Wiley Practitioner's Guide to GAAS 2020. Joanne M. Flood

Чтение книги онлайн.

       Don’t make value judgments. In any organization, the information that flows through a processing stream will follow the path of least resistance. Controls that are seen as barriers to the processing of legitimate transactions that meet the company’s overall objectives may be bypassed. The employee may not be at fault. More important, if you adopt a judgmental attitude toward the interviewee, he or she will be less inclined to participate productively in the information-gathering process, and your interview will lose effectiveness.

       Separate information gathering from evaluation. Remember that this phase of your inquiries is a two-step process: (1) identify the exceptions to the stated policy, and (2) assess the effect that these have on operating effectiveness. Keep these two objectives separate. Be careful that you don’t perform your evaluation prematurely, before you gather all the necessary information. When performing your inquiries, remember that your only objective is to gather information; you will perform your evaluation once you have completed your inquiries.

       Use hypothetical or indirect questions to probe sensitive areas. Many interviewees will feel uncomfortable describing to you how they circumvent company policies or how they have incompatible duties that could leave the company vulnerable to fraud. To gather this type of information, use indirect questioning techniques that do not confront employees directly or otherwise put them on the defensive. For example, you might preface your questions with qualifying statements, such as:“If a situation arose in which …”“Suppose that …”“If someone wanted to …”

       Ask interviewees directly about their opinions of control effectiveness. The overall objective of your inquiry is to gather information to assess the effectiveness of controls. The opinions of those who perform the control procedures on a daily basis are important. Ask them to share those opinions. Do they think the controls are effective? Why or why not?

       Enable you to see the whole process. You may be able to convene a group of individuals who represent every step in the processing stream, from the initiation of the transaction through to its posting in the general ledger. A group discussion that includes these members will help you to understand more quickly how the entire process fits together.

       Foster communication and understanding. In conducting your group discussion, you will bring together people in the company who may not interact on a regular basis, and you will engage them in a discussion about operating procedures and controls. By participating in this process, employees will gain a greater understanding of their responsibilities and how these fit into the larger picture. This improved understanding among employees will allow your project to provide value to the company that goes beyond mere compliance.

      1 Review the documentation of the processing stream and determine who should be invited to participate. Groups of five to ten people usually work best—everyone can make a meaningful contribution to the conversation without things getting out of hand. Try to make sure that someone is present who has experience with every process, control, document, or electronic file described in your documentation of the processing stream.

      2 Prepare a flowchart of the process on a large sheet of paper. Use sticky notes to document processes and control points. Your group discussion will be highly interactive, and the participants will have the opportunity to change your original flowchart to provide a more accurate description of what really happens in the process. Therefore, you should prepare your flowchart in a way that allows the group to work with it easily. Low-tech, high-touch works best.

      3 Assemble the group and explain:The purpose of the discussion, as described previously.The process, in which you will facilitate a discussion of how the process really works and the participants will be free to describe what happens by modifying the flowchart.How long the discussion will take. Usually, one to two hours is the longest that group discussion of this nature can remain productive. If you need more time, it is better to have more sessions rather than have longer sessions.

      4 Post the flowchart on the wall, and walk the participants through your understanding of the process.

      5 Facilitate a discussion among the participants. Be sure to:Reach an understanding about what should happen.Identify those instances in which exceptions exist (what really happens).

       Examine the documentation indicating that the control procedure was performed.

       Reperform the procedure to determine that the control was performed properly. For example, the process for recording inventory purchases may require physically matching a paper-based warehouse receiving report with an approved purchase order.

       Determine that the purchase order was properly approved, as indicated by a signature.

       Determine that the vendor is an approved vendor.

       Observe evidence (e.g., checkmarks, initials) that warehouse personnel counted the goods received.

       Examine documentation that the control was performed, including:Documents were matched.Purchase order was signed.Receiving report was marked.

       Determine that the control was performed properly, including:Purchase order and receiving report are for the same transaction.Vendor is an approved vendor.Signer of the purchase order has the authority to approve the transaction.