An Internal auditors may assess whether internal controls across the revenue cycle—from sales orders, credit approval, shipping, billing, revenue recording, to revenue collection—are well-designed to prevent material misstatements. Each stage carries specific risks tied to assertions like occurrence, accuracy, and cutoff.
-
Example: At a logistics firm, the auditor finds that revenue is recorded before shipping confirmation. This weakens the occurrence assertion. Though a control exists to verify shipping before billing, it’s manual and often skipped.
-
The auditor recommends automating the billing process to trigger only after verified shipment, ensuring stronger control design and compliance.
Assessing the design adequacy of internal controls in the revenue cycle is a foundational step in ensuring accurate financial reporting and fraud prevention. Internal auditors examine whether the controls, as designed, are capable of preventing or detecting material misstatements in a timely manner.
-
Key areas for evaluating control design include:
-
Segregation of duties among sales, billing, and cash collection
-
Pre-approval of credit before processing orders
-
System-enforced invoice generation only after shipping confirmation
-
Matching of documents: sales order, shipping document, and invoice
-
Review and approval workflows for price changes and discounts
-
-
Example: An internal auditor reviews the revenue cycle at a consumer electronics distributor. The company has a policy requiring approval of all orders above $10,000 by the finance manager. However, the ERP system does not enforce this control, and approvals are sometimes bypassed. While the policy exists, the design is inadequate because it lacks automation and consistent enforcement.
-
The auditor recommends embedding automated approval thresholds within the system, with alerts for unauthorized processing. Assessing control design helps ensure policies are not just documented, but also realistically implementable and effective at safeguarding revenue processes.