Before analyzing control plans for the PtoP process, let’s begin by summarizing some plans that are not listed in the control matrix nor discussed in Table 13.2. First, in the interest of simplicity, we exclude those plans that are related to the information processing method (see CONTROLLING INFORMATION SYSTEMS: PROCESS CONTROLS), such as preformatted purchase requisition screens, online prompting, digital signatures, and programmed edit checks. 1
Second, certain control plans simply aren’t appropriate to the procedures used in the process that we are reviewing. However, you might very well encounter them in practice. The following are a few examples:
- Where paper documents are the basis for making disbursements, paid invoices (and supporting purchase orders and receiving reports) are often marked “void” or “paid” to prevent their being paid a second time. In paperless systems, the computerized payable records would be “flagged” with a code to indicate they had been paid and to prevent duplicate payment.
- Where payments are by check, appropriate physical controls should exist over supplies of blank checks and signature plates that are used for check signing.
- It is not uncommon to have more than one authorized signature required on large-dollar checks.
- Most companies have standing instructions with their banks not to honor checks that have been outstanding longer than a certain number of months (e.g., three or six months).
- To prevent alteration of (or misreading of) check amounts, many businesses use check-protection machines to imprint the check amount in a distinctive color (generally a blue and red combination).
Finally, another control plan not presented in the control matrix is to have the firm’s internal audit staff conduct periodic vendor audits. In a vendor audit, the purchasing organization’s internal auditors periodically visit a vendor’s office and examine its records. At a minimum, the site visit and inspection of the vendor’s facilities validates the existence of the vendor. The vendors chosen for audit could be those doing large volumes of business with the company, those with peculiar names or names very similar to one another, those whose invoices are in tight sequential order, or other characteristics that might flag the vendor’s relations to a firm as peculiar or unusual. The on-site audit program generally covers vendor disbursements for entertainment, promotion, commissions, travel, donations, payroll, and the like.
Now turn to Table 13.2 and study the explanations of the cell entries appearing in the control matrix. As you know from similar studies in prior chapters, understanding how the recommended control plans relate to specific control goals is the most important aspect of applying the control framework.