Payment and acquisition

cycles (Inventory and A/P):

E- commerce increases the inherent risk for inventory and
account payable account.

Risk of error or fraud that could occur &

accounts affected:
Loblaws make use of EDI system which processes all purchase
orders and invoices.
Risk: unauthorized users might hack into the system
Affected account: inventory (assertion: valuation)
EDI system requires access to information by both the loblaws and
the vendor (inventory level, items price)
Risk: Unauthorized users can hack the system to steal or change
the existing data such as items price.
Affected account: inventory purchase expense (assertion: accuracy)

Control that could prevent or detect the risk:

Examination of threshold/limit point or restock.
Any automated reorder should also be reviewed by manager.
Establish the identification code for trading purpose.
Only order with verified code should be processed.
Unusual large orders exceeding certain threshold will need to
be confirmed with relevant supervisor for approval.

Control tests:
Input control:
Batch control:
Ensures completeness of information such as invoices & customer order.
Comparison of batch records with the transmitted logs for accuracy and
completeness of information.
Helps to detect and reject error transactions.
Test of control:
Review the batch record and reconcile it with the transmitted logs to
make sure that all transactions are recorded properly.
Investigate and irregularities and determine causes.

Process control:
Valid vendor file:
Maintain a lists of all vendors/suppliers.
Helps with verifying orders sources, which in turn help to detect
unauthorized orders.
Test of valid vendor file:
Inquire Loblaw managers for lists of vendors/suppliers.
Review of existing regulations that the company have regarding
the management and update these lists and their course of
action if they receive inventory or unusual request from nonlisted vendors.

 Access control:
Grant access to certain files in accordance with the relevant job
description(username and password).
Example, only account payable clerk have access to the
account payable ledger, but not the account receivable clerk.
Test of access control:
Review the job description of staffs that have access to the
subsidiary account ledgers.
Check for the effectiveness of username and password
system.

Output control:
Automated EDI system => no paper trail
Maintenance of an audit trail is essential for good output control
such as transaction logs, error listing, and unique transaction.
Identifiers and logs of automatic transaction need to be
generated by companys system.
Testing output control:
Review of reports and error listings for the completeness &
accuracy.
Inquiring managers related to who has access to those lists and
logs, to ensure only relevant employees have access.

Substantive test for Payment & Acquisition cycle

(A/P and Inventory)
Investigation of large unusual transactions would need to be
investigated to ensure F/S are free from material misstatements.
Make use of ACL software to conduct the substantive test related to
large volume of transactions.
ACLs function such as Sort and Joint features can be used to test
accuracy of items price.
Moreover, ACL software can be used to test for completeness,
existence by searching or unrecorded liability (with the Join feature)
and unauthorized disbursement (with disbursement voucher files).