On a general note, the aim of an internal audit is to analyze the risk of material misstatement in financial reporting. Material misstatements can occur from inadequacies or errors in internal controls and from incorrect management assertions. Hence, testing the validity of numerous implicit managerial assertions is the core objective of an internal audit.
While this is applicable to all financial cycles, this particular post focuses on the ‘General Control Activities for Short-Term Management of Cash in an Organization’. The common general control areas for short-term management of cash include:
- Performance Management
- Organization
- Cash Receipts and Cash Disbursement
- Cash Forecasting
- Check Receipts
- Bank Statement Reconciliation
- As well as short-term cash management activities
Personnel Accountabilities and Responsibilities
It is vital for the businesses to properly define and communicate personnel responsibilities as well as authority limits. Doing this effectively provides clarity on the roles and responsibilities of the employees. Additionally, it focuses on reporting lines and enhances communication.
In this case, the following must be included in an internal audit:
- Make sure that the organization chart is available to all staff and there is a procedure for periodically updating.
- Verify that authority schedule is available to the entire staff and there is a procedure for periodically updating.
- Make sure that there are clear job descriptions and there is a procedure to regularly update one.
- Validate that there is a regular review that can compare business structure with the business responsibilities and activities.
Segregating Duties and System Access Rights
Separation or segregation of duties and segregation of system access rights is a crucial step in internal audit for any process. This is even more vital, particularly when there are inherent conflicts of interest. Important functions must be properly segregated and adequately supported by logical user access authorizations. Moreover, access to crucial vendor master data must be restricted to appropriate personnel.
The following considerations must be included in any audit:
- It must validate that there is a periodic review of responsibilities and roles of purchasing staff.
- It must be verified that authority schedule and organizational chart are available to entire staff.
Confirm that the below mentioned critical functions are separated from the operating system:
- Conflicting tasks within the ERP system, this is related to segregation of duties and must be periodically reviewed.
- Compensating the control for SOD conflicts that have been implemented and documented.
- Access to crucial master data properly restricted as well as tailored within the organization’s system.
- Inclusion of ex-post controls to monitor master data changes. For example, log files in order to know about the changes of vendors, or reviewing aged creditor report generated from ERP system.
- Adhere to multiple eyes principles in relation to changes of critical master data.
- Periodically reviewing user access rights for accuracy.
Key Processes
The key procedures must be defined and include detailed processes explaining the way purchasing processes are carried out. The following must be a part of any audit:
- It must be validated that there is a clear definition of process ownership.
- It must be confirmed that processes and documents are accessible to all relevant parties.
- Assure that process compliance audits are completed on a regular basis.
- Verify that there are periodic formal reviews and updates of core processes.
- Assure that procedure compliance audits are timely completed.
- It is vital to make sure that there are periodic training sessions conducted for relevant employees.
- Validate that procedures and policies are stored in an advanced document management system with automatic reminders sent to the owners for review.
Accuracy of Staffing
Though it is difficult for a business to be adequately staffed, it is essential to assess staffing requirements and evaluate the training, hiring, and compensation model.
This aspect of internal audit includes:
- Ensuring that there is a budget to fill or replace vacant job positions.
- Verify that there is a defined succession plan in place.
- Analyze that there are defined processes for staff promotions.
- Evaluate the design as well as effectiveness of management development program.
- Ensure that employee satisfaction surveys are used.
- Ensuring that there is available a well-monitored training program.
- Verify that personal development procedures have been implemented.
- Verify that a proper incentive structure is available.
- Validate implementation of personal development process.
Competition / Code of Conduct Compliance Training
Lastly, well-written code of conduct is essential for an organization. The code of conduct must clarify the organization’s values, mission, and principles, linking them with standard and expectations for employee conduct. The aim of the business must be to embed the code of conduct within its working principles.
To Sum Up
On a concluding note, auditing standards need that auditors test the basic underlying management assertions hidden aspects in the financial statements. The key objectives of such assertions are – completeness, existence, obligations, rights, allocation, valuation, presentation, and disclosure.