 |
| Revue du module AR (comptabilité client) du progiciel JDEdwards d'une société pétrolière dans le cadre d'une mission d'audit financier
par Jarraya Bacem
Ecole Supérieure de Commerce de SFAX
Traductions: en Original: fr Source:
|
précédant
sommaire
suivant
|
|
5.3 Description of
controls
5.3.1 Controls and tests of the modules
of software package J.D. Edwards
In what follows, we will quote principal controls as well as the
tests referring module by module to it.
5.3.1.1 Permanent
data «Master Dated »
The permanent data correspond to the source data of the
information system whose frequency of modification is relatively weak. Each
data must be single in the data base.
The principal permanent data are :
· Source data relating to the customers : corporate
name, addresses, people to be contacted, credit limit, handing-over, etc...
· Source data relating to the suppliers : corporate
name, addresses, people to be contacted, bank account number, etc...
· Source data relating to the products : designation,
reference, composition, price, VAT, etc...
· Source data relating to the fixed assets :
designation, reference, rate of depreciation, etc...
· Source data relating to accountancy : plan of the
accounts, automatic instructions of accounting, rate of exchanges, etc...
· Source data relating to the production : basic
articles, tanks, vehicles, deposits, subsidiary companies, factories, etc...
For each group of data (Suppliers, Customers, Fixed assets,
Banks, rate of exchange, etc...), only one owner must be designated. This owner
is responsible for the follow-up of the authorizations of modification brought
to the permanent data and also of the review of these modifications.
Taking into account the sensitivity and importance of the
permanent data, computerized key controls should be set up in order to make
sure that their updates (creation, modification, suppression) were made in a
manner correct and authorized and that these updates are
controlled a posteriori through the edition of the logs of audit.
The computerized key controls applied to the permanent data are
generally represented, in practice, by procedures of update and maintenance of
the permanent data that the data-processing listener will be brought to test
their level of application.
Procedure of update and maintenance of the permanent
data allows to define :
· Identity of the people entitled to update the permanent
data ;
· The nature of the documents authorizing the update of the
permanent data ;
· Identity of the people entitled to re-examine and
validate these updates.
In order to ensure itself of the level of permanent data security
of the company, the listener must test the level of application of the
procedures.
The table hereafter presents controls which must exist on the
level of the permanent data and the tests referring itself to it :
|
Key controls
|
General tests
|
g Very given permanent must be single in the base of data.
g All the permanent data must be presented with clear
separations of the owners ;
g The changes and the updates brought to the permanent data must
be authorized and re-examined by an independent person (according to the
procedure).
|
g To discuss with the person in charge the procedure relating to
the changes brought to the permanent data (the initiator, the person which
approves the request, the person in charge for the modification and the
controller);
g To re-examine the history of the requests for
modification ;
g To examine the last modifications made to the permanent
data through the logs of audit;
g To test on a sample of modifications the level of conformity
with the procedure ;
g To examine the logs of audit (see the 2.3.3 documents to be
consulted) corresponding to the modifications to ensure itself of the respect
of the procedure : the listener must check the name of the person who
carries out the requests for change, the name of the person who controls the
regularity of these changes, the date of modification, the old value and the
new value.
|
Specific tests
|
Permanent data of accountancy :
g To re-examine the last changes brought to the automatic
instructions of accountings (see the 2.3.3 documents to be consulted).
|
5.3.1.2 The
accounts receivable : « WITH/R "
The module «accounts receivable » of
J.D. Edwards contains all the data which define the relation of the company
with its customers (invoices, purchase orders, limit appropriations, cashings,
credits, notes of flow/credit, etc).
So it represents one of the key components of the
architecture of J.D. Edwards to which quite effective computerized controls
must be applied in order to be ensured of the transparency of the transactions
between the company and its customers.
The data-processing listener must test controls computerized to
make sure of their existence and especially of their good application. The
identified exceptions will be described in the internal report/ratio of audit.
Controls and the tests referring itself arise to it as
follows :
|
Key controls
|
Tests
|
|
Rules of management :
g The rules of management installation (see the 2.3.3 documents
to be consulted) must respect the operational needs for the company.
|
g To re-examine the rules of management of the company through
the examination of the documents used during a process of sale. Each type of
sale is associated to him a type of document. Examples : SB (open orders),
SD (direct deliveries), SF (sales with transport), IF (international sales), HS
(sales oils), SO (sales fuels and lubricants), S9 (loans with the
fellow-members), SY (consumption interns), CO (to have), CR (notes for rebates)
and CM (to have for fellow-member).
|
|
Code blocage6(*)
clients' accounts :
g The codes of blockings of the clients' accounts must be in
coherence with the operational needs for the company.
|
g To publish report/ratio «HOLD
CODES».
g To re-examine the codes of blocking for a sample of
customers:
ü The customers having HLCODE=A1 are the high-risk
customers;
ü The customers having HLCODE=B1 are the customers at the
average risk.
|
|
Credit limit customers :
g The credit limits must be generalized with all the customers
to ensure itself of the not exceeding of the threshold of credit fixed by the
company.
|
g To publish the report/ratio «FREE
CUSTOMER»: the exempted customers of a credit limit are
published.
g To discuss the exceptions collected in the report/ratio
published with the «credit to control» company :
g To identify the reasons for which these customers do not have
fixed credit limits;
g To check the parameter setting of the credit limit on the
level «relative level». This level is allotted to a customer having
several accounts in the same company and profiting from a credit limit for each
account instead of only one.
|
|
Goings beyond of appropriations customers :
g The state of the customers in going beyond of credit limit
must be published systematically and analyzed by the committee of credit.
|
g To publish the report/ratio «CUSTOMER
OVER» who determines the customers who exceeded their limits of
credit and the total amount of the goings beyond of appropriations;
g To carry out the program «P03413 " which
determines the total of the appropriations customers;
g To re-examine with «credit to control» the
frequency of edition and analysis of the state of the going beyond of
credit;
g To calculate the ratio going beyond of appropriations
customers = total total going beyond/of the credits customers. The result which
one reaches informs the data-processing listener about the note to be allotted
to key control;
g To discuss with «credit to control» the reasons
of the detected goings beyond.
|
|
Interfaces 7des(*) applications with the module «accounts
receivable» :
g The existing interfaces between the module «accounts
receivable» of J.D. Edwards and the other applications of the information
system of the studied company must be parameterized suitably to preserve the
integrity of the transferred data.
|
g To discuss with person in charge J.D. Total Edwards
«System Information» for the company studied to identify the
applications interfaced with the module «accounts receivable» of J.D.
Edwards and the person in charge for each application. According to the
GI, only the management application of the gas coupons is interfaced with the
module «accounts receivable»;
g To reconstitute the diagram of the processes of the management
application of the gas coupons
(edition, sale, repurchase of the goods). (CF
Annexes)
|
|
Customer orders :
g The customer orders must be seized in J.D. Edwards in time.
|
g To check the recording of all the customer orders received by
telephone on a standard document : the orders are received either by fax,
or by telephone;
g To bring the state closer to the orders received by telephone
and fax with the menu of the customer orders in J.D. Edwards for one
day «J» in order to identify the customer orders not
recorded;
g To test directly on the system the existence of credit
limit : to seize a fictitious order for the account of a given customer
who exceeds the fixed ceiling. To make sure that the system blocks the order
automatically. (CF Annexes)
g To examine the history of the requests for releasing and to
see directly on the system an example of clients' account resolved following a
request for releasing formal;
g To check the daily edition of the state of the blocked
customer orders.
|
Report/ratio of the customer orders in authority :
g The report/ratio of the customer orders in authority must be
carried out and published once per week.
|
g To carry out the program «P42620»
which provided the state of the customer orders in authority;
g To check the regular edition of the report/ratio of the
customer orders in authority;
g To discuss with the persons in charge for the follow-up for
the report/ratio the reasons for which these orders remained in authority.
|
|
Notes of flow /credit :
g The notes of flow/credit must be re-examined and analyzed
monthly.
|
g To publish the report/ratio «GPCONTROLE
«which presents the totality of the notes of flow and credit
used;
g To discuss with the «credit to control»
reasons of use of the notes of flow and credit;
g To check the realization of a monthly analysis of the notes of
flow and credit.
|
|
Sale books :
g The newspapers of sales must be published and updated
daily ;
g The report/ratio of the errors must be activated daily.
|
g To carry out the program " P42800 "
or «P49800» which present the newspapers of sales of
the company;
g To discuss with the sales manager the frequency of the edition
and the analysis of updated report/ratio the «» of the sales;
g To identify the orders in error and to discuss the causes of
these errors.
|
|
Cashings :
g The received cashings of the customers must be correctly
attached to the corresponding invoices.
|
g To publish report/ratio «RR UNCASH»
to identify the cashings not attached to the invoices customers;
g To discuss with the person in charge for the financial service
the existence for cashing not attached;
g To prepare a report/ratio of follow-up of the not charged
cashings and to present it at the customer to use it.
|
|
Unpaid:
g The unpaid ones must be treated correctly and communicated to
the direction in time.
|
g To discuss with the person in charge for the follow-up for the
accounts - unpaid checks procedure for management for the unpaid ones;
g To calculate the total volume of the accounts - unpaid
checks.
|
Credits customers:
g The credits customers must be followed regularly by clearly
identified people.
|
g To carry out the program «P03413»
to publish the old balance customers;
g To discuss with the person in charge for the follow-up for the
credits customers;
g To re-examine the old balance customers and the list of the
people responsible for the covering of these credits.
|
|
Provisions and adjustments:
g The provisions and the adjustments must be authorized and in
coherence with the strategy of the company.
|
g To re-examine the procedures relating to the observation of
the provisions and the adjustments;
g To discuss with the person in charge for the accounting
department the reasons of adjustments;
g To test the calculation of the provisions on the unpaid
customers.
|
|
Manual invoices:
g The manual invoices must be published by exception and must be
subjected to a suitable control.
|
g To count the manual invoices and to determine the reasons of
use.
|
|
Reports/ratios of integrity:
g The report/ratio of integrity between the accounts receivable
and the general ledger must be carried out, examined and be activated daily.
|
g To carry out the program «P037001 " to
publish the report/ratio of integrity between the accounts receivable and the
general ledger;
g To publish report/ratio «A/R to
G/L» for the last five days;
g To examine the origin of the noted variations;
g To discuss with the person in charge the procedure for
follow-up for these reports/ratios.
|
* 6 the code
blocking: During the creation of a clients' account in the company, a
code is fixed to make it possible to block this account following the going
beyond of the authorized credit limit. This code must be updated.
* 7 Interface :
Are connections between the modules of J.D. Edwards and the other
applications of the system (example : application Pays)
