Audit Proposal: Kudler Fine Foods
Audit Proposal
Zhongle King, Rebecca Kiritsy, Jo McClain, Jared Palmer
ACC 542
October 13, 2014
Irene Branum
Audit Proposal Kudler Fine Foods, a Southern California-based upscale specialty food store, hopes to expand operations. One step in the expansion is updating the company’s accounting information systems. Kudler’s management decided to enhance the payroll, accounts payable, account receivable and inventory accounting processes. Team B recommended industry-specific software to automate and standardize Kudler’s process. The team also suggests establishing an audit schedule to ensure the systems are reliable, secure, confidential, and available when needed. Below are a description of the four types of information system audits, …show more content…
Team B’s recommended audits for Kudler’s processes, and an explanation of how audits will be conducted. Finally, this paper identifies events that might prevent reliance on auditing through the computer.
Types of Audits Team B recommends Kudler use the following types of audits described by Hunton, Bryant, & Bagranoff (2004): SAS 70, SAS 94, Attestation, and Findings and Recommendations.
SAS 70 Audit An SAS 70 audit is an audit of the controls maintained by a service provider. The SAS 70 provides two report types: Type I, which the auditor reports an opinion about the operating controls, and Type II, that meets the objectives of the Type I and includes a detailed test of the controls’ effectiveness. The primary users of an SAS 70 report are management of the service provider, its customers, and the independent auditors of the users of the provider’s service. For instance, a payroll processing company would undergo an SAS 70 audit to assure its customers of adequate controls regarding the payroll service.
SAS 94 Audit SAS 94 audits deal with electronic records. When a company undergoes a financial audit, SAS 94 requires the auditor to consider the effect of the company’s information technology on its assessment of control risk. It guides and extends the auditors internal control knowledge as a part of a financial statement audit.
Attestation
An attestation audit presents the auditor’s report on an examination, review, or agreed upon procedures. The auditor provides assurance on something for which the client is responsible. An example, if the client is responsible for maintaining an effective internal control structure, an attestation audit would involve a review of controls and a report of findings or lack thereof.
Findings and Recommendations Findings and Recommendations is often considered “consulting” or “advisory” services. It summarizes the audit work, but does not include an opinion. The auditor reviews the company’s systems and provides recommendations about an IT system or project.
Recommended Audit for Each Process
Accounts Receivable
Kudler processes a majority of its sales electronically. The POS module captures all sales and reports all sales data. Because most of the sales and receivables are processed electronically, which makes it difficult to reduce detection risk to an acceptable level, Team B recommends an SAS 94 audit for the accounts receivable process. Team B recommends Kudler’s auditors focus on the system administration review that involves a review of the operating systems. Also the auditors should focus on application software review, in which the auditor validates inputs and the processing of outputs.
Payroll
Kudler processes its own payroll rather than using a third party. Thus, Team B recommends an attestation audit of Kudler’s payroll processes. An attestation audit would provide assurance that all controls and processes are being followed.
Accounts Payable
Accounts payable is also done through electronic processing, making it difficult to bring detection risk to an acceptable level. The most appropriate audit of accounts payable is an SAS 94 audit. This would require the auditor to gain an understanding of how transactions are initiated, entered, and processed through Kudler’s information system. Also, the auditor would review the initiation of recurring and nonrecurring entries.
Inventory
Some of Kudler’s inventory is ordered from vendors, some inventory comes as finished product, and other inventory is created in-house.
Team B recommends an attestation audit for Kudler’s inventory processes. The auditor would examine the agreed upon controls for the processing of inventory and insure those procedures are followed.
How to Conduct Audits An IT audit involves several steps. Hunton, Bryant, and Bagranoff (2004) suggest following the steps in the audit life cycle:
1. Planning - An auditor must understand the client, identify the risks, and make proper assessment. During the planning stage, the auditor becomes familiar with personnel and work environment, creates an audit plan, and distributes the responsibility amongst the audit team.
2. Risk Assessment -Risk assessment involves analysis of current processes, testing the support process, and evaluating the effectiveness of controls. It also requires research and observation to understand the current process.
3. The Audit Program - Key elements during this stage include the audit scope, audit objectives, audit procedures, and administrative details.
4. Gathering evidence – The auditor may shadow current employees and observe current procedures, go through the records, or interview the Kudler’s employees independently.
5. Forming …show more content…
Conclusions Meet the audit objectives Audit performance
Evaluate
the collected evidence Gather audit opinions from other auditors
Make final conclusion
6. The Audit Opinion – The auditor will provide the client with a report, attestations, or findings and recommendations.
7. Following-up - Follow-up provides an opportunity for the company to address any issues and make improvements.
Events That Might Prevent Reliance on Auditing Through the Computer Auditing through the computer refers to an auditors’ review of accounting information systems by following the audit trail “through the internal computer operations phase of automated data processing” (Bagranoff, Simkin, & Strand, 2008, p.
352) to verify controls are working and accurate data processing. However, certain events might prevent reliance on auditing through the computer. For instance, auditing through the computer assumes that the computer hardware is functioning properly. Improper function may prevent auditing through the computer. Similarly, if computer controls are weak or nonexistent, Kudler cannot rely on auditing through the computer. The auditor must review information system controls by assessing risks and identifying control procedures designed to prevent these threats before choosing to audit through the
computer.
Conclusion
Kudler is considering expanding into new markets. The expansion includes upgrading their computer information systems. After implementing the new system, auditing will ensure Kudler’s information systems are reliable, secure, confidential, and available when needed. Team B recommends attestation and SAS 94 audits of the company’s accounts receivable, accounts payable, inventory, and payroll processes to confirm the systems are operating properly, controls are functioning as intended, and the data is processed accurately.
References
Bagranoff, N. A., Simkin, M. G., & Strand, N. C. (2008). Core concepts of accounting information systems (10th ed.). New York, NY: Wiley.
Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core concepts of information technology auditing. Hoboken, NJ: Wiley.
Zhongle King, Rebecca Kiritsy, Jo McClain, Jared Palmer
ACC 542
October 13, 2014
Irene Branum
Audit Proposal Kudler Fine Foods, a Southern California-based upscale specialty food store, hopes to expand operations. One step in the expansion is updating the company’s accounting information systems. Kudler’s management decided to enhance the payroll, accounts payable, account receivable and inventory accounting processes. Team B recommended industry-specific software to automate and standardize Kudler’s process. The team also suggests establishing an audit schedule to ensure the systems are reliable, secure, confidential, and available when needed. Below are a description of the four types of information system audits, …show more content…
Team B’s recommended audits for Kudler’s processes, and an explanation of how audits will be conducted. Finally, this paper identifies events that might prevent reliance on auditing through the computer.
Types of Audits Team B recommends Kudler use the following types of audits described by Hunton, Bryant, & Bagranoff (2004): SAS 70, SAS 94, Attestation, and Findings and Recommendations.
SAS 70 Audit An SAS 70 audit is an audit of the controls maintained by a service provider. The SAS 70 provides two report types: Type I, which the auditor reports an opinion about the operating controls, and Type II, that meets the objectives of the Type I and includes a detailed test of the controls’ effectiveness. The primary users of an SAS 70 report are management of the service provider, its customers, and the independent auditors of the users of the provider’s service. For instance, a payroll processing company would undergo an SAS 70 audit to assure its customers of adequate controls regarding the payroll service.
SAS 94 Audit SAS 94 audits deal with electronic records. When a company undergoes a financial audit, SAS 94 requires the auditor to consider the effect of the company’s information technology on its assessment of control risk. It guides and extends the auditors internal control knowledge as a part of a financial statement audit.
Attestation
An attestation audit presents the auditor’s report on an examination, review, or agreed upon procedures. The auditor provides assurance on something for which the client is responsible. An example, if the client is responsible for maintaining an effective internal control structure, an attestation audit would involve a review of controls and a report of findings or lack thereof.
Findings and Recommendations Findings and Recommendations is often considered “consulting” or “advisory” services. It summarizes the audit work, but does not include an opinion. The auditor reviews the company’s systems and provides recommendations about an IT system or project.
Recommended Audit for Each Process
Accounts Receivable
Kudler processes a majority of its sales electronically. The POS module captures all sales and reports all sales data. Because most of the sales and receivables are processed electronically, which makes it difficult to reduce detection risk to an acceptable level, Team B recommends an SAS 94 audit for the accounts receivable process. Team B recommends Kudler’s auditors focus on the system administration review that involves a review of the operating systems. Also the auditors should focus on application software review, in which the auditor validates inputs and the processing of outputs.
Payroll
Kudler processes its own payroll rather than using a third party. Thus, Team B recommends an attestation audit of Kudler’s payroll processes. An attestation audit would provide assurance that all controls and processes are being followed.
Accounts Payable
Accounts payable is also done through electronic processing, making it difficult to bring detection risk to an acceptable level. The most appropriate audit of accounts payable is an SAS 94 audit. This would require the auditor to gain an understanding of how transactions are initiated, entered, and processed through Kudler’s information system. Also, the auditor would review the initiation of recurring and nonrecurring entries.
Inventory
Some of Kudler’s inventory is ordered from vendors, some inventory comes as finished product, and other inventory is created in-house.
Team B recommends an attestation audit for Kudler’s inventory processes. The auditor would examine the agreed upon controls for the processing of inventory and insure those procedures are followed.
How to Conduct Audits An IT audit involves several steps. Hunton, Bryant, and Bagranoff (2004) suggest following the steps in the audit life cycle:
1. Planning - An auditor must understand the client, identify the risks, and make proper assessment. During the planning stage, the auditor becomes familiar with personnel and work environment, creates an audit plan, and distributes the responsibility amongst the audit team.
2. Risk Assessment -Risk assessment involves analysis of current processes, testing the support process, and evaluating the effectiveness of controls. It also requires research and observation to understand the current process.
3. The Audit Program - Key elements during this stage include the audit scope, audit objectives, audit procedures, and administrative details.
4. Gathering evidence – The auditor may shadow current employees and observe current procedures, go through the records, or interview the Kudler’s employees independently.
5. Forming …show more content…
Conclusions Meet the audit objectives Audit performance
Evaluate
the collected evidence Gather audit opinions from other auditors
Make final conclusion
6. The Audit Opinion – The auditor will provide the client with a report, attestations, or findings and recommendations.
7. Following-up - Follow-up provides an opportunity for the company to address any issues and make improvements.
Events That Might Prevent Reliance on Auditing Through the Computer Auditing through the computer refers to an auditors’ review of accounting information systems by following the audit trail “through the internal computer operations phase of automated data processing” (Bagranoff, Simkin, & Strand, 2008, p.
352) to verify controls are working and accurate data processing. However, certain events might prevent reliance on auditing through the computer. For instance, auditing through the computer assumes that the computer hardware is functioning properly. Improper function may prevent auditing through the computer. Similarly, if computer controls are weak or nonexistent, Kudler cannot rely on auditing through the computer. The auditor must review information system controls by assessing risks and identifying control procedures designed to prevent these threats before choosing to audit through the
computer.
Conclusion
Kudler is considering expanding into new markets. The expansion includes upgrading their computer information systems. After implementing the new system, auditing will ensure Kudler’s information systems are reliable, secure, confidential, and available when needed. Team B recommends attestation and SAS 94 audits of the company’s accounts receivable, accounts payable, inventory, and payroll processes to confirm the systems are operating properly, controls are functioning as intended, and the data is processed accurately.
References
Bagranoff, N. A., Simkin, M. G., & Strand, N. C. (2008). Core concepts of accounting information systems (10th ed.). New York, NY: Wiley.
Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core concepts of information technology auditing. Hoboken, NJ: Wiley.