OBJECTIVE
OBJECTIVE
CATEGORY
RISK
REFERENCE
POTENTIAL RISK
SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL
RISK (Internal Audit)
Changes to General Ledger master records are correctly
processed. (
accuracy)
FIN305
Changes to General Ledger master records may be incorrectly
processed.
The official (responsible for maintenance of General Ledger
master records) shall process all requests for modification of
the General Ledger master records after having checked the
contents and the accuracy of the data supplied. Each change
to General Ledger master records is prepared from appropriate
source documents (e.g. a "General Ledger master record
amendment form"). SAP edits and validates General Ledger
master records online, identified errors are corrected promptly.
Notifications of changes to General Ledger master records are
processed timeously. (
proper period) All new accounts will be
added in a timely manner so they are available for transaction
processing in the correct period.
FIN306
Changes to the General Ledger master records are not
processed timeously. Payroll may be incorrectly computed for
the relevant period.
A procedure should be established that the change to General
Ledger master records is made within an established time
period after the source document (e.g.: General Ledger master
record amendment form) has been received. By processing the
change immediately after the source document has been
received, the General Ledger master record is kept current and
the possibility of incorrect changes being made is minimised.
Requests to change General Ledger master record data are
logged. The log is reviewed to ensure that all request changes
are processed timeously.
Changes to General Ledger master records are authorised by a
responsible official. (authorisation
) Maintenance to the Chart of
Accounts will be properly approved to ensure that the changes
will be properly implemented.
FIN307
Changes to General Ledger master records may not be
authorised.
Significant changes to General Ledger master records are
approved by management.
General Ledger master records remain pertinent. Maintenance
of the Chart of Accounts will be conducted for operating
efficiency. General Ledger master records are periodically
checked by a responsible official (for inter alia completeness
and accuracy).
FIN308
General Ledger master records do not remain pertinent.
General Ledger master records) may not be properly
maintained. General Ledger master records no longer needed
are not deleted / archived from the system.
General Ledger master record data is periodically reviewed by
management for accuracy and ongoing pertinence.
Management review the Chart of Accounts annually to identify
unused, duplicates, or possible additions to the values.
An audit trail will exist for all changes to the Chart of Accounts.
All changes to, and deletion of General Ledger master records
must be properly logged, documented and retained.
FIN309
Unauthorised changes to General Ledger master records
(including creation or deletion of accounts) may go undetected.
Errors in capturing General Ledger master records are not
timeously identified. No responsibility is assigned for regularly
reviewing audit trails of change information. (No master data
amendment report is generated to ensure that the information
processed is correct and accurate.) Changes to General
Ledger master records are not supported by valid
documentation. Required documentation is not retained for
mandatory retention periods.
The Financial Accountant reviews the General Ledger account
change report on a monthly basis to ensure changes are
performed in compliance with General Ledger maintenance
requests. Changes to critical General Ledger master details are
reviewed by senior management. A master data amendment
report showing data before and after changes is approved
(based on a comparison to source documents where
appropriate) by an independent person. A SAP report (e.g.
RFSABL00) is generated with date and time of change, old and
new values for fields and also the user who entered the
change. Procedures exist to retain all documentation on any
Chart of Accounts maintenance requests.