many vendors use a different
unit of measure for the same product. Additionally, the purchasing department reviews purchase orders to ensure that the appropriate unit
of measure is used.
When matching the receiver and invoice in the system, the accounts payable clerk must enter a valid purchase order number.
An accounts payable staff member compares the invoice to the open purchase order and receipt of goods or services.
Invoice approval is received at the department level. The central supply warehouse manager validates all receipts entered into the
system/software at the central supply warehouse.
The duplicate payments option prevents the generation or editing of a duplicate payment number by displaying an error when a preexisting
invoice number is entered for the same vendor during voucher creation.
to the vendor.
Printed checks are submitted with the invoice/purchase order to the controller and another officer for comparison and approval. They
cannot be mailed without the signature of the concerned officers.
Accounts payable personnel periodically reconcile payments to the general ledger.
The corporate controller reviews the accounts payable reconciliations monthly.
A monthly reconciliation of the accounts payable subledger and the general ledger balance is prepared by the concerned personnel. All
variances over a certain amount are explained and all non-standard journal entries are reviewed by the concerned personnel.
Any adjustments to accounts payable are reviewed by the controller and posted to the general ledger.
Shipments are checked against packing slips, which are signed by receiving parties and then compared to the invoices and purchase
orders.
The project manager, using a chart of accounts, adds the general ledger account code to every invoice when it is paid. Before the check
can be printed, this the general ledger code must be entered, automatically updating the general ledger. the general ledger code appearing
on the invoice is then reviewed by the concerned signing officers before the check is signed.
An individual who does not process, authorize or disburse accounts payable is assigned to reconcile the accounts payable bank account
each month.

CONTROL DESCRIPTION
The accounts payable subsidiary ledger is reconciled with the general ledger.
The accounts payable manager reconciles the accounts payable suspense account regularly.
The general ledger accounts are posted through the system/software cross-validation rules.
Documented cut-off and period-end closing procedures are adhered to.
The general ledger accounts are posted through the system/software cross-validation rules.
Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent reuse.
Exception reporting and investigation of processed invoices that vary from purchase orders or other criteria by more than pre-established
limits exist.
Checks are automatically prepared by computer based on the scheduled payment date entered when the voucher is processed.
HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
Suppliers of goods/services are instructed to forward invoices directly to accounts payable.
The system closes a purchase order once goods and services are received.
The software/system functionality does not permit duplicate invoice numbers; unique transaction IDs are generated.
Limited personnel have the authority to change vendor master information, supplier terms, variances etc.
Roles are segregated in the system/software where individuals responsible for modifying supplier information can not process payments
and invoices.
A range of disbursement numbers is entered into the system before the checks are printed. After printing the checks, the purchasing
manager checks the last disbursement number of the input range with the last check printed.
A purchase authorization list is maintained that specifies the type of expenditures and limits in which individuals have authority to commit
the company. These authorization criteria may be maintained manually and/or within system applications.
Employee expense reimbursements are approved by the employee’s manager.
The approver reviews the PO Request Form against the department’s approved budget for the year to be sure that the purchase is within
the current year's spending budget.
Purchase requests are approved with a signature in accordance with the PO Approval Matrix. The initiator is responsible for obtaining the
appropriate approval for the purchase request.
For all purchased goods, the invoice(s) received are routed to the initiator of the purchase for review and approval for payment processing.
The initiator of the purchase monitors the contract for compliance, performance and costs.
Access to create a return order is restricted to authorized personnel.
Once goods arrive, appropriate personnel complete a receiving report and scan the items into the stock system timely and accurately.
The accounts payable specialist matches the invoice to the purchase order and transcribes the account code, department code and
product number onto the invoice.
Where applicable, the system performs a match between the purchase order and scanned goods received prior to release of the inventory
to post in the general ledger.

CONTROL DESCRIPTION
Periodically, a report is prepared and the exceptions are analyzed and investigated by the accounts payable supervisor and reported to the
accounts payable manager.
The appropriate authorizations are documented and maintained online for review by the accounts payable clerks. In addition, copies of
authorizing signatures are maintained and available to the clerks in the event a signature is in question.
Upon completion of invoice entry, a clerk compares the input batch detail to the actual invoices to identify key errors.
For voucher processing, the voucher amount is entered on both the voucher and general ledger screens. If one of these amounts is
entered incorrectly, an error occurs. A contingency audit is performed on a regular basis to identify over/under payments. The
system/software performs a check for duplicate invoice numbers.
Subsidiaries review and approve invoices before sending to accounts payable for payment, thus acknowledging receipt of goods or
services.
Only original invoices are accepted by the accounts payable group for processing of payment. Faxed/emailed copies are not processed,
unless specifically approved by the accounts payable supervisor.
Once an invoice has been approved and cleared in the system/software, access to make changes to the related invoice (without the need
for a new check) is only granted by IT.
Department managers are responsible for the review and accuracy of all purchase requisitions that are released from their areas. They are
responsible for ensuring that requisitions are accurate and complete.
Invoices without a purchase order that are not approved via an automated workflow must be approved by appropriate management prior to
payment.
Invoices are paid after three-way match or approval of invoice.
Invoices are approved by appropriate personnel in accordance with the Authority Limit Table for proper functioning.
The concerned/appropriate personnel of each business unit periodically reviews and updates the Authority Limit Table.
Invoice approval is received at the department level. Authorized personnel within the department review the invoices and sign them,
indicating that they are valid and approved for payment. Upon receipt, invoices are date/time stamped for tracking purposes.
The accounts payable clerks review the invoices, noting that appropriate approval was obtained and that proper coding was assigned prior
to entry into the system. The system/software requires the appropriate manager (as defined by the "Approved By" list) to change the batch
of goods status from pending to approved in order for the batch to post.
Special attention will be made on the decimal point entry procedures. The system/software has been configured to display a warning
message reminding users to input the decimal point.
All checks over a certain amount as directed by the company are copied and routed to accounts payable to match with the applicable
voucher.
The invoices are coded and password protected to ensure protection of the invoices.
Invoices are checked for mathematical accuracy.
Processing procedures provide for input verification of critical voucher fields (e.g., vendor, invoice amount, account coding, quantities, part
number, etc.) through manual batch controls, edit exception reports and/or online system edits.

CONTROL DESCRIPTION
Invoices and new supplier requests are required to be processed by the accounts payable group within a specific number of hours of
receipt of the invoice/requests at the corporate location.
Invoices are only entered for vendors that exist on the approved suppliers list (ASL) in the system/software.
Checks are released for payment based on the due date within the software/system.
Payments within accounts payable designated as blocked are not able to be processed.
Payments within accounts payable designated as blocked are not able to be processed.
The accounts payable specialist stamps the invoice with the date that it was received once received.
The accounts payable specialist sends out a reminder before month-end close to all employees reminding them to submit all expense
reports or advise on the estimated amounts to accrue for unprocessed travel and expenses. The accounts payable specialist creates a
journal entry for all unprocessed invoices and the accounting manager reviews this journal entry for the open invoice accrual account.
Receiving enters all receipts only against an open purchase order in the system. The purchase order receiver processing options have
been configured to receive by purchase order.
The accounts payable supervisor reviews the Proposal for Payment Report weekly for unusual items.
Access to Auto Signature is restricted.
The bank is provided with a listing of all issued checks and amounts to compare to all checks received at the bank. The bank only pays the
checks on the listing and matches the amounts.
The company communicates its policy to vendors informing them that it only pays for goods received. Discrepancies between quantity
shipped vs. billed are short paid.
All checks go through a quality review after being cut and before being distributed to ensure that the amount is correct and supplier
information is accurate and complete.
Only the accounts payable coordinator/the accounts payable concerned personnel can process manual/reprinted checks.
The manager of accounting operations reviews all checks over a certain amount.
Debit balances in the accounts payable subsidiary ledger are promptly investigated and, if necessary, refunds are obtained from vendors.
Disbursements are drawn on a zero balance account.
Voided checks are stamped "VOID" to prevent reuse and filed for subsequent inspection.
A pay system is used to electronically inform the bank of all checks issued in order to prevent payment on forged checks or stolen check
stock. Access to the positive pay system is limited to the appropriate individuals who have been authorized by management.
Only managers can review, approve and code professional services and capital invoices for payment.
Purchase cost files are maintained and current. The company has a policy to only pay the purchase order price regardless of the price on
the invoice.

CONTROL DESCRIPTION
Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
The corporate controller reviews the Proposal for Payment Report and supporting documentations, including invoice and approval.
Accounts payable personnel review all checks with supporting documentations.
Accounts payable personnel review all aging reports monthly for credit balances or long outstanding items and resolve any issues.
Requests for manual/quick checks are signed/approved by supervisors.
Vendor names, prices and quantities from invoices are matched to receiving documents and purchase orders by an individual independent
of the purchasing and receiving functions. Discrepancies are resolved prior to processing.
Finance management reviews all check registers for appropriateness.
Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
For capital expenditures, the PO Request Form is reviewed, approved and signed by the department director and the department VP.
Documented cut-off and period-end closing procedures are adhered to.

Payables are not offset against receivables unless first approved by management.
The treasury/cash manager coordinates with accounts payable as necessary for discounts.
Special discounts can be specified on an individual invoice basis.
The software/system automatically takes discounts as defined in the supplier master file for each individual invoice processed.
entries.
The company utilizes a vendor certification program and inspects incoming receipts in accordance with its plan.
Managers must review, approve and code professional services and capital invoices for payment.
Cost center managers are responsible for review of monthly costs.
The software/system systematically generates the journal entry upon completion of the payables check run.
The open voucher summary report within the system/software identifies open voucher amounts, due dates and required pay amounts by
vendor/to vendors. The system/software also provides a voucher aging report that gives management the ability to monitor the aging of
entered vouchers. Payment due dates are calculated based on the invoice date and the terms of the invoice. Upon performing the check
run process, payments are made for all vouchers due. Accounts payable management personnel monitor the system/software’s accounts
payable reports on a regular basis.
A formal policies and procedures document exists to guide the accounts payable process.
Policies and procedures are established to define approval limits and authorization requirements.

CONTROL DESCRIPTION
The company has a cash management policy which is clearly communicated to the accounts payable function. Such a policy is reflected in
the accounts payable system configuration.
Formal procedures exist that ensure that expenditures are approved before committing funds in accordance with management directives.
All contractual agreements are subject to corporate and/or legal review in accordance with local or corporate directives or guidance.
Procedures provide for review of purchase orders to ensure completeness of critical information necessary to execute purchases and
subsequent receipt and payment (e.g., vendor, prices, quantities, terms of payment, part numbers, descriptions, etc.).
Procedures provide for processing of original vendor invoices only. Payments are not processed from faxed copies of invoices or vendor
statements.
The concerned personnel prepare weekly, monthly and quarterly trend analyses on the volume and percentage of variances to monitor
processing integrity for continuous improvement.
Purchasing agents review an open purchase order listing on a regular basis.
to the vendor.
Payment stubs detailing invoice payments, discounts taken and short pay are provided with the checks.
A tolerable limit above the purchase order per-unit cost is accepted to minimize minor cost variances (e.g., tax calculations). These items
are reviewed by management for appropriateness.
The treasury/cash management manager coordinates with accounts payable as necessary for discounts.
Special discounts can be specified on an individual invoice basis.
The software/system automatically takes discounts as defined in the supplier master file for each individual invoice processed.
A system link is set up for contra accounts to track payables and receivables associated with the same supplier.
Debit memos are logged in the software/system and associated with the appropriate supplier, allowing the software/system to show only
the net amount due to that supplier.
Tax data is captured at point of entry.

The system/software automatically assigns a unique vendor number based on the configuration of next numbers. It does not allow a
duplicate number to be assigned.
A designated accounts payable clerk reviews vendor transmittal requests and supporting documentation (e.g., business cards, invoices,
etc.) to determine the validity of the vendor. A designated clerk is authorized to create the vendor master record following the review for
validity. Following the creation of the vendor record, a vendor change report is generated and compared to the original transmittal by
another lead accounts payable clerk to ensure data accuracy. The vendor change report and original transmittal are maintained for periodic
review by a supervisor.

CONTROL DESCRIPTION
A vendor transmittal request is submitted by an authorized party to change the status of the vendor to HOLD. The authorized accounts
payable clerk facilitates the change in the system and notes the reason for the hold. The general accounting manager monitors and
approves vendor hold transactions.
The system/software requires a payment to be issued against a valid vendor/supplier within the system.
The company utilizes a vendor performance program which monitors product quantity, delivery performance, order quality and order fill
rates.
Accounts payable access to vendor master files is restricted to select data fields (address, phone, terms, etc.).
Federal tax ID numbers are required for all suppliers.
Duplicate federal tax ID numbers/vendors or supplier ID numbers are investigated by the accounts payable clerk.
When a new supplier is entered, the system/software performs a check against the existing supplier master to confirm that the new request
does not match a supplier already in the system. It will present an on-screen alert message if a duplicate is found.
The vendor listing is maintained in a vendor master file to ensure all vendors are valid vendors.
If the vendor is not included in the company’s vendor master file, then the accounts payable specialist fills out a New Vendor Form and
sends the New Vendor Form together with the invoice package to the accounting manager for review and approval.
The vendor master file is reviewed on an annual basis by the accounting manager to ensure only valid vendors are in active status.
All supplier information in the vendor master file is appropriately captured as per the laws/regulations, circulars, etc. of a specific region
(example: 1099 series reporting).
Suppliers are established within the software's system upon finalization of procurement procedures.
Standardized supplier setup forms with all required data fields are used.
The company has controls to account for all checks.
A currency threshold is established for checks requiring two signatures (either two manual signatures or one manual signature and one
computer-generated signature).
The proper coding of invoices and automatic accounting instructions (AAIs) have been set up to automatically recognize the appropriate
accounts that are required for a specific batch transaction.
Checks are automatically prepared by computer based on the scheduled payment date entered when the voucher is processed.
All blank checks are kept in a locked drawer where only the accounting manager, assistant controller and controller have access.
Vouchers of physical invoices are matched with the check register.
All supplier payments (except petty cash disbursements) are processed through the software/system.
entries.
The company has established tolerances for commodity purchases, as appropriate receipts in excess of the tolerances may be returned to
the vendor.

CONTROL DESCRIPTION
Trends in amounts and types of adjustments are periodically analyzed.
Purchase cost files are maintained and current. The company has a policy to only pay the purchase order price, regardless of the price on
the invoice.
Regular reporting, investigation, and follow-up on backlog of unprocessed vendor invoices, receiving reports, or rejected data is conducted.
All accounts payable-related documents are kept in a secure facility in the purchase manager's office.
All invoices received are maintained by the accounts payable group indefinitely (a certain number of years onsite followed by maintenance
in an offsite facility).
All vendor/supplier request forms are maintained after they have been entered into the system/software. Electronic versions are maintained
in the online facility and printed versions are maintained onsite by the corporate accounts payable group.
Receipt of a good or service is logged on the associated purchase order in the software/system, which is referenced at the time of payment
approval.
Management performs a review of accruals at month end and a checklist is signed off by the reviewer.
Corporate accountants email all applicable departments requesting support for all accruals or credits to be booked for the current month.
Accounts payable clerks regularly send out notifications to all accountants informing them of any invoices over $X that have not been
processed in accounts payable.
If there are any errors on the check, the check is voided and a new check is printed after the accounting manager’s, controller's, or
assistant controller's review and approval.
All blank checks are kept in a locked drawer where only the accounting manager, assistant controller and controller have access.
Electronic signatures/authorization stamps are appropriately secured.
Purchase commitments are made on the basis of authorized requisitions from user departments, established contracts, established
inventory reorder points or work order material requirements.
The system automatically sorts invoices by their payment due date to ensure proper issuance by the accounts payable department.
Actual expenditures are compared to budget regularly; management reviews and approves significant variances.

Audit Control Matrix

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Audit Control Matrix

Загружено:

Авторское право:

Доступные форматы

PROCESS 5.2.

1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

20 An open, unresolved invoice may not be posted by the closing deadline.

Source: www.knowledgeleader.com Page 1

Source: www.knowledgeleader.com Page 2

55 Duties are not adequately segregated.

56 Duties are not adequately segregated.

Source: www.knowledgeleader.com Page 3

66 Invoices are not properly authorized, complete, accurate and timely.

68 Invoices are not properly authorized, complete, accurate and timely.

69 Invoices are not properly authorized, complete, accurate and timely.

70 Invoices are not properly authorized, complete, accurate and timely.

71 Invoices are not properly authorized, complete, accurate and timely.

72 Invoices are not properly authorized, complete, accurate and timely.

73 Invoices are not properly authorized, complete, accurate and timely.

77 Invoices are not properly authorized, complete, accurate and timely.

78 Invoices are not properly authorized, complete, accurate and timely.

79 Invoices are not properly authorized, complete, accurate and timely.

Source: www.knowledgeleader.com Page 4

94 Misappropriations or fraudulent payments may be made.

95 Misappropriations or fraudulent payments may be made.

Source: www.knowledgeleader.com Page 5

Source: www.knowledgeleader.com Page 6

147 There are discrepancies in vendor/supplier management.

Source: www.knowledgeleader.com Page 7

148 There are discrepancies in vendor/supplier management.

149 There are discrepancies in vendor/supplier management.

150 There are discrepancies in vendor/supplier management.

163 There are misappropriations or fraudulent payments.

164 There are misappropriations or fraudulent payments.

Source: www.knowledgeleader.com Page 8

177 There is inadequate safeguarding of accounts payable documents.

178 There is inadequate safeguarding of accounts payable documents.

179 There is inadequate safeguarding of accounts payable documents.

180 There is inadequate safeguarding of accounts payable documents.

182 There is inadequate safeguarding of accounts payable documents.

183 Unauthorized checks are issued.

Source: www.knowledgeleader.com Page 9

Trends in amounts and types of adjustments are periodically analyzed.

Source: www.knowledgeleader.com Page 10

Source: www.knowledgeleader.com Page 11

Source: www.knowledgeleader.com Page 12

Source: www.knowledgeleader.com Page 13

Source: www.knowledgeleader.com Page 14

Documented cut-off and period-end closing procedures are adhered to.

Source: www.knowledgeleader.com Page 15

Tax data is captured at point of entry.

Source: www.knowledgeleader.com Page 16

Source: www.knowledgeleader.com Page 17

Source: www.knowledgeleader.com Page 18

Вам также может понравиться