Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.

Credit and collection

Proper credit In consistent credit and Credit and collections policies and Obtain and review credit and collections
and collection collection procedures procedures are established policies and procedures and ensure the
procedures have increase possibility of followings are outlined:
been established bad debts and delay in  Standard terms and conditions of
and compliance cash flow. payment
is assured.  Levels of authority to vary standard
customer terms and conditions
 how prospective customers are
assessed for credit
 who has the authority to set and
amend credit limits
 how and when overdue accounts are
controlled and followed up
 when to turn delinquent accounts over
to a third party / lawyer for collection
 levels of authority to override the
charging of interest and penalties

Unclear responsibility Policies and procedures clearly Review collection policies and procedures
and vague collection defined the responsibility, timing and ensure responsibility, timing and
procedures increase risk and actions to be taken on overdue actions to be taken on overdue accounts
of bad debts. accounts. are clearly defined.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Incompetent employees Full time trained dedicated credit Obtain departmental organisation chart and
increase possibility of and collection staff is employed and discuss with department head to ensure
bad debts and delay in proper training is provided. adequate resources are deployed and staff
cash flow. have been trained on:
– how to manage and collect receivables
– understanding the standard terms and
conditions
Unauthorised sales. Clearly defined DOA for approving Review DOA and ensure DOA defines
credit limits. different authority for approving credit
limits in the following circumstances:
– generic credit limits based on credit
ratings
– overrides to the formula

Fraudulent activities in Proper segregation of functions Note the following incompatible duties are
credit and collection should be installed. segregated:
process.  accounts receivable
 credit control
 collections
 order entry
 invoicing
 cash receipts
 credit notes
 stock custody/delivery
 general accounts
Objective Risk Key Controls
Insufficient customer All credit applications and essential
credit information to information such as the nature and
support credit rating. size of customers’ businesses, and
their bank and trade references and
the results of trade inquiries should
be documented.
Sales to delinquent All new customers are assessed for
customers and increase their credit standing regardless of
bad debts. apparent standing.
Testing Steps Findings & Recommendation W/P Ref.
 Review customer credit files and
ensure all customer information is
available to support the credit ratings.
 The rating is then used for:
– defining DOA authority levels (i.e. for
unblocking credit holds according to
credit ranking
– setting monetary credit limits
– assigning priorities for collection
efforts
– focusing monitoring and credit
reviews of higher risk customers
– provision of better credit facilities to
lower risk customers
Review new customer files to ensure these
new customers are assessed against credit
standards.
Objective Risk Key Controls
Unauthorised sales  Credit limits are reviewed
which exceeded credit periodically based on a
limits. predefined schedule based on
the ratings.
 Changes in credit limits are
approved by management in
writing and with supporting.
Individual orders that would cause
the total outstanding balance to
exceed the credit limit are rejected
and flagged for attention.
Testing Steps Findings & Recommendation W/P Ref.
 Discuss with management about the
interval of customer credit rating
assessment.
 Review assessment file and check
whether the followings are available
to support the revision of credit:
– obtaining a copy of the latest accounts
– performing a detailed financial
analysis
– understanding the:
- history of the business
- experience of management
- owners and their financial resources
– conducting a site visit to the client
– obtaining bank, trade and credit
agency references, where available
– completion of a credit appraisal form
Select _____ samples of transactions, note
for transactions that broke the credit limits
by documenting previous credit standing
and current credit standing after accepting
the transaction and credit excesses were
approved by higher level management in
writing prior to the related order was
processed.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Disputes due to Terms and conditions are  Review customer credit application
ineffective communicated to customer when an form and ensure payment method is
communication. account is opened and related specified on the documents.
payment terms and methods are  Review invoices and ensure payment
specified in sales invoices. terms and due dates are clearly and
accurately displayed on the invoices.

Note: Post-dated cheques are only

accepted under extraordinary
circumstances and with the
approval of senior credit or
financial management.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Delay in collection Prompt collection action is taken  Discuss with collection staff to ensure
increases risk of bad when pre-determined warning prompt collection actions are taken
debts. signal appears. when more than one of the following
signals is noted about a customer:
– slower payments or changes in
payment habits
– broken promises of payment
– unreturned messages
– postdated or NSF checks
– changes in customer banks
– unauthorised return of merchandise
– radical changes in buying patters
– customer selling at unusually low
prices
 Review delinquent customer files and
note whether collection action have
been taken when warning signal
appeared.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Bad debts. High risk accounts are not approved  Review 10 high risk customer files
unless security is provided. and note whether security is provided,
such as:
 cash
 bank guarantee
 standby letter of credit
 corporate guarantee
 personal guarantee
 mortgage
 deposit
 retention of title clauses

Credit staff monitors the guarantees
continuously.
Discuss with credit staff and ensure credit
staff monitor the followings for each
guarantee:
 current value (when assets are
pledged)
 financial situation of guarantor.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Collection processes are clearly Review collection policies and procedures
specified. and ensure:
- invoices are issued with terms net
30 days on the day of sale, delivery of
service or completion of milestone,
- pre-collection calls to customers
are required before the receivable is
due to confirm that:
- everything is satisfactory
- the invoice has been received, and
- terms are understood
- customers with past due invoices
are called ten days after the due date

Lost of collection Documentation on debt collection Review debt collection records to ensure
information. must be kept. the following information:
- dates and details of calls and
correspondence to customers,
- details of when payments were
promised, and
- last payments received.
Objective Risk Key Controls
Slow reaction increases Credit report should be prepared
risk of bad debt. and reviewed by management so
that actions can be taken
immediately to prevent loss.
Incorrect receivable Account clerk updates accounts
balances. receivable balances upon receipt
within a reasonable time period.
Testing Steps Findings & Recommendation W/P Ref.
Review management reports to ensure they
are prepared and reviewed monthly (or
more frequently) detailing:
- receivables aged analysis, including
significant past due balances, accounts
in dispute and claims by customers
- customer balances which exceed credit
limits
- overdue customer accounts
- customer accounts that regularly fall
overdue
- credit balances
- unallocated cash
 Discuss with management/employees
about the updated practice.
 Select __ samples of receipts from
receipt logbook and trace to
respective receivable sub-ledgers for
updating in a reasonable time frame.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Pricing
Standard price Unauthorised sales with Management should approve  Review standard price list to ensure
is maintained improper selling prices. standard price list and any it’s approved by appropriate level of
with proper subsequent changes. management.
approval.  Review standard price list and ensure
changes to price lists, pricing data, and
discounts are approved by authorised
personnel and, where computerised,
subject to access control.

Selling price entered to price master
file by Finance staff based on
authorised revised price list.
Sales ordering
A proper sales Understatement of sales. Sales order logbook should be used
order system is to log all customer purchase order,
established. both verbal and written.
Unauthorised sales with  Sales orders are made in
improper terms and accordance with authorised
conditions or exceeding terms and conditions.
credit limits.  Credit limit is checked at the
time of order.
 Non-standard terms are
approved with appropriate
management.
 Discuss with related personnel on the
updating of standard price list and
who can access to the price list.
 Review price list to ensure only
personal with authority can perform
the changes.
 Ensure whether a sales order logbook
is used to log all customer purchase
orders.
Select sales orders and perform the
following:
– Check sales orders are authorised;
– Check supporting document for credit
check, i.e., sales is accepted only if
credit limit has not been exceeded.
Objective Risk Key Controls
Sales orders incomplete.  Write access and edit to sales
order file is limited to
authorised personnel.
 Sales order number is
generated by system or pre-
numbered.
 Missing sales order has been
investigated.
Unauthorised sales.  Approval should be obtained
for order modification.
 Modified or cancelled order
should be timely
communicated to production
department.
 Orders modification or
cancellation should be timely
updated in the sales order file.
Testing Steps Findings & Recommendation W/P Ref.
 Scrutinise sales order file for any
duplicate or missing orders.
 Discuss with management and
confirm that sales order can only be
accessed by designated employees.
 Check monthly report of changes in
sales order file has been reviewed by
management.
 Select sales order modification or
cancellation, perform the following:
– Check proper approval;
– Check update in sales order file;
– Check timely communication to
production department.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Goods delivery
Goods are Improper shipment.  All delivery should be Select Delivery Notes and match to related
shipped with reference back to sales order or sales order by reference of sales order
authorisation. contract and approved. number, perform the following:
 Delivery Notes are pre- – Check product shipped agreed with
numbered. product ordered;
 Credit manager should verify – Check quantity shipped is less than or
all delivery prerequisite before equal to quantity ordered;
release of goods. – Check customer in sales order and
 Customer credit limit has been Delivery Note are the same;
checked before delivery – Check customer acknowledgement of
authorised. receipt;
 Customers should sign on – Investigate any unmatched
Delivery Notes as evidence of transactions.
goods receipt.
Sales invoicing
All sales should Sales incomplete. Sales invoices are sequentially Scrutinise sales invoice files and note for
be recorded controlled. duplicate or missing invoices.
accurately on a
timely basis. Inaccurate billing and Sales invoices are prepared based Select ____ sales invoices and trace to
understatement of sales. on terms and conditions from sales related sales orders, Delivery Notes, agree
orders or contracts and information price, quantity and terms and conditions on
from Delivery Notes. sales invoices to sales order and Delivery
Notes.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Understatement of sales. Sales should be recognised upon  For above sales invoices selected,
physical delivery. check whether sales invoice dates are
the same as dates on Delivery Notes.
 Review shipping Log and identify
goods shipped that have not been
invoiced.
Unauthorised sales Management approves sales For above sales invoices selected, check
invoices. invoices. whether appropriate management approves
sales invoices.
Understatement of sales. Sales journal should be reviewed Review 3-month sales journals and
periodically for numerical scrutinise for any missing invoice number.
sequencing. Missing invoice
numbers should be investigated.
Credit notes and adjustments
Returns and Unauthorised invoicing Access to invoice and credit note  Discuss with management and
allowance and credit note issuance. functions is restricted to authorised confirm with MIS that invoicing and
should be personnel. credit note functions are restricted to
controlled, authorised employees.
documented and  Observe that invoicing and credit note
recorded. function is password controlled.
Credit notes incomplete. Credit notes are sequentially Review ____ batches of credit notes, each
controlled. has 10 copies, note for sequential
numbering.
Authorised customer Written authorisation should be Review returned reports and note for
returns. given to customers to permit the management approval with justification
return of goods when appropriate. and conditions of the goods in writing.
Objective Risk Key Controls Testing Steps Findings & Recommendation W/P Ref.
Unauthorised credit Credit notes are approved by senior Review ____ credit notes and note for
notes. management on a requisition setting proper justification, supporting (e.g.,
out the reasons for the credit note. receiving report, quality report) and
management approval.
Inaccurate sales. Open file of unmatched receiving Review open file of unmatched receiving
reports should be reviewed reports to identify any long outstanding
periodically to identify valid but unprocessed claims.
unprocessed claims.
Cash receipts
Receipt is Delay in recording of  Cash receipts are set off  Discuss with receivable accountant
identified and receipts and receipt accounts receivable on a timely about the practice.
recorded on a misappropriation. basis.  Review the unidentified cash suspense
timely basis.  Cash receipts match to account and note for material and long
individual sales invoices. outstanding unmatched receipts.
 Unidentified cash receipts  Selected _____ cash receipts from
analysed and cleared bank statements and check account
periodically. receivable has been promptly credited
 Receipts are banked in and verify cash is applied to
promptly. individual invoices.
Objective Risk Key Controls
Accounts receivable
A/R balance is Overstatement of  Customer statements are
accurately receivables and bad mailed periodically to
stated. debts. customers and disputes/queries
are investigated on a timely
basis and monitored by a
responsible official.
 Ageing report is prepared and
reviewed by management.
 All overdue balances are
reviewed, at least quarterly, by
a senior official and
appropriate provisions
determined.
Overstatement of  Accounts receivable status
receivables due to should be reviewed
inadequate write-offs or periodically.
provision for doubtful  Provisions are calculated in
debts. accordance with approved
procedures.
 Bad debt write-offs are
properly approved by
authoritative staff.
Testing Steps Findings & Recommendation W/P Ref.
 Discuss management action towards
long outstanding and disputes/queries
invoices.
 Check customer statements have been
sent on a timely basis.
 Review ageing report and monthly
investigation report on long
outstanding receivable and note
management follow-up action
documented in writing, in particular,
responsibility, follow-up steps and
evaluation, etc.

 Discuss with management about the
provision procedures.
 Ensure provision procedures are in
compliance with corporate policies.
 Check bad debt write-off
authorisations.