Posted on

Internal control questionnaires: How to see the complete picture

  • Magnifier And Question Mark On Red Background

Businesses rely on internal controls to help ensure the accuracy and integrity of their financial statements, as well as prevent fraud, waste and abuse. Given their importance, internal controls are a key area of focus for internal and external auditors.

Many auditors use detailed internal control questionnaires to help evaluate the internal control environment — and ensure a comprehensive assessment. Although some audit teams still use paper-based questionnaires, many now prefer an electronic format. Here’s an overview of the types of questions that may be included and how the questionnaire may be used during an audit.

The basics

The contents of internal control questionnaires vary from one audit firm to the next. They also may be customized for a particular industry or business. Most include general questions pertaining to the company’s mission, control environment and compliance situation. There also may be sections dedicated to mission-critical or fraud-prone elements of the company’s operations, such as:

  • Accounts receivable,
  • Inventory,
  • Property, plant and equipment,
  • Intellectual property (such as patents, copyrights and customer lists),
  • Trade payables,
  • Related party transactions, and
  • Payroll.

Questionnaires usually don’t take long to complete, because most questions are closed-ended, requiring only yes-or-no answers. For example, a question might ask: Is a physical inventory count conducted annually? However, there also may be space for open-ended responses. For instance, a question might ask for a list of controls that limit physical access to the company’s inventory.

3 approaches

Internal control questionnaires are generally administered using one the following three approaches:

1. Completion by company personnel. Here, management completes the questionnaire independently. The audit team might request the company’s organization chart to ensure that the appropriate individuals are selected to participate. Auditors also might conduct preliminary interviews to confirm their selections before assigning the questionnaire.

2. Completion by the auditor based on inquiry. Under this approach, the auditor meets with company personnel to discuss a particular element of the internal control environment. Then the auditor completes the relevant section of the questionnaire and asks the people who were interviewed to review and validate the responses.

3. Completion by the auditor after testing. Here, the auditor completes the questionnaire after observing and testing the internal control environment. Once auditors complete the questionnaire, they typically ask management to review and validate the responses.

Enhanced understanding

The purpose of the internal control questionnaire is to help the audit team assess your company’s internal control system. Coupled with the audit team’s training, expertise and analysis, the questionnaire can help produce accurate, insightful audit reports. The insight gained from the questionnaire also can add value to your business by revealing holes in the control system that may need to be patched to prevent fraud, waste and abuse. Contact us for more information.

© 2021

Posted on

Analytics software: A brave new world in auditing

Analytical software tools will never fully replace auditors, but they can help auditors do their work more efficiently and effectively. Here’s an overview of how data analytics — such as outlier detection, regression analysis and semantic modeling — can enhance the audit process.

Auditors bring experience and professional skepticism

When it’s appropriate, instead of manually testing a representative data sample, auditors can use analytical software tools to compare an entire data population against selected criteria. This process quickly identifies anomalies hidden in large amounts of data that can be tagged for further examination by auditors during fieldwork. Analytical software tools can test various kinds of data, including accounting, internal communications and documents, and external benchmarking data.

If unusual transactions or trends are found, auditors will investigate them further using the following procedures:

  • Interviewing management about what happened and why,
  • Conducting external research online and from industry publications to independently understand what happened or to verify management’s explanation, and
  • Performing additional manual testing procedures to determine the nature of the anomaly or exception.

In addition, confirmations and representation letters from attorneys, customers and other external parties may corroborate what management says and external research reveals.

Audit findings may require action

Often, auditors conclude that irregularities have reasonable explanations. For instance, they may be due to an unexpected change in the company’s operations or external market conditions. If a change is expected to continue, it may alter the auditor’s expectations about the company’s operations going forward. Sometimes, a change discovered while auditing one part of the financials may affect audit procedures (including analytics) that will be performed on other accounts.

Alternatively, auditors may attribute some irregularities to inadvertent mistakes or intentional fraud schemes. Auditors usually communicate with the audit committee or the company’s owners as soon as possible if they discover any material errors or fraud. These irregularities might require adjustments to the financial statements. The company also might need to take action to mitigate financial losses and prevent the problem from recurring.

For example, the controller may need additional training on recent changes to the tax and accounting rules. Or management may need to implement additional internal control procedures to safeguard against dishonest behaviors. Or the owner may need to contact the company’s attorney and hire a forensic accountant to perform a formal fraud investigation.

Audit smarter

Today, companies generate, process and store massive amounts of electronic data on their networks. Increasingly, auditors are using analytical tools on this data to conduct basic audit procedures, such as vouching transactions and comparing data to external benchmarks. This frees up auditors to focus their efforts on complex transactions, suspicious relationships and high-risk accounts. Contact us for more information about how our auditors use analytical software tools in the field.

Posted on

Preparing for the possibility of a remote audit

The coming audit season might be much different than seasons of yore. As many companies continue to operate remotely during the COVID-19 pandemic, audit procedures are being adjusted accordingly. Here’s what might change as auditors work on your company’s 2020 year-end financial statements.

Eye on technology

Fortunately, when the pandemic hit, many accounting firms already had invested in staff training and technology to work remotely. For example, they were using cloud computing, remote access, videoconferencing software and drones with cameras. These technologies were intended to reduce business disruptions and costs during normal operating conditions. But they’ve also helped firms adapt while businesses are limiting face-to-face contact to prevent the spread of COVID-19.

When social distancing measures went into effect in the United States around mid-March, many calendar-year audits for 2019 were already done. As we head into the next audit season, be prepared for the possibility that most procedures — from year-end inventory observations to management inquiries and audit testing — to be performed remotely. Before the start of next year’s audit, discuss which technologies your audit team will be using to conduct inquiries, access and verify data, and perform testing procedures.

Emphasis on high-risk areas

During a remote audit, expect your accountant to target three critical areas to help minimize the risk of material misstatement:

1. Internal controls. Historically, auditors have relied on the effectiveness of a client’s controls and testing of controls. Now, they must evaluate how transactions are being processed by employees who work remotely, rather than on-site as in prior periods. Specifically, your auditor will need to consider whether modified controls have been adequately designed and put into place and whether they’re operating effectively.

2. Fraud and financial misstatement. During fieldwork, auditors interview key managers and those charged with governance about fraud risks. These inquiries are most effective when done in person, because auditors can read body language and, if more than one person is present during an interview, judge the dynamics in a room. Auditors may request video conferences to help overcome the shortcomings of inquiries done over the phone or via email.

3. Physical inventory counts. Normally, auditors go where inventory is located and observe the counting process. They also perform independent test counts and check them against the inventory records. Depending on the COVID-19 situation at the time of an audit, auditors may be unable to travel to the company’s facilities, and employees might not be there physically to perform the counts. Drones, videoconferencing and live video feeds from a warehouse’s security cameras may be suitable alternatives to on-site observations.

Modified reports

In some cases, audit firms may be unable to perform certain procedures remotely, due to technology limitations or insufficient access to data needed to comply with all the requirements of the auditing standards. In those situations, your auditor might decide to issue a modified audit report with scope restrictions and limitations. Contact your CPA for more information about remote auditing and possible modifications to your company’s audit report.

© 2020