A common, effective risk assessment procedure is a systems walk-through procedure. By tracing transactions from their inception to their termination in the general ledger, an auditor can confirm internal control documentation (such as flowcharts, internal control questionnaires and memos) obtained by inquiries of client personnel. The results of a walk-through can be documented on a flowchart or accompanying memo. An auditor’s assessment of control risk will result from these and other procedures.
An illustrative walk-through checklist and flowchart are included below to guide the procedure for payroll.
SYSTEMS WALK-THROUGH PROCEDURES CHECKLIST
This checklist is designed to facilitate understanding of an entity’s accounting and internal control systems. The checklist contains basic procedures that can be commonly applied to small and medium-sized entities. Additional and/or modified procedures may be necessary to accommodate the unique policies and procedures of each entity for which the checklist is used. In circumstances where tests of an entity’s IT system are required, the procedures below may be used to guide the design such tests.
This checklist may be used for reference only or each procedure may be initialed and dated as it is completed, depending on firm policy. Documentation of the walk-through procedure is required and should include identification of documents examined, an explanation of procedures performed, descriptions of the results of the procedures, documentation of additional procedures performed for exceptions and unusual matters, and written conclusions based on the results of the procedures..
1. Interview appropriate client personnel and prepare a flowchart of the payroll accounting system. Indicate the key controls performed at the entity and activity levels by tickmarks or other means on the flowchart or other accompanying documentation.
2. Haphazardly select 5, 10 or 15 time cards or other records of time worked for a cross-section of employees to begin the walk-through procedure. The greater the number of units selected, the greater the substantive evidence generated from the walk-through procedure. The auditor’s planning objective should be to gather sufficient substantive evidence from risk assessment procedures to reduce risk of misstatement to a level that is less than high or, in other words, to reduce the more costly tests of balances procedures.
3. Record identifying numbers or descriptions of the documents selected that initiate transactions in the payroll cycle. Make a similar record of identifying numbers or descriptions of all other data or documents inspected during the walk-through procedure.
4. Following the accounting and internal control systems flowchart, trace each transaction selected from its initiation to its termination by performing the following procedures for each of the documents inspected:
a. Determine that the authorization and initiation procedures are performed and evidenced as required by the entity’s policies. Depending on nature of formal or informal policies, such evidence may take the form of initials and dates of persons performing key controls or, for smaller entities, responses to inquiries made by management personnel.
b. Determine the clerical and mathematical accuracy of data on all documents inspected.
c. Trace all initiating documents to recording in a source journal such as a payroll register or payroll journal and compare the information on the documents to the source journal recorded information..
d. If separate tests of the IT system have not been performed for systems that permit user modification, test the mathematical accuracy of the source journal and test trace totals to recording in the general ledger account activity. If the entity uses an out-of-the-box software system, tests of the IT system are not normally required, nor are tests of mathematical accuracy.
e. Obtain evidence, either by inspecting documents or making inquiries of management, that formal or informal key controls have been performed.
f. Select a payroll account bank statement and the related reconciliation for at least one month’s activity. Make inquiries of management about the performance of key controls and review the reconciliation for reasonableness.
g. Scan the general ledger payroll and related accounts for the reporting period and obtain information from management about the propriety of unusual general journal or other entries.
5. Prepare a memorandum, or document on the flowcharts, a conclusion about the design and operation of the entity’s accounting and internal control systems.
a. If a limited number of transactions were selected for walk-through procedures to verify that no significant changes were made from the prior year’s acceptable design and operation of the internal control system, and no changes were found, the conclusion would be that the prior year’s evaluation of control risk could be used for the current year.
b. When the auditor determines during planning that it is likely internal control systems are designed and operating properly (given the nature, size and complexity of the entity), and a larger number of transactions are selected for the walk-through procedures, the objective should be to gather substantive evidence that the internal control systems are designed and operating properly. A conclusion that results are acceptable would result in an audit strategy that plans for reductions in more costly related tests of balances procedures. Unacceptable results, of course, will require either more detailed tests of payroll activity or more substantive tests of payroll and related account balances.
My live and on-demand webcasts include further discussions of the systems walk-through procedure as an essential part of a cost-efficient audit strategy. You can download syllabuses and register by clicking the applicable box on the left side of my home page, www.cpafirmsuipport.com.