Expense Purchases

download Expense Purchases

If you can't read please download the document

  • date post

    30-Sep-2015
  • Category

    Documents

  • view

    216
  • download

    1

Embed Size (px)

description

audit

Transcript of Expense Purchases

Audit database - purchases cycle

IntroductionAudit: Purchasing and payment of expense goods and servicesIntroductionLast updated 21 August 2004PurposeThe purpose of this spreadsheet is to show typical risks, expected controls and example tests for processes related to the purchasing and payment of expense goods and services, (excluding personal expenses)Full details of how to complete and use the database are in the manual which can be downloaded from www.internalaudit.bizThe database is not complete - it must be changed to suit your organisationTo see how this database fits into the audit universe, download the Risk and Audit Database from www.internalaudit.bizAuditing is not about carrying out tests taken from an audit programme, it is about understanding the objectives of the processes you are auditing, the risks which treaten them and the controls which actually operate to mitigate them.The database (Audit programme)The audit programme is in the form of an Excel database. It can be treated just like a large "Word" table but can also be sorted and filtered.The database covers those processes which might be involved in purchases and payments using a computerised system. Thus it covers not only ordering and invoice approval, but also staff management and computer controlsRows with processes which are split down into more detailed processes are coloured and do not have data in some columnsThe processes are only intended as an example. You must change them to those in your organisationIf you construct audit databases please make them available to other auditors through AuditNet (http://www.auditnet.org/)For a full explanation of the content of the columns, go to the "Column key" worksheetThe example controls and monitoringThese examples are suggestions only. They cannot possibly apply to every size of organisation who might use this database. You must decide on the controls which mitigate the risks to accepatable levels in your organisationRemember that the examples are general and therefore rather vague. Your entries should be much more specific, in particular, noting the names of staff carrying out the checksWorksheetsThere are 7 worksheets in this spreadsheet:IntroductionScopeProcess mapExpense purchases databaseColumn keyScoring risksAllocating conclusionsLanguageI have used UK english for the risk register. Variations from US english include:Supplier = VendorPurchase = ProcureCheque = CheckI have used the term "accounts payable" for purchase ledger, since this is now common in the UK.All sheets copyright David M GriffithsNot to be copied or distributed without acknowledging the author, or in conjunction with a commercial product

&LAudit: Purchase of expense goods and services&R&T &D&L&10Copyright D M Griffiths&C&A&RPage&P of &NFull details of how to complete and use the database are in the manual which can be downloaded from www.internalaudit.biz

ScopeAudit: Purchasing and payment of expense goods and servicesScope of the auditReasons for the auditThe organisations risk analysis has identified significant risks to its objectives from the processes involved in the purchase of expense goods and services. The audit will conclude on whether:Risks threatening the objectives of the processes have been properly identified, evaluated and managed.Internal controls are operating properly to mitigate these risks to levels defined as acceptable by board policy.Action is being taken to improve controls, where risks are not being properly mitigatedMore monitoring, by management, is necessary to ensure proper internal controls into the future.A sound system of internal control is maintained for the processes auditedObjectives of the processes being auditedThe overall objective of the process (4.5) is to purchase expense goods and services for the organisation. (That is goods which are not for resale)The processes covered by this audit are:Define the objectives for purchasing expensesSet up suppliers on the computer fileSet up items for purchase on the computer fileRaising requistionsRaising ordersReceive goods/servicesReturning of unsatisfactory goodsIn addition, the following support functions are covered:Invoice processingPayment to suppliersAccounting for expense purchasesKey risks of the processes being auditedExpense goods/services requested are not needed or are not for the benefit of the companyOrders are placed with suppliers who do not provide best value (quality/price/delivery)Payment is made for goods or services which have not been receivedTransactions are not correctly entered in the books of accountThe processes concerned are not operated efficiently and effectivelyAudit work planIn order to carry out this audit the auditors will:Take into account any previous audits, noting particularly the issues raisedObtain organisation charts, procedure manuals, training documentation and any other documentation which should be being used by the departments involved in the auditObtain budgets, actual figures and any other relevant financial informationIf appropriate, meet the external auditors and any other parties with an interest in the processes being auditingMeet with staff at all levels to understand their responsibilities and concernsVisit all locations which affect the risks involved (warehouses, factories, outsource suppliers)Carry out walkthrough tests to understand the processes involved, including monitoring controlsUnderstand the changes made since the last auditObtain relevant risk registers, noting when they were last updatedCarry out interviews and risk workshops, as necessary, to ensure all risks have been identifiedAdd to the risks in the risk registerScore the inherent risks, according to the risk appetite of the organisation, which have been approved by the board. (Examples are shown in the "Scoring risks" worksheet)Carry out the tests necessary to confirm that the controls are operating properlyScore the residual risks, according to the risk appetite of the organisation, which have been approved by the board. (Examples are shown in the "Scoring risks" worksheet)Draw conclusions as to whether each risk is properly controlled (see the example)Submit a report

Process mapAudit: Purchasing and payment of expense goods and servicesDiagram of processes with key risksThis diagram shows the key processes for purchasing expenses and is the next level down from the risk registerKey risks are collected in the boxes, prior to putting them on the audit databaseIt is used to drive the main audit databaseRisks

Supplier of vital services/goodsmay go out of businessSupplier details are not correctly input/modifiedNew suppliers improperly set upItem details are not correctly input/modifiedGoods/services are not what was orderedIncorrect quantities received are inputThe order is placed with a supplier not providing the best valueThe order is incorrectThe requistion may be for goods and services not requiredThe requistion may be incorrectPurchase expense goodsPromoteSellSupplySell - retailSet up itemsSet up suppliersPlace orderRequistion goods and servicesPromote to customersPromote in-storeAdvertise on TVAdvertise in papersDistribute goodsStore goodsSell to resellersSell in storesSupport salesSell directResearch marketsResearch productsResearch locationsResearch customersDefine objectivesDefine objectivesDefine objectivesDefine objectivesDefine objectivesSupport purchase expense goodsReceive goodsReturn goodsCredit is not obtained for goods returnedPayment is made when goods/services have not been receivedSettlement discount is not correctly deductedPayment is not made on the due dateThe strategy is not consistent with the overall strategyThe strategy has not been communicated

Expense purchases databaseAudit: Purchasing and payment of expense goods and servicesAudit databaseLast follow-up results (date)L1L2L3L4L5LRefProcessProcess DescriptionRisk to processRisk sourceIRCIRLIRSExample controlExample monitoringTestsRefRRCRRLRRSCont scoreIssueActionBy whomConclusion RisksConclusion ControlsConclusion ActionConclusion MonitoringReport refFollow-up RisksFollow-up ControlsFollow-up ActionFollow-up Monitoring4524.5Purchase expense goodsPurchase goods and services for the organisation(Summary level)Not applicable45134.5.1Define objectivesDefine the strategy for expense purchases, communicate and deliver it(Summary level)Not applicable451144.5.1.1Define the strategy for expense purchasingSet down targets for the year(s) ahead, for example, meeting the budget, improving staff efficiency, handling more ordersThe strategy does not maximise efficiency and effectiveness and is not consistent with the organisation's strategyThe strategy for purchasing expense goods and services is updated each year, prior to setting targets and budgets for the areas concerned. These targets and budgets are approved by management finance.Directors check the strategy for departments under their control. The overall budget is approved by the boardExamine the latest strategy documentNot applicable451144.5.1.1Define the strategy for expense purchasingSet down targets for the year(s) ahead, for example, meeting the budget, improving staff efficiency, handling more ordersThe strategy has not been updatedThe strategy for purchasing expense goods and services is updated each year, prior to setting targets and budgets for the areas concernedDirectors check the strategy for departments under their controlExamine the latest strategy document. Check that the budget forms part of the organisation's overall budget. Examine variances for the current year and ensure adequate explanations have been made for excessive variances.Not applicable451244.5.1.2Communicate the strategyInform the staff about the targetsStaff are unaware of the strategyStaff are briefed by their managersThe strategy is available on notice boards and the intranetAsk staff to confirm they have been bri