Beruflich Dokumente
Kultur Dokumente
Accounts Payable
Step 5: Data processing department scans for items due and prints checks for items received Step 6: Cash disbursements department reconciles checks, submits checks to management for signature Step 7: Accounts payable matches copies of checks with open vouchers, closes them and files documents Concludes expenditure cycle
3. 4. 5. 6. 7.
Each day, due date filed of A.P. are scanned for items where payment is due
Control implications
General in nature Similar to those of Chapter 9
Improved inventory control Better cash management Less time lag Better purchasing time management Reduction of paper documents
Segregation of duties
Accounting records and access controls
PAYROLL PROCEDURES
Input controls
Data validation controls Testing validation controls Batch controls Testing batch controls Purchases authorization controls Testing purchases authorization controls Employee authorization Testing employee authorization procedures
Sequence check control Liability validation control Valid vendor file Testing file update controls
Access controls
Warehouse security Moving assets promptly when received Paying employees by check vs. cash Risks
Employees with access to A.P. subsidiary file Employees with access to attendance records Employees with access to both cash and A.P. records Employees with access to both inventory and inventory records
Process controls
Output controls
A.P. change report Transaction logs Transaction listing Logs of automatic transactions Unique transaction identifiers Error listing Testing output controls
ISO 17799 is international standard for IS best practices Security framework must contain an effective incident response approach In 2002, 22% companies with sales over $500 million had implemented ISO 17799 Must collect information for three purposes
Internal problem analysis Use as evidence Negotiation for compensation from software/service vendors
Response procedures should cover Analysis and identification of cause of incident Planning and implementation of remedies Collection of audit trails and similar evidence Communication with those affected or involved with recovery Reporting the action to the appropriate authority
Best Practices
Imaging hard drive of employees who resign or are terminated (proactive) Avoid patch and proceed response Implement network forensics analysis with tools like EnCase Focus on insider threats Companies face increasing cyberliability claims stemming from security breaches
Chapter 10:
Auditing the Expenditure Cycle