Instead of waiting for an infrequent internal audit to investigate a variety of risk areas, consider a regularly-scheduled investigation using Excel and data downloaded from the accounting system. Excel downloads are a staple of most accounting software, usually resulting in either pre-formatted spreadsheets or comma-delimited text that can be easily converted into a spreadsheet. Once in spreadsheet format, consider making the following tests:
- Transactions during odd hours. For all types of transactions, sort the spreadsheet based on time and date to see if anyone is accessing the system outside of regular working hours, and investigate any transactions made during those times.
- Same data entry person for the same supplier. For payables transactions, sort the spreadsheet by supplier name and then by the user ID of the person entering transactions. If the same person always enters payables for the same supplier, this could be a shell company owned by the data entry person.
- Sub-threshold transactions. For payables transactions, sort in declining order by invoice totals, and investigate payments for which dollar amounts are just below the corporate approval threshold. Chances are good that some involve split payments to avoid detailed analysis by an authorized approver.
- Late customer orders with no purchase order. For billing transactions, first sort on overdue customer invoices, then sort the resulting subset on billings without customer purchase order numbers, and then sort this even smaller subset on orders exceeding the credit approval threshold. The result may be a small number of orders that were improperly routed around the credit department.
These are only a few suggestions for possible tests. A more company-specific approach is to periodically analyze potential risks in relation to the existing control structure and see which high-risk items are most suitable for investigation with spreadsheet analysis.