Audit areas of Netflix along

with various processes Group 3:

Avika Bishnoi
Bhavay Ahuja
Chhavi Gupta
Gauranshi Jain
Gopala Gupta
Puneet Singla
 Audit:
Operations-
Streaming
services

-Bhavay Ahuja (A013)

Sr. No. Sub processes Risk Risk Risk Test
No. Grading Description Step

1.1 Acquisition of 1 High If Netflix •Proper authorization of the content licenses

content fails to agreements should be done to prevent fraud.
maintain or •Recognition for the real data file in the database
acquire should be done.
new •The term of the license needs to checked in case
content the business is using the content even after
licenses, its expiry of the agreement
business
could be
adversely
affected
2 Medium There is •Scrutinize the payments being made to the
high scope Licensee company for content
in wrong •Check the amount paid with movies and TV
valuation of shows of a similar Genre, Awards, Start cast etc.
the content
library,
,which in
turn could
lead to an
inflated
balance
sheet
Sr. Sub processes Risk Risk Risk Description Test
grading
no. No. Step

1.2 Cloud storage 1 High Failure to maintain •The auditor must review the contracts of Ne
. an ethical with the AWS to look for any clause, breach
relationship with which could cause the relationship with AWS
amazon break down
warehousing
service could
cause Netflix to
even shut down
1.3 Monolithic 1 Medium While making any •Making sure that the system is equipped wit
. architecture changes in the monolithic architecture, since if in place
back end code of protects the whole database even when
the platform, if engineers make changes to any one elemen
any glitch takes the platform
place, the whole
website could
down for hours
causing damage to
business
1.4 Quality of 1 Low Seamlessly
. streaming on running files of
devices different format
on every unique
device used a
single account is
 Audit:
Operations-
Production
and Licensing

-Puneet Singla (A054)

 Sub- Sub- Risk Risk Risk Test Step
Process Processes No. Grading Description
No

2.1 Multi-year 1. High Talent Check if the agreement defines the working
commit- agreements relationship between both the parties, leaving
ments for are not little room for miscommunication.
production properly
and defined or
licensing of not complied Verify if various clauses to the agreement are
content. with. adhered to and payment is as per the
agreement.

2. Medium Payment Check whether a certain content is produced or

terms of the licensed and ascertain the payment patterns
commitment accordingly.
s are not
followed or
is not Check the treatment of produced/licensed
properly contents which were not favorably received by
reflected in customers.
the books of
accounts.
Sub- Sub- Risk Risk Risk Test Step
Process Processes No. Grading Description
No
2.1 Multi-year 3. Medium Required Check if the documents have been maintained
commit- documents and check the list of the agencies with whom
ments for and records Netflix has entered into agreement.
production have not
and been Ascertain whether the other party actually
licensing of maintained. exists or not by cross- checking.
content.
 Sub Sub- Risk Risk Risk Description Test Step
Process Processes No. Grading
No.

2.2 Original 1. Medium Bifurcation of various Ascertain the various disciplines wherein
content disciplines Netflix is building out expertise.
production developed has not
(Netflix been reflected
Verify if the expenses are allocated to
Originals) properly in the books
the right head and there is no inter-head
of accounts.
adjustments.

2. High Unauthorized Check whether the proper database

intrusion into management process is into place.
employment and
personal information
on Netflix’s
production.

3. High Litigations on ground Check the accounting treatment of such

of intellectual litigations.
property claims are
not properly
reflected in the
books of accounts.
 Sub Sub- Risk Risk Risk Description Test Step
Process Processes No. Grading
No.

2.2 Original 4. Medium Improper Check the historical trends in payment

content payment of the and recognition of production costs.
production production costs.
(Netflix Ascertain the difference between
Originals) payments for costs of licensed and
produced content.

5. High No defined Estimate the period of use.

process of the
amortization of Check the consistency of estimates.
produced content.
Verify that only existing content is
reflected in the balance sheet.

6. High Flow of cash is not Check the trends in cash flow and look
properly reflected for any suspicious activity.

7. Medium Improper Check if the current treatment matches

accounting with the historical treatment.
treatment of
production costs
 Sub- Sub- Risk Risk Risk Test Step
Process Processes No. Grading Description
No

2.3 Acquisition 1. High Improper Verify the contractual obligation table.

of content treatment of
from unknown
Check with the other party.
outside future titles.
sources and
licensing 2. Medium Improper Check if the current treatment matches with
treatment of the historical treatment.
fee per title.

3. High Licensing Check if the agreements fails to mention any

agreements relevant information.
are not
properly
defined.
 Audit:
Operations
Subscription

-Avika Bishnoi(A011)
Sr. No. Sub processes Ris Risk Risk Test
k Gradin Description Step
No. g
3.1. Types of 1 High Distinction •Proper authorization of the members should be
Memberships between done to prevent fraud.
types of •Proper recognition for subscription fees of every
membershi type of membership plan should be there.
p

2 Medium Payment •Scrutinize the payment methods provided to

methods assure safety of transaction.
provided by
members
3.2. DVD 1 High Subscriptio •As the subscription amount increase as
Subscription n payment customer take more discs, so check on the
for DVDs regular fluctuation in this amount should be
there.
•Keeping the record of the discs which the
customers mails back to the company after use.

2 Medium List of •Maintaining the list of desired titles by the

desired subscribers and ensuring to keep the list of titles
titles by the up to date.
subscribers.
Sr. Sub processes Risk Risk Risk Description Test
no. No. gradi Step
ng
3.3 Revenue 1 High Timely and correct •Members are billed in advance of the star
. recognition recognition of their monthly membership and revenues sho
revenue and be recognized ratably over each mon
deferred revenue membership period. Deferred revenue cons
of membership fees billed that have not b
recognized , gifts and other prep
memberships that have not been redeemed.
3.4 Membership 1 High Reflection of •A membership when canceled and should
. cancellation membership reflected in the financial records as of
cancellation in the effective cancellation date. Volunt
financials. cancellations can become effective at the end
the prepaid membership period, w
involuntary cancellation of the service, a
result of a failed method of payment, sho
become effective immediately.
3.5 Cost 1 High Cost related to tax •Revenues should be presented net of the ta
. deduction, that are collected from members and remitted
payment governmental authorities.
processing fee, • Proper documentation of licenses to ens
licensing fees, appropriate payment of fees.
,amortization of •Amortization should be done according to
the streaming policies laid down by the company.
content library, etc. •DVD Postage cost
•Other costs also should have pro
 Audit:
Compliance

-Gopala Gupta (A014)

 Sr. Sub processes Risk Risk Risk Description Test
No. No. grading Step

4.1 Prohibition of 1 Low Prohibition of •Auditor can ask the senior or the upper
Discriminatory Discriminatory Tariffs management whether the company is
Tariffs for for Data Services having any tie ups with any service
Regulations, 2016
Data Services (Net Neutrality) states
provider to promote its services.
that Netflix cannot get
into any agreement
with any network
provider for
promoting its services.

4.2 Personal Data 1 Medium The Personal Data •Auditors can hire a systems expert to
Protection Protection bill,2018 check whether the security strength of
essentially makes the company is strong or not.
individual consent
central to data
sharing. It has been
imposed on the
collection and
storage of personal
and financial
information and
also processing of
the same for
commercial use
Sr. Sub processes Risk Risk Risk Description Test
No No. grading Step

4.3 Copyright Act 1 Medium This act states •Auditor should ensure that there
that the Netflix should be an internal process in order
cannot upload to check the licenses and
or show any authorization.
such content
which is
unauthorized/u
nlicensed.
4.4 Indecent 1 Medium This act
Representation prohibits
of Women indecent
(Prohibition) Act representation
(IRWA), 1986 of women
through crudity,
sexual , vulgar
actions, nudity,
and immodesty
on web series
or movies by
Netflix.
 Audit:
IT and
Database
Management
--Chhavi Gupta (A014)
 Sub Sub processes Risk Risk Risk Description
No. Grading
Process

5.1 General Increased Computers use and store information in

controls potential for 1. High electronic form and require less human
undetected involvement in processing than manual systems.
misstatements:

This weakness can be exploited by embedding

2. unauthorized programs inside authorized ones.
Concealment
or invisibility of High
.
some process:

3. Mediu Accurate information is an issue whether the end

Inaccurate m user is accessing a database on the mainframe or
information departmental database on a PC. It includes:
• Failure to identify significant information
• Failure to interpret the meaning and value of
the acquired information
• Failure to communicate information to the
responsible manager or chief decision maker.
Sub Sub Risk Risk Risk Description
No. Grading
Proc processes
ess

Unauthorized 4 High 1. Applications should be built with various

access or levels of authorization for transaction
changes to submission and approval. Once goes into
data or production, programmers san application hold
programs no longer have access to programs and data.
If programmers are provided access, all
activity should be logged, reported, and
reviewed by an independent group.
2. Risks of unauthorized access to data include
the possibility of information leaks that would
permit outsiders to assess the present state
and characteristics of an organization.
 Sub Sub Risk Risk Risk Description
No. Grading
Process processes

5.2 Applicati Capacity 1 High Ensuring that the computer systems will
on Planning continue to provide a satisfactory level of
Controls performance in the longer term. This will involve
IT operation staff having to make estimates of
future CPU requirements, disk storage capacity
and network loads capacity.

Performance 2 Mediu Monitoring the day to day performance of the

Monitoring m system in terms of measures such as response
time.

Media 3
Management Mediu Includes the control of disks and tapes, CD
m ROMs, etc.
 Sub Sub Risk Risk Risk Description
Proce No.
ss
processes Gradi
ng

Job Scheduling 4 Mediu A job is normally a process or sequence of batch

m processes which are run overnight or in background
and which update files etc. Jobs are normally run
periodically, either daily, weekly, monthly.

Back-ups 5 High Backups of data and software should be carried out by

IT operations staff on a regular basis.

Help Desk and 6 Mediu Help desks are the day-to-day link between users with
Problem m IT problems and the IT department. They are the ones
Management users call when they have a printer problem or they
forget their password.

Maintenance 7 High Of both hardware and software.

Network
Monitoring 8 High The IT operations function is given the responsibility
and for ensuring that communication links are maintained.
Administration
 Audit:
Expenditures
and
Revenues

-Gauranshi Jain (A015)

 Sub Sub Ris Risk Risk Description Test
k Grading
Process processes Step
No.

6.1 Revenue 1 High Internal control on •Internal control for allowing access
Audit Verification of users to the platform, no unauthorized
and plans so as to user should access the content.
differentiate various •Proper control should be in place to
types of plans differentiate the plans shown to the
provided to users users based on their purchase plan.
along with the
benefits available to
them.
•Proper matching of revenue during the
2 Mediu Matching of revenue accounting period should be made. E.g.:
m during the 1 year subscription from Feb-Jan should
accounting period. be accounted proportionally during
Proper bifurcation relevant accounting periods.
should be made in •Revenue from advertisement should be
terms of advance accounted for.
payments or •Incase of advance payment, revenue
deferred payments. should be recognized on accrual basis
and balance should be shown as liability.
•All other revenue streams should be
analyzed and verified with respect to its
accuracy and completeness.
 Sub Sub Risk Risk Risk Description Test
No. Grading
Process processes Step

Revenue 3 High Billing and accounting •Since the billing and other
Audit system should be accounting is based on IT system,
cross verified. Most of the IT system should be checked
the fraud happens in based on certain pre-defined sets of
this area because of inputs and outputs. For E.g. a
misappropriation in dummy user can be created , plan
accounting. should be selected for 2 months and
payment should be made. The
system should automatically show
the expiry date after 2 months.
•The billing should be proper and
spontaneous.
 Sub Sub Risk Risk Risk Description
No. Grading
Test
Process processes Step

6.2 Expenditures 1 High Verification of Cash and •Expenses paid in cash should
Audit bank expenses especially be verified with supporting
transactions involving memos and vouchers.
intercompany wires, •Counterfoil of cash receipt
automated clearing should be verified.
house (ACH) transfers, •Ensuring that teeming and
and check payments lading method is not followed.
because most of the
revenue generated by
Netflix is denominated in
foreign currency.

2 Mediu Marketing Expenses in •Marketing cost of Netflix has

m terms of promotion of increased significantly by 68%
newly launched series, this year.
building title brands or •Reviewing the contracts with
promotions for award the different agencies and
nominations. ensuring the billing conforms
to the term and conditions
specified therein
 Sub Sub Risk Risk Risk Description Test
Proce No. Gradin
ss
processes g
Step

Expenditures 3 High Netflix is an online •Identify related parties (through

Audit streaming company inquiry and review of relevant
and hence it is very information to determine the identity
essential to ensue that of related parties so that material
no related party transactions with these parties known
transactions are taking to be related can be examined)
place. Hence all •Review stockholder listings of closely
revenue earned from held entities.
relative party in terms •Review prior years’ audit
of subscription fees or documentation.
all expenses made to •Provide audit staff with the names of
them should be known related parties so that they can
verified. identify transactions with such parties.
 Sub Sub Risk Risk Risk Description Test
No. Grading
Process processes Step

6.3 Currency 1 High International •Identify and assess the risks of

Fluctuation revenues and cost of material misstatement at assertion
revenues account for level for the client’s foreign
44% and 54% currency transactions/balances,
respectively and taking into account relevant
majority of them are mitigating internal controls.
denominated in •Check inward/outward
currency other than remittances have been properly
US dollars. accounted for.
•Check FCNR and other NR
accounts to ensure debits and
credits are as per rules.
•Ensure verification and
reconciliation of Nostro and Vostro
Account transactions/balances.
 Risk
Sub Sub Risk Test
Grading Risk Description
Process processes No. Step

6.4 Liability 1 Low As of now, Netflix accounts •
for $10,360,058 borrowed
capital. This figure has been
increasing over quarters.
$3817685 has been raised
alone in 2018.
Examine the loan agreement
and ensure that the terms of
agreement relating to interest,
repayment etc., are duly
complied with.
• Calculation of interest rates on
the borrowed amount.

2 Low Netflix owes $4686019 in • Payment scheme adopted by the

regards of current content company to pay its creditors and
liability. lenders.
Apart from the above,
Netflix has a non- current
content liability of $
3,759,026