AI Analysis Results
Purchase Requisitions & POs — Procure-to-Pay (Procurement & AP)
The Purchase Requisitions & POs process demonstrates adequate controls overall, with most key controls designed and operating as intended. Certain areas require enhanced documentation or monitoring to close identified gaps, but no material weaknesses were noted during the assessment period.
- Purchase requisitions are approved per the delegation of... is consistently executed
- Exception reporting is generated and reviewed timely
- Training and awareness programs support control understanding
- Key controls are documented in a centralized repository
- Evidence of review lacks timestamp and reviewer identity
- Exception handling procedures are informal and inconsistently applied
- 1Implement a workflow tool that captures reviewer identity and timestamp for all approvals
- 2Automate exception detection and route alerts to control owners within 24 hours
- 3Establish a quarterly monitoring schedule with documented results and sign-off
Control-Level Breakdown (1)
The control is partially implemented but operates inconsistently. Purchase requisitions are approved per the delegation of authority matrix. Gaps in execution or evidence retention reduce assurance over this area.
Redesign the control to address inconsistencies. Specifically: purchase requisitions are approved per the delegation of authority matrix. Assign a control owner and establish a testing cadence.