Auditing Revenues and Procurement Processes: Risks, Key Controls and Step-by-Step Procedure

Auditing and Assurance Services

What Are The Key Risks In The Revenue And Marketing Procurement Processes?

Since There Are No Process Descriptions We Cannot See Which Controls Oxl Vietnam Has Implemented. Therefore, What Are The Expected Key Controls In Both Processes?

How Are We Going To Approach The Audit. Please Think About a Step By Step Approach On How To Test The Processes In Scope?

Financial auditing refers to the procedure of evaluating the accounting entries of an organization’s financial records to establish if they are in line with the applicable laws and regulations such as generally accepted accounting standards.  On the other hand, assurance insinuates the process of verifying the accounting records in an organization to determine whether they are accurate or not. Usually, assurance precedes the auditing process. Despite these elaborations on auditing and assurance terms, the article proceeds to evaluate the risks encountered in undertaking auditing of revenues and procurement processes; the anticipated key control measures in both scenarios, and a step-to-step procedure that can be implemented to test the case study in question.  

Various risks are encountered while auditing the revenues of an organization. For instance, the company may intentionally overstate the accounts receivables. Overstating the accounts receivables means that the firm records a higher figure of the income earned during the entire fiscal period (Zamboni & Litschig, 2018). It should be noted that the top management may collude with the junior employees to prepare financial reports that indicate the organization is thriving. However, in the case study presented, OXL Vietnam seems to have understated the income earned during the entire nine months it has been in operation. The total income recorded in the income statement is just €779,850 while the expenses are €2,222,117. The case study indicates that OXL Vietnam is making huge losses within a small period. The notion behind understating the income levels is for the organization to evade the payment of taxes to the federal government.

Besides this, the other risk that an auditor may experience is the understatement of allowances. The recording of little allowances paid to employees reduces the total expenditure thus increasing the profit margin (Zamboni & Litschig, 2018). For instance, OXL Vietnam has recorded only € 411,897 as the amount for compensation and benefits of employees. Nevertheless, other external risks may hinder the work of auditors. For example, cloud computing calls for proper training of auditors regarding the security measures of the financial records of the organization (Zamboni & Litschig, 2018). Therefore, inadequate training may cause vital financial information of the company to be governed and controlled by a third party thus causing approval of wrong financial reports

Risks in Auditing Revenues and Procurement Processes

During the auditing of procurement processes, different risks are also encountered by auditors. For instance, the first risk auditors’ face is the inadequacy in needs evaluation. Many of the startup firms are unable to tell what they need when they need such products or services, and a qualified supplier who can deliver timely and at an affordable price (Zamboni & Litschig, 2018). From our case, the income statement of OXL Vietnam records both online and offline advertisement strategies yet the firm is languishing in losses. OXL Vietnam should devise a way of reducing its expenses on the advertisement, communication, consultancy services, and travel and entertainment charges offered to its employees (Zamboni & Litschig, 2018). Overrepresentation of facts may result in reduced profits alongside hindering the firm from gaining a competitive advantage in the market place.  

Despite inadequate needs analysis, fraud and corruption is also another risk facing the evaluation of procurement processes. Fraud and corruption stem down to invoice fraud and embezzlement of funds by a recording of false transactions (Zamboni & Litschig, 2018). An organization that is composed of a decentralized procurement function is more likely to harbor this risk. This is because the organization won't be able to notice red flags during risk analysis as the employees doctor the records early enough. However, for OXL Vietnam, the procurement function is centralized. However, losses are realized as a result of double accounting of expenses. For example, there is an entry of mobile social media costs and at the same time, we have an entry recorded as internet access.

Thirdly, poor supply chain management has also been identified as a risk in evaluating procurement processes. Poor supply chain management emanates from a decentralized system that lacks transparency and contains inaccessible criteria for purchases, approvals, and payments (Zamboni & Litschig, 2018). As a result of poor supply chain management, the organizations will be exposed to false invoices and corrupt vendors. For instance, the recording of out of home advertising and event advertising emanates from poor practices of supply chain management. Therefore, the staff of such a company will spend most of their time chasing invoices thus leading to late or duplicate payments.

Internal controls are the policies and guidelines developed by a firm to protect its entire assets, maximize productivity, and support compliance of its employees to these laws (Turner & Weickgenannt, 2020). Various control measures can be utilized to curb the risks experienced in auditing both revenue and procurement processes. There exist three main categories of internal controls that can be emulated by any organization within any sector of the economy. These classifications entail detective, preventive, and corrective measures of internal controls.

Expected Key Controls

Detective internal controls are developed by an organization to determine problems after its occurrence (Turner & Weickgenannt, 2020). These kinds of controls serve as part and parcel of the checks-and-balances as well as providing information on the effectiveness of the stipulated policies. Examples of detective internal controls that can be utilized under the two processes include manual counting of inventory, surprise cash counts, internal audits, and enforcement of job descriptions and expectations (Turner & Weickgenannt, 2020). OXL Vietnam acquires its revenues from the advertisement of products and services offered by other firms alongside the listing of those products on their website for easy accessibility by potential customers.

The other internal control measures that can be utilized by organizations include preventative internal controls. Preventive internal controls aim to bar errors and irregularities form occurring. Unlike the detective controls, preventive controls are executed regularly (Turner & Weickgenannt, 2020). Preventive internal controls begin from locking a building before leaving for home to keying in a password before finalizing a transaction. Nevertheless, other preventive controls encompass installing a backup system for the organization's information, employee screening, and training sessions, testing for clerical accuracy, and seeking approval before performing any particular transaction (Turner & Weickgenannt, 2020).

Besides these two internal control strategies, corrective internal controls also form the third category of ensuring the safety of assets possessed by an organization. Under this category, measures are implemented to rectify the errors highlighted by the detective internal controls (Turner & Weickgenannt, 2020). After an error has occurred, employees should adhere to the set procedures in arriving at an appropriate solution. For instance, employees may decide to report the problems arising to their supervisors. Nonetheless, other examples of corrective internal controls include initiating training programs as well as instilling progressive discipline among employees within an organization.

Six specific steps should be followed strictly for a successful audit. Firstly, the auditor should request the financial documents of the organization to be audited (Antipova, 2016). This step of requesting financial documents is preceded by the auditor notifying the organization of the upcoming audit to initiate preparations for the same. The financial documents may entail a copy of the previous audited report, original bank statements, receipts, and ledgers (Antipova, 2016). In the case study provided, the auditor will use the income statement for OXL Vietnam dating from April 2019 to December 2019. Conversely, OXL Vietnam failed to provide organizational charts as well as the committee minutes alongside its bylaws for auditing purposes.

The Auditing Process

Secondly, the auditor prepares an audit plan indicating how the auditing process will be conducted. In this stage, the auditor goes through the financial documents and plans how he or she will carry out the auditing procedure (Antipova, 2016). Moreover, a risk evaluation may be incorporated to establish possible problems that may be encountered during the entire auditing procedure. Thirdly, the auditor schedules an open meeting with employees within the organization under audit. The auditor invites the senior management team as well as the essential administrative staff in an open meeting. During the meeting, the auditor presents the scope of the audit to these parties (Antipova, 2016). Moreover, the time required for the auditing to be complete is agreed-upon alongside department heads being requested to inform their staff of possible interviews with the auditor.

The fourth step encompasses conducting onsite fieldwork. In this stage, the auditor uses the collected information from the open meeting in completing the drafting of his or her audit plan. After this, fieldwork is executed through face-to-face interviews with staff members together with evaluating the processes used by the organization (Antipova, 2016). The processes are evaluated to determine whether they are in line with the set policies and standards. Additionally, the auditor may proceed to discuss the problems noted while auditing the firm’s records to provide the organization with the opportunity to react accordingly.

Fifthly, the auditor proceeds to the drafting of the report. After conducting enough research through interviews with the staff, the auditor is now at liberty to prepare a report that indicates the findings of the audit. The report contains posting problems, mathematical errors, and payments made but not received by the other company (Antipova, 2016). The auditor winds up the report by offering viable recommendations to tackle the problems realized. Finally, the last step is setting up a closing meeting. During this meeting, the auditor invites the management and seeks their response regarding the audit report (Antipova, 2016). He then proceeds by proposing the course of action that can be undertaken by the management in curbing the financial challenges encountered by the organization as well as the projected date of completion.  

References

Antipova, T. (2016). Auditing for financial reporting. In Global Encyclopedia of Public Administration, Public Policy, and Governance. Springer.

Turner, L., & Weickgenannt, A. (2020). Accounting information systems: controls and processes. Wiley.

Zamboni, Y., & Litschig, S. (2018). Audit risk and rent extraction: Evidence from a randomized evaluation in Brazil. Journal of Development Economics, 134, 133-149.