Professional Documents
Culture Documents
Chairman of the
Audit Committee General Counsel
Board
CEO Independent Outside Chief Administrative
Auditor Officer
Chief Compliance
CFO Controller
Officer
Page 2
1. Enhance cash disbursement review and approval procedures.
Our testing of the cash disbursements system confirmed that the system appropriately
rejects all duplicate invoice entries based on invoice number. However, the system edit is
not comparing other invoice information for potential duplicates. Our testing indicated the
system accepts invoices when a digit or symbol is added to the end of the invoice number,
creating the opportunity for a duplicate payment. The receipt of goods or services should be
recorded and processed only once.
As a result, we expanded our testing to include all invoices processed for payment from
Jan. 1, 20XX through Dec. 31, 20XX for possible duplicate payments. Using generalized
audit software, we selected all cash disbursement payments of equal amounts for a given
vendor, regardless of the invoice number or payment date. Our query revealed several
instances (14 invoices totaling $357,782) in which the A/P clerks possibly entered certain
invoices a second time when a duplicate invoice was submitted by the vendor. Follow up
with the clerks indicated they are not recognizing that these invoices may have been
received before and were adding a digit to the end to facilitate processing. In other
instances, the vendor issued a duplicate invoice with a different invoice number (typically
one higher than the last one) and the A/P clerks did not detect that these were potentially
duplicate invoices. As a result, liabilities, and the corresponding assets or expenses, were
overstated by $357,782 and the same amount of funds were disbursed inappropriately. A
budget-to-actual analysis is performed monthly by all department heads and cost center
owners, but is not designed to detect insignificant errors such as these.
We recommend that a query routine be developed that matches the vendor name, invoice
amount, invoice date, and any other key invoice characteristics considered appropriate by
A/P and compares these characteristics to previously processed invoices before processing
each cash disbursements batch. The results of this query should be reviewed by the A/P
supervisor for potentially duplicative invoices. Any suspect transactions should be removed
from the batch and investigated before processed for payment.
Management Response:
A query routine will be written that compares “key” invoice characteristics (invoice dollar
amount, vendor description, invoice number, and invoice date) to previously processed
invoices flagging the invoice as a potential duplicate if any characteristics are a match. This
routine will be run before a batch is processed and reviewed by the A/P supervisor. If there
are any potentially duplicate invoices identified, these transactions will be removed from the
batch and researched before processed for payment.
Accountability: Chief Accounting Officer
Responsibility: Accounts Payable Supervisor
Implementation Date: June 30, 20XX
Attachment A
Books 2 Buy audit reports include an overall rating of controls based on the objectives,
scope, and conclusions of detailed work performed. The control ratings are defined as
follows:
SATISFACTORY
Overall, controls are designed adequately and operating effectively to mitigate the
underlying risk to an acceptable level. This rating indicates that there are relatively few
minor deficiencies and that an appropriate level of management attention exists.
NEEDS IMPROVEMENT
Overall, controls need improvement to consistently mitigate the underlying risk to an
acceptable level. This rating indicates that the number and nature of deficiencies require
prompt management attention to reduce exposure to a more acceptable level.
UNSATISFACTORY
Overall, controls are not designed adequately and/or operating effectively to mitigate the
underlying risk to an acceptable level. This rating indicates that the number and nature of
deficiencies are of critical importance and require substantial management attention.
Immediate corrective action is essential to prevent further deterioration.
Quality of Communications
Standard 2420: Quality of Communications states “communications must
be accurate, objective, clear, concise, constructive, complete, and
timely.” The interpretation to Standard 2420 defines these terms.
Rating Definitions
It is important to ensure readers of an audit communication understand what the
ratings used by the internal audit function mean.
Quality Communications
must be:
— Accurate
— Objective
— Clear
— Concise
— Constructive
— Complete
— Timely
EXHIBIT 14-12
FINAL, INFORMAL COMMUNICATION EXAMPLE (MANAGEMENT
DISCUSSION MEMORANDUM)