In general, the objective of an internal audit is to assess the risk of material misstatement in financial reporting. Material misstatements can arise from inadequacies in internal controls and from inaccurate management assertions. As such, testing the validity of various implicit managerial assertions is a key objective of an internal auditor.
While this applies to all financial cycles, this article is the first in a series focusing on the General Control Activities for the Purchasing cycle. The most important general control areas for Purchasing include:
- Performance Management
- Supplier Selection
- Purchase Commissions
- Goods and Services Received
- Invoice Verification
- Master Data Purchasing
In this post, we’ll focus on the General Control Activities for Supplier Selection.
Approval of Agreements and/or Contracts
It is critical that there is an appropriate level of management approving third party agreements and contracts. The following should be included in any audit:
- Verify that prior to approval, all contract details are matched with the business requirements
- Make sure that all agreements, terms, and prices (including discrepancies from business directives) are approved by management and issued before an order is placed
- Validate that no changes to agreements and contracts have been made after the approval.
- Make sure that any revisions to terms, schedule or other specifications are subject to independent scrutiny and approval
- Verify that an authorization schedule is in place
- If an authorization schedule is in place, make sure the authorization schedule is periodically reviewed/evaluated and adjusted as necessary by an independent individual
- Make sure that all contracts with third paries have dual authorized signatures
- Make sure that all non-standard and significant purchase orders are reviewd and properly authorization
- Verify that all non-standard and significant purchase orders have proper documentation and the decisions making process had proper motivation
- Validate that all significant and complex contracts are subject to review by Legal department
Recording of Agreements and/or Contracts
All agreements and contracts should be recorded accurately and in a timely manner in a contract file. The following should be included in any audit:
- Verify that a contract file containing all agreements and contracts is maintained and up to date
- Make sure that there is a clear tracking of contract expiration dates and renegotiation and/or renewal requirements
In conclusion, auditing standards require that auditors test basic underlying management assertions implicit in the financial statements. Key objectives to these assertions are; Existence and Completeness, Rights and Obligations, Valuation or Allocation, and Presentation and Disclosure.