Sales Audit Checklist pdf

The objective of an internal audit is to assess the risk of material misstatement in financial reporting. Material misstatements can arise from inadequacies in internal controls and from inaccurate management assertions. As such, testing the validity of various implicit managerial assertions is a key objective as an internal auditor.

While this applies to all financial cycles, its important not to overlook other business functions that must be audited, like the Sales Invoicing and Credit Management (SICM) cycle. One of internal audits main roles in auditing sales invoicing and credit management is to ensure proper segregation of duties whenever possible and assign appropriate mitigation controls where proper separation is not possible.

The Most Important General Control Activities for Sales Invoicing and Credit Management Are:

• Organization

• Sales Planning and Target Setting

• Customer Acquisition

• Client Acceptance and Sales Agreements

• Client Relationship Management

• Order Processing

• Invoicing

• Sales Returns and Credit Notes

• Credit Management

• Customer Master Data

Sales and Marketing Organization

When conducting sales and marketing activities, there are a few important business goals that should be considered:

• Effectiveness of the sales and marketing organization

• Adequacy in the definition & communication of authority limits

• Appropriate segregation of duties in the sales and marketing department

When conducting the audit ofyour sales and marketing organizationlook out for the following controls/best practices:

• Organization structure is adequately designed to achieve the objectives, is available to all staff, and is updated regularly.

• Relevant business unit policies and directives have been communicated to all relevant staff, and a copy of the local policies is stored in a shared location for easy reference.

• Authority limit schedules are in place and available to all staff. This is regularly reviewed for appropriateness, staff changes, and to ensure alignment with the corporate authority schedule. This should also be stored in a shared location for easy reference.

• Roles and responsibilities are documented within staff job descriptions and task/processes are reviewed on a regular basis to ensure adequate management oversight and to ensure that conflicting tasks are avoided (supporting ERP access is also reviewed for SOD conflicts).

Segregation of Duties

Businesses should be aware of employee responsibilities to ensure adequateSegregation of Duties (SOD)whenever possible. The risk of not doing so includes inadvertently processing unauthorized transactions.

When conducting the audit look out for the following controls/best practices:

• Roles and responsibilities are documented within staff job descriptions and task/processes are reviewed on a regular basis to ensure adequate management oversight and to ensure that conflicting task are avoided (supporting ERP access should also reviewed for SOD conflicts).

• SOD between authorization, custody of assets, recording of transaction and control activities (e.g. sales / order handling).

IT/ERP Systems and Applications

IT infrastructure and applications must adequately support the activities of the business. A poor infrastructure results in a variety of inefficiencies and poor decisions, plus a plethora of security risks and legal risks.

When conducting the audit look out for the following controls/best practices:

• IT landscape maintained with all applications.

• Licenses for all applications stored on central server to ensure backup.

• Regular backups of laptops to server (forced where possible).

• Access to internet/externa lines through business global gateways.

• Management information reporting from IT systems allows for complete, accurate and timely management information suitable for management oversight and decision making processes.

Sales and Marketing Strategy

Sales and Marketing Strategysupports the business goals and objectives. When conducting the audit look out for the following controls/best practices:

• Sales and Marketing strategy is considered and decided during discussion on business strategy

• Sales Strategy includes: sales goals, task and activities that are required to deliver the business plan, performance metrics are identified, developed, agreed and deployed.

• Marketing Strategy includes: Priority market, channel and product segments; Brand Portfolio strategy; Innovation Strategy; Communication and Activation Strategy; Pricing Strategy; and Channel Strategy.

Policies and Procedures

Clear policies and procedures should be documented for key aspects of the cycle. Not having clearpolicies and procedureswill lead to insufficient guidance for sales and marketing staff and controls will not be executed as designed.

When conducting the audit look out for the following controls/best practices:

• Policies and procedures for key processes and tasks are documented and communicated to all relevant staff, including providing staff with timely updates on changes.
• Owners for policies and procedures are identified and charged with keeping procedures up to date
• Policies and procedures stored in a shared location. Reminder sent to owners for review automatically by system.

In conclusion, auditing standards require that auditors test basic underlying management assertions implicit in the financial statements. Key objectives to these assertions are; Existence and Completeness, Rights and Obligations, Valuation or Allocation, and Presentation and Disclosure.

While this article provides a brief overview, we have a library of audit checklists, RCMs, and other useful audit tools, so please feel free to contact us should you have questions or if you would like additional information. We are happy to provide you with whatever you need.