Team C analyzed the accounts payable, accounts receivable, payroll, and inventory systems for Kudler Fine Foods.
Kudler would now like to see a proposed audit schedule for these systems. The team will distinguish between the types of audits that may use for each process. The team will also recommend the most appropriate audit for each process and explain how to conduct the audits. Identifying events that may prevent reliance on auditing through the computer will also be presented to Kudler for review (Apollo Group, 2009). Types of AuditsThe types of information technology audits are attestation, findings and recommendations, SAS 70 audits, and SAS 94 audits. If Kudler wants the auditor to provide an assurance for each of the system, an attestation audit could be used. An attestation audit can assist Kudler by issuing reports on examinations, reviews, or agreed-upon procedures. An attestation audit can provide Kudler with independent assurance on the reliability or validity of information related to the four systems under review (KPMG, 2011).
A findings and recommendations audit can provide Kudler with other information about each system.A findings and recommendations audit includes system implementations, security reviews; database application reviews; IT infrastructure and improvements needed engagement; project management; and IT internal audit services. If Kudler chooses to use a findings and recommendations audit, no opinion will be produced, only a summary of the audit for each of the systems (Hunton, Bryant, & Bagranoff, 2004). A SAS 70 audit is generally to provide assurance about the existence and effectiveness of the company’s internal controls around a service provided to others.Kudler is not a service provider. However, Kudler does transmit data to the Electronic Payment Clearing House for automatic submission of the credit card transactions to the applicable financial institutions. A SAS 70 could be beneficial to Kudler regarding the accounts receivable system relating to credit card payments.
SAS 94 audits require the “auditor to consider the effect of the company’s information technology on its assessment of control risk” (Hunton et al. , 2004, p. 219).SAS 94 requires auditors to gain an understanding of the client’s information system, consider how a client’s IT processes affect internal control, and gain an understanding of how journal entries are processed (Hunton et al.
, 2004). A SAS 94 audit is part of a regular financial audit. Therefore, this type of audit could be beneficial for providing Kudler with useful information about each of the four systems. Recommended Audit Kudler can use all four types of information technology audits which are attestation, findings and recommendations, SAS 70 and SAS 94.
Because Kudler uses a Retail Enterprise Management System (REMS), they can audit their payroll, inventory, accounts receivables, and accounts payables all in one system. The SAS 94 audit deals with electronic records rather than paper documents. The payroll, inventory, accounts receivables, and accounts payable are done electronically and can produce paper documentation. The ERP software has Kudler’s contracts and automatic billing for online customers. The system generates reports for the management team for strategic planning.The auditors will need to know and understand the invoicing process within the ERP to conduct the audit.
The audit of the payroll and accounts payable process should follow the same audit process of the accounts receivable. The SAS 70 audit will be conducted to ensure an independent third party has examined the controls in place, in addition to ensuring the controls help mitigate the risk associated with processing of confidential information. The SAS 70 audits will be conducted to ensure an independent third party has examined the controls and processing of sensitive information.How The Audits Will Be Conducted Because risk assessment is an important part of any IT audit, Kudler’s auditors must have a risk-based audit approach. The auditor must have a thorough understanding of the client, the industry, and the customer’s environment. Without this understanding, the auditor may not correctly identify the critical business processes and internal controls.
By following this process, the auditors can “identify the controls that should be in place to safeguard the integrity of the process under audit” (Hunton et al. , 2004, p. 10). An SAS 94 audit will be conducted with the computer using a risk-based approach. Since Kudler uses their internal Intranet system to produce reports, it will be essential to the audit to use information contained in Kudler’s Accounting Information System (AIS). A major benefit of auditing with the computer that it allows the use of computer-assisted audit techniques (CAATs). The use of CAATs will save time conducting the audit. For any discrepancies, reportable conditions will be reported to management and follow-up procedures will be outlined.
Auditing of the accounts receivable process will be based on third-party information. Customers of Kudler will be requested to provide information on their accounts with Kudler. Upon receiving the customers information, those amounts will be compared to the account balances within Kudler’s AIS.
Auditing of the accounts payable process will be based on the invoices and payments made by Kudler. A list of all payees will be used and compared to the vendors Kudler from which Kudler has approved to purchase items and services.The system will also be reviewed to ensure only authorized employees can access the accounts payable database and make payments. Auditing of the payroll system will be based on reviewing the biometric system. Timestamps are created in the system whenever an employee scans their finger.
The records are kept and will be compared to paystubs for various employees. Records kept for when the system malfunctions will be reviewed for accuracy as well. IT auditors will also review the employees that have access to the payroll records. The auditors will also look at the logs for those who accessed the payroll database.Auditing of the inventory system will be the most involved portion of the audit. The auditors will use third-party information from Kudler’s vendors and physical inventory counts.
The purchase orders will be reviewed and compared to the accompanying payments to the vendors. The purchase order system will be reviewed for accuracy and to ensure compliance of the process. Auditing Through The Computer Events that might prevent reliance on auditing through the computer are the following: CPU or hardware malfunctions, lack of IT controls and written procedures, and disruption of operations.For auditing through the computer to be reliable, the above mentioned events need to be nonexistent. In the case of a CPU or hardware malfunction, data processed could be inaccurate. An example of the inaccuracy is a spreadsheet not footing the amounts correctly.
Lack of IT controls is another event that may prevent reliance on auditing through the computer. An example is a lack of segregation of duties between programmers and users of the software. If the users are able to override the programmed controls or make unauthorized changes to the software, then reliance cannot be established.The last event is a disruption of operations whether it is due to a power outage or a disaster such as a fire. The loss in power or data will produce a gap in the data, and cannot be relied upon. Inconsistencies as such will not produce reliable data that can be tested.
In conclusion, it is recommended that Kudler Fine Foods use the four information technology audits which are attestation, findings and recommendations, SAS 70 and SAS 94. It is important for Kudler Fine Foods to understand the different types of audits. Appropriate execution of the audit process will ensure a successful audit for Kudler.