Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
1K views

Control Risk Matrix

This document discusses controls for a credit sales transaction process using batch processing and sequential files. It identifies 11 existing internal controls (C1-C11) and assesses them using a control risk matrix to evaluate risks related to control objectives of completeness, occurrence, accuracy, and cut-off. Several controls were found to be deficient due to a lack of segregation of duties allowing a single user to perform multiple critical functions.

Uploaded by

muhammad andri lowe
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views

Control Risk Matrix

This document discusses controls for a credit sales transaction process using batch processing and sequential files. It identifies 11 existing internal controls (C1-C11) and assesses them using a control risk matrix to evaluate risks related to control objectives of completeness, occurrence, accuracy, and cut-off. Several controls were found to be deficient due to a lack of segregation of duties allowing a single user to perform multiple critical functions.

Uploaded by

muhammad andri lowe
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Below presented flowchart of credit sales transaction using batch processing with sequential files.

You are require to identify existing internal control and deficiencies using
control risk matrix (CRM) approach.
Control Risk Matrix (CRM)
Control Objectives

Completeness

Classification
Type of

Occurence
C = Control Identified

Accuracy

Cut - Off
App Risk
Control

Control
C1 Controls are such that access is granted only to IC Due to the lack of appropriate segregation of duties, a user is able to
those individuals with a business purpose for create, approve (i.e., release), assign, and convert a purchase
√ √
creating purchase requisitions requisition, resulting in the inappropriate rewarding of business to
suppliers overpayments, and excessive inventory levels.
C1 Controls are such that access is granted only to IC Unauthorized or excessive purchase requisition quantities could lead to
those individuals with a business purpose for unfavorable prices, excessive inventory, and unnecessary product √ √
creating purchase requisitions returns.
C2 Purchase requisitions are reviewed on a monthly IC Due to the lack of appropriate segregation of duties, a user is able to
basis to detect any unauthorized purchase create, approve (i.e., release), assign, and convert a purchase
√ √
requisitions requisition, resulting in the inappropriate rewarding of business to
suppliers overpayments, and excessive inventory levels.
C3 Purchase requisitions are reviewed on a monthly IC Unauthorized or excessive purchase requisition quantities could lead to
basis to detect any unauthorized order quantities unfavorable prices, excessive inventory, and unnecessary product √ √
returns.
C4 Controls are such that access is granted only to IC Due to the lack of appropriate segregation of duties, a user is able to
those individuals with a business purpose for create, approve (i.e., release), assign, and convert a purchase
√ √
creating purchase orders requisition, resulting in the inappropriate rewarding of business to
suppliers overpayments, and excessive inventory levels.
C5 Purchase orders are reviewed on a monthly basis IC Due to the lack of appropriate segregation of duties, a user is able to
to detect any unauthorized purchase orders. create, approve (i.e., release), assign, and convert a purchase
√ √
requisition, resulting in the inappropriate rewarding of business to
suppliers overpayments, and excessive inventory levels.
C6 Purchase orders are reviewed on a monthly basis IC Unauthorized or excessive purchase requisition quantities could lead to
√ √
to detect any excessive orders quantities unfavorable prices, excessive inventory, and unnecessary product
Control Objectives

Completeness

Classification
Type of

Occurence
C = Control Identified

Accuracy

Cut - Off
App Risk
Control

returns.
C7 The goods received/not invoiced account is OC Associating a goods receipt with an incorrect purchase order or incorrect
reconciled on a monthly basis line item could result in the inaccurate valuing of inventory and the goods
√ √ √
received/not invoiced account, thereby causing delays in invoice and
payment processing
C8 Unmatched purchase order reports are reviewed on PC Goods receipts are not recorded appropriately
√ √ √
a monthly basis
C9 Application security is such that access to the non- IC An invoice that should be paid by matching it to a purchase orders is
purchase order invoice entry transaction is limited paid without a reference to a purchase order, which could result in an
√ √ √
as much as possible unacceptable payment for material or services, (i.e., unacceptable and
unfavorable price variations)
C10 Checks are matched to supporting documents PC Incorrect invoice amounts are entered, resulting in incorrect payments to
(invoice, check requests, or expense vendors. √ √ √
reimbursement) based on a dollar threshold.
C11 The AP sub-ledger total is compared to the GL PC AP invoice sub-ledger postings are not posted to the GL
balance at the month via an aging report. Any √ √ √
differences noted are corrected.
C12 The AP application automatically writes checks or PC Disbursements recorded differ from amounts paid
electronic payments based on the value of
√ √
approved invoices according to vendor payments
and systems terms.
C13 Access is restricted to authorized personnel to IC Disbursement made are not recorded
√ √
create checks
C14 The AP application performs a three-way match PC Fictitious disbursements are recorded
between the purchase order line item, the receiver, √ √
and the invoice when AP invoices are processed

Notes:
Type of application control consist of: input control (IC), process control (PC), output control (OC)
Control Objectives

Completeness

Classification
Type of

Occurence
C = Control Identified

Accuracy

Cut - Off
App Risk
Control

Control
C1 Akses untuk membuat permintaan pembelian IC Kurangnya pemisahan tugas yang tepat dapat membuat terjadinya
hanya diberikan kepada pihak yang berhak pembayaran berlebih kepada supplier (overpaid), dan pemesanan yang √ √
membuat Purchase Requisitions (PR). berlebihan.
C1 Akses untuk membuat permintaan pembelian IC Terdapat jumlah permintaan pembelian yang tidak sah atau berlebihan,
hanya diberikan kepada pihak yang berhak pemesanan dengan harga yang tidak menguntungkan (overprices), persediaan √ √
membuat Purchase Requisitions (PR). yang berlebihan, dan pengembalian produk yang tidak perlu (retur).
C2 PR ditinjau setiap bulan untuk mendeteksi setiap IC Kurangnya pemisahan tugas yang tepat dapat membuat terjadinya
permintaan pembelian yang tidak sah pembayaran berlebih kepada supplier (overpaid), dan pemesanan yang √ √
berlebihan.
C3 PR ditinjau setiap bulan untuk mendeteksi IC Terdapat permintaan pembelian yang tidak sah atau berlebihan, pemesanan
kemungkinan adanya jumlah pesanan yang dengan harga yang tidak menguntungkan (overprices), persediaan yang √ √
dilakukan tanpa izin. berlebihan, dan pengembalian produk yang tidak perlu (retur).
C4 Akses hanya diberikan kepada pihak yang berhak IC Kurangnya pemisahan tugas yang tepat dapat membuat terjadinya
membuat Purchase Orders (PO). pembayaran berlebih kepada supplier (overpaid), dan pemesanan yang √ √
berlebihan.
C5 PO ditinjau setiap bulan untuk mendeteksi setiap IC Kurangnya pemisahan tugas yang tepat dapat membuat terjadinya
PO yang tidak sah. pembayaran berlebih kepada supplier (overpaid), dan pemesanan yang √ √
berlebihan.
C6 PO ditinjau setiap bulan untuk mendeteksi IC Jumlah permintaan pembelian yang tidak sah atau berlebihan, pemesanan
kemungkinan adanya jumlah pesanan yang dengan harga yang tidak menguntungkan (overprices), persediaan yang √ √
berlebihan berlebihan, dan pengembalian produk yang tidak perlu (retur).
C7 Akun barang yang diterima / tidak ditagih OC Terkait dengan barang yang diterima akibat pesanan pembelian yang salah
direkonsiliasi setiap bulan atau barang yang salah dapat mengakibatkan penilaian persediaan tidak
√ √ √
akurat, sehingga menyebabkan keterlambatan faktur dan pemrosesan
pembayaran
C8 Laporan PO yang tidak sesuai ditinjau setiap bulan PC Penerimaan barang tidak dicatat secara tepat √ √ √
C9 Akses untuk entri invoice pada aplikasi dibatasi IC Invoice yang seharusnya dibayar setelah dicocokkan dengan PO, namun
hanya kepada pihak yang berwenang dibayar tanpa mencocokannya terlebih dahulu ke PO, sehingga √ √ √
mengakibatkan pembayaran yang keliru (overprice dsb)
Control Objectives

Completeness

Classification
Type of

Occurence
C = Control Identified

Accuracy

Cut - Off
App Risk
Control

C10 Cek dicocokkan/direkonsiliasi dengan dokumen PC Jumlah invoice yang dimasukkan salah, sehingga mengakibatkan pembayaran
pendukung (faktur, permintaan cek, atau yang salah kepada vendor. √ √ √
penggantian biaya) berdasarkan ambang dolar.
C11 Total pada sub-ledger AP dibandingkan dengan PC Terdapat invoice pada sub-ledger AP tidak diposting ke GL
total saldo pada GL setiap bulan melalui laporan
√ √ √
Aging. Jika terdapat perbedaan maka segera
diperbaiki.
C12 Aplikasi AP secara otomatis menulis cek atau PC Jumlah pencaiaran/pembayaran yang tercatat berbeda dari jumlah yang
pembayaran elektronik berdasarkan nilai faktur sebenarnya dibayarkan
√ √
yang disetujui sesuai dengan pembayaran vendor
dan persyaratan sistem.
C13 Akses dibatasi hanya untuk personel yang IC Terdapat pencairan/pembayaran tidak dicatat
√ √
berwenang untuk membuat cek
C14 Aplikasi AP melakukan pencocokan/rekonsiliasi PC Terdapat pencairan/pembayaran fiktif
dengan tiga unit lainnya lainnya, yaitu pesanan
√ √
pembelian, penerima barang, dan invoice saat
invoice AP diproses

Notes:
Type of application control consist of: input control (IC), process control (PC), output control (OC)

You might also like