Expert Answer :PC Card Assignment


Solved by verified expert:Please complete assignment. Instruction attached. Read all attachments and complete all parts. Thank you.


Don't use plagiarized sources. Get Your Custom Essay on
Expert Answer :PC Card Assignment
Just from $10/Page
Order Essay



Unformatted Attachment Preview

Vol. 28, No. 4
pp. 913–927
American Accounting Association
DOI: 10.2308/iace-50508
Understanding the Links Between Audit
Risks and Audit Steps: The Case of
Procurement Cards
Kevin E. Dow, Marcia Weidenmier Watson, and Vincent J. Shea
ABSTRACT: This case requires students to conduct an internal audit of a procurement
card (PCard) program at a fictitious university. The primary objective of this case is to
help students (1) understand the link between risks and controls for a given organization
and then (2) link those risks and controls with the appropriate substantive and control
tests. Students must complete a Risk-Control Matrix, develop an audit plan, and then
conduct substantive audit tests on PCard transactions using Excel or generalized audit
software. This audit provides a rich setting for students to complete a variety of realworld audit tasks to identify compliance (or non-compliance) with the PCard Program
rules and to prepare business memos to communicate findings. Student feedback
indicates that the case not only is realistic, interesting, and a positive learning
experience, but also encourages critical thinking. In addition, the case significantly
increased students’ perceptions regarding their familiarity with PCards, use of
generalized audit software (GAS) in compliance audits, and understanding of internal
audit uses of GAS.
Keywords: PCard; internal audit; risks; internal controls; generalized audit software.
The Dilemma
midsize university in the Midwest (hereafter, the University) recently adopted a PCard
Program. The procurement supervisor, Paul Cardswell, spearheaded the Program,
convincing University administrators that PCards would streamline purchases and save
the University lots of money. Paul first researched PCard Programs at other universities and created
a university PCard Program Manual by taking what he believed to be the best parts of the other
policy manuals and using a cut-and-paste technique (see the attached University PCard Program
Manual). The manual and PCards were then provided to designated employees and departments in
Kevin E. Dow is an Assistant Professor at the University of Nottingham Ningbo, Marcia Weidenmier Watson is
an Associate Professor at Mississippi State University, and Vincent J. Shea is an Assistant Professor at St.
John’s University.
The authors thank participants at the 2011 AAA IS Section Midyear Meeting and 2011 AIS Educators Conference for
their helpful comments.
Published Online: April 2013
Dow, Watson, and Shea
December 2009. No formal employee training has been provided yet. To date, the only review that
has been done has been simply to verify adequate documentation at the departmental level.
The University President has recently contacted Paul. The President has just returned from a
meeting of university administrators at which one of the topics of conversation was PCard abuse.
Apparently, some administrators, staff, and professors at other universities use PCards
inappropriately to enjoy free meals, supplies, and travel. The President is sure that the same
thing is not happening here at his University, because human resources conducts a thorough
background check on all employees prior to hiring. However, given tight university budgets and the
fact that University-issued PCards have charged almost $20 million in transactions, he wants to be
sure. Therefore, he asks Paul his opinion. Paul tells the President that he will investigate the
situation and get back to him.
First, Paul does some research. He discovers that the most likely way an employee can misuse
organizational assets is via asset misappropriation, such as submitting an invalid or inflated expense
reimbursement (ACFE 2012). He also learns that 85 percent of employees misusing organizational
assets have never done that before (ACFE 2012). These newly learned facts make Paul more
concerned about compliance with University PCard Program policies.
Unfortunately, Paul does not have time to investigate the situation himself. Therefore, he hires
you as an intern to perform an independent, risk-based internal audit of the PCard Program. To help
get you started, Paul provides you with the following background information on PCards and PCard
audits that he gathered when he started the Program.
Reengineering the Expenditure Cycle with PCards
The Expenditure Cycle may involve processing purchase requisitions and purchase orders,
matching internal documents with vendor documents, preparing checks, stuffing and mailing
payments, and posting entries into a variety of journals and ledgers. This makes the traditional
processing of the Expenditure Cycle labor-intensive, long, and costly. In fact, the average
administrative cost for a purchase order is $91, and the average time to complete transactions is 32
days (Palmer and Gupta 2007). Given that most vendor invoices are for small dollar amounts (less
than $1,000) (IOMA 2009b), the cost and associated transaction time seem excessive and can be
significantly reduced. One way to reengineer both the procurement and cash disbursement activities
of the Expenditure Cycle is through the use of procurement credit cards (also known as corporate
purchasing cards, PCards, or P-Cards), which streamline much of the process.
The PCard is an alternative to the existing procurement and cash disbursement processes, and
provides an efficient method of purchasing and paying for small-dollar, routine purchases. Rather
than purchase using the cumbersome, traditional purchase requisitions, purchase orders, invoices,
and checks, a PCard Program that issues PCards to employees can streamline the process. A typical
PCard Program enables employees to conveniently purchase low-dollar goods and services directly
from any vendor that accepts a credit card. Individual spending limits are established for each
PCard based on the employee’s needs. The direct buying by employees eliminates the need for
purchase requisitions, purchase orders, and vendor invoices, as well as the upfront review and
preapprovals built into the traditional Expenditure Cycle, thereby significantly reducing processing
costs and time. In fact, the cost of a PCard transaction is usually less than $10 (versus the traditional
$91) with only 20 days to complete the transaction (versus the traditional 32 days) (IOMA 2009b).
Therefore, a PCard Program saves considerable money, time, and effort. Many organizations are
taking advantage of these savings as evidenced by more than 70 percent of organizations having a
PCard Program by 2008 (Palmer and Gupta 2007). The potential benefits of the PCard are
significant for both the card holder and the organization, as is described below.
Issues in Accounting Education
Volume 28, No. 4, 2013
Understanding the Links Between Audit Risks and Audit Steps: The Case of Procurement Cards
Benefits to the Card Holder/Employee

Eliminates the need to use personal funds for purchases and then obtain reimbursements.
Provides convenience, flexibility, and security.
Allows the employee/organization to obtain goods faster than through the traditional
procurement process.
Benefits to the Organization

Reduces the number of purchase orders, vendor invoices, checks, reviews, and preapprovals.
The typical procurement/payables function has 80 percent of its purchase transactions
accounting for less than 20 percent of total purchase dollars (Schaeffer 2002). Thus, the
procurement function traditionally spends much of its time on small purchase transactions.
The use of the PCard allows the procurement function to focus its efforts on large dollar
Capitalizes on the worldwide acceptance of credit cards.
Implementing a PCard Program
Procurement, which is often responsible for administering the PCard Program, selects a
financial institution (usually American Expresst, MasterCardt, or Visat) to provide program
services to the organization. The organization sets predetermined limits on PCards and then issues
the PCards to employees in the Program. When an employee makes a purchase (in person, by
phone, or over the Internet), the vendor requests a purchase authorization at the point of sale. As
with any credit card, the PCard system validates the transaction against the preset limits. Unique
internal controls can also be established within a PCard Program. For example, transactions are
instantaneously approved or declined based on PCard authorization criteria such as:

Number of transactions allowed per month and per day;
Single-purchase limit, including shipping costs, not to exceed preset limits;
Monthly spending limits; and
Approved commodity types (for example, office supplies are allowed, while travel expenses
are not allowed) using Merchant Category Codes (MCCs). MCCs are four-digit numbers
used by the bank card industry to classify vendors/industries into market segments. There are
approximately 600 MCCs, which denote various types of businesses (e.g., 4215, Courier
Services; 5111, Office Supplies; and 5722, Household Appliance Stores).
Each unit (or department) often has a designated PCard administrator, who is responsible for
the coordination and administration of the PCard Program. The PCard administrators also serve as
reviewers, who are responsible for the coordination and administration of a designated group of
PCard holders within their unit (or department). Reviewers make sure that all transactions for which
they are responsible are reviewed in the settlement system prior to being moved from the settlement
database into the general ledger to update account balances. Reviewers also maintain PCard receipts
for these transactions. All receipts are kept on file locally in accordance with record retention policy
(often for four or five years).
The PCard Program should provide clear communication of policies via a PCard policy manual
that contains the following items (IOMA 2007, 2009b):

Card issuance: Which employees are eligible for a PCard?
Card usage: How should the PCard be used?
Allowable and restricted transactions: What items can be purchased?
Issues in Accounting Education
Volume 28, No. 4, 2013
Dow, Watson, and Shea

Adjustments and disputed purchases: What happens if adjustments to the purchase price
need to be made (e.g., sales tax incorrectly incurred, alcohol purchased, wrong amount
charged by vendor)?
Recordkeeping requirements: What receipts should be submitted? How long should receipts
be kept?
Account reconciliation and maintenance: Who is in charge of account reconciliation? Who
maintains PCard limits and restrictions?
Penalties for abuse and fraud: What happens if a PCard is misused?
Lost cards: What to do if a PCard is lost?
Internal controls: What internal controls are in place to help ensure compliance?
PCard audits: What type of PCard audits will be performed, how frequently, and by whom?
In addition to having a clear policy manual, best-in-class PCard Programs typically also have
the following characteristics (IOMA 2007, 8; Anonymous 2008):

Top management support with good communication;
Traditional expenditure cycle activities are first studied, reengineered, and streamlined to
create the PCard Program;
Employee training on PCard usage;
Established benchmarks and metrics (such as targets in the reduction in total purchasing costs);
Mandated card use for certain types of employee spending, specified suppliers, and
transaction amounts;
Enforcement policies for violations of PCard policies (e.g., charge back to department or
employee, termination, criminal charges, and legal action);
Integration with enterprise resource planning (ERP) systems and/or e-procurement software;
Combination of credit cards and supplier/ghost cards;1 and
An audit process.
PCard Audits
As highlighted above, best-in-class PCard Programs include an audit process. PCard audits
should consider both compliance with the Program’s regulations and the effectiveness of the
Program’s processes. Thus, PCard audits should look for errors and irregularities, misuse, fraud, and
ways to improve the efficiency of the PCard Program. Potential PCard errors and irregularities include
incorrect foreign currency translations or the incurring of sales tax on non-taxable transactions.
Potential PCard misuse includes not providing required documents, use of the card by the wrong
person, and pyramiding (i.e., splitting transactions into multiple purchases to circumvent transaction
limits). Potential PCard fraud includes purchasing prohibited or personal items via the PCard.
To detect these anomalies, the internal audit function periodically performs audits to verify that
items purchased are received and that organizational policies and procedures are followed. A PCard
audit may be performed as a separate audit or as part of a Sarbanes-Oxley Section 404 audit on
internal controls. PCard audits should ‘‘use risk-based auditing to identify PCard risk and evaluate
how effective the risks are being managed with existing PCard controls’’ (IOMA 2003, 10). A riskbased internal audit identifies key controls that are ‘‘required to provide reasonable assurance that
risks are effectively managed’’ (IIA 2010, part 5). Key controls are the combination of manual and
automated internal controls that work together to mitigate business risks within an acceptable level
for the organization. Key controls need to be properly designed and fully functioning to mitigate
A supplier/ghost card is a high-limit charge account with a vendor that consolidates all charges on a single
statement (similar to a monthly credit card statement) (Accounts Payable Channel 2008).
Issues in Accounting Education
Volume 28, No. 4, 2013
Understanding the Links Between Audit Risks and Audit Steps: The Case of Procurement Cards
risks. Thus, the audit should examine whether (1) the PCard Program has appropriately designed
internal controls to mitigate organizational risks efficiently and effectively; (2) all employees and
information technology systems actually follow the prescribed controls; and, ultimately, (3) only
valid transactions are in the system (i.e., the controls are effective).
To assess the design of PCard controls, internal auditors will often first examine the policies
and procedures of the PCard Program Manual. A Risk-Control Matrix of organizational objectives
and identified risks should be mapped to the internal control policies to ensure that all risks are
mitigated so that organizational objectives can be achieved. To assess whether designed controls are
in place, the internal auditor will conduct control tests, which may include (1) interviewing the
Program director, Program administrators (reviewers), and employees about their PCard activities;
(2) observing the participants as they conduct their PCard activities; (3) performing a basic analysis
to gain an understanding of the data and client; and (4) examining controls defined in information
technology systems. Finally, to assess the effectiveness of the PCard controls, the internal auditor
will conduct substantive tests of transactions by using generalized audit software (GAS) to data
mine (i.e., examine) the PCard transactions for anomalies.
Assignment 1
You have been hired to perform a risk-based internal audit of the PCard Program for the first
four months of 2010 (IIA 2010, part 5). Prior to the formal assignments of this case, you are
required to gain an understanding of the data and the client by performing some basic analysis. As
part of your preliminary fact gathering, you learn that card holders have the following limits: $2,500
maximum per transaction, a $2,500 daily maximum, and a monthly maximum of $10,000. With this
information in hand, you now request the PCard Program files.
a. First, review all provided information. Verify that you have the PCard Transactions Excel
data file, the PCard Program Manual Word file, and the Risk-Control Matrix Excel file.
b. Validity of data file:
1. Verify that all fields are in the proper format (DATE is a Date Field, etc.).
2. Verify that all fields needed for analysis are included.
c. Completeness of data file: Procurement has provided control totals. Recalculate the totals to
confirm that all records are included. See Figure 1.
d. Conduct some preliminary analysis on the dataset (this analysis may be done using Excel or
GAS). Such analyses may include but should not be limited to:
1. Perform a Benford’s Law Analysis.
2. Determine how many card holders used their cards during the audit period.
3. Determine who are the top five users of/spenders with the PCard for:
a. total purchases during the audit period;
b. monthly purchases (for each month);
c. daily purchases.
4. Determine which card holders (if any) have multiple cards.
5. Determine whether card holders have duplicate transactions. Note: You may identify
seemingly duplicate transactions that may need to be manually verified.
e. Write a memo (not to exceed two pages) to Dr. Keith Newerla, President of the University
Board of Regents, highlighting the current status of the project. Use appropriate grammar,
spelling, and formatting (i.e., headers, footers, titles/descriptions of tests).
Issues in Accounting Education
Volume 28, No. 4, 2013
Dow, Watson, and Shea
Control Totals Provided by Telecommunications
Assignment 2
Your second task is to critically evaluate the PCard Program Manual for the University by
completing the following steps:
1. Figure 2 provides a Risk-Control Matrix. Complete the following columns in the provided
Risk-Control Matrix: Risk, Control from the University PCard Program Manual, Person
Performing the Control, Frequency (columns A–D in Excel). You must map the internal
controls outlined in the University’s PCard Program Manual to the risks, as well as the
Risk-Control Matrix
Issues in Accounting Education
Volume 28, No. 4, 2013
Understanding the Links Between Audit Risks and Audit Steps: The Case of Procurement Cards
person (or area) who is performing the control and how frequently the control is to be
performed. Not all risks necessarily have a corresponding internal control (hint: these would
be internal control weaknesses), and not all internal controls mitigate an identified risk.
2. Identify weaknesses, inconsistencies, and missing information in the provided PCard
Program Manual. Write a memo (not to exceed two pages) to Dr. Keith Newerla, President
of the University Board of Regents, outlining necessary changes, additions, and deletions.
Use appropriate grammar, spelling, and formatting (i.e., headers, footers, titles/descriptions
of tests).
Assignment 3
Develop a plan for the PCard audit covering the first four months of 2010. Document your plan
by completing the Test Plan and Information Required columns (columns E and F in Excel) in the
Risk-Control Matrix. A sample PCard audit program (in a slightly different format) can be found at: Write a memo (not to exceed one page) to Dr.
Keith Newerla, President of the University Board of Regents, highlighting the current status of the
project. Use appropriate grammar, spelling, and formatting (i.e., headers, footers, titles/descriptions
of tests).
Assignment 4
Conduct substantive tests of the PCard transactions by analyzing the PCard data provided by
Procurement using GAS. As you analyze the data, think about how your findings impact the
Your deliverable for Assignment 4 is to (1) complete the Manual Review Test Results and
Analytical Review Test Results columns (columns G and H in Excel) of the Risk-Control Matrix
and (2) write a memo (using Microsoft Word; not to exceed two pages) to Dr. Keith Newerla,
President of the University Board of Regents, highlighting each of the tests performed and the
results of …
Purchase answer to see full

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP