How to Conduct an Internal Control Process Walkthrough
Internal control process walkthroughs are an essential part establishing process evaluation, documentation and performing audits. In essence, internal control process walkthroughs can be considered an audit of the entire transaction process themselves. Their purpose is to catch any errors, inefficiencies or key process components within the system and make appropriate inquiries, inspect or create any relevant documents and observe how the process is working. Then, changes can be made as needed to improve the process and lessen the likelihood of inefficiencies or errors.
Internal controls process audits help you circumvent major problems by shining a light on any pain points in your overarching transaction process or system. Essentially, these audits track a transaction as it moves from the point of purchase or signed contract, when it first becomes part of the company's workload, to the point at which it is entered into the books as a financial transaction.
It is essential to do more than just watch the transaction run through your systems from start to finish. It is also integral to the internal controls process audit that controls be observed and examined to ensure they are implemented and designed properly, as well as to capture significant steps and proprietary processes.
Here is an example of how to conduct an internal controls process walkthrough. In this example, say you run a t-shirt business. An internal controls process audit for your business would begin with a given order for 100 shirts by a local Girl Scout troop. Your auditing team would note how the order was placed and ensure this was done according to company procedure and policy.
To continue with the walkthrough example, whoever orders the t-shirts and ink for screen printing would be checked to be sure they did so properly, with all required approvals and according to the invoice as outlined by the sales team. From there, the t-shirts would be checked once they had been printed. Were the words or graphics printed properly in the colors that were requested?
More importantly, were supplies used properly? If the order should have required 105 t-shirts, including extra for errors, and 1 gallon of ink, these quantities must be audited to ensure the company is not wasting resources.
Finally, someone should audit the warehousing team to be sure that they properly packed the boxes, printed the correct address labels and shipped the boxes according to the shipping service paid for by the client. If expedited shipping requires additional approval from a manager, the auditing team must verify that this occurred, as well.
The final, but perhaps most important, part of the internal controls process audit is to check the invoicing and payment processes. Did the invoicing department correctly bill the customer for 100 t-shirts, plus the expedited shipping they requested? Did they correctly state on the invoice that payment must be received net 30 with 10% added each week payment was late thereafter? Was the invoice sent to the correct point person at the office of the customer?
When payment is received, auditors will need to verify that it is processed promptly and correctly. Chain of custody procedures must be followed; checks should not be left out of locked file cabinets during lunch breaks or after hours. Anyone handling cash should be audited, and two people should always check deposits before they are brought to the bank.
Finally, bookkeepers must be audited. Did they place the $100 payment into the correct accounts in the company's books? Is it listed correctly in the "cash on hand" and moved from "accounts receivable" once in hand? Verifying that all of these processes are completed correctly is essential.
Walkthrough checks are what departmental managers use with their staff to ensure that they are prepared for an internal process controls audit audit. Your manager may have a team meeting that will discuss the major issues that he thinks will be the focus of the audit. He could also begin to quiz his team to keep them up to date on policies.
Policies and procedures are not the only things that you can go through during your walkthrough check. However, they are the most common reasons for undertaking one. It also serves to make sure that your employees understand safety measures, such as where to go during a fire drill or where to meet in case the building is locked down.
Typically, walkthrough checks are done just before a scheduled internal controls process walkthrough audit. In these cases, no one knows the exact timing of an audit, only that they have a space of time in which one can happen. They are also often performed during business transitions, such as mergers, or for internal documentation activities. In the case of some sectors, such as health care, there is a window of time in which an audit can occur.
After completing your internal controls process walkthrough audit, you will need to document what you found. Ideally, you and your audit team were taking careful notes throughout the entirety of the process. You should compare notes before sitting down to finalize your report in case any one person observed different details about the transaction process.
It's important as you prepare your final report that you keep the audit language accessible, as well as make every effort to keep it positive. Inclusive language such as "we" and "us" is an excellent way to avoid pointing the finger at any member of your staff. For example, consider these two statements:
"We should focus more on pushing automotive coverage."
vs.
"Automotive did not make their sales metrics this quarter."
While the second statement is a fact, it is not worded in a way that would make people want to work together. The first statement, however, includes everyone in the problem. While they both get at the same basic idea, the first statement means that people will work together to fix it, not that specific department or representative.
The final deliverable for the internal control process walkthrough audit is typically your report, made available to senior leadership, such as a CEO or the board of directors of an organization. Members of the audit committee are typically independent departments that are uninvolved in office politics. For large companies, this could be in the form of a department that handles all of the internal audits. Smaller companies may hire auditors from placement agencies.
The point of your internal audit walkthrough is to help inform and update the transaction process and check on how these processes are functioning, making improvements wherever possible. This could look different for every organization.
When a pain point or a failure point is found in any system, it should be described in detail in your deliverable. For each point in the transaction process, include a "what to improve" section where you outline problems observed and how you recommend they be fixed. It's also a good idea to include a section of general observations and general suggestions for improvement that don't necessarily relate to specific failures in the system.
If you are new to performing an internal controls process walkthrough audit, or if you are implementing a new audit procedure or audit process for your team, it is important to approach the process with a team attitude. After all, you want employees to feel ownership in their part of your business.
To do that, you must make them feel welcome and part of that team. Audits should help everyone do a better job as well as improve overall company policy and efficiency. Make it clear that an audit will be completed at some point. However, it's best not to identify when or exactly how the audit will be conducted.
At the most basic level, an internal audit of any sort is the kind that should focus on providing an unbiased, nonpolitical review of your business systems and processes and the levels of an organization. When used appropriately, internal control processes auditing helps a company to trace a transaction from its point of origin to its point of completion to ensure that all involved steps are operating properly and with a transparent paper trail. The end product of your internal audit should give your organization's governing bodies a triage report that ensures compliance and shines a light on risks and areas of policy that need to be changed.
When discussing the needs for internal control process auditing with your staff, it should be centered around the idea that audits tend to find the places where employees fall down on the job, so to speak, due to institutional issues. It is important to keep in mind that an audit is not supposed to "catch" you or make you get written up at work. Instead, they should be viewed as a way that everyone can work together to make their place of employment a better place in which to work.
Ensuring that this conversation occurs can help to lessen nerves and make sure that the audit is as true to daily routines as possible. A highly nervous staff might make unusual errors throughout the systematic audit process that could skew the results of how your process is working.
Internal audits, like the walkthrough audit, are supposed to handle more in-depth, low-level details than external ones. Risk management policies, process improvements and your chain of ownership or chain of custody are very important when speaking to internal players. Managers, for example, will be interested in how their teams are performing and if they can improve the work environment. This is where a walkthrough of the entire transaction process in your company can really prove useful and catch inefficiencies and errors.
Financial reports and how investments are performing against competitive markets are external audits that your company may conduct, but these do not typically follow the same walkthrough process. Again, companies will want to make sure that everyone who would be reading the report will get the information that they need. Importantly, you may not be able to publish an internal audit externally due to nondisclosure agreements or similar issues.
Audits are not supposed to make employees feel like they are being tested on a pass/fail basis. Auditing is a powerful tool to make the workplace better.
Instead of pointing the finger at individual employees, it should focus on how the entire team can improve. While there are cases of people failing audits and being fined or fired, these are not the usual outcome of any audit. The usual outcome is company improvement.