In general, the objective of an internal audit is to assess the risk of material misstatement in financial reporting. Material misstatements can arise from inadequacies in internal controls and from inaccurate management assertions. As such, testing the validity of various implicit managerial assertions is a key objective of an internal auditor.
While this applies to all financial cycles, this article is the last in a series focusing on the General Control Activities for the Purchasing cycle. The most important general control areas for Purchasing include:
- Performance Management
- Supplier Selection
- Purchase Commissions
- Goods and Services Received
- Invoice Verification
- Master Data Purchasing
In this post, we’ll focus on the General Control Activities for Master Data Purchasing.
Supplier Master Data Changes
The goal of the Supplier Master Data Changes process is to ensure that changes to supplier master data are independently reviewed on a timely basis to mitigate the risk of error and fraud. The following should be included in any audit:
- Verify that access to amend supplier master data is restricted to a reasonable number of appropriate staff.
- Confirm that there is a requirement for dual authorization prior to making changes to supplier master data.
- Make sure that there is evidence that supplier master data changes are reviewed on a regular and timely basis by an independent person.
- Validate that suitable and authorized documentation is maintained to support creation of, or changes to supplier master data.
Purchase Price Master Data Changes
Any time there are changes to Purchase Price Master Data it is critical to make sure the changes are accurate. The following should be included in any audit:
- Verify that access to amend contracted purchase price master data is restricted to a reasonable number of appropriate staff.
- Validate that dual authorization is required to make changes to contracted purchase price master data.
- Make sure there is evidence that changes to contracted purchase price master data has been reviewed on a timely basis by an independent person.
In conclusion, auditing standards require that auditors test basic underlying management assertions implicit in the financial statements. Key objectives to these assertions are; Existence and Completeness, Rights and Obligations, Valuation or Allocation, and Presentation and Disclosure.