Professional Documents
Culture Documents
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Chapter 2 – Advance in Macro
We all want shortcuts and to avoid the chore of doing monotonous work like data entry or some formatting
which we want done every time. Excel offers us excellent options to automate in the form of Macros which are
basically small programs which automatically perform repetitious steps
1. Programming of Macros is done in programming Language VBA (Visual Basic for Applications)
2. Macros can be written in two ways
• Writing a Macro using VBA Code
• Recording a macro using Excel Macro recorder
3. If we have to store Macros it is not possible in .xlsx files , Fortunately excel has a file extension .xlsm which are
macro enabled workbooks
4. Macros can be stored in either of two locations, as follows:
• The workbook we are using, or
• Our Personal Macro Workbook (which by default is hidden from view)
5. If our macro applies to all workbooks, then store it in the Personal Macro Workbook so it will always be available
in all of our Excel workbooks; otherwise we store it in our current workbook
6. Absolute reference mode: In absolute reference mode, Excel stores the absolute references for the cells that we’re
modifying.
7. Relative reference mode: In relative reference mode, Excel tracks how far we move from our starting position.
4. Show Formula Mode = Ctrl + ~ to to toggle between Formula view and Normal view.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
5. Various Ratios
Liquidity Ratios : These ratios shows the ability of a company to pay its current financial obligations.
Company should not be selling its assets at a loss to meet its financial obligations. In a worst scenario company will
be forced into liquidation.
Current Ratio (CR) : It is a measure of company’s ability to meet its short term requirements.
It indicates whether current liabilities are adequately covered by current assets.
It measures safety margin available for short term creditors.
CR = Current Assets / Current Liabilities
If Net Working Capital is to be positive, CR > 1
Higher ratio ensures firm does not face problems in meeting increased working capital
requirements.
Acid Test / Quick Ratio (QR): Used to examine whether firm has adequate cash or cash equivalents to meet
current obligations without resorting to liquidating non cash assets such as inventories
Measures position of liquidity at a point of time
QR = Quick Assets / Current Liabilities
Quick assets = Current assets – (inventories + prepaid expenses)
As a thumb rule ideal QR = 1; should not be less than 1
Leverage / Solvency Ratios : These ratios show dependency of a firm on outside long term finance. They
show long term financial solvency & measures firm’s ability to pay interest & principle regularly when due
Debt – Equity Ratio : It measures relative proportion of debt & equity in financing assets of a firm.
DER = Long term debt / Shareholders funds.
Creditors would like this ratio to be low.
Lower ratio implies larger credit cushion.
Debt (loans) = Secure loans + Unsecure loans
Shareholders’ funds = (equity + preference capital + reserves & surplus – fictitious assets &
accumulated losses not written off)
Debt – Total Fund Ratio
DTF ratio= Long term debt / Total fund
Total funds (debt + shareholders’ funds)
Debt (long term)
Higher the debt - total funds ratio, greater the financial risk
Debt – Assets Ratio
Debt - Assets ratio = Debt / Net assets
Net assets (less fictitious assets & losses)
Interest Coverage Ratio : This ratio shows ability of company to pay back long term loans along with interest
or other charges from generation of profit from its operations
Interest coverage ratio = EBIT / Debt interest
EBIT should be 6 – 7 times of debt interest
Liability Coverage Ratio (LCR): Calculated to determine time a company would take to pay off all its
liabilities from internally generated funds.
Assumes that liabilities will not be liquidated from additional borrowings or from sale of assets.
LCR = internally generated funds / Total liabilities.
Internally gen funds = Equity + Preference + Reserves & Surplus
Inventory turnover ratio : Measures No of times inventory turned over in a year OR No of days of inventory held
by company to sales
Times Inventory turned over =
Net sales OR COGS .
Average inventory Average stock
Inventory measured in days of sale = 365 x Average inventory
Net Sales
Average collection period (ACP) : It represents duration a company must wait after making sales, before it
actually receives cash from its customers
Average collection period = Average receivables OR Average receivables × 365
Average sales per day Sales
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Depreciation Accounting : Depreciation stands for reduction in value of fixed assets. Value of fixed assets
is generally reduced over the period of time due to any of the following reasons.
(a) Wear & Tear
(b) Change in taste of people
(c) Change in technology
Function :
SLN - For calculation of depreciation as per Straight Line Method. - Depreciable Base x Remaining Useful Life
Sum of Years’ Digits
SYD - For calculation of depreciation as per Sum of Years’ Digit Method - (Cost – Previous Depreciation) x rate
DB - For calculation of depreciation as per Declining Balance Method.
DDB - For calculation of depreciation as per Double Declining Balance Method
VDB - For calculation of depreciation as per Variable Declining Balance Method
Marginal Costing Equations :
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Following equations are used in Marginal Costing.
(a) Profit = Sales – Total Cost
(b) Total Cost = Fixed Cost + Variable Cost
(c) Contribution = Sales – Variable Cost
The whole idea of marginal costing revolves around a simple equation as under.
Fixed Cost + Profit = Sales – Variable Cost
Fixed Cost = Sales – Variable Cost – Profit
Fixed Cost = (Sales x PV Ratio) – Profit
Variable Cost = Sales – Fixed Cost – Profit
Variable Cost = Sales x Variable Cost Ratio
(Variable Cost Ratio = 1 – PV Ratio)
Contribution per unit = Selling Price per Unit - Variable Cost per Unit
Or
Contribution per unit = Total Sales Value – Total Variable Cost
No. of units sold
PV Ratio = (Contribution / Sales) x 100
PV Ratio = [(Sales – Variable Cost) / Sales] x 100
PV Ratio = 1 – Variable Cost Ratio
PV Ratio = (Change in Profit / Change in Sales) x 100
BEP: Break Even Point is the point of no profit or no loss
BEP (Value) = Fixed Cost
PV Ratio
BEP (Units) = Fixed Cost
Contribution per Unit
Margin of Safety: It is the value of sales above the BEP point.
Margin of Safety = Total Sales – BEP Sales
Using Excel for calculating Discounting Factor : Discounting Factor = 1 / (1+r) ^ n
Where r = rate of interest and n = the year number for which discounting factor is to be calculated.
EMI Calculations Using Excel :
Equated Monthly Installment can be very easily calculated using PMT function
Rate – It is the rate of interest, to be divided by 12 for getting monthly rate of interest.
Nper – It is total number of periods,
PV – It is present value of cash flows,
To calculate the principal portion in every instalment of EMI – PPMT Function
To calculation of interest component in each EMI – IPMT Fucntion
Finance Planning: anning is considered to be the primary requirement for moving towards any goal. Financial
planning is the process of meeting the financial goals through the proper management of finances. Proper management
of finances includes deciding the source and application of funds along with it timing.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
There are two basic rules in any type of financial planning.
(a) Earlier the better – Money received today is always better than money received tomorrow.
(b) Bigger the better – More money received is always better than less money received
Five Ds of Finance Planning:
Deciding the Objective
Data Collection
Data Analysis
Drawing Inference
Decision Making
Various excel functions and features can be used in the process of financial planning
1- PMT - Payment – Used for calculating monthly installment/investment amount.
2- PPMT - Principal Payment – Used for calculating principal amount in EMI
3- IPMT - Interest Payment – Used for calculating interest amount in EMI
4- FV - Future Value – Used for calculating future value of present investment
5- RATE - Rate – Used for calculating rate of interest
6- NPER - Number of Periods – Used for calculating number of periods (months/years) required for a particular
maturity amount at a given rate of interest.
7- IRR – Internal Rate of Return – Used for
8- PV – Present Value – Used for calculating present value of future cash flows.
Microsoft Excel is one of the most widely used software in the world. Primarily, it is used for all sorts of data
processing and calculations. Excel is indispensable and has become life blood of modern commerce.
Language is used by excel for automation purpose Visual Basic for Applications
Originally released in 1985, Microsoft Excel is today the most popular spreadsheet program in the world. No
business can imagine working without excel. It has become most essential in many departments like:
Accounting and Finance
Marketing
Purchase
Production
Human Resources
Administration
Another popular format for exporting data is PDF (Portable Document Format). It is not easy to
convert it into excel. We need to make use of converters. There are many converters available in the
market. There are also websites which offer PDF to excel conversion.
As auditor, we need to obtain data for auditing purpose. This data may come in various formats like XML, CSV,
PDF etc. We can bring that to excel and work upon it.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
case-sensitive i.e ( Text = Text – will return True value ; Text = TEXT = Will Retun False Value to over
come this we can use A1=B1 instead of Exact)
Lookup & Reference Functions
1. Vlookup Function - most frequently used function from Lookup & Reference category. Vlookup searches
for a value in first column of a data/table array and if it’s found, it returns a corresponding value from the same
row but another column. four arguments for Vlookup function, (lookup value, table array, col index number
and range lookup.) In excel, true is denoted by 1 and false is denoted by 0
2. HLOOKUP Function - Hlookup as a horizontal Vlookup. In fact, the ‘H’ in Hlookup stands for horizontal.
3. Index Function - Index function returns the value or reference at the intersection of a specified row and
column. It has two sets of arguments First set has three arguments, viz. array, row number and column
number. Second set has four arguments, viz. reference, row number, column number and area number.
4. Match - This function is somewhat similar to Vlookup. Like Vlookup, match searches for a lookup value
inside an array. However, instead of returning a corresponding value, it returns the position or ranking
of the lookup value in side the array Match has three arguments viz. lookup value, lookup array and match
type. Lookup value and lookup array are mandatory while match type is optional.
5. Index and Match Combo Function - Vlookup function doesn’t support right to left lookup. these
situations, we may combine index function and match function to create a synthetic Vlookup
6. Indirect Function - This function returns the reference specified by a text. Sometimes, we may build
certain references using concatenate or some other functions. These references are stored as text
strings by excel. If we wish to use these references as ‘references’ in our formulas, we must use Indirect
function.
Logical Functions
1. IF Function - If function is the leading logical function. This is fundamental to most of the audit processes
as somewhere or the other, we are bound to come across condition based working. If function has three
arguments viz. logical test, value if true and value if false. If the logical test is satisfied then the value if
true is executed else the value if false is executed.
2. And & Or Function - These two functions are highly similar. Hence, we can consider them together.
Sometimes, there are multiple conditions, based on which calculations are to be made. Such calculations are
required to be made when all conditions are satisfied or any one condition is satisfied. In such cases we can
make use of these functions. Use And function when all the conditions are to be satisfied. On the other
hand, use Or function when any one condition is to be satisfied.
3. NOT Function - Not function is a negation function. It negates the logical evaluation and produces the
opposite result. In simple words, Not function will convert true into false and false into true.
4. IFERROR Function - This function may be viewed as a special case of If function. It has two arguments,
value and value if error. If the 1st value generates an error of any kind (eg. #N/A, #REF!, #VALUE!, #DIV/0!
etc.), then the value if error will be executed. If it doesn’t generate any error, then the 1 st value itself will be
executed
Statistical Functions:
1. COUNTA Function - If we wish to count text ,values, errors, cells with spaces etc; we must use CountA
function
2. COUNTBLANK Function - It counts all the blank cells in a range of cells
3. LARGE & SMALL Function - This function returns the kth largest number from a list of numbers.
Sometimes we are required to fetch 3rd largest or 5th largest value. For that, this function is very useful.
We have a dedicated toolset available for the purpose of Formula Audit. It is available in Formulas Tab.
Trace Precedents - A formula generally involves other cell references. Sometimes, we may like to mark them
clearly on the worksheet. For this, we can use Trace Precedents feature available in the Formula Auditing Group,
the precedent cells are marked using arrows. (Are inputs for the active cell)
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Trace Dependents - the cells which may get affected when we modify the value of a cell. This is especially
essential when we think of deleting a cell. If a cell is deleted without bothering about tracing its dependents, the
dependents cells will lose their input cell and hence will carry #REF! Error .(Use active cell as input)
We cannot effectively trace the precedents / dependents from other worksheets or workbooks
Go To Special for Formula Auditing:
• Sometimes, Trace Precedents and Dependents generate lot of arrows. This becomes extremely
confusing and we may wonder whether there is an alternate way of marking the precedents and
dependents. Fortunately, we do have an alternate way of doing this. It is achieved using Go To Special
feature from Home Tab
• Keep the cell pointer on the target cell and then open the Go To Special Window. Select the option of
Precedents. We also get to choose whether we want to highlight Direct only or All levels
• On clicking OK, all the Precedents are highlighted
• This is only a temporary selection and it will disappear once the active cell is moved. If you wish to retain
the highlighting permanently, you may assign a fill colour at this stage.
Error Checking:
Microsoft has developed a dedicated tool for tracking down the errors. This tool is called as ‘Error Checking’
On clicking Error Checking, MS Excel runs through the formulas in the worksheet and identifies the common
errors that may creep in while constructing formula based templates.
Error Checking only identifies certain common errors. Needless to say, it will not identify errors in the
logic behind formula construction
Evaluate Formula
We may like to observe the step-by-step execution of the formula and deduce the logic behind the formula.
Keeping this requirement in mind, Microsoft has developed the feature of Evaluate Formula
we want a quick evaluation of only one of the parts of the formula, we can make use of F9 key. If To evaluate the
complete formula, don’t highlight any portion. Simply go inside the cell (by pressing F2) and then press F9.
Formula Auditing Tips : There are some commonly found errors which may inadvertently creep in. You should
carefully watch out for them. These errors may not be detected by the Error Checking feature.
1. Numeric Headings Included in AutoSum Totals
2. Ignoring Order of Operations - In general, one must remember the following order of calculation
which is followed by excel (or almost every other software, for that matter):
Brackets Exponents Division Multiplication Addition Subtraction
It is easy to remember this sequence using the acronym BEDMAS.
Beware of Reset Error Indicators - some common errors may occur while developing some formulas in
excel Such errors are indicated by green coloured triangle at the top left hand corner of the cell.
It is difficult to trace the errors by using the green triangle indicator. A better idea is to use the Error Checking
feature. This is, of course, assuming that errors are reset in the first place.
Someone may remove error indicators put by excel, in the form of green triangle. Those can be restored by
visiting File Options Formulas Reset Ignored Errors.
TO Look formula in a Excel we can use Show Formulas in formula tab or Press Ctrl + ~
The core function of MS Excel as a software is data analysis. Excel helps us in deriving information out of raw
data.
1. Duplicates : we come across list of values which we feel may contain duplicate values. We would like to
mark such duplicate values and may also like to remove them.
Mark Duplicates : make use of conditional formatting from Home Tab highlight cell rules select
Duplicate values select the manner of formatting cells
Remove Duplicates : Go to Data tab Data Tools group click on Remove Duplicates
2. Sort: The data that we receive for audit purpose may not be arranged in the order that we desire. In such
cases, we would like to arrange the records in the data in the order that may be suitable to us.
Sort is located in the Data tab Sort & Filter group
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
If we need of a multi-level sort. Thus, click on ‘Add Level’ Button to add further levels (We can do Multiple
Level Sorting in Excel)
3. Filters: we would like to short-list records out of a big dataset, on the basis of some or the other criteria.
This lets us focus on one portion of the dataset at a time. For this purpose, the most suitable tool will be
filters . Filters are available in Data Tab Sort & Filter On applying filters, row numbers turn to Blue
Type of Filters can be done – Text Filters , Colour Filter , Numeric Filter, Date Filter..
4. Pivot Tables: most powerful features of excel for data analysis. As you advance in excel proficiency,
sooner or later you are bound to use Pivot Tables for efficient data analysis. Even though it’s highly effective,
quite ironically, it is also one of the most user friendly features of excel.
• Preparing Your Data for Analyzing - we need to have a dataset in rectangular format (also known
as flat format) i.e. the data should be composed of fields placed in columns and records placed in rows.
every column should have a heading. If there are no headings, excel cannot create a Pivot Table.
Pivot Table is available in the Insert Tab Tables
We can either place it in a new worksheet or an existing worksheet.
• Adding Fields to Pivot Table –
1. Report Filter – Drop fields in report filters if you wish to filter the Pivot Table
2. Column Labels – Drop fields over here so that the values of the fields become column labels
3. Row Labels - Drop fields over here so that the values of the fields become Row labels
4. Values - Drop fields over here so that computations like sum, count, min, max etc. can be done on
the values of such fields.
• Changing Field Statistics - not necessary that we need to always have sum of a field. We can also
obtain other statistics like count, min, max etc. For this, click on the field in the Values section and
select the last option Value Field Settings
• Eliminating Blank Cells from the Data Section - Go to Options Tab Pivot Table Group Options
Options Layout & Format Tab Format section check box saying For empty cells Show There enter
0.
• Report Filters - when we wish to filter one or more values present in the Pivot Table. But sometimes
we come across a situation where we are required to apply filter on the entire table based on a field which
is actually not a part of the Pivot Table. In such a case, we can make use of Report Filters.
• Pivot Tables and Recalculation - One unfortunate thing about Pivot Tables is that it doesn’t
automatically update itself when the underlying under goes a change. This is because excel copies the
underlying data in its memory, in order to save time in updating the Pivot Table. Therefore, for any change
in the data, we must remember to ‘Refresh’ Pivot Table
• Limitations of Pivot Tables-
o We cannot insert rows or columns in between a Pivot Table report.
o Pivot Tables don’t auto-update themselves. We need to refresh them.
o The data needs to be in rectangular i.e. flat format
o If the number of records are very large, Pivot Tables may respond slowly.
5. Gap Detection - We know that key documents like invoice numbers should be serially numbered.
However, sometimes there may be some invoices which could be ‘missing
we could’ve simply extracted difference between two consecutive invoice numbers. If Results is 1
then no invoice is missing if result is more than 1 some invoice are missing. This would work where
we have purely numeric invoice numbers. There are also instances of repetition of invoice numbers
which is suggested by 0
But over here, we have alphanumeric invoice numbers. Thus we cannot calculate the difference directly.
We need to separate the numeric part first by using Right / Left / Middle etc.. and then apply the
aforesaid formula.
6. Benford’s Law: one the most famous tools used in modern day Forensic Audits. Benford’s Law is
also known as the law of first digit. It was propounded by Frank Benford in 1938
probabilities are given by the formula: 𝑃 (𝑛) = log10(1 + 1/𝑛 )
Where n is the leading digit or the first digit of a number.
Benford’s Law was used for the first time in Forensic Audits by Dr Mark Nigrini in 1993
First Digit Probability
1 0.30103
2 0.17609
3 0.12494
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
4 0.09691
5 0.07918
6 0.06695
7 0.05799
8 0.05115
9 0.04576
Please note that if the numbers deviate from the pattern suggested by the Law, it is not a conclusive
evidence of a fraud. It could still be a genuine list. Thus, it is merely an indicator of a possible fraud or
what is termed as a ‘Red Flag’!
The Conclusion drawn is Subjective
7. Stratification – This involves breaking the given data into number of strata or categories. This is very
similar to Aging Analysis. Stratification is necessary to divide heterogeneous data into homogenous
strata. One may use if function for categorization purpose. This involves using multiple IF functions.
Number of Ifs required is one less than the number of categories. We need to nest these IFs one inside the
other. The formula using IF functions can be extremely long and tedious. It could be difficult to understand
or edit later. A simpler approach is to make a table of the different categories and use Vlookup function.
The range lookup should be TRUE. This achieves the same output and does away with all the demerits of
IF functions. After stratification, we can take out samples from each strata Left / Right function is not relevant
for the Stratification.
What is ERP Concept? - An enterprise is a group of people with a common goal, having certain
resources at its disposal to achieve this goal. In an enterprise way, the entire organization is considered as one system
and all the departments are its sub-systems. Information regarding all aspects of the organization is stored
centrally and is available to all departments. Resources include money, manpower, materials, machines,
technologies etc. more easily share information and communicate with each other. This transparency and
information access ensures that the departments no longer work in isolation pursuing their own independent
goals.
Each sub-system knows what others are doing, why they are doing it and what should be done to move the
company towards the common goal. The ERP systems help to make this task easier by integrating the
information systems, enabling smooth and seamless flow of information across departmental barriers,
automating business processes and functions, and thus helping the organization to work and move forward as a
single entity.
Business Functions and Business Processes - Organizations have different functional areas
of operation – marketing and sales, production and materials management, accounting and finance, human resources
etc. Each functional area comprises a variety of business functions and business activities.
A business process is a collection of activities that make one or more kinds of input and creates an output that is
of value to the customer. A business process cuts across more than one business function to get a task done
Sharing data effectively and efficiently between and within functional areas leads to more efficient business
processes. Information systems can be designed so that accurate and timely data are shared between
functional areas. These systems are called Integrated Information Systems.
Business Modeling - approach to ERP is to first develop a business model comprising the business
processes or activities that are the essence of the business. A business model is not a mathematical model, but
a representation of the business as one large system showing the interconnections and interdependencies of the
various sub-systems and business processes.
The business model is represented in the graphical form using flowcharts and flow diagrams. The data model
of the system is created from the business model
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
ERP and Related Technologies
1. Business Intelligence
2. Online Analytical Processing (OLAP)
3. Product Life Cycle Management (PLM)
4. Supply Chain Management (SCM)
5. Customer Relationship Management (CRM)
Business Intelligence - Business Intelligence (BI) is a tool that refers to skills, processes, technologies,
applications and practices used to facilitate better, accurate and quicker decision making. Business intelligence
systems are data-driven Decision Support Systems.
Data Warehousing - If operational data is kept in the database of the ERP system, it can create lot of problems. As
time passes, the amount of data will increase and this will affect the performance of the ERP system. As the volume
of the data in the database increases, the performance of the database and the related application degrades. Thus,
archiving the operational data once its use is over is a better option.
Data Warehousing Functions - The definition of data elements in the data warehouse and in the data sources,
and the transformation rules that relate them, are referred to as 'metadata'. Metadata is “data about data” and is the
means by which the end-user finds and understands the data in the warehouse.
Online Analytical Processing (OLAP) - Online Analytical Processing, or OLAP, is an approach to quickly
answer multi-dimensional analytical queries. OLAP systems use concept of OLAP cube called a
multidimensional cube or a hypercube consisting of numeric facts called measures which are categorized by
dimensions. The cube metadata is typically created from a set of tables (Facts and Dimensional) in a relational
database. Measures are derived from the records in the fact table and dimensions are derived from the dimension
tables.
Characteristics of OLAP – Fast, Analysis, Shared , Multi-Dimensional , Information.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
entirely at once. ERP packages are very general and need to be configured to a specific type of business and
may follow a phase-in approach with one module implemented at a time. Some of the most commonly installed
modules are Sales and Distribution (SD), Materials Management (MM), Production and Planning, (PP),
and Finance and Controlling (FICO) modules
5. Employee Morale - Employees working on an ERP implementation project put in long hours (as much as 20
hours per day) including seven-day weeks and even holidays. Even though the experience is valuable for their
career growth, the stress of implementation coupled with regular job duties could decrease their morale rapidly.
Leadership from upper management and support and caring acts of project leaders would certainly boost the
morale of the team members.
Introduction to Tally.ERP 9
Simplicity , Speed , Power , Flexibility , Scalability, Concurrent multi-lingual capability , Real time processing ,
Accounting without codes , Quick and Easy installation , Codeless User Interface , Multiple aliases across
languages , Extendible Units of Measure , Unlimited Grouping and Classification , Unlimited multi-user support ,
Graphical analysis of data , Flexible and Extendible reporting , Data Reliability and Automatic recovery , Internal
backup/ restore , Import/ Export of data , Split Company Data , HTTP-XML based data interchange.
There are basically four categories of General IT Controls which are as follows:
Data center and network operations
Program change
Access security
Application system acquisition, development, and maintenance (Business Applications)
Exercise-
1. What are data flows between multiple IT systems also known as – Interfaces
2. Which of the following activity from the Data center and network operations domain of GITCs is less likely to
have an impact on audit - Service Level Agreements
3. What is the risk due to default passwords - They are easy to guess , Openly know , Do not comply with
company’s password policy
4. Privileged users are more commonly known as, - Super users
a. Privileged users are also known as super users or administrators and have unrestricted access to
systems.
b. Business users, normal users and end users refer to the same type of users who have restricted
access to systems.
5. Segregation of duties is applicable to which layer of access security, - Application security, Database security
, Network security
6. With respect to samples selected for testing, the auditor is required to document Justification, for sample size
and how the auditor ensured Completeness of population
7. The software methodology used for carrying out program development and program changes is known as
Systems Development Life Cycle or SDLC
8. Deficiencies in GITCs will impact the. Reliability of automated controls, IT-dependent controls and IPEs
9. Direct data access considered high risk because it bypasses the application controls and could compromise
data integrity
10. A Disaster Recovery Plan or DR Plan contains procedures for restoring the IT systems back to
normal state after a failure.
11. 11.The auditor should review GITCs for all IT systems and applications used at a company- false
12. Developers and programmers should not be given access to production environment- True
13. It is more efficient to test GITCs at year-end - False
14. Batch jobs should be monitored for failures so that corrective action can be taken True
15. Environmental controls are applicable to all layers of access security – False
Overview :
In most ERP’s these transactions are automated based on the business process. In addition to the sub-leger entries
that arise out of business processes, the companies may also pass journal entries that impact the financial
statements.
We shall now try to understand the different types of journal entries
1. Standard Entries - These transactions pertaining to sales, purchases, inventory, rent, audit fees, AMC
expenses, salaries etc. are subject to internal controls as defined by the company
2. Non-Standard Entries - In addition to the automated entries, these entities also record nonrecurring,
unusual transactions or adjustment entries in the ERP’s. These entries may not be subject to the same
level of rigour of the internal controls or may not have passed through any controls at all. Eg . Estimation
, Impairment , adjustment to amount already Reported – combination , reclassification.
3. Top Up entries - These are residing outside the books , Eg : In excel sheet like inter company setoff
entries ,etc. and may impact the Financial Statement
SA 240 and The Guidance Note on Audit of Internal Financial Controls Over Financial Reporting , also talk about
unusual transactions and the audit procedures to deal with them.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
such NSJE are generally directly passed in the General Ledger. There is a risk of management override of controls
in passing such entries.
These NSJE’s may exist only in electronic form directly in the General Ledger with no supporting physical
documents.
The points to note for understanding the business systems and processes are:
• Accounting software – ERP/customised/off the shelf packages
• IT team – in house/outsourced
• Type of entries – automated or manual etc.
• SA/SOD among IT and business teams etc.
• Timing of passing journal entries – end of day, weekend.
The points to note for understanding the fraud risk factors are:
Sales targets to be achieved – important to investors, stock holders etc.
Bonuses and incentives – employees
Debt requirements – banks etc.
The auditor should generally ask open ended questions to the management to understand if there were any
unusual activities during the year under audit.
Whether the employee who recorded entries went on vacation and if there was a substitute during that period
Whether the employee shared his user id and password with any person during the year.
Whether any entries were passed during the year without any supporting documents.
Exercise –
1. The unusual, non recurring transactions may generally be directly entered in – Generally Ledger, (the non-
recurring transactions may not have a supporting. To be passed in Sub ledgers, it may require collusion
among personnel. Hence, they are passed in General Ledger)
2. Estimates, impairments are generally a type of - Non Standard Journals.
3. While understanding the IT/ERP systems used to record entries, the points to note are: Accounting software
/ ERP used , Automated or Manual entries , SA/SOD among IT and Business teams , Timing of passing the
entries.
4. Some of the fraud risk factors to note which may lead to unusual transactions are: Sales Targets , Personal
gain such as Bonus, incentives , Debts requirements for banks
5. A key factor to be kept in mind while making enquiries of personnel : Ask open ended questions
6. Entries maintained outside the system and impact the financial statements : Top up entries
7. Which is the main risk due to Non Standard Journal entries: Risk of Material misstatement
8. It is possible that a Non standard journal entry may not have relevant Printed supportings
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
9. A common method to test for completeness of data is Roll Forward testing.
10. In industries/sectors, where volume of data is huge, Roll Forward testing may not be an appropriate way of
testing completeness of data.
11. Before testing Journal entries, it is necessary to test the controls surrounding the process of passing Journal
Entries. - True
12. One way of auditor enquiring about unusual activities at a client location is to ask Open ended questions
13. Sales Target to be achieved may be a key fraud risk factor from an investor/ stock holder perspective leading
to Non standard journal entries.
14. Debt Requirement to be achieved may be a key fraud risk factor from a bank/financial institution perspective
15. To bring in efficiencies in the process of extraction and analysis of JE data, the auditor may use Software
Scripts
When to Test?
Having obtained an understanding of the migration approach, the business environment and the IT environment, the
auditor should perform a risk assessment for each phase of the migration process and identify the risks that could
impact the audit. The auditor should design appropriate audit procedures that include evaluation of controls that are in
place to mitigate the risks. The auditor should test these controls for design and operating effectiveness.
The testing for data migrations can be performed pre-implementation which means either immediately preceding
the Go live phase, when a substantial part of the migration has been completed, or postimplementation meaning
after the Go live phase. The suggested approach is to perform both pre-implementation and post-implementation
reviews
• a pre-implementation review provides an opportunity for the company to identify gaps, if any and
provides early assurance on the migration process and controls which can be useful in planning other audit
procedures better.
• a post-implementation review provides assurance on the effectiveness of migration process and controls
Exercise –
1. Which of the following is example of an ERP - SAP, Oracle R12 and In-house developed are examples of ERP.
2. Which of the following activity is part of the System Design phase of a migration - Allocation of budget happens
in Planning phase. Mock conversion is part of Data Conversion phase
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
3. At which phase of the migration would rollback procedures be triggered, if necessary - Rollback procedures
are defined in the Planning phase and triggered during the implementation or Go live phase, if necessary.
4. Which of the following require specific considerations during a migration,- Approach for migration of user
access and segregation of duties, open items and master data should be considered.
5. When would auditors review migration process and controls - Auditors can evaluate and test migration controls
as part of pre-implementation, post-implementation reviews or during while reviewing General IT Controls
during audit process.
As per the Guidance Note issued by the ICAI on Audit of Internal Financial Controls over
Financial Reporting, the data or Information Produced by the Entity (IPE) can be generally used for:
IPE is used by entity personnel to perform a relevant control.
IPE is used by the auditor to test a relevant control.
IPE is used by the auditor to perform substantive procedures.
The IPE can be in 2 forms:
Reports generated from the System
Listing/Output created manually with data from the system
Types of Reports
There could be approximately 3 types of reports that can be extracted from ERP systems. The purpose for which
these reports may be used are for analysing Financial or Operational data
• Standard Reports – These are reports that are available at the time of implementation of the ERP systems
by the entity. These reports are inbuilt into the systems
For example: Purchase Register, Sales Register, Fixed Asset Register, Cash Flow statement etc.
• Customised Reports – These reports are created by the entities with respect to their businesses, revenue
streams, divisions etc.
Here, the company has followed their own pattern or code for Chart of Accounts (CoA), Vendors, Customers
etc. For example: B/S, P&L account etc
• Database queries / Other tools etc. Queries are used to retrieve information or data from a database in a
readable format using a SELECT statement.
Exercise -
1. Which of the following method is used to produce reports about data.- Standard Reports , Customised Reports
, Database queries
2. SELECT statement is used to generate which type of reports - Database queries
3. The auditor may limit the test procedures to test reports when - Controls in Business process and GITC are
effective
4. What are the factors to be considered for timing of report testing. Quality and type of entries , Company Policy
, Implementation of new systems
5. Some of the reasons to test reports by auditors - Used by the auditors as part of the audit
6. Prior to testing of reports, the auditor needs to understand, evaluate and test the General Information
Technology Controls and Business Process Controls
7. On the assumption that the GITC’s are effective, the auditor needs to follow which sampling procedure to test
a report - One transaction per scenario.
8. The GITC’s are effective and a report has been tested in earlier years. In subsequent years, the auditor may
adopt an approach of testing Last change date of the report.
9. The 2 assertions generally evaluated at the time of testing reports are Completeness and Accuracy
10. System Reports which are used to analyse business operations and are extracted from systems not relevant
for financial reporting, need not be tested. - true
11. ERP – Enterprise Resource Planning
12. ROC – Registrar of Companies
13. IPE – Information Produced by the Entity
14. GITC – General Information Technology Controls
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
For example: some of the tools that are used in implementing and review of segregation of duties and sensitive
access include SAP GRC (formerly, Virsa), Oracle GRC, BIZRights, Proprietary tools
Exercise –
1. Which of the following is NOT an example of an External user type - Employees
2. Business rules for implementing segregation of duties are defined by - Company
3. Examples of specialised tools to review segregation of duties and sensitive access in an ERP include, - BIZ
Rights
4. Auditors review of user access controls in an ERP environment is performed at a point-in-time. What other
controls can auditors rely upon to get evidence of operating effectiveness for full year. - General IT Controls
5. When an auditor finds a deficiency in the user access controls, what should the auditor do next -Evaluate the
deficiency and determine impact on audit
6. Sensitive access in an ERP refers to the ability of a user to perform Critical business activities.
7. Super users who have very extensive or unlimited access to carry out all or several activities in an ERP
environment are also known as Privileged users.
8. The auditor should first gain and understanding of the Business, and IT environments before auditing
segregation of duties and sensitive access in an ERP.
9. Segregation of duties can be implemented as either Preventive or Detective controls.
10. Roles make it easy to manage user access to an ER
11. False. Segregation of duties is implemented even in companies where there is no ERP.
12. False. Business rules for implementing segregation of duties should be defined by the company/management.
15. A user in purchase department has access to maintain vendor master data and process vendor invoices. This
indicates a deficiency in segregation of duties True
16. User access to an ERP is given based on user job roles and responsibilities True
17. Reliability of user access controls in an ERP depend on effectiveness of application controls False
ERP – Enterprise Resource Planning
SOD – Segregation of duties
SA – Sensitive Access
GITC – General Information Technology Controls
Role – is a logical grouping of users in an ERP that is aligned to a job function
Profile – is an internal technical grouping of authorisations, permissions and user access rights in an ERP and
is derived from a role
GRC – Governance, Risk and Compliance
The auditor via an enquiry process gets an understanding of the various business processes. The understanding of
the process flows and the controls within the processes can be documented in either of the 2 ways:
1. Process Flow Diagrams
2. Process Narratives
Timing of AACs testing and Sample Size
The auditor needs to plan for an appropriate time to test AACs. The factors to be considered to determine the timing
to test AACs are:
• The period covered under audit
• Risk associated with the control at the time of risk assessment
Based on the above factors the auditor will test the AACs. The assumptions before testing the AACs are:
GITCs are effective. This is because they assist in effective functioning of application controls including AACs
Design of the control has been evaluated and is effective.
Assess the Impact of Deficiencies
The auditor should evaluate the identified deficiencies in controls to develop a response to risk of material misstatement
as given in SA 240 “The Auditor’s Responsibilities Relating to Fraud in An Audit of Financial Statements”.
• A deficiency in a Control will not allow the management to perform their assigned functions. This deficiency
may not prevent or detect misstatements. Such deficiencies are called Design Deficiencies.
• deficiency in operation exists when a properly designed control does not operate as designed, or when the
person performing the control does not possess the necessary authority or competence to perform the control
effectively.
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI
Mahipal Singh Rajpurohit
Communication of Deficiencies
SA 265 - “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”
makes it necessary for the auditor to communicate control deficiencies to the Management. Prior to issuing such report
the auditor may also go through the Internal audit reports and evaluate the control deficiencies identified in the reports
The auditor must communicate in writing in sufficient advance to provide an opportunity to the company to remediate
the deficiencies before the auditor issues the report on Internal Financial controls. The auditor will have to also mention
if the deficiencies were present in the prior periods of audit.
Exercise-
1. Some of the objectives to be achieved by implementing AACs are - Completeness and Accuracy are the two
objectives of implementing AACs
2. Some of the risks that are addressed by such AAC’s are
(a) Risk of unauthorised personnel entering the data
(b) Risk of personnel entering unauthorised data
(c) Risk of inaccurate processing of data
3. Some of the examples of AACs are: Inherent, configurable, automated calculations etc. are AACs
4. Understanding the business process can be documented via Flow chart and Process Narratives are 2 ways of
documenting business processes
5. A control necessary to meet the control objective is missing. If a control is missing it is an example of Design
deficiency
6. Who is responsible for the design of internal control - Management is responsible for design of controls. Internal
auditors and Auditor are responsible for testing the controls.
7. Validation checks and Duplicate checks performed by an ERP are part of Inherent Controls
8. Interest Computation performed by an ERP is a component of Automated calculations. which form part of
AACs.
9. The Guidance Note on Internal Financial Controls over Financial Reporting refers to 9 Process flow diagrams
as a helpful form of documentation for auditors to depict the process to initiate, authorise, process, record and
report transactions.
10. Management. is responsible for the design of the internal control.
11. The auditor will have to adopt a combination of Inquiry, Observation and Inspection. while evaluating the
design of a control via Walkthrough process.
12. The 3 way match of fields of PO, GRN and Invoice is an example of a Configurable control.
13. True. GITCs have to be effective, to have a strategy to test AACs for operating effectiveness.
14. True. Operating effectiveness deficiency exists when the control does not operate as expected or the person
operating the control is not competent.
15. False. If there are different scenarios in a business process, then one transaction per scenario have to be
taken for a walkthrough
Forward the file to your Friends who are going to appear in Advance ITT Exam of ICAI