Auditing Business Processes

Early on in my auditing career at Deloitte, I learned a valuable lesson that has stuck with me ever since. It's a big reason why I became a successful CFO and consultant. Here it is: We never started audits by just checking the numbers.   Instead, we focused on the processes behind those numbers.  📌 Why?   Every number in a financial statement comes from a business process.   If that process is flawed, the numbers might be inaccurate—or worse, fraudulent.  Imagine I’m auditing a company with $20M in reported sales.   If I only match invoices to revenue, I’ve missed the bigger picture.  There are so many invoices I can vouch anyway I still won't see anything. Or I see what the invoices want me to see. Even if I did find something on a small sample, projecting it to the wider population always seems like a massive overreach ✔️ Instead, I ask:   🔹 How do they take and fulfill orders?   🔹 How do they bill customers?   🔹 What controls ensure accurate billing, collection and reporting?  📌 I walkthrough contracts, shipping documents, and bank statements to verify activity.  🚀 By focusing on the underlying process, I can:   ✅ Identify risk areas and gaps in controls.  (this then becomes the focus of the audit) ✅ Benchmark against industry best practices.   ✅ Help businesses increase revenue or reduce inefficiencies. Even though I’m no longer an auditor, this lesson still shapes how I advise businesses today.  My message here (particularly to SME Accountants): 👉 Don’t just record numbers.   Understand the "Why" and "How" behind them.  💡 Ask yourself: ✔️ Where does this data come from?   ✔️ How do our systems ensure the completeness and accuracy of the data?   ✔️ How can we reduce errors and improve decision-making?  When you optimize financial processes, you don’t just track business performance You improve it.  🚀 Step out of the ledger. Step into business impact.   📊 Your value isn’t just in recording numbers—it’s in improving the processes that create them.  Cheers, Ajibola 🔄 Tag a finance professional who needs this mindset shift!  

𝐏𝐚𝐫𝐭 𝟏: 𝐖𝐡𝐚𝐭 𝐈𝐧𝐭𝐞𝐫𝐧𝐚𝐥 𝐀𝐮𝐝𝐢𝐭 𝐫𝐞𝐚𝐥𝐥𝐲 𝐥𝐨𝐨𝐤𝐬 𝐥𝐢𝐤𝐞 (𝐟𝐫𝐨𝐦 𝐦𝐲 𝐫𝐞𝐚𝐥 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞) When I first heard about internal audit during my CA journey, I thought it would be just checking vouchers and making reports. But reality is much deeper. Here’s how it really works – on the ground. 𝟭. 𝗧𝗵𝗲 𝗣𝗹𝗮𝗻𝗻𝗶𝗻𝗴 𝗦𝘁𝗮𝗴𝗲 Everything begins with a meeting — between our Partner/Director and the client’s top management. The focus? To decide which processes are to be audited this cycle — Procurement, Payables, Payroll, Fixed Assets, etc. Audit may happen quarterly, half-yearly, or more frequently based on risk and size. Then our Director/Manager prepares an audit plan and forms a team — usually 4–5 article assistants and 1 qualified CA — depending on the scope. 𝟮. 𝗧𝗵𝗲 𝗘𝗻𝘁𝗿𝘆 𝗠𝗲𝗲𝘁𝗶𝗻𝗴 We reach the client’s office, introduce ourselves formally, and send a mail to the designated Person (Point of Contact) — declaring our Beginning of Audit, audit scope, and expected deadlines. This mail usually gets forwarded to all relevant process owners for coordination. 𝟯. 𝗣𝗿𝗼𝗰𝗲𝘀𝘀 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 Here’s where things get interesting. We don’t just jump into checking documents. First, we meet every process owner, understand how their department functions, what controls they follow, what are their scope. Only after this, we share Initial Data Requirements — usually standard for each area like: DOA (Delegation of Authority) SOPs Purchase Register Vendor Master AP Ageing Advance Ageing (for the Payables process, as an example) 𝟰. 𝗗𝗮𝘁𝗮, 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝘀 & 𝗗𝗶𝘀𝗰𝘂𝘀𝘀𝗶𝗼𝗻𝘀 Once the documents start coming in, we begin the core work — We start: - Verifying the data received - Cross-checking entries and reconciliations - Reviewing supporting documents - Matching reports with SOPs and controls - Identifying red flags, delays, mismatches, and inconsistencies This is where we spend most of our time — understanding the “why” & “how” behind the numbers and spotting the “what’s missing, Going In depth of business process. We also interact with employees — not just formally, but also informally — to understand the ground reality and see if things work the way they are documented. And this phase sets the tone for everything that follows. But this isn’t just about numbers. We often find gaps, workarounds, or red flags — and this is where professional judgement plays a big role. 🔜 (𝐓𝐨 𝐛𝐞 𝐜𝐨𝐧𝐭𝐢𝐧𝐮𝐞𝐝 𝐢𝐧 𝐏𝐚𝐫𝐭 2 — 𝐑𝐞𝐩𝐨𝐫𝐭𝐢𝐧𝐠, 𝐎𝐛𝐬𝐞𝐫𝐯𝐚𝐭𝐢𝐨𝐧𝐬, 𝐀𝐮𝐝𝐢𝐭 𝐂𝐨𝐦𝐦𝐢𝐭𝐭𝐞𝐞 𝐚𝐧𝐝 𝐅𝐨𝐥𝐥𝐨𝐰-𝐮𝐩𝐬) #CAArticleship #InternalAudit #LearningByDoing #AuditLife

Internal Audit Process: 1. Planning Phase Objective: Establish a clear understanding of the audit subject and develop a roadmap (audit program) for executing the audit effectively. Key Activities: > Initial Contact & Information Gathering: Understand the size, responsibilities, and procedures of the audited unit. > Risk Assessment: Performed to identify high-risk areas for focus. > Audit Objectives & Methodology: Defined and documented through the audit program. > Notification Letter: Sent to leadership to inform them of the audit. May include a pre-audit questionnaire or document request list. > Entrance Meeting: Discuss audit scope and objectives. Explain methodology and timeline. Identify scheduling concerns (e.g., staff availability). Encourage input on known risks and areas of concern. 2. Fieldwork Phase Objective: Evaluate internal controls, compliance, and operational effectiveness through testing and inquiry. Key Activities: > Testing & Documentation Review: Examine transactions, records, and procedures. > Staff Interviews: Conducted to gain deeper insights into practices and control execution. > Disruption Minimization: Work is coordinated to limit interference with operations. > Ongoing Communication: Frequent updates and discussions with audit clients. > Collaborative Analysis: Observations and issues are discussed with management to identify root causes and explore solutions. 3. Reporting Phase Objective: Present audit findings, recommendations, and management’s corrective action plans in a formal written report. Key Activities: > Draft Report: Initially shared with local management for review. > Management Response: Required for each recommendation, including: Action plan. Responsible person. Implementation date. > Exit Meeting: Held if needed to address concerns and clarify findings before finalizing the report. > Final Distribution: The final report is sent to Management and Boards. 4. Follow-Up Phase Objective: Ensure that corrective actions are implemented effectively and that issues are resolved. Key Activities: > Verification Procedures: May involve document review, staff interviews, or re-auditing specific processes. > Ongoing Tracking: Open findings are tracked and presented at each Institutional Audit Committee (IAC) meeting. > Escalation for Delays: If action plans miss deadlines, the responsible party must submit a written explanation. Repeated delays require in-person explanation to the IAC.

🔍 Process Audit: The Backbone of Quality Manufacturing! In today’s competitive manufacturing landscape, producing high-quality products isn’t enough—how they are made matters just as much! A Process Audit, as per IATF 16949:2016, ensures that manufacturing processes are stable, efficient, and error-proof, reducing defects at the source. 🚀 Why is Process Audit Critical? ✅ Ensures Process Consistency – Verifies SOPs, work instructions, & standardization. ✅ Prevents Defects at the Source – Identifies process inefficiencies & non-conformances. ✅ Optimizes Production Efficiency – Reduces waste, cycle time, & rework costs. ✅ Enhances Process Capability – Ensures Cp, Cpk, Pp, Ppk values are within acceptable limits. ✅ Improves Operator Competency – Validates training, skill levels, & adherence to procedures. 📌 Key Steps in a Process Audit: 🔹 Define Audit Objectives & Scope (critical processes, high-risk areas). 🔹 Review Documents & Work Instructions (PFMEA, control plans, SOPs). 🔹 Observe On-Site Operations (setup, cycle time, error-proofing, SPC). 🔹 Evaluate Process Performance Metrics (Cp, Cpk, rejection rates, downtime). 🔹 Identify & Analyze Non-Conformances (root cause analysis, 8D, 5-Why). 🔹 Implement Corrective & Preventive Actions (continuous improvement plans). 🔹 Monitor & Sustain Improvements (periodic re-audits, KPI tracking). 🌎 The Bigger Picture A Process Audit isn’t just about compliance—it’s about ensuring efficiency, reliability, and sustainability in manufacturing operations. Organizations that master Process Audits experience lower defect rates, higher productivity, and increased customer satisfaction. 💡 How does your organization leverage Process Audits for continuous improvement? Share your thoughts below! 👇 #ProcessAudit #QualityControl #ManufacturingExcellence #IATF16949 #AutomotiveIndustry #ProcessOptimization #LeanManufacturing #SixSigma #QualityAssurance #ISO9001 #DefectPrevention #RootCauseAnalysis #CAPA #8DProblemSolving #ErrorProofing #StandardizedWork #ZeroDefects #Kaizen #CustomerSatisfaction #ProductionQuality #IndustrialEngineering #LeanSixSigma #AuditProcess #RiskManagement #SupplyChainManagement #QualityFirst #Industry40 #TotalQualityManagement #OperationalExcellence #ProcessImprovement #QualityMatters #ContinuousImprovement

Internal Audit Checklist 1. Planning and Preparation ✅ Define audit objectives and scope ✅ Identify applicable policies, procedures, and regulations ✅ Gather previous audit reports and risk assessments ✅ Notify relevant stakeholders about the audit 2. Governance and Compliance ✅ Review corporate governance policies and structures ✅ Verify compliance with applicable laws and regulations ✅ Ensure adherence to company policies and procedures ✅ Assess the effectiveness of internal controls 3. Financial Controls ✅ Review financial statements for accuracy and completeness ✅ Ensure proper authorization of transactions ✅ Verify segregation of duties in financial processes ✅ Check for compliance with accounting standards 4. Operational Efficiency ✅ Evaluate key business processes for efficiency ✅ Assess resource utilization and cost-effectiveness ✅ Identify bottlenecks and areas for improvement ✅ Review quality control measures 5. Risk Management ✅ Identify key risks faced by the organization ✅ Assess the effectiveness of risk mitigation strategies ✅ Verify the existence of a risk management framework ✅ Ensure timely reporting and resolution of identified risks 6. Information Technology (IT) and Security ✅ Assess IT security policies and procedures ✅ Review access controls and data protection measures ✅ Verify cybersecurity protocols and response plans ✅ Check for compliance with IT governance frameworks 7. Human Resources and Payroll ✅ Verify employee records and contracts ✅ Ensure compliance with labor laws and employment policies ✅ Assess payroll processing for accuracy and fraud risks ✅ Review employee training and development programs 8. Procurement and Vendor Management ✅ Ensure vendor selection follows approved procedures ✅ Verify contract compliance and performance monitoring ✅ Assess procurement processes for fraud risks ✅ Check inventory management and supply chain controls 9. Ethical and Fraud Controls ✅ Assess whistleblower policies and reporting mechanisms ✅ Review past fraud incidents and preventive measures ✅ Check compliance with the organization’s code of conduct ✅ Identify potential conflicts of interest 10. Management Team Review ✅ Evaluate leadership effectiveness and decision-making processes ✅ Review management’s response to past audit findings ✅ Assess strategic planning and goal-setting effectiveness ✅ Ensure accountability for business performance and risk management ✅ Verify communication and transparency within the organization ✅ Evaluate management’s support for ethical practices and corporate culture 11. Audit Reporting and Follow-up ✅ Document audit findings and observations ✅ Rate the severity of identified issues ✅ Provide recommendations for corrective actions ✅ Establish a follow-up process to ensure implementation ✅ Conduct post-audit review with management and key stakeholders

A prospect call this week completely made my day. And it wasn't because they signed with us. This week, I spoke with a company evaluating multiple AI providers. "We know we need to audit our processes first before jumping into development." And I'm thinking "Great. They get it." Here's why this matters: 50% of companies I talk to want to skip straight to the "cool AI stuff." But that's like building a house without blueprints. The RIGHT approach: → Audit existing processes → Map out workflows completely → Identify real bottlenecks → THEN build solutions Not the other way around. I was so impressed, I told them straight up: "Even if you don't choose us, make sure whoever you work with follows this process." The best AI implementation isn't about the fanciest tech. It's about understanding your business FIRST. Skip the audit = guaranteed headaches. Do the audit = smooth implementation. Follow me Luke Pierce for more content about Ai and Automation.

Taking you Behind the scenes of a full audit cycle. Audits are often seen as checklists and deadlines. But when you’re the only team member on an engagement, every phase becomes a masterclass in adaptability and learning. On my current engagement, I happen to be the only auditor, reporting directly to my manager. At first, it felt tricky starting a job entirely from scratch, but it pushed me to revisit the audit lifecycle so I could deliver with quality and confidence. Here’s a breakdown of the 5 core phases of an audit in practice: 1️⃣ Preliminary Phase Where the audit begins—due diligence, client onboarding, CEAC, client evaluation, and initial scoping. 2️⃣ Planning & Risk Assessment Performing procedures to identify risks and developing an audit response. This is an iterative process—as you gain new insights during the audit, you revisit and refine the initial risk assessment. 3️⃣ Interim Phase Testing controls to determine how much reliance can be placed on them. Weaknesses identified early influence how extensive later procedures must be. 4️⃣ Substantive Phase The “deep dive”—performing detailed testing of transactions, balances, and disclosures using both sampling and analytical review. 5️⃣ Completion & Final Phase Reviewing findings, addressing risks, and wrapping up before reporting. This culminates in the issuance of the audit opinion. 📖 ISA 300 (Planning an Audit of Financial Statements) also provides the framework that guides this process. This engagement has been both a challenge and a privilege. It taught me adaptability, sharpened my technical skills, and reminded me that every audit phase—no matter how routine it may seem—plays a vital role in building trust and credibility. Over the next few posts, I’ll be sharing practical steps I took at each stage—from the very first scheduling email to the final sign-off—to give a “behind the scenes” look at how an audit really unfolds.

🔍 Risk-Based Auditing: Auditing What Truly Matters In today's dynamic business environment, Risk-Based Auditing (RBA) is not just a method—it's a mindset. Rather than treating all processes equally, RBA helps organizations focus their audit efforts on areas with the greatest potential for impact, whether it's operational, financial, or reputational. ✅ Prioritize high-risk processes ✅ Strengthen internal controls where they matter most ✅ Enable data-driven decision-making ✅ Drive real, sustainable improvements By aligning audit efforts with risk exposure, organizations not only enhance compliance but also add strategic value across departments. Whether you're in aviation, healthcare, infrastructure, or manufacturing — RBA transforms your audit function from a checklist activity into a strategic partner. 📌 Key takeaway: Risk-based auditing is about asking “What could go wrong here, and how do we prevent it?” before issues arise. Let’s stop auditing for the sake of it. Let’s audit with purpose. #RiskBasedAuditing #InternalAudit #QualityManagement #OperationalExcellence #Compliance #RiskManagement #ISO9001 #Leadership #ContinuousImprovement