1.

All modifications to the customer master file are authorized as per DOA
2. All modifications to sales orders are authorized as per DOA
3. Access to customer master file in system is appropriately restricted
4. System restricts receiving of material from vendor beyond the PO quantity.
5. Customer invoices are auto populated and modifications if any to invoices are
authorized as per DOA
6. Access to price master file in system is appropriately restricted

1. Open PO ageing report is periodically reviewed and reasons for delay in

receipts are documented and communicated to the concerned department
Control Risk Addressed Data Request Design Testing Effectiveness Testing

1. Review procurement
policies and procedures: *
Does the policy require
periodic review of open PO
ageing reports? * Does the
policy define acceptable 1. Select a sample of
timelines for PO closures? overdue POs from the
2. Assess report generation ageing report. 2. For each
and review frequency: * Are sampled PO: * Verify the
reports generated at defined accuracy of the information
Open PO ageing * Open PO ageing intervals (e.g., monthly, in the ageing report (e.g.,
Improper
report is reports for the past quarterly)? * Who is PO date, amount, supplier).
inventory
periodically year * Procurement responsible for reviewing * Review supporting
management,
reviewed and policies and the reports? 3. Evaluate documentation for the
potential for
reasons for delay procedures * documentation of reasons reason for delay (e.g.,
fraud, delayed
in receipts are Inventory records * for delay: * Are reasons for supplier communication). *
payments, and
documented and Supplier contracts * delays documented for each Confirm that the delay was
inaccurate
communicated to Communication overdue PO? * Are the communicated to the
financial
the concerned records with reasons valid and supported concerned department(s). *
reporting.
department suppliers by evidence (e.g., supplier Assess the effectiveness of
communication)? 4. Verify any actions taken to resolve
communication with the delay. 3. Summarize the
concerned departments: * results of the testing and
Are delays communicated to identify any control
the relevant departments weaknesses.
(e.g., purchasing, accounts
payable)? * Is there
evidence of follow-up
actions taken to address the
delays?

Supporting Documents: Open PO ageing reports Procurement policies and

procedures Inventory records Supplier contracts Communication records
with suppliers Purchase orders Supplier invoices
2. At every month end, the Depreciation report run in system is reviewed for
accuracy and signed off by Finance Manager
3. Unapplied cash ageing report is periodically reviewed and reasons for aged
items are identified and documented.
4. Business Head reviews Dispute ageing report on a monthly basis (region wise /
customer wise)
5. Prior to month end, Finance team extracts CWIP report and obtains
confirmation from respective user department for items lying as CWIP
6. AP ageing report is periodically reviewed and reasons for aged items are
identified and documented.

1. Bad debt reserve computations are reviewed and approved by the finance
manager on a quarterly basis.
2. Obsolescence reserve computations are reviewed and approved by the finance
manager on a quarterly basis.
3. Finance Manager reviews and signs off on the Obsolescence reserve
computation sheet to ensure accuracy and completeness
4. Impairment loss computations are reviewed and approved by the finance
manager on a quarterly basis.

1. On an annual basis, physical verification of inventory is performed by a cross-

functional team.
2. All entries under ‘Deferred revenue’ at month end are reviewed and reconciled
by logistics team and reasons documented for not recognizing revenue. The
reconciliation is reviewed and signed off by Finance Manager
3. All prospective vendors go through a standard diligence process and get
approved before being on-boarded and added as a new vendor in vendor
master.
4. Leave, attendance and payroll data are reconciled on a monthly basis to
prevent incorrect salary payouts.
 5. Reasons for employees quitting their roles are discussed and documented as
part of the Exit interview process

Control Listing Risk Being Addressed Data Request Design Testing Effectiveness Testing

1. Open PO ageing Delayed Open PO Verify that the open PO Select a sample of
report is payments to ageing report, ageing report is generated aged POs and
periodically suppliers, supplier periodically (e.g., investigate the
reviewed and potential master data monthly)., Review the reasons for delay.,
reasons for delay in financial report for completeness Compare the
receipts are penalties, and accuracy (e.g., all documented reasons
documented and reputational open POs are included)., with the actual
communicated to damage Ensure that the report reasons for delay.,
Control Risk Addressed Data Request Design Testing Steps Effectiveness Testing Steps

- Review the format and content of - Select a sample of aged items from the
the unapplied cash ageing report. report. - Obtain supporting
3. Unapplied cash - Unapplied cash ageing Assess if it includes key documentation for the reasons identified
ageing report is Improper cash reports for the last 6 identifies
information likePOs withname,
customer delays (e.g., invoices, payment confirmations,
periodically management: Aged unapplied months. - Documentation amount, ageing period, and reason dispute logs). - Interview relevant
reviewed and cash can indicate potential of reasons for aged items in receipts.,
code. - Verify if Verify that
the report is Evaluate
personnel the
(e.g., collections team) to
the concerned
reasons for aged fraud, lost interest income, or (investigative reports,
reasons for delays are
generated periodically as per
effectiveness of
understand their investigation process
items are identified inefficient collections. communication records, defined frequency (e.g., monthly). and resolution timeline. - Assess if the
department
and documented. etc.). - documented
Ensure clear and anddocumented actions
documented taken
reasons to and if the
are valid
procedures for identifying and resolution efforts are appropriate and
communicated to the
investigating aged items. timely.
address the delays.
concerned department.

- Review the format and content of - Attend or review recordings of Business

the dispute ageing report. Assess if Head review meetings related to dispute
itVerify
includesthat the
- Dispute ageing reports
key information like ageing reports. - Observe the level of
4. Business Head Ineffective dispute for the last 3 months, Select a sample of
reviews Dispute resolution: Unresolved segmented by region and depreciation report
dispute origin, amount, is
ageing engagement and analysis from the
period, and resolution status. - assets
Business Head andduringrecalculate
the review. -
ageing report on a disputes can lead to delayed customer. - Meeting generated at month
Verify if the report is segmented end., Interview the Business Head to
monthly basis payments, customer agendas or minutes the depreciation
(region wise / dissatisfaction, and potential documenting Business Review the report for
by region and customer, allowing understand their decision-making process
2. At every
customer wise) month revenue loss. Head review of dispute
for targeted review. - Ensure clear expense.,
for escalating Compare
or resolving disputes. -
completeness
procedures for and
escalating Evaluate the effectiveness of their
end, the Inaccurate ageing reports.
unresolved disputes to the the calculated
interventions in resolving disputes and
Depreciation accuracy (e.g., all
Depreciation report depreciation Business Head. depreciation
improving expense
collection efficiency.
report, asset depreciable assets are
run in system is expense, with the amount
register, included)., Ensure that the
reviewed for misstatement of reported in the
depreciation depreciation expense is
accuracy and signed financial depreciation report.,
policy calculated in accordance
off by Finance statements Investigate any
with the depreciation
Manager discrepancies and
policy., Verify that the
assess the impact on
report is reviewed and
the financial
signed off by the Finance
statements.
Manager.

Risk Being
Control Listing Data Request Design Testing Effectiveness Testing
Addressed

5. Prior to Overstatemen - CWIP report for Design: - Review policies Effectiveness: - Select a
month end, t of inventory the current and procedures for CWIP sample of CWIP items
Finance team and month and classification to ensure from the report and trace
extracts CWIP inaccurate previous periods. they are clear, consistent, them back to supporting
report and financial - Confirmation and aligned with documentation (e.g.,
obtains reporting due letters from user accounting standards. - purchase orders, invoices,
confirmation to incorrect departments for Verify that the CWIP contracts) to verify
from classification CWIP items. - report captures all accuracy and
 relevant data points,
including item completeness. - Review
description, cost confirmation letters from
incurred, estimated user departments for
respective Documentation
completion date, and completeness and
user of policies and
of items as reason for delay. - Assess reasonableness of
department procedures for
CWIP. the process for obtaining explanations for delays. -
for items lying CWIP
confirmation from user Investigate any
as CWIP classification.
departments, including discrepancies identified
the level of detail during testing and
provided and the determine the root cause.
approval process.

Effectiveness: - Select a
sample of aged invoices
Design: - Review
from different age
procedures for reviewing
categories and review the
and investigating aged
- AP ageing investigation and
invoices, including
report for the resolution documentation
6. AP ageing Delayed frequency of review, risk
current month to assess the
report is payments, assessment criteria, and
and previous thoroughness and
periodically potential escalation process. -
periods. - appropriateness of
reviewed and fraud, and Verify that the AP ageing
Documentation actions taken. - Analyze
reasons for inaccurate report includes all
of investigation trends in aged invoice
aged items financial relevant data points, such
and resolution data to identify potential
are identified reporting due as invoice date, amount,
procedures for areas of concern and
and to unpaid age category, and reason
aged invoices. - recommend
documented. invoices. for delay. - Assess the
Sample of aged improvements to the
documentation process
invoice files. process. - Verify that
for identified reasons,
reasons for delay are
including level of detail
documented consistently
and supporting evidence.
and supported by
evidence.

Control Risk Addressed Data Request Test Steps (Design & Effectiveness)

Design: - Is the review frequency (quarterly)

- Aging of receivables report appropriate considering industry norms and
1. Bad debt reserve Understatement of bad
at period-end and prior company-specific factors? - Are qualified
computations are debts: Financial
periods. - Bad debt reserve personnel performing the
reviewed and statements may not
calculation details and review? Effectiveness: - Are significant changes
approved by the reflect potential losses
supporting documentation. - in aging or other trends investigated and
finance manager on a from uncollectible
Finance manager's approval documented? - Does the approved reserve
quarterly basis. receivables.
documentation. adequately cover expected bad debts based on
historical data and current economic conditions?

Design: - Is the review frequency (quarterly)

- Inventory listing with appropriate considering inventory turnover and
Overstatement or details on age, condition, potential obsolescence risks? - Are qualified
2. Obsolescence
understatement of and movement. - personnel performing the
reserve
inventory value: Obsolescence reserve review? Effectiveness: - Are physical inventory
computations are
Inventory may be calculation details and counts conducted regularly and reconciled with
reviewed and
incorrectly valued due supporting documentation, inventory records? - Is there evidence of ongoing
approved by the
to obsolescence, including justifications for monitoring for obsolete or slow-moving
finance manager on a
leading to inaccurate estimated obsolescence inventory? - Does the approved reserve
quarterly basis.
financial statements. rates. - Finance manager's adequately reflect potential obsolescence losses
approval documentation. based on industry trends, product lifecycles, and
internal data?
 Design: - Does the sign-off process require a
3. Finance Manager
documented review and justification for
reviews and signs off Management override of - Finance manager's sign-off
approval? - Is the finance manager independent
on the Obsolescence controls: Intentional documentation and review
of inventory management and sales
reserve computation manipulation of notes. - Internal audit reports
functions? Effectiveness: - Is there evidence of
sheet to ensure reserves to improve on inventory and reserve
thorough review and analysis supporting the
accuracy and financial performance. valuation.
sign-off? - Are there any indications of pressure
completeness.
to manipulate reserves or override controls?

Design: - Is the review frequency (quarterly)

appropriate considering asset types and
Understatement of
4. Impairment loss potential impairment risks? - Are qualified
asset impairment: Asset - Impairment testing
computations are personnel performing the
values may not be documentation for long-lived
reviewed and review? Effectiveness: - Are impairment tests
adjusted to reflect assets and intangible assets.
approved by the performed in accordance with accounting
potential losses, - Finance manager's
finance manager on a standards and consider relevant economic
leading to inaccurate approval documentation.
quarterly basis. factors? - Does the approved impairment loss
financial statements.
adequately reflect current asset values and
potential losses?

Control Listing Risk Addressed Data Request Design Testing Effectiveness T

- Perform tes
- Review procedures
counts of sele
- Inventory listing to ensure they are
inventory item
with quantities and adequate and
1. Annual Inventory overstatement or compare with
values. - comprehensive. -
physical understatement: Incorrect documented
Documentation of Assess team
inventory inventory records can lead to counts. -
physical inventory composition and
verification by inaccurate financial Investigate
count procedures. independence for
cross- statements and discrepancies
- Team potential conflicts of
functional misrepresentation of between phys
composition and interest. - Compare
team. company performance. and book cou
qualifications planned procedures
Evaluate team
documentation. with actual execution
documentatio
practices observed.
adjustments m
ontrol Listing Risk Addressed Data Request Design Testing Effectiveness Testing

- Review diligence
procedures for completeness
Fraudulent transactions, - Vendor diligence - Select a sample of new
and alignment with best
1. Standard procurement of poor-quality procedures vendors and review their
practices. - Assess
vendor diligence goods/services, reputational documentation. - diligence documentation. -
segregation of duties and
process and damage: Inadequate vendor Approval criteria and Verify that approval criteria
potential for conflicts of
approval before selection can lead to financial decision-making process. were met and documented. -
interest. - Observe vendor
onboarding. losses, operational disruptions, - Segregation of duties in - ReviewInvestigate
revenuereasons for
approval process for
and negative publicity. vendor approval process. - Detailed listing of rejected vendors, if any.- Re-perform
adherence to documented recognition policies
deferred revenue
procedures. reconciliation
for alignment with
2. Month-end entries. - sample basis
Premature revenue accounting
review and Documentation of Investigate re
recognition: Recognizing standards. - Assess
reconciliation revenue
- Review reconciliation for deferred
revenue before it is earned segregation of duties
2. Monthly ofPayroll
deferred
errors, unauthorized - Leave and attendance recognition
procedures for completeness revenue
- Re-perform reconciliations on and
can inflate financial and accuracy. - Assess and potential
a sampleforbasis. - Investigate
reconciliation of revenue
payments,by fraud: Inaccurate records. - Payroll policies. - assess their
performance and mislead segregation of duties and collusion. - Observebetween data
discrepancies
leave, logistics andto overpayments,
data can lead processing procedures. - Segregation
potential for of
collusion. - sources. - Evaluate validity. - Eva
attendance, and underpayments, and investors. Segregation of duties in
potential reconciliation
finance teams. duties between
Observe reconciliation management
payroll data. legal issues. payroll processing. process management
for review and sign-
reconciliation and
process for completeness and off of reconciliations. review and si
timeliness. completeness and
approval functions. of reconciliati
accuracy.

- Review a sample of exit

- Review exit interview
- Exit interview interview transcripts and
High employee turnover, low procedures for effectiveness
procedures assess the quality of
3. Exit interviews morale, lack of talent in gathering relevant
documentation. - Training information gathered. -
conducted and retention: Failing to understand information. - Assess
materials and scripts for Compare documented
reasons for reasons for employee interviewer training and
conducting exit reasons for leaving with exit
leaving departures can lead to potential for bias. - Observe
interviews. - Data on interview data and HR
documented. difficulties in attracting and exit interviews for
employee turnover rates records. - Evaluate
retaining talent. professionalism and
and reasons for leaving. management review and
adherence to procedures.
analysis of exit interview data.