Audit of Functional Areas of Telecom Company
Every organisation would have Standard Operating Procedures (SOPs) to ensure internal control and proper functioning of all the departments. Hence, it forms the main basis for the auditor to evaluate these functions. The auditor should ask for the copies of all the SOPs used by an organisation. In case, there are no written down SOPs in vogue, the auditor should discuss with the management/heads of departments and then document these for each department. The auditor has to refer to the overall operating framework of policies, practices, systems, management philosophy, values and actions which exist in an organization to ensure that:
-
Essential organization objectives are achieved and goals have been met;
-
Assets are protected and risks are managed;
-
Legal requirements are invariably complied with;
-
information used to report to Revenue is accurate;
-
Compliance with the internal control procedures & risks asserted;
-
The incidences of wastages & misappropriation;
-
The expenses incurred during a period and the trend of expenses over a period of time; and
-
Operational efficiencies of the departments
The general procedure to be followed for audit of the support departments is suggested as follows:
-
Setting of the audit objectives with regard to the audit criteria/benchmark so that the causes for the variations could be assessed and reported along with the effect of such variations on the organization.
-
Setting the scope of the audit with regard to the audit period, the audit units such as locations/ departments etc. so that the resources could be planned.
-
Collect the information on the departmental activity carried out, the budgets etc. from various sources of information.
-
Put forward the results of internal control review through control testing procedures carried out.
-
Summarize the report for the department.
Review of Internal Control
Management has the responsibility to devise and maintain an adequate system of internal control for its operations. Internal controls are the overall means whereby management ensures that objectives are achieved, risks are assessed and managed, appropriate reviews of the operation’s performance are made, and that information sharing and communications occur in a timely, accurate and appropriate fashion, with due regard for protection of valuable information.
To judge its effectiveness it is necessary that internal auditor should prepare a questionnaire containing mainly following matters/ questions:
-
Does the company have a functioning Audit Committee?
-
Is the audit made on a surprise basis rather than scheduled in advance?
-
Is an audit also performed when there is a change of officers?
-
Are records of the audit documented and the results kept in the files?
-
Is controls exercised on the financial information dissemination?
Risks Assessment
-
Risks arising and their impact on the organisation and also from external people who access the system;
-
Risks of unauthorized changes to the hardware and software and system hacking;
-
Risks related to authorized log-in and system abuse;
-
Risk arising out of system failure;
-
Risks arising from loss of system integrity;
-
Risks arising from virus to the system files, program and the application software.
The Auditor should test the above areas by:
-
Checking the documentation for its maintenance , handling and security of IT department;
-
Sample checking the access controls, password controls, virus controls;
-
Analytical procedures to verify the instances of variation.
1.
Audit Checklist
1. Procurement :
-
Obtain the purchase procedures regarding vendor sourcing, vendor registration, vendor evaluation, quotation, tendering, vendor selection, and ordering
-
Assess how the procurement quantity and time of requirement decided through the indenting process
-
Assess how the ad-hoc and emergency purchases handled
-
Are the Purchse Orders (POs) issued as per the schedule of authority?
-
Receipt of materials to be only against valid purchase order and from registered vendors
-
Process of material acceptance with regard to the specified quality norms
-
Appropriate insurance coverage for the inventory
-
Physical stock taking procedures and reconciliations with the book records
-
The contracts with vendors (long terms & short term), rate agreements, quantity agreements
-
The documents for verification:
-
Requests for proposals (RFP)
-
Quotation/tender analysis sheets
-
Purchase orders
-
Inventory verification & reconciliation sheets
-
Financial and Cost Accounting records
-
2. Accounting :
The checklist for the accounts and finance departments should cover the following:
-
The accounting policy adopted for treatment of different financial elements such as incomes, expenses, assets, liabilities and equity.
-
The accounting system used such as ERP, SAP etc.
-
The chart of accounts, master accounting data and automated accounting entries for accounting of financial and non-financial transactions.
-
The appropriateness of the accounting policies to be consistent with the accounting standards.
-
The integrity of the accounting system e.g. completeness of the double entry principle in correctly updating the relevant tables in the database.
-
The controls of the various ledgers such as General Ledger (GL), Cash & Bank book, Fixed Assets Register etc.
-
Authorization and approval processes for accounting entries like journal entries, adjustment entries and rectification entries.
-
Access control to the accounting system to avoid unauthorized entries.
-
Accounting reconciliation statements such as bank reconciliation, AR & AP reconciliation.
-
Physical verification of cash, bank balances, fixed assets etc.
-
Appropriate insurance covers of cash and fixed assets.
-
Identification of non-performing assets.
-
The trial balance reports and integrity checking on a continuous basis.
-
The data on disclosures required in the financial statements
The documents for verification:
-
Journal vouchers
-
Cash vouchers
-
Invoices – sales and purchases
-
Debit and Credit notes
-
Bank statements for current account & other balances
-
Fixed Deposit Receipts
-
Cash Book
-
Cheque books, cancelled cheques, e-cheques
-
Electronic banking accesses and controls of authority, the electronic dongles & their custody
-
Ledger and fixed assets register
3.Revenue :
-
Verify proper booking of all the receipts and amount received is correctly accounted in the customer’s account.
-
Verify proper safeguards of accounts, signatories on bank accounts and verify that all Bank Accounts are in name of company.
-
Verify the system of reconciliation of various bank accounts and controls in place to ensure collections made at various collection centers are properly monitored.
-
Check the cases of delay in transfer of amount collected to central pool account.
-
Ensure that the Receipts Journal and Disbursements Journal summarized on a monthly basis.
-
See the cases of delay in depositing/ non-depositing the amount collected in the bank.
-
Verify the management of bouncing of cheques of customer.
Revenue Generation related Reports :
-
List of refunds effected
-
Summary of New customers activated
-
Monthly summary of refunds made
-
Plan wise Revenue
-
Monthly list of bills cancelled/ written off
-
Check the operator wise list for TAPIN& TAPOUT call charges from/to other operators
-
Check Roaming subscription charge report for National& international roaming
-
CSR wise adjustments posted for each circle
-
Check prepayments of past excess payments that are being adjusted in the current invoice, payment reversals for pre-payment and deposit payments;
-
Details of the cheque payment received containing cheque No., date of issue, bank details and the amount for a particular account number, cheque dishonor ;
4. Collection Process :
-
Check for calculating outstanding debt for customers for call charges as well as non-usage charges, as per account category;
-
Check for reports with the list of customers exceeding their limit during Credit Limit Check;
-
Account category wise collection scenario;
-
Remove account from collection processes after receipt of payments;
-
Check write off module without outstanding limit;
-
Auto reconnection should happen taking into Account balance, and;
-
Check for Circle wise collection reconciliation.
5. Bill Verification :
-
Verify bulk and incremental discounts and taxation methodologies;
-
Policy for discount prorating when change in discount rate during bill cycle;
-
Verify special balance-due amounts to exclude
-
Disputed amounts
-
Amounts in collections
-
Amounts on invoices whose payment date has not yet been passed
-
-
Check different discount Rates & special rates based on customer category;
-
Verify special rate, discount or both with customizable plan Id;
-
Verify special rate, discount or both - Demonstrate Cross product discount;
-
Check Friends &Family using Corridor plan feature;
-
Verify invoice cycle including annual, monthly, bi-monthly, quarterly, weekly and even daily cycles
6. Expenditures
-
Verify that all significant expenditures are properly recorded
-
Verify proper voucher approval procedures.
-
determine if routine expenses receive less than full scrutiny and approval
-
test a sample of expenditures, especially those to individuals
-
-
Verify proper approval obtained for expenditures
-
Test the reasonableness of expenditures
-
Verify that goods or services were received
-
Ensure that bills presented for payment should be reviewed and the following verified and check that whether the bills are raised in the name of individuals or the company? Are those bills legitimate expenses and are they dated?
-
Check that adequate controls are in effect to prevent duplicate payments.
-
Check that discounts taken where offered.
-
Check that the bill amount is correct. If corrections are made to a bill, are the incorrect figures ruled out (not erased or obliterated) and the corrections signed by the person approving the bill. Are all bills certified correct by the person who knows that the expenses are authentic.
-
Check that the all bills properly approved by the appropriate designee in accordance with delegated financial powers
-
Check that for all paid bills, statements and expense vouchers kept for records.
-
Check that the each bill and expense voucher paid show the check number, payment date, to whom paid, and the correct account classification code for the expense.
7. Human Resources and Personnel Department :
The auditor should carry out the audit of this department taking into account the specific objectives thereof and can encompass the following steps with suitable adjustments as may be necessary :
-
Standards for hiring employees specifying professional qualification, education, experience, and other skill sets.
-
The process of recruitment followed e.g. through consultants, campus recruiting or direct .
-
The candidate screening procedures such as interviews, tests, reference check, medical checks etc.
-
Training & induction rules.
-
Policy on performance evaluation and salary increase, incentive schemes.
-
Assigning responsibilities and job profiling.
-
Empowerment of the staff.
-
The whistle blowing policy.
-
The policy & procedures about code of conduct, ethics and other organisation values
-
Rules for disciplinary actions.
-
Verify the impact of contingencies related to the labour court cases.
Salary Audit :
-
Check if the appointment letter are properly authorized and are as per the policies
-
Assess the overrides in the salary agreed which is different than the normal scales
-
Obtain information on the incentive plan for individuals & groups at all the levels of management
-
Understand the parameters for incentive calculations and compare the actual with the plans
-
Verify the incentives approved with regard to the measured performance
-
Check the incentive calculations to verify the correctness
-
Verify the monthly payroll processing procedure, whether in-house or outsourced
-
Verify the deductions and check the correctness thereof e.g. taxes & applicable TDS rules
-
Check the disbursement procedures to verify the correctness of the ECS to the individual bank accounts
-
Check the reconciliation of the salary sheets with the previous month to verify the reasons for the change such as new employees added, employees left, salary changes etc.
-
Observe the payroll risk areas such as time keeping & time booking, salary changes, etc.
-
Verify the master files of the employees with the payroll processed data
-
Check the records for leave, absenteeism, etc.
-
Verify the contributions to PF, superannuation, gratuity and such other benefits
-
Obtain confirmations from the managers of the contributory plans to correctly determine the value of plan assets & plan obligations
-
Is the company complying all the labour laws and other statutory laws being a principal employer in case manpower employed through outsourced agency?
-
Verification of employees actually employed for work through outsourced.
-
The attendance, leave records and payroll processing of manpower provided by outside agencies.
8.Fixed Assets :
The assets peculiar to the telecom industry are the underground OFC, BTS, RAN, Towers, network cards, routers and other such equipment apart from the normal fixed assets like land & building, equipment, DG sets, air-conditioning, etc. The very high volume and complexity of the telecom business require the IT systems and the equipment to be robust, up-scalable and flexible
Following are the critical areas relating to fixed assets management :
-
The Auditor should verify the policy for capitalization and amortization of the hardware, spectrum cost (purchased from Govt.), license fee and the software used by the company.
-
The IT systems should be verified to assess the synchronization, sufficiency of information and security of information.
-
Organization plan/ policies for disposal of retired and redundant assets.
-
Review necessary insurance coverage’s of assets.
-
Whether automated systems to track assets existed in the organisation and resources provided are sufficient for control over fixed assets.
-
Robust system for regular assessment of control environment for assets managed by third parties. Existence of robust plan in place to verify, track and manage transition to next generation networks.