Introduction : Raj Sawhney, the Internal Auditor of ABC Limited — a family owned large diversified conglomerate, had used a CAAT in auditing the Sales and Accounts Receivable area. The Audit Committee and the Chairman and Managing Director were happy with the audit, as not only did it release much wanted funds but it also helped in improving realisation. They felt that the Internal Audit should now focus their energy on audit of Purchases and Accounts Payable. They had some inkling that one of the Purchase Head appears to live beyond his means of income.
Methodology : The audit team spent time with the IT team to understand the software environment as pertaining to Accounts Payable. They also generally understood how the software stored data — Supplier details, purchase ledger, payments history, purchase invoices, in the various tables. They listed out the various audit objectives that they wanted to meet. They sought access to the tables and wherever access was limited, the audit team requested for information from the IT. Those issues that were highlighted using CAAT’s are given here.
Validity of transactions/entries :
Deals with unauthorised suppliers :
The company had a policy of obtaining structured information on the suppliers. Only those suppliers who gave the required details and passed the various quality test procedures were empanelled. On the basis of approved Supplier Registration Forms, the supplier details were updated in the Master. The Registration process was not followed for minor product groups.
The initial audit objective was to verify whether transactions were entered into with registered suppliers. The auditor downloaded the Supplier Master from the software and the Empanelment List maintained by the Purchase Department. The two files were then joined on the common field of Supplier Registration Number with the option to identify those suppliers who are in the Supplier Master (Primary File) but not in the Empanelment List (Secondary File). They were informed that the Empanelment File is comprehensive in details, and is updated and reliable.
Out of a total supplier list of 3000 vendors, there were 50 vendors who were not in the empanelled list. The auditor further analysed these 50 vendors with respect to products supplied. They further analysed the Master as per the product groups supplied. A quick summarisation on product group was done. These 50 vendors dealt in 8 major product groups (10 vendors) and 2 minor product groups (40 vendors).
The entire process of registration of these 10 vendors was then carried out in detail to identify the root cause of policy non-compliance. It was identified that work pressures were high during September and as material requirement was on an urgent basis, the process was bypassed and vendors taken up for supply of material. In 2 cases, it was identified that the vendors did not fulfill the registration criteria established by the organisation, but was ignored by the Purchase Head who was the approving authority for master updation. No justification for the same were held on record.
The auditor then approached Raj with this information. Given the feedback of the management, Raj asked the auditor to visit the market and other registration authorities to know more about these organisa-tions. The auditor visited the Registrar of Companies for further details and also the organisations’ offices. The details indicated that a close relative of the Purchase Head was interested in both these companies.
Business with individuals :
In order to identify further collusions, if any, a quick search was done using wild card searches and absence of words like Ltd., Limited, Private, Pvt., in combination with organisation type. A list of all exceptions were highlighted. Certain entries were identified which were categorised as companies, but the names did not contain the words indicating a company. Out of 20 such entries identified, a further analysis of the Supplier Registration Forms was done. In 15 cases, there was an entry error. In the balance 5 instances, there were errors in entering organisation group. There were no instances of any irregularity identified in the parties registered.
Validation checks were sought to be established linking up presence of words with the organisation group to ensure correctness in entries.
Master updation :
The master entries were further analysed to identify duplicate entries and completeness of master entries. An extraction was performed to isolate those entries where any field, particularly on statutory details, addresses, contact details, were blank.
In 500 instances out of 3000, one field or more was blank. These were listed and provided to the Purchase/Systems for proper updation.
In 30 instances, duplicate entries were identified. Out of these, in 10 instances, the duplicate entries were deleted. Steps were immediately taken to de-activate the duplicate entries.
Profile of purchase orders raised : High volume of low-value purchase orders :
The transaction volumes were identified to be high considering the scale of the business. The auditor used the stratification feature to profile the purchaser orders raised. The PO value group categories were 0-5000, 5000-10000, 10000-50000, 50000-500000. These were also the authorisation limits.
It appeared that 40% of the PO’s were under 5000 with total value contribution of less than 5%. Further 30% of the PO’s were in the band of 10000-50000. This appeared to be abnormal. The auditor further categorised this band as 10000-40000, 40000-45000 and 45000-50000. Out of 30%, the category of 45000-50000 accounted for 20%. A detailed analysis of these orders highlighted that orders were being bifurcated for a lower value to ensure that authorisation limits are not crossed. Further, the payment authorisation and payments were also in the same categories. As a result, a number of transactions were being processed without senior management check. A number of discrepancies in the processing of these orders were identified. The concerned buyers acknowledged misuse of authority and a new team took over the activities.
Further analysis of the 40% of the orders under Rs.5000 was taken up.A further break-up of the orders identified that 30% of the orders are below Rs.3000. A quick calculation of the cost of PO processing from Indent to Payment indicated that the total cost of the process was Rs.1000. Considering the total value of the orders for the year of such orders and the possible ‘control’ being exercised vis-à-vis the cost of control, it was recommended that under-3000 value orders should be discontinued and a fast track system of procurement and referencing was introduced to facilitate the payment.
Purchase performance :
A comparison of performance over the last two years was undertaken to identify variations in purchase trends. Using the compare feature, a quick analysis of the performance was done. It showed that the purchase pattern had changed in favour of certain suppliers for 2 major items. A detailed analysis of the same was done by going back one more year and this trend was seen to have initiated two years back. A detailed analysis was sought to be done with respect to the quantities purchased and value paid. A higher amount was being paid compared to other suppliers. The usual reasons of quality and performance were given. However, the auditor further obtained files from quality and stores and it appeared that these parties were having frequent quality issues and delayed deliveries. Faced with quantitative data, a change in the buying pattern was instituted and a report generated regularly highlighting value and volume of purchases party-wise for major items.
Payments analysis :
Duplicate payments :
Suppliers’ ledger was analysed for duplicate payments by using the identify duplicate feature on the amount field for all payments. The list was further scrutinised for bill number referencing. Two duplicate payments were identified. This was mainly due to oversight. A validation control was institued in the software to prevent duplicate payments in future.
Missing cheques :
The bank payments file was obtained. Using the identify Gap feature on the cheque number field, the missing cheque numbers were identified. These were then compared to the cancelled cheque leaves and details available. There were 3 unaccounted cheques. Stop-payment instructions for these cheque numbers were issued to the bankers.
Conclusion : Using several features of the audit tools, the auditor was able to increase the depth of his audit and also do it faster. In this way, he was able to focus on streamlining processes and spend more time interacting with officials on business issues which were useful sources for analytical information. This was appreciated by the management.