[Name of Company] Audit Work Plan Worksheet

[Date]

General controls
General control area
Control environment

Control
Company has a formal ethics committee and a communication policy to ensure that ethical standards are documented and communicated to all employees. Company has a formal audit committee, consisting of independent external board members.

Include in testing?
Yes

Testing frequency
Annually

Notes
In light of recent ethical issues within the industry, pay close attention to this item.

Control environment

Yes

Quarterly

Business planning

Management uses a formal business planning process to drive the allocation of resources and to provide direction to the business. Business and operating plans are reviewed on a regular basis to ensure that the company is achieving its planned objectives. Management has implemented formal processes for reviewing operational data to assist with day-today decision-making. Systems are maintained to store all transactional and accounting data required to produce financial statements. (Note: If systems are relied upon to produce financials, consider whether information technology controls should be evaluated.) The company maintains a formal records retention policy, which enforces the minimum standards required by the Internal Revenue Service (IRS). Management has developed a business continuity policy, which states that the procedures should be enforced if a situation were to arise where business is interrupted. Key documents, including employee records, checks, contracts, customer information, and other confidential materials, are kept in locked or otherwise physically secure locations.

No

Business planning

No

Management reporting

No

Financial reporting

No

Records retention

No

Business continuity

No

Physical security

No

Business process audit areas

Control
Duties are segregated so that the person who authorizes vendor payments is not responsible for generating purchase orders or writing checks. Formal purchase orders are used for every purchase.

Include in testing?
Yes

Testing frequency

Notes

Procure to pay

No

Procure to pay

A list of authorized vendors is maintained; purchase orders can be written only against an authorized vendor. Vendors are audited on a quarterly basis to determine if conflicts of interest exist between procurement personnel and vendors. Vendor invoices are checked against signed purchase orders and delivery receipts before a check is cut. Numbered purchase orders and delivery receipts are kept in a locked area and are logged in sequential order. New sellers of the company's product are required to pass a prospective customer credit review before credit terms can be offered. A subsidiary ledger of all purchase and accounts payable transactions is maintained and is stored within a physically secure area. Customer records are maintained, including a purchase history for each transaction during the audit year. A cash collection log is maintained for all cash receipts. Such receipts are deposited at the end of each business day. An accounts receivable ledger is kept for all customer credit purchases. An aged accounts receivable report is generated to monitor cash collections. A log for journal entries that affect the monthly closing process is kept to document all adjustments made for reporting purposes, such as depreciation or amortization. An employee roster is maintained, including status (exempt/non-exempt), pay rate, and tax jurisdiction. State and federal taxes are withheld properly for all payroll, based on tax jurisdiction.

No

Procure to pay

No

Procure to pay

No

Procure to pay

No

Procure to pay

No

Procure to pay

No

Order to cash

No

Order to cash

No

Order to cash

No

Book to report

No

Payroll

No

Payroll

No

Fixed assets

A log of all fixed assets, along with a depreciation schedule, is maintained in a secure location.

No

Inventory

An inventory valuation method (such as weighted average, FIFO, or LIFO) is used consistently throughout the audit period. An inventory ledger including a cost-of-goods-sold analysis should be maintained.

No

Inventory

No

[Name of Company] Audit Worksheet

General controls
General control area
Control environment

Control
Company has a formal ethics committee and a communication policy to ensure that ethical standards are documented and communicated to all employees. Company has a formal audit committee, consisting of independent external board members. Management uses a formal business planning process to drive the allocation of resources and to provide direction to the business. Business and operating plans are reviewed on a regular basis to ensure that the company is achieving its planned objectives. Management has implemented formal processes for reviewing operational data to assist with day-to-day decision-making. Systems are maintained to store all transactional and accounting data required to produce financial statements. (Note: If systems are relied upon to produce financials, consider whether information technology controls should be evaluated.) The company maintains a formal records retention policy, which enforces the minimum standards required by the Internal Revenue Service (IRS). Management has developed a business continuity policy, which states that the procedures should be enforced if a situation were to arise where business is interrupted. Key documents, including employee records, checks, contracts, customer information, and other confidential materials, are kept in locked or otherwise physically secure locations. #REF!

Test in current period?

Test of controls

Control evaluation

Notes on results
Ensure that ethics policy is updated during next audit.

Control environment

Yes

Review minutes of board meetings to determine whether ethics board was active; Effective review ethics policy to determine when last update was made; review employee handbook to determine if ethics policy is being communicated to employees. Review composition and background of audit committee board members to determine independence. Review recent business plan to determine level of sign-off.

Business planning

No

Business planning

No

Interview key executive and management personnel to document timing of plan reviews. Interview key management personnel to document process for reviewing operational data. Review sample of reports. Document key systems used to support financial statements; systems to document include the general ledger and order management applications.

Management reporting

No

Financial reporting

No

Records retention

No

Review the retention policy; conduct a site visit to determine if historical records are stored in alignment with the retention policy. Review the business continuity plan; determine whether it is current and whether it has been tested recently. Review test results if available. Observe the physical locations for key business-related documents to gauge whether the level of security is appropriate.

Business continuity

No

Physical security

No

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

#REF!

No

Business process audit areas

Control
Duties are segregated so that the person who authorizes vendor payments is not responsible for generating purchase orders or writing checks. Formal purchase orders are used for every purchase.

Test in current year?

Test of controls
Review organizational charts; interview key personnel to understand job responsibilities. Review purchase orders matched to checks to review signatures. Sample 5% of the procurement log to ensure that signed purchase orders were available and that the data matches. Randomly sample raw materials inventory, and trace back to log and purchase order(s). Review log and determine when last updated. Conduct confirmation with sample of vendors to determine authenticity. Review results of last audit.

Control evaluation
Effective

Notes on results
Create a uniform purchase order form that needs two signatures to keep spending in check.

Procure to pay

No

Procure to pay

A list of authorized vendors is maintained; purchase orders can be written only against an authorized vendor. Vendors are audited on a quarterly basis to determine if conflicts of interest exist between procurement personnel and vendors. Vendor invoices are checked against signed purchase orders and delivery receipts before a check is cut. Numbered purchase orders and delivery receipts are kept in a locked area and are logged in sequential order. New sellers of the company's product are required to pass a prospective customer credit review before credit terms can be offered. A subsidiary ledger of all purchase and accounts payable transactions is maintained and is stored within a physically secure area. Customer records are maintained, including a purchase history for each transaction during the audit year. A cash collection log is maintained for all cash receipts. Such receipts are deposited at the end of each business day. An accounts receivable ledger is kept for all customer credit purchases. An aged accounts receivable report is generated to monitor cash collections. A log for journal entries that affect the monthly closing process is kept to document all adjustments made for reporting purposes, such as depreciation or amortization. An employee roster is maintained, including status (exempt/non-exempt), pay rate, and tax jurisdiction. State and federal taxes are withheld properly for all payroll, based on tax jurisdiction.

No

Procure to pay

No

Procure to pay

No

Procure to pay

No

Observe Accounts Payable during disbursement cycle. Review sample of disbursement file to determine that checks are cut only against signed purchase orders with delivery confirmation. Review logs and check against samples of purchase orders and receipts.

Procure to pay

No

Sample customer list, and match selections to credit review analysis.

Procure to pay

No

Review subsidiary ledgers, and match previous period totals to closed amounts on the financial statements. Review history for a sample of customers, and match to accounts receivable and/or cash receipts records. Review deposit records for a sample period, and match to deposit receipts.

Order to cash

No

Order to cash

No

Order to cash

No

Review subsidiary ledger and aged accounts receivable report. Tie ledger to financial statement totals for previous periods. Review general journal entries to determine if appropriate sign-off on material transactions is present. Trace a sample of journal entries to the financial statements to ensure proper posting. Take sample of current employee information, and verify with Human Resources and with direct manager that information is kept accurately. Review tax deposits, and match to employee detail for a sample period.

Book to report

No

Payroll

No

Payroll

No

Fixed assets

A log of all fixed assets, along with a depreciation schedule, is maintained in a secure location. An inventory valuation method (such as weighted average, FIFO, or LIFO) is used consistently throughout the audit period. An inventory ledger including a cost-of-goods-sold analysis should be maintained.

No

Review fixed asset log and capital asset depreciation schedule. Ensure that totals equal amounts on financial statements for previous periods. Discuss with management the valuation method used, to determine appropriateness. Note if any changes in valuation method were used, and if so, obtain justification from management. Review ledger and cost-of-goods-sold analysis for period, and tie to financial statement results.

Inventory

No

Inventory

No

No

[Name of Company] Audit Plan Recommendations

General controls
Audit recommendations

Business process audit areas