Beruflich Dokumente
Kultur Dokumente
Internal Audit
Manual
This spreadsheet shows the data for an a risk based
internal audit of accounts payable (number 205). It
requires modifying for your organization.
David Griffiths
v1.0
Risk based internal auditing by David Griffiths is licensed under a Creative Commons Attribution-NonC
Incont
Accounts payable
205
(This is the first audit)
Accounts payable
Department
Function
Operating unit
Division
Entity
Accounts Payable
Accounting Services
Finance
n/a
The Retail Company
Resp
Target
Achieved
CAE
Auditor
Auditor
Auditor
CAE
1-Nov-X0
16-Dec-X0
16-Dec-X0
17-Dec-X0
12-Jan-X1
2-Nov-X0
16-Dec-X0
16-Dec-X0
18-Dec-X0
12-Jan-X1
13-Jan-X1
2-Feb-X1
3-Feb-X1
4-Feb-X1
12-Feb-X1
12-Feb-X1
13-Feb-X1
16-Feb-X1
19-Feb-X1
20-Feb-X1
5-Mar-X1
13-Jan-X1
2-Feb-X1
3-Feb-X1
5-Feb-X1
12-Feb-X1
12-Feb-X1
13-Feb-X1
17-Feb-X1
19-Feb-X1
23-Feb-X1
8-Mar-X1
8-Mar-X1
8-Mar-X1
12-Mar-X1
18-Mar-X1
19-Mar-X1
8-Mar-X1
8-Mar-X1
12-Mar-X1
19-Mar-X1
19-Mar-X1
date
15-Mar-X1
16-Mar-X1
Course
Course
Course
Course
Course
200 Testing
200 Testing
200 Write report
200 Write report
200 Write report
205 Testing
205 Testing
205 Testing
205 Testing
205 Testing
205 Testing
205 Testing
205 Testing
205 Testing
P Jones (CAE)
Holiday
Holiday
Holiday
Holiday
Holiday
Out of office
Out of office
205 Testing
205 Testing
13-Feb-X1 Friday
14-Feb-X1 Saturday
15-Feb-X1 Sunday
16-Feb-X1 Monday 205 assemble issues
17-Feb-X1 Tuesday 205 Write draft report
18-Feb-X1 Wednesda205 Close-down meeting Write draft report
19-Feb-X1 Thursday 205 Write draft report
205 Write draft report
20-Feb-X1 Friday
21-Feb-X1 Saturday
22-Feb-X1 Sunday
23-Feb-X1 Monday 205 Issue draft report
24-Feb-X1 Tuesday 210 Briefing from CAE
25-Feb-X1 Wednesda210 Set up files/scope
26-Feb-X1 Thursday 210 Issue draft scope
Write final 204
Write final 200
27-Feb-X1 Friday
28-Feb-X1 Saturday
29-Feb-X1 Sunday
Write final 200
01-Mar-X1 Monday Write final 204
Write final 200
02-Mar-X1 Tuesday Write final 204
03-Mar-X1 Wednesda205 Receive comments
04-Mar-X1 Thursday 205 Write final report
05-Mar-X1 Friday
Final reports sign approval 200, 204, 205
06-Mar-X1 Saturday
07-Mar-X1 Sunday
08-Mar-X1 Monday Issue final reports 200, 204, 205
Out of office
Out of office
Out of office
Out of office
M Khan
Holiday
Holiday
Holiday
Holiday
Holiday
In office
In office
In office
In office
In office
In office
In office
In office
In office
In office
In office
Out of office
Out of office
Title
205 Accounts Payable
Staff 1
Staff 2
Max Davis
Frank Sawyer
Date
Next action
13-Nov Briefing from CAE. Audit Look at documentation,
due early Feb.
including Objectives and Risk
Register and accounts payable
manuals. Prepare draft scope
15-Dec Briefing from CAE. Draft Set up directories and
scope agreed with CAE documentation. Draft scope to be
issued 17 Dec
18-Dec Issued draft scope.
Prepare for Jan 6 meeting
(Additional work on audit
203 delayed the issue)
and agenda for Jan 6
meeting.
6-Jan Met Head of Accounting
Services and AP Manager
Jan-12 Obtained CAE approval.
Jan-13 Final scope issued
Mon Feb Meeting with AP Manager
and Supervisors.
2
Assessment risk maturity
Follow up JB Associates
invoices.
Draft report
Timing
Q1 20X1
Man
Pat Jones
Target date
14-Dec
17-Dec
6-Jan
Jan-09
Jan-13
Jan-13
Feb-02
Feb-13
Feb-05
Feb-06
Feb-09
Feb-13
16-Feb
20-Feb
20-Feb
8-Mar
5-Mar
Ref
Document
Hyperlink
Word
Draft scope
Note with draft scope
Final scope
Note with final scope
In manual
In manual
In manual
(not included)
Contents
Hyperlink
In manual
6-Jan-X1
In manual
2-Feb-X1
(Not included)
6-Feb-X1
Notes from the meeting with the AP Manager and Head (Not included)
of Accounting Services to update them on progress (not
included)
6-Feb-X1
19-Feb-X1
(Not included)
(Not included)
From 'An approach to implementing Risk Based Internal Auditing' (IIA-UK and Ireland) - may no longer be availa
Modified by a checklist in Guide to ISO 310000. Hyperlink:
Objective Level 1
Risk Level 1
Objective Level 2
Risk Level 2
Controls
Control ISO31000
Risk Architecture
Statement produced that sets out
risk responsibilities and lists the
risk-based matters reserved for the
board
Risk aware culture exists within the Evaluates Performance Measures, Incentives, and
organization and actions are in
Rewards for Ongoing relevancemanagement and the
hand to enhance the level of risk board of directors align incentives and rewards with the
maturity
fulfillment of internal control responsibilities in the
achievement of objectives
Sources of risk assurance for the
Board have been identified and
validated
Risk Strategy
Risk management policy produced Considers tolerances for risk- Management consider the acceptable
that describes risk appetite, risk
levels of variation relative to the achievement of operations
culture and philosophy
objectives
Business objectives validated and Reflects Managements ChoicesThe operations objectives reflect
the assumptions underpinning
managements choices about structure, industry considerations, and
those objectives tested
performance of the entity
Risk Protocols
Appropriate risk management
Estimates Significance of Risks Identifiedmanagement ensures
framework identified and adopted, that identified risks are analyzed through a process that includes
with modifications as appropriate estimating the potential significance of the risk
Details of required risk responses Determines How to Respond to Risksmanagement ensures that
recorded, together with
the risk assessment includes considering how the risk should be
arrangements to track risk
managed and whether to accept, avoid, reduce, or share the risk
improvement recommendations
Details of required risk responses Reassesses Policies and Proceduresmanagement periodically
recorded, together with
reviews control activities to determine their continued relevance,
arrangements to track risk
and refresh them when necessary
improvement recommendations
Incident reporting procedures
established to facilitate
identification of risk trends,
together with risk escalation
procedures
No equivalent
Arrangements in place to audit the Involves Appropriate Levels of ManagementThe organization puts
efficiency and effectiveness of the into place effective risk assessment mechanisms that involve
controls in place for significant
appropriate levels of management
risks
Arrangements in place to audit the Involves Appropriate Levels of ManagementThe organization puts
efficiency and effectiveness of the into place effective risk assessment mechanisms that involve
controls in place for significant
appropriate levels of management
risks
Overall Conclusion:
AP Control
Risks been allocated to specific job The ORCR shows risks allocated to specific job
titles
titles
Management have been trained to All levels of staff have had risk awareness training
understand what risks are, and
their responsibility for them.
No equivalent
n/a
Risks are identified when functions New risks are notified to the keeper of the risk
and processes change due to
register - Risk Management
changes in the business or
external changes
Responses to the risks (e.g.
controls) have been selected and
implemented.
Risks are regularly reviewed by the Risk Management notify AP of significant risk
organization.
changes, for example resulting from new laws
No equivalent
Risk Managed
Audit test
Test result
Monitoring Control
The risk appetite is consistent with None - except that managers would
the scoring system
complain if the risk appetite details
were not present
Check other objectives and targets Agendas for the meetings, and
The Head of Accounting Services
are consistent with the
notes distributed after the meetings signs off targets for all AP staff,
organization's objectives.
show all the objectives
which should show evidence of the
need to achieve company and AP
objectives
Examined the processes to ensure
they are sufficient to ensure
identification of all risks. Checked
they are in use, by examining the
output from any workshops.
None
Audit Test
Test Result
Risk
enabled
YES
YES
Risk
managed
YES
Risk
defined
YES
YES
YES
YES
YES
YES
No evidence of check
(note as Deficiency 2)
n/a
n/a
YES
YES
YES
YES
n/a
YES
YES
YES
YES
YES
YES
YES
Risk defined
Risk aware
Risk nave
Characteristics
Facilitate risk
management/liaise with risk
management and use
management assessment of
risk where appropriate
Promote enterprise-wide
approach to risk management
and rely on audit risk
assessment
L1obj
L1 Objectives
L1risk
L1 Risks
L2obj
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
258
259
260
261
262
263
264
257
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
L2 Objectives
L2risk L2
Risks
L3obj
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect balances
Incorrect output
Incorrect output
Incorrect output
Incorrect output
Incorrect output
Incorrect output
Incorrect output
Incorrect output
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
Establish an internal
control framework (US COSO)
L3 Objectives
L3risk
L3 Risks
Consequence of risk
Risk source
IRC IRL
IRS
Process
20
Accounts Payable - define
strategy
20
Accounts Payable - define
strategy
20
An inadequate strategy could result in
poor decisions with the failure to seize
opportunities and ultimately result in
inefficiencies
20
The strategy fails due to unforseen risks
occuring
20
Accounts Payable - define
strategy
20
Accounts Payable - define
strategy
20
Failure to achieve the strategy will result
in efficiencies
20
Accounts Payable comply with legislation
20
20
Accounts Payable comply with legislation
20
Accounts Payable comply with legislation
20
Accounts Payable comply with legislation
20
Risk applies to all
objective hierarchies
20
Accounts Payable comply with company
policies
20
20
4
Establish structure,
authority and
20 responsibility
20
20
4
20
Establish control
environment
20
Establish control
environment
20
Risk applies to all
objective hierarchies
Establish control
environment
20
Establish control
environment
20
20
4
20
Accounts Payable
Department
20
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable - set up
system
20
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable - set up
standing data
20
Accounts Payable - set up
standing data
20
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable - set up
standing data
20
Accounts Payable maintain standing data
20
Accounts Payable maintain standing data
20
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable maintain standing data
20
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable maintain standing data
20
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable maintain standing data
20
Accounts Payable maintain standing data
20
Accounts Payable maintain standing data
20
Accounts Payable maintain standing data
20
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable maintain standing data
20
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable maintain supplier data
15
Accounts Payable maintain supplier data
15
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable maintain supplier data
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable maintain supplier data
15
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable maintain supplier data
15
Accounts Payable
Department
15
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable maintain supplier data
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable maintain supplier data
15
Accounts Payable - input
invoices
15
5
0
5
0
5
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
3
15
Pay too much for goods or services
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
20
Accounts Payable - input
invoices
20
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Payment of invoice delayed with supplier Accounts Payable
possibly refusing to supply more
Department
goods/services. Discount may be lost.
Accounts Payable
Department
Accounts Payable
Department
10
Accounts Payable - input
invoices
10
Accounts Payable - input
invoices
15
Possible incorrect tax calculation and/or
accounting misstatement with danger of
fines
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable - input
invoices
15
Accounts Payable - input
invoices
15
Accounts Payable
Department
15
Accounts Payable
Department
15
Accounts Payable
Department
Accounts Payable
Department
15
Accounts Payable generate payment
15
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
0
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Accounts Payable
Department
Internal control
Function
Internal
control owner
Accounts Payable
The Head of Accounting Services sets targets for the Accounts Payable
AP manager at the start of the year, which include
targets to deliver the strategy. The AP manager sets
targets for the AP staff.
Head of Accounting
Services/ AP Manager
The Head of Accounting Services sets targets for the Accounts Payable
AP manager at the start of the year, which include
targets to deliver the strategy. The AP manager sets
targets for the AP staff.
Head of Accounting
Services/ AP Manager
Accounts Payable
manager
Accounts Payable
Control
number
5
6
7
8
9
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
10
11
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
13
HR and other
functions
responsible for
policy
Chiefs of HR and
other departments
responsible for policy
14
12
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
15
16
17
18
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
19
20
21
22
23
Accounts Payable
manager
24
Accounts Payable
Accounts Payable
Accounts Payable
manager
28
Accounts Payable
Accounts Payable
manager
29
Accounts Payable
manager
25
26
27
Data was supplied by Finance and Tax departments Financial Accounts Heads of Financial
and Taxation
Accounts and Taxation
Departments
Departments
30
31
Accounts Payable
Accounts Payable
manager
32
Accounts Payable
Accounts Payable
manager
33
Accounts Payable
Accounts Payable
manager
34
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
36
Accounts Payable
Accounts Payable
manager
37
Accounts Payable
Input Supervisor
38
System checks all required data fields on system are Accounts Payable
completed
Accounts Payable
Input Supervisor
39
35
Accounts Payable
Input Supervisor
40
Accounts Payable
Input Supervisor
41
Accounts Payable
Accounts Payable
Input Supervisor
42
Accounts Payable
Input Supervisor
43
Accounts Payable
Accounts Payable
Input Supervisor
44
Accounts Payable
Accounts Payable
Input Supervisor
45
Accounts Payable
Accounts Payable
Input Supervisor
46
Accounts Payable
Accounts Payable
Input Supervisor
47
Accounts Payable
Accounts Payable
Input Supervisor
48
Accounts Payable
Accounts Payable
Input Supervisor
49
Accounts Payable
Input Supervisor
50
Accounts Payable
Input Supervisor
51
Accounts Payable
Assistant Buyer
Merchandising or
Purchasing
Buyer
Buyer
Buyer
Buyer
52
53
54
55
56
Merchandising or
Purchasing
Assistant Buyer
57
Buyer
Accounts Payable
Accounts Payable
Manager
59
Accounts Payable
Manager
60
Accounts Payable
Accounts Payable
Manager
Accounts Payable
Accounts Payable
manager
62
Accounts Payable
Accounts Payable
manager
63
Accounts Payable
manager
64
Accounts Payable
manager
65
New and amended suppliers details printed out and Accounts Payable
independently checked to supporting documentation
Accounts Payable
manager
66
New and amended suppliers details printed out and Accounts Payable
independently checked to supporting documentation
Accounts Payable
manager
67
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
58
61
68
69
70
71
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
72
73
74
75
76
77
78
79
80
81
82
83
84
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
85
86
87
88
89
Accounts Payable
manager
90
Accounts Payable
manager
91
Function which
Manager of function
initiates the charge which initiates the
charge
Function which
Manager of function
initiates the charge which initiates the
charge
Accounts Payable
manager
Accounts Payable
manager
92
93
94
95
Accounts Payable
manager
Accounts Payable
manager
96
97
Function which
Manager of function
initiates the charge which initiates the
charge
98
99
Function which
Manager of function
initiates the charge which initiates the
charge
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Edit checks to detect data input into wrong period or Accounts Payable
with incorrect dates
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
100
101
102
103
104
105
106
107
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Manager
Accounts Payable
Manager
Accounts Payable
manager
Accounts Payable
108
109
110
111
112
113
114
115
116
117
118
119
120
Accounts Payable
manager
121
Merchandising,
Appropriate buyer or
Purchasing or
manager
approving function
123
Merchandising,
Appropriate buyer or
Purchasing or
manager
approving function
124
125
126
Merchandising,
Appropriate buyer or
Purchasing or
manager
approving function
127
128
Accounts Payable
manager
Accounts Payable
manager
122
129
130
Manual payments (on line, check/cheque or bank
Accounts Payable
transfer) made from properly authorized documents
and independently checked
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
131
132
Accounts Payable
manager
Accounts Payable
manager
134
Accounts Payable
manager
135
Accounts Payable
133
Accounts Payable
Accounts Payable
manager
136
Accounts Payable
Accounts Payable
manager
137
Accounts Payable
Accounts Payable
manager
138
Accounts Payable
manager
139
Accounts Payable
manager
Accounts Payable
140
Accounts Payable
manager
141
Accounts Payable
Accounts Payable
manager
142
Merchandising,
Appropriate buyer or
Purchasing or
manager
approving function
Accounts Payable
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
146
Accounts Payable
Accounts Payable
manager
147
Accounts Payable
manager
148
Accounts Payable
manager
149
Accounts Payable
Accounts Payable
manager
150
Accounts Payable
Accounts Payable
manager
151
143
144
145
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
153
Accounts Payable
Accounts Payable
manager
154
Accounts Payable
Accounts Payable
manager
155
Accounts Payable
manager
156
Accounts Payable
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
158
Accounts Payable
Accounts Payable
manager
159
Accounts Payable
Accounts Payable
manager
160
Accounts Payable
Accounts Payable
manager
161
Accounts Payable
Accounts Payable
manager
162
Accounts Payable
Accounts Payable
manager
163
Accounts Payable
Accounts Payable
manager
164
Accounts Payable
manager
165
Accounts Payable
manager
166
Accounts Payable
manager
167
Accounts Payable
manager
168
152
157
Accounts Payable
Accounts Payable
manager
169
Accounts Payable
Accounts Payable
manager
170
Accounts Payable
Accounts Payable
manager
171
Accounts Payable
Accounts Payable
manager
172
Accounts Payable
manager
173
All data which affects the system balance to be input Accounts Payable
via the system
Accounts Payable
manager
174
Accounts Payable
Accounts Payable
manager
175
Accounts Payable
Accounts Payable
manager
176
Accounts Payable
manager
177
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
179
Accounts Payable
Accounts Payable
manager
180
Accounts Payable
Accounts Payable
manager
181
Accounts Payable
Accounts Payable
manager
182
Accounts Payable
Accounts Payable
manager
183
Accounts Payable
manager
184
Accounts Payable
manager
185
Accounts Payable
178
Accounts Payable
Accounts Payable
manager
186
Accounts Payable
Accounts Payable
manager
187
Accounts Payable
Accounts Payable
manager
188
Accounts Payable
manager
189
Accounts Payable
Accounts Payable
manager
190
Accounts Payable
manager
191
Accounts Payable
Accounts Payable
manager
192
Accounts Payable
manager
193
Accounts Payable
Accounts Payable
manager
194
Accounts Payable
manager
195
IT management
Accounts Payable
196
IT controls prevent direct access to files
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
197
198
IT management
199
200
201
202
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
IT management
Accounts Payable
Accounts Payable
manager
223
Accounts Payable
manager
224
Accounts Payable
manager
225
Accounts Payable
Accounts Payable
manager
226
Accounts Payable
Accounts Payable
manager
227
Accounts Payable
Accounts Payable
manager
220
221
222
228
Accounts Payable
manager
229
Accounts Payable
Accounts Payable
manager
230
Accounts Payable
Accounts Payable
manager
231
Accounts Payable
Accounts Payable
manager
232
Accounts Payable
Accounts Payable
manager
233
Accounts Payable
Accounts Payable
manager
234
Accounts Payable
Accounts Payable
manager
235
Accounts Payable
manager
236
Accounts Payable
manager
237
Accounts Payable
manager
238
Accounts Payable
Accounts Payable
manager
239
Accounts Payable
Accounts Payable
manager
240
Accounts Payable
Accounts Payable
manager
241
Accounts Payable
manager
242
Accounts Payable
manager
243
Accounts Payable
manager
244
Accounts Payable
manager
245
Accounts Payable
Accounts Payable
manager
246
Accounts Payable
Accounts Payable
manager
247
Accounts Payable
Accounts Payable
manager
248
Accounts Payable
Accounts Payable
manager
249
Accounts Payable
Accounts Payable
manager
250
Accounts Payable
manager
251
Accounts Payable
Accounts Payable
manager
252
Accounts Payable
Accounts Payable
manager
253
Accounts Payable
manager
Accounts Payable
Accounts Payable
manager
255
Accounts Payable
Accounts Payable
manager
256
254
257
Sets the tone at the top - The board of directors and Accounts Payable
management at all levels of the entity demonstrate
through their directives, actions, and behavior the
importance of integrity and ethical values to support
the functioning of the system of internal control
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
258
259
Board and senior
management
260
Board and senior
management
261
Board and senior
management
262
263
Board and senior
management
264
Accounts Payable
Management
Accounts Payable
265
266
267
Management
268
270
271
272
273
Accounts Payable
269
Specific to processes
involved
Specific to processes
involved
Specific to processes
involved
Accounts Payable
274
275
276
Specific to processes
involved
Specific to processes
involved
Specific to processes
involved
277
278
279
Assesses Opportunitiesthe assessment of fraud
Accounts Payable
risk considers opportunities for unauthorized
acquisition, use, or disposal of assets, altering of the
entitys reporting records, or committing other
inappropriate acts
Specific to processes
involved
Accounts Payable
Specific to processes
involved
Accounts Payable
Accounts Payable
280
281
Specific to processes
involved
282
Specific to processes
involved
283
Accounts Payable
Accounts Payable
Specific to processes
involved
284
Specific to processes
involved
285
Specific to processes
involved
Accounts Payable
Specific to processes
involved
Accounts Payable
Accounts Payable
286
287
Specific to processes
involved
288
Specific to processes
involved
289
IT management
Specific to processes
involved
Specific to processes
involved
Accounts Payable
290
291
292
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
Specific to processes
involved
293
Specific to processes
involved
294
Specific to processes
involved
295
Specific to processes
involved
296
Specific to processes
involved
297
Specific to processes
involved
298
Specific to processes
involved
Specific to processes
involved
Specific to processes
involved
Accounts Payable
299
300
301
Specific to processes
involved
302
Specific to processes
involved
Specific to processes
involved
Specific to processes
involved
Specific to processes
involved
Accounts Payable
Specific to processes
involved
Accounts Payable
Accounts Payable
Accounts Payable
Accounts Payable
303
304
305
306
307
Specific to processes
involved
308
Board and senior
management
309
Board and senior
management
310
Board and senior
management
311
Accounts Payable
Accounts Payable
312
Board and senior
management
313
Accounts Payable
Accounts Payable
314
315
316
Board and senior
management
317
Monitoring control
Monitoring
control owner
yes
Budgets and their related strategies are checked Board of Directors
for financial justification and collated by
Management Accounts. The final company
budget is approved by the board
yes
Budgets and their related strategies are checked Board of Directors
for financial justification and collated by
Management Accounts. The final company
budget is approved by the board
yes
Budgets and their related strategies are checked Board of Directors
for financial justification and collated by
Management Accounts. The final company
budget is approved by the board
yes
The Head of Risk Management checks for a
proper risk analysis of the strategy.
Head of Risk
Management
yes
The Chief Financial Officer checks targets for the Chief Financial Officer/
AP manager. The Head of Accounting Services Head of Accounting
signs off targets for all AP staff
Services
yes
The Chief Financial Officer checks targets for the Chief Financial Officer/
AP manager. The Head of Accounting Services Head of Accounting
signs off targets for all AP staff
Services
yes
The Head of Accounting Services attends the
briefing meeting to answer any questions
Head of Accounting
Services
yes
Company finance and tax departments monitor Heads of Financial
expenditure for issues and keep others informed Accounts and Taxation
through regular bulletins.
Departments
yes
Heads of Financial
Accounts and Taxation
Departments
yes
None
yes
None
yes
Head of Accounting Services checks that all
departments affected by new legislation train
their staff in any new procedures
Head of Accounting
Services
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
yes
yes
yes
yes
External audit review Company policies as part of External audit
year end work.
yes
External audit review Company policies as part of External audit
year end work.
yes
The Chief Finance Officer reviews the accounts
and ensures larges variances are explained
yes
At each budgeting exercise the Chief Financial
Officer requires the direct reports to review the
structure of their functions
yes
None
yes
None
yes
None
yes
yes
Head of Accounting Services checks that staff
have been trained
Head of Accounting
Services
yes
Risk Management department contacts all
functions every quarter to update the ORCR
Head of Risk
Management
yes
Formal meeting between Internal Audit and Risk Chief Audit Executive
Management every month
yes
Head of Accounting Services signs off Objective Head of Accounting
and Risk Register
Services
yes
AP manager has set up a monthly 'critical
controls' checklist which requires supervisors to
confirm the operation of key controls
Accounts Payable
manager
yes
yes
Data was signed off by appropriate managers
before input
Accounts Payable
manager
yes
User testing, signed off by AP manager as being Accounts Payable
accepted
manager
yes
User testing, signed off by AP manager as being Accounts Payable
accepted
manager
yes
User testing, signed off by AP manager as being Accounts Payable
accepted
manager
yes
Heads of Merchandising, Capital and Expense
Purchasing and AP manager signed off supplier
lists before transfer
Heads of Merchandising,
Capital and Expense
Purchasing and AP
manager
yes
User testing, signed off by AP manager as being Accounts Payable
accepted
manager
yes
User testing, signed off by AP manager as being Accounts Payable
accepted
manager
yes
AP Manager approves all changes to standing
data, excluding supplier data, before input and
signs off output report, which is retained
Accounts Payable
manager
Accounts Payable
manager
yes
yes
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Accounts Payable
manager
Buyer
Buyer
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
Exception reports to highlight incorrect or missing Buyer
data which may not be a system requirement
(e.g. VAT (tax) number)
yes
yes
None
yes
Buyer
yes
None
yes
A computer report is produced showing repeated
attempts to access screens without the correct
username/password
yes
yes
A six-monthly computer report is produced
Buyer
showing suppliers and the turnover for each
buyer. This report has to be checked and signed
by each buyer
yes
Merchandising or
purchasing departments
Merchandising or
purchasing departments
YES
YES
Accounts Payable
manager
Accounts Payable
manager
None
n/a
NO (Deficiency 3)
YES
Significant coding errors should result in budget Management Accounts
variance which are investigated by management
accounts
YES
Exception report produced of invoices processed Merchandising or
with no order number
purchasing departments
YES
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Internal audits
Audit Committee,
supported by internal
audit
Test
schedule ref.
n/a
n/a
Examine targets set for individuals. Check that all the top
level targets have been assigned. Check that individuals
have signed as approving their targets
Question the staff during the audit. Ensure they are aware
of the strategy and their part in it
Examine the manual. It should include all items necessary
to ensure the correct accounting for accounts payable
(later tests will confirm this)
n/a
At the end of the audit, check that any new risks found
were notified
G1 Test 1
G4 Test 2
G1 Test 1
Test 15
Test 23
Test 24
Test 24
Test 24
Test 24
Test 24
Test 24
Check that the report from the bank list the total of
Test 24
payments to be made is immediately checked to list of online payments made
Check that the bank mandate does not allow instruction
for payment to be made over the telephone
Check that the recording of payments in the ledger is
separate from the payment processes
Observe that the signature plates for the check/cheque
signing machine are securely locked away when not in
use
Check that access to the locked storage of the signature
plates is limited to the machine operators
Ensure that checks (cheques) are tamper proof so that
amounts and payee names cannot be changed
Not tested
Result
Yes The strategy incorporates the company's Checked an up-to-date copy of the strategy to ensure it
strategy of a 5% reduction in costs; the need to has been signed by the Head of Management Accounts,
reinforce the company's Code of Ethics;
incorporated into the company's budget and approved by
training in risk management, installation of new the board
PCs.
Yes The strategy incorporates the company's Checked an up-to-date copy of the strategy to ensure it
strategy of a 5% reduction in costs; the need to has been signed by the Head of Management Accounts,
reinforce the company's Code of Ethics;
incorporated into the company's budget and approved by
training in risk management, installation of new the board
PCs.
Yes The strategy incorporates the company's Checked an up-to-date copy of the strategy to ensure it
strategy of a 5% reduction in costs; the need to has been signed by the Head of Management Accounts,
reinforce the company's Code of Ethics;
incorporated into the company's budget and approved by
training in risk management, installation of new the board
PCs.
Yes The strategy incorporates the company's Checked an up-to-date copy of the strategy to ensure it
strategy of a 5% reduction in costs; the need to has been signed by the Head of Management Accounts,
reinforce the company's Code of Ethics;
incorporated into the company's budget and approved by
training in risk management, installation of new the board
PCs.
no order numbers
EXCEPTION. There is a danger that an
incorrect supplier could be selected,
although this would only be for invoices for
lawyers. Any other invoices result in a
warning message that the invoice should
have an order number.
n/a
Monitoring
Test
schedule ref.
Monitoring Result
Do internal controls,
including monitoring
controls, reduce risks to
acceptable levels?
16
16
16
yes
yes
yes
4
16
yes
4
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
20
20
20
20
20
20
20
20
20
20
20
20
20
20
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
G4 Test 2
G4 Test 2
15
15
15
15
15
15
15
15
15
10
10
15
15
15
EXCEPT (Deficiency 5)
NO (Deficiency 6)
15
15
15
15
EXCEPTION
(Deficiency 3)
2
11
YES
2
11
15
GI Test 1
YES
NO (Deficiency 4)
0
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
Report Follow-up 1
reference Test
Follow-up 1
result
Follow-up 2 Follow-up 2
Test
result
schedule
ref.
Follow-up 3
Test schedule
ref.
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
schedule ref.
n/a
n/a
n/a
n/a
3
YES
YES
2
YES
YES
6
EXCEPTION
(Deficiency 3)
EXCEPTION
(Deficiency 4)
YES
1
YES
Follow-up 3
result
n/a
n/a
n/a
n/a
L1 Objectives
L1risk
L1 Risks
L2obj
L2 Objectives
L2risk
L2 Risks
L3obj
L3 Objectives
L3risk
L3 Risks
Consequence of risk
Risk source
IRC
IRL
IRS
Process
Internal control
Function
Internal control owner
Monitoring control
Monitoring control owner
Has management has established risk management systems?
Result
Test of monitoring controls
Monitoring Test schedule ref.
Monitoring Result
RRC
RRL
RRS
CS
Do internal controls, including monitoring controls, reduce risks
to acceptable levels?
Is action being taken to promptly remedy deficiency?
Audit
Line number. Needs resetting after each change. Used to sort spreadsheet.
Level 1 objective number
Level 1 objective
Level 1 risk number
Risk threatening top level objective
Level 2 objective number
Level 2 objective which aims to control the level 1 risk to which it is attached
Level 2 risk number
Risk threatening level 2 objective
Level 3 objective number
Level 3 objective which aims to control the level 2 risk to which it is attached
Level 3 risk number
Risk threatening level 3 objective
The effect when the risk occurs. Should ideally be quantified in cost terms.
Who identified the risk (management, risk workshop, auditor, meeting)
Inherent risk consequence score
Inherent risk likelihood score
Inherent risk scores multiplied. (Inherent Risk Significance score )
The process in which the internal control operates. See separate mind map of
processes.
The control managing the risk
The function affected by the risk (may be the division/operating unit/function)
The job title of the person responsible for operating the control
The control which checks that the internal control is operating - may not always be
such a control
The person responsible for operating the monitoring control
Was the risk identified by management? (Yes/yes with exception/No)
Example of a test which might be used to confirm the control is operating
Reference number of the document detailing the test, or a link to it
Conclusion test (acceptable/issues/unacceptable)
Example of a test which might be used to confirm the control is operating
Reference number of the document detailing the test, or a link to it
Conclusion test (acceptable/issues/unacceptable)
Residual risk consequence score.
Residual risk likelihood score
Residual risk scores multiplied
Control score (=IRS-RRS). Gives a measure of the importance of the control
(Yes/yes with exception/No)
(Yes/yes with exception/No)
Receive and
sort mail
Statements
Invoices
No order
See
separate
chart (not
drawn)
Invoices
Order number
Batched
RISKS
Mismatch does not appear
on report
No action taken on
mismatch
Generate buyer
query
Input batch
details
Price or
quantity
delivered
mismatch
Input invoice
Close batch
Receive and
sort mail
RISKS
Invoices lost
Invoices delayed
RISKS
Batch total incorrect
Invoices
Order number
Batched
RISKS
Incorrect supplier selected
Order number incorrect
Incorrect/incomplete data on invoice
Incorrect order coding
Invoice total incorrectly calculated
Invoice tax incorrectly calculated/Incorrect tax
input
Goods not received/Incorrect quantities input
Goods/services priced incorrectly/Incorrect costs
input
Incomplete input
Input batch
details
Input invoice
Close batch
Order matches
Requires
receipt
confirmation
e-mail receipt
confirmation
RISKS
e-mail not sent
e-mail not received
Reply not sent/received
Purchas
e
ordering
system
Purchase
ordering
database
s
Standing
data
Transactio
n data
Reports
Set up
data
AP system
AP
database
s
Standing
data
Transactio
n data
Reports
General
ledger
database
Checks/
checks
(cheque
s)
Bank
transfer
s
General
Ledger
system
Set up
data
Standing
data
General
Ledger
system
General
ledger
database
Transactio
n data
Reports
Accounting
calendar
Foreign currency
rates
Supplier data
Invoices
Credit notes
Payments
Source reference
Observing input of
invoices with no order
5-Feb-X1
Visit to purchasing
departments
Resolution
See test 2
Test 1
Potential issues are noted on this schedule when they arise, for
example during site visits and before they are identified on the ORCR.
They would ideally be noted on a mobile phone (for example using
'Evernotes') or even a piece of paper!
H1
Control
Number
n/a
Date
Source
reference
2-Feb-X1
Risk Maturity
testing (E)
Control
opinion
NO
H2
n/a
2-Feb-X1
Risk Maturity
testing (E)
EXCEPTIO
N
H3
90
4-Feb-X1
ORCR
EXCEPTIO
N
H4
93
4-Feb-X1
ORCR Test 1
H5
81
5-Feb-X1
ORCR Test 2
NO
EXCEPTIO
N
H6
82
5-Feb-X1
ORCR Test 2
NO
Implication
No monitoring of invoices
processed with no order.
Monitoring report not checked.
Action
Action by
YES
Head of Accounting Services will sign off the Head of Accounting
Objectives, Risks and Controls Register
Services
18-Feb-X1
YES
None but likelihood is very low
n/a
18-Feb-X1
EXCEPTION
See test 1
Chief Operations
Officer
6-Feb-X1
Office Managers
6-Feb-X1
6-Feb-X1
EXCEPTION
YES
YES
Report
reference
Report point 4
Report point 5
Report point 6
Report point 1
Report point 3
Report point 2
Document
Hyperlink
Word
Draft report
Letter with draft report
Comment on draft report Logistics
Director
In manual
In manual
(not included)
(not included)
(not included)
Document
Hyperlink
Word
Final report
Letter with final report
Letter from Finance Director
(not included)
In manual
(not included)
Document
Review notes after risks scored
Review notes - prior to closedown meeting
Review notes draft report
Review notes final report
Review notes file before filing
Proof reading
Feedback - J Mulonja
Feedback - F Higson
Individual targets J Smith
Individual targets I Khan
Individual appraisal J Smith
Individual appraisal I Khan
Hyperlink
Word
(not included)
In manual
(not included)
(not included)
(not included)
In manual
In manual
(not included)
In manual
(not included)
In manual
(not included)
Document
Hyperlink
Word
(not included)
(not included)
In manual
(not included)
Amber
No
%
Green
No
Definition
Thorough processes have been
used with the result that necessary
controls to risks have been
established. The objective will be
achieved if the controls are
operating.
Is action being taken which will The action being taken will result
bring the risks to below the risk in all risks being mitigated to below
appetite and ensure the
the risk appetite.
achievement of the objective?
Opinion:
YES
Report as:
No deficiency
dance on conclusions
Almost certain
Catastrophic (5)
Probable
Major (4)
Possible
Moderate (3)
Unlikely
Minor (2)
Rare
Insignificant (1)
Inadequate, or no,
processes have been used
and, it is probable that the
objective will not be, OR is
not being achieved
OR the likelihood of
YES WITH
EXCEPTIONS
NO
Deficiency
Major deficiency
10
15
Unacceptable
Issue
NO
EXCEPTION
Unacceptable
NO
8
4
12
Supplementary
Acceptable
Issue
Issue
YES
EXCEPTION
EXCEPTION
Unacceptable
NO
Unacceptable
NO
6
3
9
12
Supplementary
Acceptable
Issue
Issue
Issue
YES
EXCEPTION
EXCEPTION EXCEPTION
Unacceptable
NO
Supplementary
Issue
EXCEPTION
20
16
25
Unacceptable
NO
20
15
2
Acceptable
YES
6
8
4
10
Supplementary Supplementary
Acceptable
Issue
EXCEPTION
EXCEPTION
EXCEPTION
YES
Issue
Issue
1
Acceptable
YES
2
Acceptable
YES
3
Acceptable
YES
Minor (2)
Moderate (3)
Insignificant (1)
5
4
Supplementary
EXCEPTION
Acceptable
YES
Issue
Major (4)
Catastrophic (5)
Residual risk
score
Report control
opinion (see
chapter 2)
Greater than15 No
Report as
Action
Major deficiency
Immediate action
required to bring
risk below the risk
appetite
Less than 15
greater than 4
Action required to
bring risk below the
risk appetite
Less than 4
Yes
No action required
No deficiency
Version
V1.0
Notes
First issue