In general, the objective of an internal audit is to assess the risk of material misstatement in financial reporting. Material misstatements can arise from inadequacies in internal controls and from inaccurate management assertions. As such, testing the validity of various implicit managerial assertions is a key objective of an internal auditor.
While this applies to all financial cycles, this article is the last in a series focusing on the General Control Activities for the Sales, Invoicing and Credit Management (SICM) cycle. The most important general controls for SICM include:
- Sales Planning and Target Setting
- Customer Acquisition
- Client Acceptance and Sales Agreements
- Managing Client Relationships
- Order Processing
- Sales Returns and Credit Notes
- Credit Management
- Customer Master Data
Creation and Changes to Customer Master Data
The objective for having a process for the Creation and Changes to Customer Master Data is to make sure that only authorized personnel have access to create or change customer master data.
When conducting the audit look for the following controls/best practices:
- Verify that only authorized personnel amend customer master data and access rights are reviewed by the responsible manager on a regular basis.
- Validate that all changes to customer master data are reviewed on a regular basis by the responsible manager.
In conclusion, auditing standards require that auditors test basic underlying management assertions implicit in the financial statements. Key objectives to these assertions are: Existence and Completeness, Rights and Obligations, Valuation or Allocation, and Presentation and Disclosure.