In general, the objective of an internal audit is to assess the risk of material misstatement in financial reporting. Material misstatements can arise from inadequacies in internal controls and from inaccurate management assertions. As such, testing the validity of various implicit managerial assertions is a key objective of an internal auditor.
While this applies to all financial cycles, this article is the seventh in a series focusing on the General Control Activities for the Sales, Invoicing and Credit Management (SICM) cycle. The most important general controls for SICM include:
- Sales Planning and Target Setting
- Customer Acquisition
- Client Acceptance and Sales Agreements
- Managing Client Relationships
- Order Processing
- Sales Returns and Credit Notes
- Credit Management
- Customer Master Data
The two primary goals for Invoicing Flow are to make sure all shipments are invoiced timely and that all invoices are processed accurately and based on sales terms.
When conducting an audit of invoicing, look for the following controls/best practices:
- Verify that invoice generation is restricted to relevant personnel and access to this function is regularly reviewed. Amendments to invoice should not be allowed.
- Validate that system based invoice generated form dispatch note.
- Assure that a management member is reviewing goods shipped on a monthly basis.
- Make sure that sales taxes are automatically calculated by the system and tax settings are regularly reviewed.
- If there is significant time difference between invoice issued in system and actual receipt of goods by the customers (e.g. export), verify that a monthly review of the revenue recognition is performed and reviewed by appropriate management.
- If manual VAT invoice is required, make sure that the manual invoices are reconciled with the system invoices on a monthly basis.
When offering Retrospective Rebates it is important to make sure that they are accurately calculated in the correct accounting period. If not accurately processed there will be errors in rebates and a risk that the rebates will be posted in the wrong period.
When conducting an audit of rebates look for the following controls/best practices:
- Verify that retrospective rebates are calculated in line with agreed customer contract (or authorized rebates agreements) and are reviewed and authorized prior to payment processing.
- Validate rebate payments are put on hold for customers whose accounts are in arears until their accounts are settled.
- Make sure liabilities that arise from rebates not yet settled are accrued for where appropriate.
If issuing Inter-Company invoices, it is critical to make certain that the invoices are generated using appropriate the transfer price. When business transfer pricing guidelines are not followed there could be penalties issued by the tax authorities.
When conducting an audit of inter-company invoices look for the following controls/best practices:
- Assure that transfer pricing has been calculated, documented and communicated to all relevant parties.
- Test to make sure access to amend/update transfer prices is restricted.
- Verify that updates and changes to transfer price standing data is reviewed by a responsible manager.
- Validate that controls per corporate directive are applied.
Free of Charge Deliveries
Occasions could arise that would require Free of Charge Deliveries. If issuing free of charge deliveries it is critical to make sure the decision supports business objectives, are appropriate for the circumstances, and are approved. Free of charge deliveries significantly impact margins and is a risk area for fraud.
When conducting an audit of free of charge deliveries look for the following controls/best practices:
- Validate that all delivery notes invoiced are reported in the system and have been reviewed.
- Test to make sure there is a clear authority levels and guidance for staff on the extent, limits, and purpose of the free of charge delivery.
- Verify that a manager has reviewed free of charge delivery.
- Make sure there is a mechanism in place to block delivery until appropriate authorization obtained.
In conclusion, auditing standards require that auditors test basic underlying management assertions implicit in the financial statements. Key objectives to these assertions are; Existence and Completeness, Rights and Obligations, Valuation or Allocation, and Presentation and Disclosure.