Audit of an Accounting Department - No Documented Procedure for Accounting

L

Libnani

#1
i am an external audior.
In the organisation chart of the company i audited , the accounting department is considered as part of the quality system.

All The accounting trannsactions are done through an accounting software.

The company had no documented procedure for accounting.

how to audit such department ? audit the software against what ?!!!!
 
Elsmar Forum Sponsor
P

Polly Pure Bread

#2
I am an apprentice but I believed that their computerized system generates reports. How do they process payables? What are the things to be controlled? Example cash voucher, sales invoice, due dates, etc. Who is responsible? Who reviews and approved? What is the process for cashiering? What is the process and control methodology for check preparation and releasing? What is the process for preparation and submission of financial report? It is important for the management in the provision of resource, planning, review, etc. that has something to do with quality and the ability to provide customer satisfaction. Things like that.

I hope they established quality objectives and they have quality plan on how to achieve them.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
Good response from dQApprentice. :applause:

I would only add the questions about how well they understand how their function supports customer satisfaction (speed in processing Accounts Payable, and accuracy in billing for example), what they do when problems are discovered and how they know when their efforts to improve succeed. Top management should somehow be made aware of these activities and support the accounting function in its efforts to do its work well.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
i am an external audior.
In the organisation chart of the company i audited , the accounting department is considered as part of the quality system.

All The accounting trannsactions are done through an accounting software.

The company had no documented procedure for accounting.

how to audit such department ? audit the software against what ?!!!!
Firstly, according to ISO 9001, the organizations should have identified the PROCESSES (not departments) that are part of the QMS. Auditors (professional ones, especially) need to understand the PROCESS APPROACH. Failure to do so impedes effective auditing. If the organization has not identified the PROCESSES that are part of their QMS, that should have been caught in stage 1 audit, and no stage 2 should be performed until this BASIC aspect is rectified.

What are the processes related to the accounting that have a connection with customer satisfaction? Invoicing, billing? Who is the process owner? Talk to him/her. Are the activities being done in line with the described processes? Are there customer complaints due to erroneously billing, invoicing? Read the Auditing a QMS which has minimum documentation paper.
 

qusys

Trusted Information Resource
#5
Agree with all the other Covers that responded.

I would like to suggest use the Turtle diagram model to audit this process: this is very usefull for the auditor , because they can audit a process in roder to understand its effectiveness ( for ISO 9001) as well efficiency ( in the case of ISO TS) too.
Ask for input and output of the process, how they monitor result, which indicies they have, competences, reaction mechanism in case of problems ( in this case also not formalized procedures, understand if they use standard methods across the process and not that personnel use their own procedures...in this case it is non conformity being not in controlled process...), support tools, linked processes and interactions...
At the end you could have a good analysis vs teh standard you audited..
Pay attention to regulatory law they shall comply to...

hope this helps:bigwave:
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#6
Pay attention to regulatory law they shall comply to...
Auditors performing quality system audits can not be expected to know, or even be aware, of laws an organization has to comply with, outside of legal requirements that apply to the products.

QMS auditors should not delve into regulatory compliance assessments outside of the system being audited. And, even within the system being assessed, an ISO 9001 conformance audit should not turn into a regulatory compliance check, either.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#7
Auditors performing quality system audits can not be expected to know, or even be aware, of laws an organization has to comply with, outside of legal requirements that apply to the products.

QMS auditors should not delve into regulatory compliance assessments outside of the system being audited. And, even within the system being assessed, an ISO 9001 conformance audit should not turn into a regulatory compliance check, either.
I agree with Sidney.

Management system audits are not a substitute for, or even a compliment of financial system audits. Even if I had the expertise and/or qualifications of a CPA, my work as an internal auditor wouldn't normally cross into the boundaries of, say that of the Sarbanes Oxley Act. In contrast, it is easier to identify requirements and compliance to OSHA laws, and I am ethically bound to report to management any OSHA violations I see while auditing, even if I am not doing a safety audit.

That said, if I ran across something flagrantly wrong in the accounting field while I was doing an audit of a management system, I would be duty bound to report what I saw to management - I just wouldn't be able to do so in more than an advisory capacity.
:2cents:
 
P

Polly Pure Bread

#8
I agree with Sidney.

Management system audits are not a substitute for, or even a compliment of financial system audits.
With regard to financial statement, the only critical thing that I see is the accuracy and timeliness of the reports e.g. income statement, balance sheet and cash flow, etc. because these are vital for management to make decisions.
 
J

JaneB

#9
how to audit such department ? audit the software against what ?!!!!
For a start, as Sidney has said, don't audit a department, audit one or more processes.

I'd start by:
1. Finding out what the 'quality' objectives are for this Department and how they are measured/monitored. What are they? What are the metrics? How do these relate to the higher level company objectives and contribute to the company meeting its quality policy?

2. Finding out what the main processes are that this Accounting Dept either does, owns or contributes to. They're not just 'there because they're there', they have some reason for being which enables this company to fulfil its objectives. What is it or them?

By now, I'd expect to have seen something written for 1. (eg, department plan, company plan or similar); something may or may not exist in a 'written form' for 2. But in that case I'd expect at least the manager of the area to be able to explain it clearly.

3. What about competency and organisation? Do they have defined responsibilities & authorities? Evidence of competency of personnel? Here I'd be going back to what the company requirements are.

4. Now I'd have some understanding of what they aim to do, and broadly speaking how they go about it. Now I can look for, and ask for evidence, of whether their processes and activities are meeting the requirements, delivering 'the goods'... or not. You don't audit 'the software', you have to focus on what the aim is (what are they setting out to achieve?) and look to see that they are achieving those aims; eg, if they're supposed to be accurately processing receivables by date x of each month, and the metric is accurate financial statements provided by date y of the month, are they doing that on time? Are there any complaints about accuracy? Customer dissatisfaction/complaints/negative feedback? Or compliments? Because if they're fulfilling their objectives and the evidence suggests they're doing it well, then why would they need procedures?

You see, they don't necessarily need written procedures. Having a written procedure is not the be-all and end-all of quality! (And in any case, procedures only ever make sense in the context of a process.) Always look for the processes first, don't start off by looking for written procedures.
 

harry

Super Moderator
#10
i am an external audior.
As a user of the services of certification bodies, this is what I would like their auditors (3rd party) to do if faced with such a situation.

1. Reconfirm with their head office on the scope of certification and audit for that particular organization.

2. If (in the unlikely circumstances) finance is included, to ask himself (as a professional) if he is competent to do the job. If not, to request for the assistance of an expert.

3. To keep to the scope of the audit. Many organizations included ISO 14001 or OHSAS 18001 in their manual – it doesn’t mean that he should audit those. Thus I don’t understand what is meant by:

In the organisation chart of the company I audited , the accounting department is considered as part of the quality system.
4. Otherwise, to treat finance/accounting the same as HR – as a support process. To audit those areas that interfaced with the main processes of the QMS. Areas such as billings and payment but not to overstep the boundary and trespass into areas where he/she is not competent to audit or give ideas. (similarly, you don’t ask to see the organizations compensation system when you audit HR because it is outside your scope or area of expertise)

5. If my predecessors had made a mistake, to correct it and explain it to the auditee.
 
Last edited:
Thread starter Similar threads Forum Replies Date
P Configuration Status Accounting vs. Configuration Audit - Differences Software Quality Assurance 2
D How to Audit Oracle used for Accounting Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
J Internal Audit Questions - Accounting - ISO 9001 Internal Auditing 24
R Auditing Accounting as a Key Process - TS16949 Audit Internal Auditing 6
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Quality Audit Training Activities Quality Manager and Management Related Issues 2
G IATF Rules for COVID 5th revision - Re-certification audit timing IATF 16949 - Automotive Quality Systems Standard 3
E MDR internal audit Internal Auditing 1
Ed Panek Remote Audit GOTOMEETING thoughts Coffee Break and Water Cooler Discussions 22
B ISO 9001 - "Remote Audit Fee" Registrars and Notified Bodies 13
L IATF external audit virtual (remote) IATF 16949 - Automotive Quality Systems Standard 13
M Audit Criteria Training Materials Internal Auditing 1
K New supplier audit as per V3.1 by French Automotive OEM General Auditing Discussions 2
S Complexity Rating - CB adding another audit day for "high complexity" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2

Similar threads

Top Bottom