There are generally two types of visits from an audit team: a walk-through or an audit. A walk-through is when auditors interview a number of key personnel and observe a ‘walk-through’ of the process to get an understanding of the key control activities being
performed. During the interviews, they will assess whether you have a good understanding of the controls performed in your respective area. Similar questions will occur during an audit.
During a walk-through, the audit team will ask questions about the processes, risks, and control activities in your area. Typical questions include:
; How does this information get to you? What do you use it for? Where do you send
this information? What do they do with it?
; How do you know it is correct? What if it is incorrect? How do you know that amount
is calculated correctly? What if you are not able to execute a control? What are the
consequences if this control is not performed? Why is this control important?
; What other materials, applications, or systems do you use? Who else has access to
; What are you looking for when you review and authorize that transaction?
; What types of errors do you typically find? How are these resolved?
; Are all transactions processed this way, or are there other transactions that are
; Will you show me how you know this particular data gets aggregated into this
During an audit, the audit team will review your controls and seek evidence the control is operating as described. Evidence must be tangible, independently verifiable materials (e-mails, spreadsheets, etc.). Verbal approvals, for example, will not be accepted as control evidence by the audit team.
During a walk-through or an audit, for contract controls, you should also be prepared to answer questions like:
; What level of CFM support is being provided for this contract?
; What are the steps involved in getting a contract signed? What other groups are
involved in reviewing/approving the proposal/contract?
; What are the steps involved in getting a contract set up? Who is involved in the set
up? What documents are needed to support the set up? What approvals are
; How are taxes given consideration in the planning and execution of a contract?
; How are modifications and/or extensions to the contract handled?
; How are contract costs reviewed?
; How are required journal entries, including accruals, identified and entered into SAP? ; How is the financial performance of the contract reviewed? How are receivables
; How is the ETC/EAC determined? How is this information approved and then
; How is revenue calculated for the contract?
; What are the steps for closing a contract?
; How is the contract executive involved in the procurement process? ; How is the contract executive involved in the hiring and termination of personnel? ; How is the documentation related to the economics of the contract retained?
Do’s and Don’ts
; Do be honest at all times.
; Do answer the question asked. Ask for clarification if you don’t understand a
; Do refer the auditor to any of the applicable policies and procedures. Explain the
process to the auditor. This shows you know the policies and procedures and
understand their contents.
; Do help the auditor understand your process ‘as it is today.’ Speak in the present
tense. Speaking in the past or future tenses gives the impression that you are not
currently performing the activity. The exception would be any controls not yet in
place, but will be soon (and have been documented).
; Do demonstrate your controls. Have copies of control evidence available. ; Do be confident of your answers.
; Do refer the auditor to someone who may be better suited to answer the question.
Don’t speculate about important details. Direct the auditor to the necessary expert.