Billing in the context of Business Application audit

IT_Auditor

unread,

Feb 8, 2010, 6:25:42 AM2/8/10

to IT Audit Forum

Hi,

Does anyone have a generic set of controls/tests that I could use to
audit a billing-system?

Thanks

Rob Prager

unread,

Feb 8, 2010, 1:12:49 PM2/8/10

to it-audi...@googlegroups.com

Can you please be more specific on the type of infrastructure this
environment is operating in? I can send you some controls, but it would be
helpful to know the following:

1. Database type (e.g. DB2, SQL, Oracle)
2. ERP type (e.g. JD Edwards, JDE World, Oracle, PeopleSoft, SAP)
3. Firewall type (e.g. Checkpoint, Cisco)
4. Operating System (e.g. AS400, Linux/Unix *all flavors, Windows)

You would apply the same IT auditing principles you would use in any ITGC
assessment. Take a peek at the attachment which lists some generic/high
level control objectives and their activities.

Good luck.
RP

Hi,

Thanks

--
You received this message because you are subscribed to the Google Groups
"IT Audit Forum" group.
To post to this group, send email to it-audi...@googlegroups.com.
To unsubscribe from this group, send email to
it-audit-foru...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/it-audit-forum?hl=en.

US General Computer Controls Database.pdf

Olivier

unread,

Feb 9, 2010, 6:12:31 AM2/9/10

to it-audi...@googlegroups.com

Thank you already for your answer and help with this.

Well, I am more auditing the "billing system" process/data themselves and not the technical infrastructure which is supporting them. I am looking for control objectives dealing with the adequacy and effectiveness of the billing .... making sure that the relevant counters are captured; making sure that they are safely stored and forwarded to the billing engine etc ... It is more at the level of the "Business Applications" that are feeding the billing system that I am looking.

Rob Prager

unread,

Feb 9, 2010, 2:11:32 PM2/9/10

to it-audi...@googlegroups.com

Here are some general business process controls. It sounds as if you want to perform a code audit to ensure the application objects are performing tasks in accordance with their design. Either way, I do have anything to leverage in that aspect. Hopefully this list below can help!

POTENTIAL ERRORS

ACCOUNT BALANCES Sales Receivables

CONTROL OBJECTIVES

RE30 Managing and Processing Orders

RE3020 Orders are approved by management as to prices and terms of sale. Validity Validity

RE3030 Orders and cancellations of orders are input accurately. Recording Recording

RE3060 All orders received from customers are input and processed. Completeness Completeness

RE3070 Only valid orders are input and processed. Validity Validity

RE50 Invoicing, Sales Returns and Adjustments

RE5010 Invoices are generated using authorized terms and prices. Recording Recording

RE5020 Invoices are accurately calculated and recorded. Recording Recording

RE5030 Credit notes and adjustments to accounts receivable are accurately

calculated and recorded. Recording Recording

RE5040 All goods shipped are invoiced. Completeness Completeness

RE5050 Credit notes for all goods returned and adjustments to accounts receivable

are issued in accordance with entity policy. Validity Validity

RE5060 Invoices relate to valid shipments. Validity Validity

RE5070 All credit notes relate to a return of goods or other valid adjustments. Completeness Completeness

RE5080 All invoices issued are recorded. Completeness Completeness

RE5085 All credit notes issued are recorded. Validity Validity

RE50110 Invoices are recorded in the appropriate period. Cutoff Cutoff

RE50120 Credit notes issued are recorded in the appropriate period. Cutoff Cutoff

RE50130 Accounts Receivable reflect the existing business circumstances and

economic conditions in accordance with the accounting policies being used. Valuation

RE50140 Sales and Accounts Receivable information is appropriately presented,

and all information that is necessary for fair presentation and compliance

with professional standards or legal requirements is disclosed. Presentation Presentation

RE60 Processing Cash Receipts

RE6020 Cash receipts are recorded in the period in which they are received. Cutoff

RE6030 Cash receipts data is entered for processing accurately. Recording

RE6040 All cash receipts data is entered for processing. Validity

RE6050 Cash receipts data is valid and is entered for processing only once. Completeness

RE6060 Cash discounts are accurately calculated and recorded Recording Recording

RE70 Maintaining Customer Master File

RE7010 Only valid changes are made to the customer master file. Completeness Completeness

Validity Validity

RE7020 All valid changes to the customer master file are input and processed. Completeness Completeness

Validity Validity

RE7030 Changes to the customer master file are accurate. Recording Recording

RE7040 Changes to the customer master file are processed timely. Completeness Completeness

Validity Validity

RE7050 Customer master file data remains pertinent. Completeness Completeness

Validity Validity

Sigit Hadi Pratomo

unread,

Feb 11, 2010, 9:20:27 PM2/11/10

to it-audi...@googlegroups.com

Dear my friends,
I'm looking for a job as IT Audit. I'm not yet CISA but ISACA member. Do anyone can help ?
Sent from my BlackBerry®
powered by Sinyal Kuat INDOSAT

-----Original Message-----
From: IT_Auditor <dnf...@gmail.com>
Date: Mon, 8 Feb 2010 03:25:42
To: IT Audit Forum<it-audi...@googlegroups.com>
Subject: [IT Audit Forum] Billing in the context of Business Application audit

Reply all

Reply to author

Forward