Audit-Walkthrough-Documentation-Template PDF

Preview

Summary

defefefe...

Description

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: PLANNINGi 1. Establish Audit Scope:ii All revenue collections at the XXXX Cashier’s Office for the period XXX to XXX. 2. Establish Audit Objectives: Financial:  To determine existence, completeness, timeliness and accuracy of revenues collected and recorded, and assigned change/petty cash funds. Compliance:  To determine whether revenue collection procedures comply with laws, regulations, and University policies. Operations:  To determine if the internal control structure is adequate, and whether controls are functioning as designed. 3. Administration: A. Assign staff to the audit. iii B. Send the engagement /audit notification letter. C. Prepare the Statement of Independence iv. D. Conduct and document the entrance conference. E. Conduct and document initial planning meeting(s). Include SAS 99 considerations. F. Initial Fraud Risk Assessmentv. - Prepare Fraud Exposure forms. Document the inherent opportunities for fraud in each process. Also, identify controls in place (preventive & detective). PRELIMINARY REVIEW vi 4. Prior Audits: Identify and review any prior audits (internal or external) performed in the last three years related to the auditee. 5. Cash Count: A. Perform a surprise cash count of all change and petty cash funds (if a count was not performed in the last 6 months). B. Identify and evaluate internal controls over cash collections by:  Observing physical safeguards at the facility.  Reviewing current day’s revenue documentation and prior day’s balancing.  Review of applicable laws, rules, policies, and

Prepared By Reviewed By W/P Ref. Page 1 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: procedures.  Meeting and discussing operations with management and staff.  Determining if incompatible duties are separated.  Assessing risk 6. Conduct and document a preliminary issues meeting with the auditee presenting the results of work performed in step 5a & b above. 7. Process and Control Documentation: Document processes and controls by performing walkthroughs of transactions. (To the extent possible, use information already obtained in step 5a & b above, updating as necessary). Include process owner names, process risks, identified controls, and other relevant notes. Whenever necessary to understand or document key steps and controls, obtain copies of screens used for data entry or processing, supporting documents used or generated, reports generated or reviewed, and identify required approvals. Consider both hard (control activities) and soft controls (environment, oversight, training). A. Document processes and controls for the following: i. Cash and Check Collections & Deposits ii. Credit Card Collections & Deposits Process documentation for i. and ii. should: Distinguish between collections received in person, by mail, online (and any other means identified), and Include the following types of collections (and any others identified): 1. Accepting and recording a sealed deposit received from a department. 2. Accepting and recording a payment on existing accounts receivable. 3. Accepting and recording charges & payments simultaneously. 4. Accepting and recording miscellaneous revenue deposits (not sealed) iii. Clearing Account Reconciliation

Prepared By Reviewed By W/P Ref. Page 2 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures:

When documenting controls above, determine whether there are general systems controls in place to ensure that systems, as configured: i. Require individual log-on ids and passwords, and adequate password management stds(i.e. complexity, # of attemps, change practices) ii. Incorporate data validation and error editing checks iii. Require management intervention and approval to perform adjustment transactions (voids, refunds, etc.) iv. Restricts access such that cashiers would be prevented from altering records to conceal unrecorded funds receipt. . v. Logs activity for certain key transactions and/or fields B. Obtain and evaluate for reasonableness system-generated lists showing all Cashier Office employees with access to FAST!! & BANNER, along with their assigned User ID’s and roles. i. Ensure that terminated employees are deleted timely. 8. Analytical Reviewvii : Using ACL, perform an initial overview of collections recorded in Banner/OASIS, and in FAST!! Evaluate the results for reasonableness based on the information obtained in the system documentation process (step 7) above . Analytical review procedures should include: A. Numbers and types of transactions and financial impact. B. Distribution of the transactions over the populations C. Presence of positives, negatives, and zero transactions D. Validation of Completeness for Key fields (use the IsBlank filter)

Perform classification, summarization, and other

Prepared By Reviewed By W/P Ref. Page 3 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: analysis steps as deemed relevant and meaningful using available fields like user ID/Teller Numbers, Teller Session Numbers, Transaction Types/System Source Codes, Transaction/Receipt Numbers, Transaction Dates/Timestamps, Deposit Numbers, Deposit Dates.

Follow-up on unusual items such as:  Gaps or duplicates in sequentially assigned numbers.  Unusually large or repetitive amounts.  Negative amounts not offset by corresponding positives.  Transactions processed outside normal business hours,  Gaps or delays in processing activity. 9. For any prior audit issues identified in step 4, determine if control weakness previously identified appear to have been remediated based on preliminary review procedures performed. 10. Preliminary Risk Assessmentviii : Prepare an overall preliminary risk assessment which addresses each process or function reviewed. Include in your risk assessment the inherent risk present in the function and the overall mitigated risk of each function or process. Consider financial risk, compliance risk, media/reputation risk, strategic risk, and operational risks. Document all assessments, and draw an overall preliminary risk assessment. 11. Based on planning procedures performed, tailor testing procedures (if necessary) to meet audit objectives and scope. NOTE: Advance UAC management approval required.ix 12. Based on planning procedures performed, obtain UAC management approval to adjust initial budgeted hours (if applicable) TESTINGx: Substantive Testing: Perform the following testing procedures designed to achieve the following audit objectives: Financial:  To determine existence, completeness, timeliness and accuracy of revenues collected and recorded, and assigned change/petty cash funds. Compliance:  To determine whether revenue collection procedures comply with laws, regulations, and

Prepared By Reviewed By W/P Ref. Page 4 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: University policies. Operations:  To determine if the internal control structure is adequate, and whether controls are functioning as designed.

1. Select a representative sample of collections days from the audit period to trace from initial receipt to deposits recorded by the bank and in the FAST financial records. For each day selected obtain the BANNER & FAST!! session reports for each user. Also, obtain copies of balancing forms, BANNER & FAST!! sales reports, credit card batch reports, mail logs, deposit slips, and cashier receipts for the collections selected for testing. Determine if documentation is complete, accurate, properly approved, and sufficient to support revenue collected. a. For each day selected for sample, tie each user’s BANNER/FAST!! session reports to the BANNER/FAST!! sales reports. Investigate any variances. b. Tie the credit card batch reports to the BANNER/FAST!! sales reports. c. For collections received via mail, tie the mail logs to the BANNER/FAST!! sales reports. d. Tie the BANNER/FAST!! sales reports to the balancing forms. e. Trace the balancing reports to deposit slips. f. Review the deposit slips and determine if state sales tax is collected where applicable and is deposited in the proper account. Agree sales tax amounts. g. Verify overages and shortages (identified on the balancing sheets and BANNER/FAST!! sales reports) were approved by management and handled appropriately. h. Trace deposit slips to validated cashier receipts and to the departmental ledger. Ensure appropriate chartfield and account was utilized. i. Compute the period from receipt to deposit pick up by the armored car service. Determine if funds were deposited timely (within USF guidelines). j. Trace armored car service manifest or log to deposit package.

Prepared By Reviewed By W/P Ref. Page 5 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: k. Conclude on all procedures and document weaknesses. 2. VOIDS: Using ACL, identify all voids performed during the audit period (if possible): a. Calculate the % of voided transactions as a component of the total number and amount of receipt transactions. b. Quantify the voids i. By cashier ii. By approver iii. By date (timestamp) iv. By total amount c. Perform statistics on amount (highest – lowest) 3. Using the ACL analysis performed in step 2 above, assess the materiality of voids and determine if performance of step 3 is necessary. If deemed necessary, perform the following: Obtain a list of voids performed during the audit period. Select a representative sample of voids from the list and determine the following: A. Reason for void is properly documented. B. Preparation & review is documented. C. Conclude on all procedures and document any weaknesses 4. REFUNDS: Using ACL, identify all refunds performed during the audit period (if possible): a. Calculate the % of refund transactions as a component of the total number and amount of receipt transactions b. Quantify the refunds i. By cashier ii. By approver iii. By date (timestamp) iv. By total amount c. Perform statistics on amount (highest – lowest) 5. Using the ACL analysis performed in step 4 above, assess the materiality of refunds and determine if performance of step 5 is necessary. If deemed necessary, perform the following: Obtain a list of refunds performed during the audit period. Select a representative sample of refunds from the list and determine the following: A. Reason for refund is properly documented. B. Preparation & review is documented.

Prepared By Reviewed By W/P Ref. Page 6 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: C. Conclude on all procedures and document weaknesses or unusual transactions 6. CLEARING ACCOUNTS: If a clearing account is maintained, obtain the most recent clearing account(s) reconciliation(s). Determine the following: A. B. C. D.

Items are cleared timely. Outstanding items are properly documented. Preparation & review is documented. Conclude on reconciliation process and document any weaknesses.

7. CASH RECONCILIATION: Review the most recent cash account reconciliation (from General Accounting). NOTE: Step 7 applies to Tampa Campus ONLY since Tampa performs this function for all campuses. Determine the following: A. Reconciliation is appropriately prepared and reviewed by persons outside the Cashier’s Office not involved with custody of cash, authorization of collections transactions, or recordkeeping. B. Reconciliation is performed timely. SAFEGUARDS: 8. Assess physical security over access to and within Cashier’s Office during and after hours. To the extent possible, use information already obtained in planning step 5a & b, updating as necessary to reflect the latest conditions and observations: Keys: A. Accounting for keys. B. Determine the key confiscation process upon separation. Date of last termination? Access Code: C. Assess access code usage. (i.e. individual codes or 1 departmental) D. Who has after-hour access? E. Periodic access changes (codes, etc.). Date of last termination? F. Card access control and tracking. Who has the ability to review? Safe: G. Closed and locked when not in use? H. Employees w/ access to safe? I. Combo/key to safe periodically changed? Date of last change? Other:

Prepared By Reviewed By W/P Ref. Page 7 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX Audit Procedures: J. Alarm in place? Linked to UPD? K. Panic button? L. Video surveillance in place? What areas are monitored? How long are they maintained? Who has access? M. All cash register drawers closed when not in use? N. All funds properly secured? O. Personal bags at workstations? P. Cash handling areas physically secured from customers & non-cash handlers? Q. Cashiers observed operating same register? R. Register keys left unsecured? S. Other security measures? T. Conclude on overall safeguards and document weaknesses. TRAINING & POLICIES & PROCEDURES: 9. Determine if employees in the Cashier’s Office have been properly trained To the extent possible, use information already obtained in planning step 5a & b, updating as necessary to reflect the latest conditions and observations: . A. All cash handling employees have attended the Cash Collection & Control training. B. All cash handling employees have completed PCI training. C. All cash handling employees have completed other required training. D. Conclude on overall training and document weaknesses. 10. Evaluate the Policies & Procedures manual for the Cashier’s Office. To the extent possible, use information already obtained in planning step 5a & b, updating as necessary with current observations: . A. A manual exists and contained up-to-date content. B. The manual is available to all cash handling individuals. C. The manual contains robbery procedures. D. Conclude on overall training and document weaknesses. FINAL WORK 1. Ensure that workpapers for all procedures contain a conclusion, preparer signature and date. 2. Provide the complete file to your supervisor for review.

Prepared By Reviewed By W/P Ref. Page 8 Initials/Date Completed

Date

of 10

WPReference/Comments

Initial Audit Area: Revenue Project Name: XXXX Cashier’s Office Project Number: XX -XXX Audit Period: XXX -XXX

Audit Procedures: 3. Clear comments prepared by your supervisor. 4. Prepare draft report of issues noted and reference to workpapers.xi 5. Provide draft report and file to your supervisor and UAC Director for review. 6. Clear additional comments prepared by your supervisor and/or UAC Director. 7. Issue draft of the report and schedule an exit conference with the unit. 8. Hold and document the closing conference, make any needed changes to the draft report and prepare a response report. Reference response report to workpapers. 9. Issue response draft report to auditee. 10. Prepare final report including management responses, reference to workpapers, and provide to UAC Director for final review. 11. Issue final report.xii 12. Complete file closeout checklist and enter exceptions into Teammate. 13. Request project to be closed.

Prepared By Reviewed By W/P Ref. Page 9

Initials/Date Completed

Date

of 10

WPReference/Comments

i

Complies with Standard 2200 (Engagement Planning) and Standard 2201 (Planning Considerations) of International Standards for the Professional Practice of Internal Auditing (IIA) ii Complies with Implementation Standard 2220.A1(Assurance Engagement Scope) of International Standards for the Professional Practice of Internal Auditing (IIA) iii Complies with Standard 2340 (Engagement Supervision) of International Standards for the Professional Practice of Internal Auditing (IIA) iv Complies with Standard 1100 (Independence and Objectivity) of International Standards for the Professional Practice of Internal Auditing (IIA) v Complies with Standard 1210.A2 (Fraud) of International Standards for the Professional Practice of Internal Auditing (IIA) vi Complies with Standard 2200 (Engagement Planning) and Standard 2201 (Planning Considerations) of International Standards for the Professional Practice of Internal Auditing (IIA) vii Complies with Practice Advisory 2320-1(Analysis and Evaluation) and Practice Advisory 2210-1 (Engagement Objectives) of International Standards for the Professional Practice of Internal Auditing (IIA) viii Complies with Standard 2210.A1and Practice Advisory 2210.A1-1 (Risk Assessment in Engagement Planning) of International Standards for the Professional Practice of Internal Auditing (IIA) ix Complies with Standard 2240 (Engagement Work Program) of International Standards for the Professional Practice of Internal Auditing (IIA) x Complies with Standard 2100 (Nature of Work) and Practice Advisory 2100-10 (Audit Sampling) of International Standards for the Professional Practice of Internal Auditing (IIA) xi Complies with Standard 2320 (Analysis and Evaluation) of International Standards for the Professional Practice of Internal Auditing (IIA) xii Complies with Standard 2410.A1 (Communication) of International Standards for the Professional Practice of Internal Auditing (IIA)...