An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?
An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?
To assess the risk of employees falsifying reimbursement requests, the internal auditor should first understand the existing control environment. Establishing a flowchart of the payroll/accounting functions, including any controls currently in place, allows the auditor to visualize and comprehend the entire process and identify any potential weaknesses or gaps. This holistic understanding is crucial before examining specific documentation, interviewing supervisors, or determining the frequency of department reviews.
I thought the answer was option A, simply because option D (establishing a flowchart of any controls currently in place) may not be efficient, unless it involves analyzing an already existing flowchart. But option D is ultimately the first step, since the auditor is first of all interested in the control environment. He/She goes from the general to the specific without alarming the client.