Common Control Inefficiencies:

Control red flags

Unintentional:
Dominant and unchallenged management Lengthy tenure in key jobs

Close association with suppliers and customers Unclear lines of authority, policies or procedures

Insufficient separation of authorization, custodial

Hardware malfunction & software errors
and record-keeping duties

No physical or logical security system No audit trails

Intentional:
Management override of controls Corruption or bribery

Misappropriation of assets Fraudulent financial reporting

Types of controls
- Preventive (Deter)
- Detective (Discover)
- Corrective (Remedy)

Data entry controls

Capture information once and at source:
Field check (proper type/class) Sign check (+/-) Limit check (Within upper limit)

Range check Size check

Completeness check
(Upper + Lower limit) (No. of characters allowed)

Validity check Check digit verification

Reasonableness test (Logic)
(VLOOKUP with master file) (E.g. Matric, NRIC etc.)

Batch processing
(Sequence & Batch total)
Closed-loop verification
Prompting
(Use input to retrieve
(System prompts for input)
other data)
Processing controls

Data matching
File labels
(Requires 2 or more Recalculation of batch totals
(Correct/Updated file used?)
items to match)

Zero-balance test (Control a/c)

Cross footing
Write-protection mechanism
(Use alternative methods of
(Prevent overwriting/erasing)
calculating total) Concurrent update control
(No two ppl can update
at the same time)

Output controls

User review of output Reconciliation Data transmission control

ECI Issue analysis Template

SAP (Process Enhancement):
Enablers of process automation in SAP
- Common database (As opposed to decentralised storage)
- Real-time update
- Business rules (Best business practice)
- General automation rules
o Workflow (Audit trail)
o Interface technology (Shared boundary across which 2 or more systems exchange info.)
- Process specific automation tools (see below – Financial accounting, Sales, Expenditure)

Process automation in Financial Accounting

- Automatic accounting posting from non-accounting modules (integration)
- Automatic workflow for two-step accounting document process (park & post)
- Automatic posting of recurring documents (schedule posting)

Process automation in Revenue Cycle

- Automatic credit limit checks
- Automatic inventory availability checks (followed by 3 delivery options – partial, one-time, delayed)
- Automatic creation of delivery documents
(Delivery due list - Online processing or background batch job)
- Automatic creation of customer invoices
(Billing due list – Online processing or background batch job)
- Automatic communication with customers
- Automatic barcode/mobile integration

Process automation in Expenditure Cycle

- Automation creation of PRs (MRP)
- Automatic PR source assignment & PO creation
- Automatic workflow for PR & PO approval (Choose level of approval required)
- Automatic communication with vendors
- Automatic barcode/mobile integration (Goods receipt)
- Automatic vendor invoice management integration
- Automatic invoice variance detection
- Automatic payment program

General Application Controls

- Three levels of security (User master record, T-code check, Authorization check)
- Input data validation
- Data control (Can’t delete easily, permanent storage, tracking)

Functional controls in Financial Accounting

- Tolerance groups (limit size of employee’s transactions)
- Tracing from account balances (review originating transactions)
Functional Controls in Revenue Cycle
- Credit limit check
(@ sales order, delivery, post goods issue? Warn & continue, error & terminate, block delivery?)
- Inventory availability check (followed by 3 delivery options – partial, one-time, delayed)
- Completeness check
- Document status (Cleared?)
- Document flow (Trace to related documents)

Functional Controls in Expenditure Cycle

- Release strategy for PR & PO (manual or automated)
- Three-way match for vendor invoice (3 types of variances, warning/error or block)
- GR/IR account
- Document status (Cleared?)
- PO history (Trace back to GR and IR document)
RPA:
Processes best suited for RPA
- Rules-driven (Consistent rules)
- Voluminous (High volume)
- Data intensive (A lot of data manipulation and crunching)
- Repetitive in nature
- Driven by electronic inputs (Begins with electronic input including scanned documents)

Features of UIPath

Screen scraping
(Scrap visible and non-visible)
Recording
Data scraping
(Basic, Desktop, Web,
(Extracting structured data)
Image, Native Citrix)

Sequence Loop If activity

(Seamlessly go from one (Repeats sequence of (Contains a statement with
activity to another; instructions until specific condition with 2 sets of
Single block of activity) condition is met) instructions as outcomes)