​Research and Technology: The Perfect Audit Combination​

Discover how one internal auditor was able to detect a fraudulent scheme at a restaurant by conducting research and using existing technology in a new way.

Comments Views

In many organizations, audit procedures still consist of using outdated checklists that have not been adapted to the organization's changing control and business environment. However, simply switching a checklist for an automated audit solution is not an effective tactic either. While sophisticated tools such as advanced enterprise resource planning (ERP) systems can provide auditors with considerable support in their day-to-day work, internal auditors need to be resourceful, imaginative, and adaptive to current business needs if they wish to obtain meaningful audit results that add value to their organizations. One way to do this is by combining research with the use of technology.

Conducting research enables auditors to better examine, understand, and evaluate information on a particular topic, while the use of technology can provide a wide spectrum of tools, methods, and techniques to get meaningful results. When joined, research and technology result in a winning combination that exponentially increases audit effectiveness and provides audit findings that are far more meaningful than those obtained using a traditional audit approach.

Becoming an Effective Researcher 

Many internal auditors fall into the pitfall of using a particular audit methodology or tool without considering its effectiveness given the specific audit scenario. For example, many auditors often use static checklists in organizations where business processes and the control environment are constantly evolving and becoming more complex. Unfortunately, as the business landscape increases in complexity — and the audit situation becomes more challenging — conventional audit approaches fail to provide the organization with a detective or forensic advantage. This is where research makes a phenomenal difference.

As a general rule, auditors should spend a portion of their audit work conducting research for every audit assignment. Reading reference books, guides, or journal articles; attending a professional seminar or conference; browsing regularly on the Internet on a given topic; asking questions about the organization's audit needs and current technology landscape; or having discussions with other colleagues are some of the common research tools at the auditor's disposal.

In addition to gaining knowledge about a particular topic, conducting research during the audit's planning phase will enable the auditor to determine whether other tools, approaches, or techniques can be used to get better results than those obtained from using a more traditional method. Along with research, auditors also might need a fair amount of time and resources to familiarize themselves with their organization's existing IT tools and applications.

Today, many auditors have an expert level of understanding about the applications used in their organization for its accounting, sales, inventory, payroll, and purchase activities. At minimum, auditors should have a reasonable level of working knowledge about an application's controls, features, and capabilities. Doing so will assist the auditor by facilitating hidden file searches, for instance, or the recovery of important evidence such as e-mails or deleted documents, which can be extremely useful in many audit investigations.

The following example illustrates how a combination of research and technology helped a new auditor expose a latent fraud in a popular restaurant.​

The Audit Environment

Business at a local restaurant in India was booming. The restaurant was open for business from 11 a.m. until midnight seven days a week and was run by a restaurant manager who worked every day from noon until 10:30 p.m. The manager was supported by a team of cashiers, waiters, and other subordinate staff as well as a point-of-sale (POS) software application that was installed by the owners to monitor and collect sales proceeds, maintain accounting information, and generate daily journal sales entries. Because the POS system interfaced with the financial accounting system, daily journal sales entries were also automatically updated every day in the restaurant's financial accounting system.

As part of the restaurant's audit activities, the statutory financial auditors, who are appointed under the Companies Act in India, examined and checked a sample of the total daily journal sales entries every quarter based on a percentage of the total entries. They also compared total daily POS sales with sales collections in the financial accounting application to determine whether the collections were deposited in the bank regularly and promptly on the following business day. Furthermore, the auditors always tested a random sample, as per their checklist, of the sales invoices generated by the POS system to check the correctness of rates, discounts, and taxes as well as reviewed sales collections, stocks, and the consumption and yield ratios of raw materials with prepared food items. Yield ratios were important because they showed whether the food preparation process was efficient or had minimum raw material waste. Although the auditors sometimes expressed concerns about adverse yield ratios, not much attention was given to them because the restaurant was making a profit. The sales register examined by the auditors had the following format:

Bill No.

Kitchen Order
Ticket
Date/Time

Table

Waiter

No. of
Customers

Item

Rate

Quantity

Sales
(in Rupees)

Total
Rupees

K0073132

10/10/2004
12:18:54 PM

56

STW001

1

Ultimate
Pizza
Reg

350

1

350

350

K0073133

10/10/2004
12:21:40 PM

50

STW001

4

Reshmi
Kebab

125

3

375

 

 

 

 

 

 

Roomali
Roti

65

4

260

 

 

 

 

 

 

Dal
Maharaja

100

1

100

735

On the whole, the auditors spent more time reviewing the financial accounting application to study the general ledger and overall cash and bank transactions, while dedicating only the required time to study sales in the POS system. In fact, their main focus in the POS system was confined to financial information only (i.e., sales quantities, rates, discounts, and values). Therefore, as long the system's financial information was reasonable and the corresponding collections were properly deposited and accounted for, the auditors did not review additional data. The result: No serious audit findings were ever reported.

 The Change

As sales started to increase, the owners appointed an internal auditor who had a more enterprising approach to performing operations and financial audits. To learn more about the restaurant's audits, he conducted research. For example, apart from obtaining information from different audit Web sites — such as a ho​tel audit program from Auditnet.org and a hotel department operational audit program from The Insitute of Internal Auditors' Web site — and reading professional journals, including the Journal of AccountancyInternal Auditor magazine, and the BCA Journal, he also discussed his audit assignment with colleagues who had experience in restaurant and food and beverage sales audits.

During his discussions, one senior colleague gave the auditor a tip that proved to be invaluable. The colleague told him that auditors should never restrict themselves to reviews of financial data only because nonfinancial data can provide valuable information as well. The colleague also advised him that if the financial data was reviewed within different dimensions of date, time, and space, the examination could provide data patterns and trends that revealed a completely different story. More specifically, the colleague advised the auditor to study the POS system in as much detail as possible to determine whether it provided any data query module that facilitated data reviews in a multi-pronged manner (i.e., using the dimensions of date, time, and space) in addition to the usual financial overview.

After considering the advice, the auditor spent a lot of time studying the financial accounting application and POS system. This research investment proved fruitful. He observed that the POS system was user friendly and with a little support from the restaurant's IT director, the auditor was able to generate more than 25 different kinds of reports for a sample audit period. The auditor painstakingly went through these documents and identified several POS reports for further sales data analysis, including shift-wise/cashier-wise sales, table-wise sales, date-wise/shift-wise sales, and timeslot-wise sales.

After analyzing sales in the timeslot-wise sales report (see Table 2 for a reproduced extract), he found a glaring anomaly: No cash sales took place from 11 p.m. to 12 a.m. throughout the entire 19-day sample audit period.​

Timeslot-wise Cash Sales Report
From Oct. 1, 2004 to Oct. 19, 2004

From Time

To Time

Total Sales

Total Check

Average Check

11:00 AM

11:59 AM

1,020.00

10.00

102.00

12:00 PM

12:59 PM

4,090.28

14.00

292.16

1:00 PM

1:59 PM

42,947.27

85.00

505.26

2:00 PM

2:59 PM

158,772.32

235.00

675.63

3:00 PM

3:59 PM

82,552.22

130.00

635.02

4:00 PM

4:59 PM

43,007.14

79.00

544.39

5:00 PM

5:59 PM

21,520.16

47.00

457.88

6:00 PM

6:59 PM

34,400.83

57.00

603.52

7:00 PM

7:59 PM

115,378.35

83.00

1,390.10

8:00 PM

8:59 PM

80,995.89

103.00

786.37

9:00:PM

9:59 PM

135,852.24

184.00

738.33

10:00 PM

10:59 PM

185,786.19

220.00

844.48

11:00 PM

12:00 AM

 

 

Comment on this article

comments powered by Disqus
  • MNP_Nov 2017_Prem 1
  • IIA Bookstore_Nov 2017_Prem 2
  • IIA EndOfYear CPE_Nov2017_Prem 3