Internal 

Procurement To Pay
Audit Period : FY 2021/22
Division : Sports

Sr. No Process Name Sub Process Control Objective Risk Description Test Plan
Vendor Creation and Management
To ensure that Vendor details are entered in system after due Unapproved Vendors entered in Vendor master list which may lead to unauthorised 1- On the Basis of Sample, Ascertain only authorized and approved vendor created in the system
1 Vendor Creation
approvals from management and illegid transactions. 2- Review vendor master data to identify any multiple/duplicate vendor codes.

To ensure that Vendor data is properly maintained and updated
2 Vendor data management
on a regularly basis
Changes in details of suppliers data may be made without authorization
1- Ascertain whether a vendor database/ master exist, containing details of vendors as well as the
specific goods/ services to be sourced from each of the vendors.
2- Check that only the specified goods/ services can be sourced from individual vendors.
3- Review only authorized person made changes in the vendor master data after due approval
(Including deletion of vendor)

3 Vendor Master Data
Goods Receipts
4 Contracts and Policies
To ensure vendor master data is complete and accurate
To ensure compliance with company policy and vendor contracts
Purchases from unauthorized supplier not appearing in list of approved suppliers 1- Ensure previously blacklist vendor is not part of the vendor master data
1- Review of vendor contracts to ensure all major aspects are covered (Price, T&C, Payment Terms
Absense of an approved policy
& etc)
Absence of T&C from the contracts
2- Review policy and procedure relaed to P2P to ensure all aspect of the process is covered

Ensure that adequate segregation of duties exist to mitigate the 1- Review GRN process to ensure adequate segregation of duties between persons who are receiving
5 Segregation of Duties No existense of Segregation of duties.
risk of error/fraud and recording of goods

6 Validation of Goods
1- Check on sample basis whether a Goods Receipt Note (GRN) and a Service Receipt Note (SRN)
received and signed by relevant aurhority and is tracked against the PO/ Contract.
Goods received as per PO scope Goods receipts may not be as per the PO scope
2- During the physical visit, also determine how the quantity received is verified, i.e. by estimation/
judgment, by actual weighing, etc.

GR/IR account may have long standing balances which are not cleared on a timely 1- Review GR/IR account and identfy balances which are not yet cleared and track back with
7 Ensure timely clearance of GR/IR account.
basis. respective PO and GRN to ascertain whether PO is close or not
Reconciliation & Monitoring
Ensure quantity is received as stated in the PO 1- On selected sample, Compare GRN with respective PO to ascertain whether the goods/services are
8 Goods received quantity varies from the Quantity as per PO.
(Article/size wise) received as per PO Scope

Ensure that only the goods that are in acceptable condition & in
9 Inspection of Goods
compliance with the agreed standards are accepted.
1- Physically visit the Receiving Area/ Store to inspect its layout. Ensure that goods pending
Goods that do not comply with the agreed standards may be passed through
inspection are adequately segregated.
inspection
2- Ensure quality inspection staff must be segregated

Creation of GRN in the

10 Ensure timely and accurate creation of GRN in the system GRN may not be created in the system on a timely basis 1- Review the timeline between IBD to GRN creation to evaluate the efficiency of the process
System
Goods Return 1- Understand the processes followed in case of Quality Rejections. Select a sample of rejections and
11 Return Goods return recorded accurately in the correct period Goods return may not accurately recorded in the correct period check w.r.t ( Rejection Report, Approvals, Physical segregation of the goods, Intimation to vendor,
Inputs to vendor rating mechanism)
Timely and accurately adjustment of credit/debit notes for 1- On Selected sample, review credit note and ensure the recording/adjustment is happened in correct
12 Credit/Debit Note Credit/debit note may not be adjusted accurately
returns. period and accurately
Invoicing & Payments 1- Understand the process of receipt and review of vendor bills. Review the aspect of segregation of
Ensure invoice is addressed to the company Legal name and duties
13 Invoice Unauthorized/invalid invoice may be received
A - Trade Related authorized 2- On sample basis, review invoices to ensure that invoices are authorized from the respective
vendors and signed
B - Non-Trade Related
14 Invoice Ensure invoice is created in the system on timely basis Invoice may not be recorded on timely basis 1- On sample basis, check whether the invoices are recorded in the correct period
( Admin, Marketing, IT Related,
CWIP Projects, HR, Travelling, Invoice may not matched with GRN. 1- Perform GRN to PO match
15 Services, Misc) Invoice Ensure invoice amount & quantity shall match with the GRN Duplicate purchase invoices may be entered and processed in the system resulting in 2- Perform system walkthrough to ascertain whether same invoice can be recorded twice in the
excess cash outflows system

1- Understand the payment process and ensure segregation of duties are exist
2- Review Payment approval authority matrix and check whether the same is implemented
16 Payment Approval Ensure payments are processed after due approval Unauthorized payment made to vendor
3- Payment made on extraordinary basis (single quotation, cash payment over & above the limit non
compliance section 3.1)

Ensure purchaes for which payments are made are within the
Payment subseuquent to check
17 OTB Plan approvals where any deviations approved by Higher
of OTB Plan
authorities.

1- Understand the reason/circumstances/criteria where Non PO base payments can be made.

18 Non-PO Payments Ensure Non-PO base payments are processed after due approval Unauthorized payment may be made to vendor without due approval
2- Review policy related to Non PO base payments if exist and ensure its compliance.

Payments Made by Credit Ensure only authorized person must have access to credit card 1- Understand the process related to use of credit card and who have the access.
19 Payments may be made for personal expenses
Card and payment approval must be attached 2- Review on sample basis, transaction made through credit card and trace respective approvals

20 Cash Payments Ensure cash payments only made for petty expenses Cash may be used for making payments other than imprest expense 1- Review cash payment voucher to ensure payment only made for petty expenses.

© Ernst Young LLP. All rights reserved. Confidential and proprietary

Internal 

Sr. No Process Name Sub Process Control Objective Risk Description Test Plan
1- Advances released to vendors, check that these are as per the contract. Also, ensure correct
21 Advance Payments Ensure advances are issue to suppliers after the proper approval. Absense of approval for Advances issued to suppliers.
accounting for the same.
Ensure timely settlement of advance with suppliers and reconcile Advances may not be settled on time and accurately. 1- Review advances released to vendors and check whether advances are sett off from the final
22 Advance Payments
balances. Payments may get duplicated due to incorrect set off. payment schedule
23 Payment Recon Ensure that 3 way match perform by the finance team 3 way match may not be perform by the finance team 1- On sample basis, perform 3 way match (Invoice, GRN & PO) and report if there is any deviation

24 Pre & Post Discount Ensure pre & post discount are received Discount may not be adjusted/claim 1- On sample basis, recalculate the discount and its adjustment against the invoice
Issuing and Approval of Ensure issuance of payment cheque is authorized and signed as
25 Unauthorized cheque may be issue to vendor 1- Check whether DOA related to issuance of cheque is exist and ensure the same is followed
cheque per DOA
26 SOA Ensure timely updating of vendor statement of account Vendor statement of accounts may not be updated 1- Check on sample basis, whether SOA updated on accurately and timely
General Entity Level Controls 1- Review Delegation of authority. Gain an understanding of the authority matrix.
Ensure Entity Level controls are exist and implemented
27 Entity Level Control may not exist/implemented 2- Review SOPs for Procurement to Pay
accordingly
3- Review Organization structure and identify any conflicting roles/reporting relationship
Open PO's
28 Ensure timely closing of PO PO may not be close on timely basis 1- Highlight long standing open PO's and discuss with the management.

© Ernst Young LLP. All rights reserved. Confidential and proprietary

Attributes to be reviewed for sample instances, major purchases

A B C
Requisition PO GR/IR/receipt
Attributes
Quantity Amount Quantity Amount Quantity
 C D E
GR/IR/receipt Invoice Payment Differene in amount
Amount Quantity Amount Quantity Amount B-A C-B D-C E-D E-C
Difference Approval
Known/unknown yes/ no
Check for service vendor (marketing or other), employee master VS vendor master comparison

Vendor details Employee master

Name Address Email Contact address Bank account Name Address Email Contact address Bank account
er
Dependent details