Client Name: Client Code:

Period End: Partner: Manager:

Subject: Summary of Control of Weaknesses Prepared by: Date:

Reviewed by: Date:

This document serves as the control matrix, control test and procedures to overcome risks, and to summarize its weaknesses.
Transaction Financial Statement Risks Control Description Control Automated Preventive Frequency of
Assertions Owner or Defective Control Activity
Manual or Both?

The Supplier Maintenance Form is reviewed and approved by Engr. Felizardo

Gomez

The Supplier Maintenance Form is sent to the AP department where is

reviewed and entered into the system

Existence Unauthorized or incorrect changes are Vendor Maintenance is performed by the AP department and limited to
made to the vendor master file of supervisors, role-based security is utilized manual such that individuals having
Rights and Obligations fraudulent payment transactions. access to perform vendor maintenance do not also have access to perform other
Accounts Payable functions process vouchers and print checks

Invoices are posted to accounts payable

without proper authorization, increasing
Existence the risk fraudulent transaction or Invoice and receipts are restricted from processing unless approved by Engr.
misstatement of accounts payable. Felizardo Gomez
Rights and Obligations
 Invoices are posted to accounts payable
without proper authorization, increasing
Existence the risk fraudulent transaction or All items upon receiving are inspected and matched to the bill of lading and
misstatement of accounts payable. PO for appropriateness.
Rights and Obligations

Invoices are posted to accounts payable

without proper authorization, increasing
Existence the risk fraudulent transaction or Trans Oriental Heavy Equipment will not allow receipt items without a PO
misstatement of accounts payable.
Rights and Obligations

All invoice is approved by Laila David (treasurer) prior to validation

Invoices are posted to accounts payable

without proper authorization, increasing
Existence the risk fraudulent transaction or
misstatement of accounts payable.
Rights and Obligations All invoice is validated automatically (3-way match) by Trans Oriental Heavy
Equipment upon invoicing.

Client Name: Client Code:

Period End: Partner: Manager:

Subject: Summary of Prepared by: Date:

Control of
Reviewed by: Date:
Weaknesses

This document serves as the control matrix, control test and procedures to overcome risks, and to summarize its weaknesses
Transaction / Sub-process Financial Statement Risks Control Description Control Automate Preventive or Frequency of
 Assertions Owner Manual or Both? Detective Control Activity

Unauthorized Check printing is restricted to the AP manager and the corporate

disbursement is made and controller who authorized the check run by its activation. These
Existence recorded individuals do not have update access rights to the AP other than to
perform this function

Unauthorized All checks are process through and integrated check-writing function
disbursement is made and in manual. Checks can only be process against vouchers already
Completeness recorded; cash existing in the AP file and for the same amount (i.e. no changes can be
disbursement is not made to amounts during the check processing.) Checks can only be
Existence recorded processed to payees recorded in the vendor master file.

General ledger updates from accounts payable are controlled by

integrated modules which use predefined control accounts and field
which ensure that postings are in balance and include complete data.
Batches containing errors will not post to the general ledger and
Completeness Transactions do not required resolutions by the AP Supervisors prior to postings.
accurately update from
Existence accounts payable system
to general ledger system,
Valuation resulting in misstatements
of the financial statements
Rights and obligations General ledger accounts and accounts payable subsidiary ledger are
Presentation and reconciled on a monthly basis by the treasurer and the AP supervisors.
disclosure Reconciliations are reviewed by the financial reporting controller.

Unauthorized access is Access to AP is restricted to authorized users. Role-base security is

 granted to individuals utilized within the application to the extent possible. Monitoring
increasing the risk of controls are put into place where application access cannot be
Existence unauthorized and fictions restricted to support an optimal segregation of duties.
transactions
Rights and obligations

Client Name: Client Code:

Period End: Partner: Manager:

Subject: Summary Prepared by: Date:

of Control of
Reviewed by: Date:
Weaknesses

Ref Control Description Transaction / Sub-process Objective of test Testing Procedure Results Conclusion Testing w/p
Sub-Process risk rating Ref

Vendor maintenance is performed by

the AP department and limited to
supervisor. Role-based security is Changes to the vendor master Obtain users access log for application for the
utilized in the system, such as file are valid and authorized company for vendor maintenance functionality and
individuals having access to perform to prevent inappropriate or verify that only AP supervisors have access. Also
vendor maintenance do not also have fraudulent vendor payments obtain full access right details for document
access to perform other accounts purposes and verify the others do not have access.
payable functions – process vouchers
and print checks.

Invoice and receipts are restricted

from processing unless approved by
the supervisor. Purchases are appropriately Review configuration of approval routing within
exclusive person. Attempt to complete routing task

All invoices are approved by the AP
clerk prior to validations.
General ledger accounts and accounts
payable subsidiary ledger are
reconciled on a monthly basis by the
AP supervisors. Reconciliations are
reviewed by the financial reporting
controller.
Access to the AP is restricted to
authorized users. Role-based security
is utilized within document process to
the extent possible. Monitoring
controls are put into place where
application access cannot be restricted
to support an optimal segregation.
authorized.
Purchases are appropriately
authorized.
All AP transactions are
completely and accurately
updated to the general ledger
in the proper period
Access to AP accounts record
should be limited to
authorized users and
restricted by job function to
promote an appropriate
segregation of duties
without appropriate approvals and note results.
Select invoices paid during the year. Confirm that
the approvals for all invoices paid are consistent
with the signature log maintenance by the AP
Department
Inspect evidence of the review and approval of AP
subsidiary to G/L reconciliation. Randomly select 4
months. For each month, obtain copy of AP
accounts reconciliation signed by Laila Davi, the
treasurer and financial reporting controller.
Obtain a report of system users and access rights
grated for each selected authority. Confirm that all
users are active employees and that the rights
granted are consistent with the individuals job
responsibilities in relation to AP.