The purchases system is a critical component of an organization’s procurement and expenditure cycle, responsible for acquiring goods and services necessary for operations. Proper management of this system ensures that purchases are authorized, goods and services are received as expected, and payments are made accurately and timely. Effective internal controls within the purchases system help prevent fraud, unauthorized transactions, and errors that could impact financial reporting. The International Standards on Auditing (ISA) 315 and 330 emphasize the need for auditors to understand and evaluate controls within the purchases system to assess the risk of material misstatements. This article explores the control objectives, types of controls, and tests of controls within the purchases system.
1. Control Objectives of the Purchases System
The primary control objectives of the purchases system focus on ensuring that all procurement activities are authorized, accurately recorded, and compliant with organizational policies and regulatory requirements.
A. Authorization and Approval
- Objective: Ensure that all purchases are properly authorized according to company policies and budgetary constraints.
- Importance: Prevents unauthorized or fraudulent purchases that could lead to financial losses or operational inefficiencies.
- Example: Purchase orders (POs) over a specified threshold require managerial or executive approval before processing.
B. Accuracy and Completeness
- Objective: Ensure that all purchase transactions are accurately recorded and reflect the correct quantities, prices, and terms.
- Importance: Prevents errors in financial reporting, inventory management, and accounts payable.
- Example: Invoices are matched with purchase orders and receiving reports before payment is processed to ensure accuracy.
C. Timeliness and Efficiency
- Objective: Ensure that purchases are made and recorded in a timely manner to support operational efficiency and accurate financial reporting.
- Importance: Delays in purchasing can disrupt operations, while late payments can damage supplier relationships and incur penalties.
- Example: The system generates automatic reminders for payment due dates to ensure timely settlement of accounts payable.
D. Safeguarding Assets
- Objective: Ensure that goods and services purchased are received, verified, and safeguarded against theft or loss.
- Importance: Protects the organization’s physical and financial assets from unauthorized use or misappropriation.
- Example: Goods received are inspected and compared with purchase orders before being entered into inventory systems.
2. Key Controls in the Purchases System
To achieve the control objectives, organizations implement a range of preventive, detective, and corrective controls within the purchases system. These controls are designed to manage risks and ensure the integrity of procurement processes.
A. Preventive Controls
- Segregation of Duties: Separating responsibilities for ordering, receiving, and payment to reduce the risk of fraud and errors.
- Example: The procurement team handles purchase orders, the warehouse team receives goods, and the finance team processes payments.
- Purchase Order (PO) Authorization: Requiring formal approval of POs before goods or services are ordered.
- Example: POs above a certain value must be approved by a senior manager before processing.
- Vendor Approval Processes: Establishing procedures for approving and maintaining a list of authorized suppliers.
- Example: New vendors must undergo a verification process, including credit checks and reference reviews, before being added to the approved supplier list.
B. Detective Controls
- Three-Way Matching: Comparing the purchase order, receiving report, and supplier invoice before authorizing payment.
- Example: The finance team matches the PO, goods received note, and invoice to ensure consistency before releasing payment.
- Reconciliations: Regular reconciliation of accounts payable with supplier statements and the general ledger.
- Example: Monthly reconciliation of the accounts payable ledger with supplier statements to identify discrepancies.
- Exception Reports: Generating reports to highlight unusual transactions, such as duplicate payments or orders exceeding budget limits.
- Example: The system generates a report of any purchase orders that exceed the approved budget, which is reviewed by management.
C. Corrective Controls
- Dispute Resolution Procedures: Establishing protocols for resolving discrepancies with suppliers regarding pricing, quantities, or terms.
- Example: If a supplier invoice does not match the PO or receiving report, the finance team contacts the supplier to resolve the discrepancy before making payment.
- Adjustments and Journal Entries: Recording adjustments in the accounting system to correct errors identified during reconciliations or audits.
- Example: An incorrect supplier invoice is adjusted through a journal entry after the discrepancy is identified during reconciliation.
3. Tests of Controls in the Purchases System
Auditors perform tests of controls to evaluate whether the internal controls within the purchases system are designed and operating effectively. The results of these tests influence the auditor’s reliance on controls and the extent of substantive testing required.
A. Inquiry and Observation
- Definition: Involves asking employees about procedures and observing processes to verify that controls are being followed.
- Test Example: The auditor inquires with the procurement manager about the process for approving purchase orders and observes the approval process in action.
B. Inspection of Documents
- Definition: Examining documents such as purchase orders, receiving reports, and invoices to verify that controls are applied correctly.
- Test Example: The auditor inspects a sample of purchase orders to ensure that they were properly authorized and that corresponding invoices match the goods received notes.
C. Reperformance
- Definition: The auditor independently performs control procedures to verify their effectiveness.
- Test Example: The auditor reperforms the three-way match process on a sample of transactions to verify that purchase orders, receiving reports, and invoices are consistent.
D. Analytical Procedures
- Definition: Comparing current purchase data with prior periods, budgets, or industry benchmarks to identify unusual trends or variances.
- Test Example: The auditor analyzes monthly purchase volumes to identify any unusual fluctuations that may indicate control issues or unauthorized transactions.
4. Common Deficiencies in the Purchases System
Despite the implementation of controls, deficiencies may still arise in the purchases system, increasing the risk of errors, fraud, and financial misstatements.
A. Lack of Segregation of Duties
- Description: When the same individual is responsible for multiple steps in the procurement process, such as ordering, receiving, and payment, the risk of fraud and errors increases.
- Example: A procurement officer who can both approve purchase orders and process payments may create fictitious vendors and divert funds for personal gain.
B. Inadequate Approval Processes
- Description: Failure to enforce proper approval procedures can lead to unauthorized purchases and overspending.
- Example: Purchase orders are processed without managerial approval, resulting in unbudgeted expenditures.
C. Poor Documentation and Record-Keeping
- Description: Incomplete or missing documentation makes it difficult to verify transactions and increases the risk of errors.
- Example: Missing receiving reports prevent the finance team from verifying that goods were delivered as ordered before making payments.
D. Failure to Reconcile Accounts Payable
- Description: Infrequent or inadequate reconciliations can lead to undetected errors in accounts payable and discrepancies with supplier statements.
- Example: A failure to reconcile accounts payable with supplier statements results in duplicate payments and unrecorded liabilities.
5. Best Practices for Strengthening the Purchases System
Implementing best practices can help organizations strengthen their purchases system, reduce risks, and improve the accuracy and efficiency of procurement processes.
A. Strengthening Segregation of Duties
- Practice: Clearly define roles and responsibilities to ensure that different individuals handle ordering, receiving, and payment functions.
- Example: The procurement team places orders, the warehouse verifies goods received, and the finance team processes payments.
B. Implementing Automated Controls
- Practice: Use automated systems to enforce approval workflows, match documents, and track purchase transactions.
- Example: An ERP system automatically matches purchase orders, receiving reports, and invoices before authorizing payment.
C. Conducting Regular Reconciliations
- Practice: Perform regular reconciliations of accounts payable with supplier statements and the general ledger to identify discrepancies early.
- Example: The finance team performs monthly reconciliations and promptly investigates any discrepancies with suppliers.
D. Enhancing Vendor Management
- Practice: Maintain an approved vendor list and conduct regular reviews of supplier performance, pricing, and contract terms.
- Example: The procurement team reviews supplier contracts annually to ensure compliance with terms and negotiate better pricing.
Ensuring the Integrity of the Purchases System through Effective Controls and Auditing
The purchases system is a vital part of an organization’s financial and operational processes, directly impacting procurement efficiency, cost management, and financial reporting accuracy. By establishing robust control objectives, implementing preventive and detective controls, and performing thorough tests of controls, organizations can mitigate risks and ensure the integrity of their procurement activities. Auditors play a crucial role in evaluating these controls, identifying deficiencies, and recommending improvements to strengthen the purchases system. Adopting best practices in procurement management and auditing supports sound governance, reduces fraud risk, and enhances overall financial performance.