Dashboard
Chapter 3: Business Cycle ControlsCertificate Level
Chapter 3: Business Cycle Controls

45% Complete

Understood
Needs Study
Chapter 1: The Concept and Purpose of Assurance
Chapter 2: Internal Controls and Information Flows
Chapter 3: Business Cycle Controls
Purpose and Learning Goals
3.1 The Revenue Cycle
3.2 The Purchases Cycle
3.3 The Payroll Cycle
3.4 Linking Business Cycles to Assurance
Test Your Understanding
Chapter 4: Internal Audit and Corporate Governance
Chapter 5: Gathering Assurance Evidence
Chapter 6: Professional Ethics and Independence
Chapter 7: Sustainability, ESG, and Assurance
Chapter 8: Exam Practice and Integration
Purpose and Learning Goals

This chapter explores how internal controls operate within key business cycles. Each cycle involves a flow of transactions and documents, and effective controls ensure accuracy, prevent fraud, and support reliable reporting.

By the end of this chapter, you will be able to:

  • Describe the key stages of the revenue, purchases, and payroll cycles.
  • Identify the risks at each stage of these cycles.
  • Suggest suitable controls to mitigate those risks.
  • Recognise the importance of segregation of duties across cycles.
  • Explain how deficiencies in these systems affect assurance engagements.
3.1 The Revenue Cycle

The revenue cycle covers the process of generating income — from receiving customer orders to collecting cash.

Stages and risks:

  1. Sales order received – risk of unapproved or invalid orders.
  2. Goods despatched / services delivered – risk of incorrect or incomplete despatch.
  3. Invoice issued – risk of errors in billing.
  4. Cash collected – risk of theft or misappropriation.
  5. Recording transactions – risk of incomplete or misstated revenue.

Controls:

  • Credit approval before despatch.
  • Sequential numbering of orders and invoices.
  • Matching despatch notes to invoices.
  • Bank reconciliations to confirm cash receipts.
  • Segregation of duties: sales, billing, and cash collection handled by different staff.

Example: If one person takes customer orders, prepares invoices, and collects cash, the risk of fraud is high. Splitting duties across multiple personnel reduces this risk.

3.2 The Purchases Cycle

The purchases cycle ensures organisations acquire goods and services efficiently, paying suppliers correctly and on time.

Stages and risks:

  1. Purchase requisition / order – risk of unauthorised purchases.
  2. Goods received – risk of accepting poor quality or unordered goods.
  3. Invoice processing – risk of overpayment or duplicate payments.
  4. Payment – risk of fraudulent or incorrect payments.
  5. Recording transactions – risk of misclassification or omission.

Controls:

  • Purchase orders authorised by management.
  • Goods received note (GRN) matched to purchase order.
  • Three-way match: purchase order + GRN + supplier invoice.
  • Segregation of duties: purchasing, receiving goods, and paying suppliers separated.
  • Supplier statements reconciled to the payables ledger.

Example: A company requires authorisation from two personnel for all payments over £5,000. This reduces the chance of unauthorised transfers.

3.3 The Payroll Cycle

The payroll cycle relates to paying employees accurately and fairly.

Stages and risks:

  1. Employee records / contracts – risk of "ghost employees" on the payroll.
  2. Time worked / salaries agreed – risk of incorrect pay or unapproved overtime.
  3. Payroll calculation – risk of errors in gross pay, deductions, or net pay.
  4. Payment – risk of unauthorised or incorrect payments.
  5. Recording transactions – risk of misstatement in expenses or liabilities.

Controls:

  • Personnel department (not payroll) authorises new hires and terminations.
  • Timesheets/overtime authorised by managers.
  • Payroll calculations checked independently.
  • Pay slips sent directly to employees; BACS payments matched to payroll records.
  • Segregation of duties: HR, payroll processing, and payments handled separately.

Example: Reconciling the payroll ledger with personnel records ensures only valid employees are paid.

3.4 Linking Business Cycles to Assurance

For assurance engagements, business cycle controls affect how much reliance practitioners place on systems.

  • Strong controls → less substantive testing required.
  • Weak controls → more substantive testing needed (e.g. detailed checking of invoices, payroll records).

Auditors often test these cycles to evaluate whether transactions are properly authorised, recorded, and reported.

Test Your Understanding – Quick Check
  1. What is the purpose of segregation of duties in the revenue cycle?
  2. Name the three documents used in a "three-way match" in the purchases cycle.
  3. How can an auditor detect "ghost employees" in the payroll system?
  4. Why do strong business cycle controls reduce the amount of substantive testing required?