Internal Audit Niveshan

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 15

NIVESHAN TECHNOLOGIES INDIA PVT LTD.

INTERNAL AUDIT REPORT

REPORT: INTERNAL AUDIT

PERIOD COVERED: APRIL 2023 to JULY 2023


DATE OF ISSUE:

Sr. No. AREAS COVERED

A Internal Audit Report

1 Authority Matrix

2 Purchase Order , supplier selection and approval

3 Terms and conditions of PO

4 Vendor Master

5 PO and Invoice date

6 Debit and credit Notes

7 urgent Payments

8 Purchase Reconciliation

9 PO Amendment and Authorization

10 Supplier Code blocking

11 maintaining Cheques and RTGS Series

12 RTGS Slips

13 Manual Payments
14 Unadjusted Advances
B Annexures
PURCHASE:

Following areas were covered by us:


1. Authority Matrix.
2. System of issuing purchase order (PO) , supplier selection and approval
process. Whether PO terms and conditions are being adhered to.
3. Terms and Conditions of PO .
4. Process of creating and maintaining Vendor master.

5. PO and Invoice Date

6. Debit and credit notes, Rejection and Return System.


.
7. Process of urgent indent.

8. System of purchase reconciliation with accounts/ Gst records.

9. System of Purchase order amendment & authorization

10.Supplier code blocking and reactivation process.

1.1 Whether Authority Matrix is maintained.


It has baan observed that PO is being generated by SCM department without any
purchase requisition form and same is not approved by any senior authority by the
concerned department.

Also PO for Stationary Items , Grosseries, maintenance etc are not generated , direct
procurement is made from Vendor by Admin Department.

Recommendation : It is recommended that purchase requisitions is to be made before


generating the PO and same should be approved by the senior of that concerned
department.
Also PO should be raised for Stationary , Grosseries other maintenance related items to
maintain control on Quantity received and Payments.

Risk Involved : Financial and Operational. Accountability of loss hence cannot be decided.

Control : Manual control for maker- checker should be implemented.

Management Comments :

1.2 Process of issuing PO, vendor empanelment and terms and conditions of PO.
To verify the purchase process we randomly selected 20 PO’s out of 160 PO’s raised in the
period April2023 to June 23.
Observations:
i. Approved Vendor list is not provided.
ii. Vendor Code is not mentioned on PO.
iii. In case of material for which vendors are approved, quotations are not called as
the rate and vendor is already fixed, so, no comparatives are made, however the
vendor list defines several vendors for each item.
iv. No SOP is defined for inviting Quotations neither any Format is defined for rate
and source.
Iv. Apart from Redington , Ingram , iValue , Server clinic , syscon ventures (fixed

vendors) several other vendors also for which R&S is not invited in a Format ,
Below case for reference.

Party Code PO No. Party Name PO Value Item Discription


Pv-1536 P2024/0140 Pinnacle 142506 T-Shirts
Enterprises
P2024/0027 Cloud ware 129800 HBA Card
Technologies
Pvt. Ltd.
P2024/0008 Fidel Networks 181760 Monitor

Recommendations:
i. There should be system of calling quotations even when earlier quotations are
available to avail better rates and terms.
ii. Quotations should be invited from all the vendors as per the approved vendor list.
iii. The SOP should be followed in case of inviting quotations through RFQ format
and as per RFQ guidelines.
iv. PO no. Should be printed on PO

Risk Involved : Financial and Operational

Control : Manual as well as System

Management Comments:

1.3 Terms and Conditions of PO


Observation : Below 7 PO’s were observed where Delivery Terms in PO is mentioned as
Immediate , however PO’s are still open and no material is received against the same
neither any invoice is booked. ANNEXURE-1

PO No. Party Name PO Date Po Amount Invoice Value


bookedas on
05/09/2023
P2024/0006 Ingram Micro April,18,2023 12979970.56 nil
India Pvt. Ltd.
P2024/0031 Global Horizon April,01,2023 15000000 nil
Financial
Services
P/2024/0010 Ingram Micro April,21,2023 15109600 nil
India pvt.ltd.
P2024/0009 Server Clinic April21,2023 411407 nil
P2024/0005 Rohan Infotech April18,2023 8495000 nil
P2024/0004 Cosmotech April18,2023 712120 619600
communication
Pvt. Ltd.

Recommendation : SOP should be defined for closing PO within threshold time period.
Risk to open purchase orders include , weakness in purchasing controls open the door to
mistakes that leads to fund leakage and to billing schemes that allow fraudsters to steal
significant amount of funds over an extended period of time .
The orders should be placed only at the time of requirement and not in advance or either
open order should be given or schedule of delivery should be annexed with the order.
The purchase orders which are pending even after expiry of expected date of delivery or
where the sales order is shut should be cancelled and shut in the system as well.

Risk : LsaFinancial
Control : Manual as well as System as List of open PO’s should be reviewed timely.

Management Comments :

1.4 Process of creation and maintaining vendor master

Observation:
i. Total 31 Vendors created in ERP from 01/04/2023 to 30/06/2023 .
i. Vendor is created by SCM department on the basis of Vendor Creation Form .
However Vendor Creation Form is not available in sample Vendors like - Pinnacle
Enterprises , Tim Infratech , Sky International , Railtel Corporation of India ltd.
ii. Vendor Creation Form does not contains the full information :
Supplier name , Party’s full address , Person to Contact , Party’s GSTN, PAN
Number and Bank details other details are missing.
iii. Sample list of Vendors background is verified by Verifacts .
iv. “General ledger account of Vendor is opened in tally by Finance department as and
when invoice is received.

Also following sample discrepancies has been observed in Vendor Master (SAGE).
As per SOP, SCM department is authorized to open the code and Finance department
has no role in opening the code in ERP neither approving the same.

Vendor Vendor Mandatory fields not Other Discrepancies


Code Name filled
PV-1491 Engineers Contact Details not
Mine mentioned.
Technologies
pvt ltd.
PV-1493 Raitel Address HDFC bak details with A/c number
Corporation Details ,Contact 50200029944103 is being shown as
of India Ltd. Details and Bank default in Processing Tab in Vendor
details not Master under SAGE 300
mentioned.
PV-1494 Shyam Data Address details ,
& voice contact details and
services pvt. bank details not
Ltd. mentioned.
PV-1541 Sky Address , Contact HDFC bak details with A/c number -
International Details and bank 50200029944103 is being shown as
details not default in Processing Tab in Vendor
mentioned. Master under SAGE 300
PV-1504 Laxmi Address and Contact
Electricals Details not
mentioned.
PV-1540 Tim Infratech Contact Details and HDFC bak details with A/c number -
Pvt. Ltd. Bank details not 50200029944103 is being shown as
mentioned. default in Processing Tab in Vendor
Master under SAGE 300
PV-1536 Pinacle Bank details not
Enterprises mentioned

Recommendations:
i. SOP should be established for maker and checker while creating Vendor
codes in ERP.
ii. Detailed verification of vendors is required as Verifacts is verifying a few
vendors .
Iii. Vendor Creation form for opening new party code should contain the
following mandatory Fields also apart from other basic requirements.
Party Description details , CIN number , TDS , SSI Registeration (MSME)

iii. Vendor Creation form should be mandatory filled up.

Risk : Operational as well as Financial in case payment is made to the Vendor


without checking the bank details, there is no use of maintaining Vendor in
ERP in case full information is not being filled up .

Control : Manual as well as System as system should ensure that Vendor is not
created untill Mandatory Fields are filled up.

Management Comments:

1.5 PO and Invoice Date


Observation: It has been observed in a sample case that PO is made or altered after the
invoice date and old PO copy is not attached.
ANNEXURE-2
Party Name PO Details Invoice Details Amount
Syscom Ventures PO no. - 2024/0113 Invoice No. - 2,83,200/-
India Pvt. Ltd. PO Date - 186/2023-24
08/08/2023 Invoice Date -
29/07/2023

Recommendation :
It is recommended that PO date should be prior to Invoice date . Since Po’s are made
based on requirement , any change in line item or any alteration should be made in
previous PO only.
Risk : Operational
Control : Manual

Management Comments:

1.6 Rejection and return system credit and debit notes


Observation: It is observed that there is no SOP regarding debit notes and credit
notes.There is no such debits notes like Quality issue , Short delivery or delay in delivery
raised to any vendor.
However Reimbursement debit notes related to warehouse or transportation charges paid
to vendors are laid off to customer for recovering the same.
Debit notes are prepared only when SCM is informing to finance regarding the same.

Below 3 Debit notes raised from April onwards:

Date of DN Party Name DN. No Amount Remarks


05/06/2023 Redington DN2324001 70731 Unrecovered
Limited
18/08/2023 Amnex DN2324003 12,43,201 Unrecovered
06/09/2023 Amnex DN2324004 5,99,440 Unrecovered

Recommendation : It is recommended that SOP should be drafted for posting of debit


notes related to Short delivery of material , delay in delivery , quality issue including for the
projects at various sites also. And timely recovery and followups for the debit notes should
also be done.
Risk : Financial as well as operational risk
Control : Manual Controls.

Management Comments
1.7 Process of urgent Indent
Part A
Observation :
There is no codification for urgent and normal indent currently and SOP is also silent
about the process of urgent indent.
It is observed in the below sample case that payment is made on urgent basis before
creation of PO .
Approval email is also not attached against the payment voucher.
Serious observation is PO is still open in ERP as on 29/08/2023 after invoice payment I.e
ERP is showing no invoice or material is received against the same.
Finance department has also not received PO against the payment till 29/08/2023.
ANNEXURE-3
Party PO Value. Invoice Invoice Voucher Payment
Name Np. Amount No. Date
Syscom 1,64,13,071 84/2023- 46,98,714/- 3783 31/07/2023
Ventures 24
Pvt. Ltd.

Recommendation : It is recommended that Advance payments should be supported by


emails.Also PO copy should be forwarded to finance department timely.Process should be
put in place to ensure control on payments without PO else ERP can take any invoice
against open PO.
Risk : Financial and operational
Control : Manual

Management Comments:
Part B
Observation : It is observed in the below sample case that payment is made without
Invoice on urgent basis in repect of Trivandrum Project Advance . PO is totally open in
ERP, no invoice is booked against the same. Neither any invoice is forwarded to Finance
Department till 05/09/2023. Email approval is also not attached against the same.
ANNEXURE-4
Party Name Control No. Voucher No. PO No. Payment
Amount
Marushika VP/114/Aug23 4076 P2022/0151 12,24,510/-
Technology
Advisors Pvt.
Ltd.
Recommendation : It is recommended that controls and checks should be put in place
regarding taking invoice from the Vendor and coordinating with Finance department for
the same.Also PO should not be kept open in ERP after payment.
Also urgent payments should be supported by emails.
Risk : Financial and Operational .
Controls ; Manual control is advised for taking invoice from vendors , attaching supporing
emails , forwarding the same to finance department.
System controls should be there to pop up regarding the long open PO’s so they can be
closed or shut down .
Management Comments

1.8 System of Purchase Reconciliation with Accounts


Observation : Purchase reconciliation in ERP is done till 31/03/2023 , there are cases
against which invoices are received however not booked in ERP .
Due to which PO stands open in ERP .
Invoices are not booked since this financial year.
However, reconciliation for the same is done in Tally on realtime basis .
Recommendation : It is recommended that Invoices should be booked in ERP on timely
basis . Proper followups should be ensured by SCM department for the closure of PO in
ERP and a report of open PO’s should be timely reviewed by SCM and Finance
department.
Since ERP and Tally are running parallelly , so it is important to ensure coordination
between the two softwares.
And the chances of wrong booking or random booking of any invoice in ERP due to
backlog will be eliminated.
Risk : Operational and Financial.
Control : Manual and System

Management Comments:

1.9 Purchase order amendment and its authorization:

Observation : There is no SOP regarding PO amendment and authorization.


PO can be amended by any person from SCM Department , No authority matrix is
defined for the same.
There is no report of PO amended till date taken out from ERP . History of amended PO is
also not available.
The following users have right in ERP to amend the PO’s
Particulars User ID Post Department
Tarun TARUNB Executive SCM SCM
Vaibhav VAIBHAV DGM SCM
Ashul ASHUL AVP SCM

Recommendations:
i. There should be audit trail of order amendment, with specific emphasis on
rate and quantity change.
ii. The rights to amend order should be given in limited ID’s.
iii. The record of final PO should be maintained with proper authorizations.
iv. The right should not be given at such a lower level, i.e. Data Entry
Operator.
v. Po amendment report should be available in ERP.

Control : Manual and System

Management Comments:

1.10. Supplier code blocking and reactivation process


Observation :
There is no SOP regarding blocking and reactivation of Supplier code..
There are many suppliers with whom transactions are stopped from past 1 year.
Recommendation
Supplier code blocking and reactivation must be exercised to avoid any chances of fraud
or error.
Report should be available in ERP for the suppliers where there is no transaction in specific
period of time.
Risk : Financial
Control : System

Management Comments :
Finance And Accounts
Following arears were covered by us :

1. Maintaining of Cheques and RTGS Series.

2. RTGS Slip Copy.

3. Manual Payment to Vendors

4. Unadjusted Advances.

5. Statutory Compliances

2.1 Maintainence of Cheques and RTGS Series

Observation :
It is observed that there is no track record of cheque numbers of RTGS Slips used.
Neither any stock register is maintained for the same.
RTGS slip number neither mentioned on Vocher number nor on Payment control check
list. As a result there will be no record of which RTGS Slip has been issued to which
Vendor.
Also it may lead to misuse of RTGS slips and difference in bank reconciliation.
Below Sample Vouchers has been observed where RTGS Slip number is not mentioned.
ANNEXURE-5
Payment Voucher Control Checklist Party Name Amount
number number
4021 VP/107 Redington Limited 60,11,848/-
4020 VP/106 Syscom Ventures 12,98,939/-
4076 VP/114 Marushika 12,24,510/-
TEchnologies
3783 VP/88 Syscom Ventures 46,98,714/-
pvt. Ltd.

Rcomendation : It is recommended that series of RTGS number should be mentioned on


Vocher number and Payment Control chcek list and Stock register
for RTGS slips should be maintained to ensure auit trail .

Risk : Operational and Financial

Control : Manual

Management Comments:
2.2 RTGS Slip Copy

Observation : It is observed that there is no record of which RTGS slip is being used as
copy of RTGS slips has not been filled up till date. Also there is no record of missting RTGS
slips .This might impact bank reconciliation and process of Audit Trail.

Sample RTGS Slip numbers is noted which has already been used , however which RTGS
slip is paid to which vendor is not recignizable.This has financial impact as RTGS slips can
be misued.

ANNEXURE-6

RTGS Slip Number Vendor Details


002124 Not Mentioned

002121 Not Mentioned

002123 Not Mentioned

002122 Not Mentioned

Recommendation :

It is recommended that copy of RTGS slips should be filled up to maintain control of as to


which RTGS slip has been issues to which Vendor. Also audit trail can be ensured
regarding any missing RTGS slip or any erroneus slip ( eg. Wrongly filled RTGS slip.

Control: Manual and System Control as cheque entry can be posted through ERP and ERP
will ensure filling up of mandatory fields like cheque date , Party name , Bank details ,
Payment date , PDC date , Cheque/ RTGS slip number.

Risk : Operational and Financial.

Management Comments:

2.3 Manual Payments to Vendors

Observation :
It has been observed that Payments to Vendors are issued throiugh RTGS Slips , Party
name , bank details and other details are filled up manually.
There are high chances of manual error where bank details like Account number mainly
can be put wrong . Manual error chances are high.

Recommendation :

Most of the companies are using online printing of cheques where cheques can be
printed at office premises . Bank details once feeded in Vendor portal can be auto picked
by the system while preparing the cheque along with vendor code , amount and name of
the party.

Risk : Financial

Control : System Control.

Management Comments:

2.4 Advance to creditors unadjusted for more than reasonable time

Observation:
There is no report regarding unadjusted debit balances for a spefic report is available in
ERP . Below debit balance is taken out from Tally under Sundry Creditors however no
spefic report is there from which debit balance is standing.
Party Name Amount Month from which Remarks
debit balance is
standing
Atos Global LLP 25054 Since April’2023 Followup with SCM
Capital Land 100,000 Since May’2023 Landlord, followup
Builders to be done.
Pushpanjali Sales 126,560 Since May GST Input reversed,
followup to be
done.
Sindhanai Artificial 12,60,600 Last Financial Year Material to be
Intelligence Systems received.
Pvt. Ltd.
Spark Technologies 23,580 Last Financial Year TDS not deducted
from Payment.
Vehant 83,889 Last Financial Year TDS not deducted
Technologies Pvt. from payment.
Ltd.
Satyam Auto Service 50000 Last Financial Year Car booked
LI Digital Payment 10,00,000 More than 4 Years To be Written off.
Pvt.Ltd.

Recommendation :

It is recommended that Unadjusted debit balances report should be taken from ERP on
timely basis to ensure closing of the same immediately.
Also Vendor’s TDS payment should be deducted while making the payment.
Also Vendor followup should be done by Finance as well apart from SCM department to
ensure timely rdcovery.

Control : Manual and System.

Management Comments:

2.5. Statutory Compliance


GSTR1

Month/ Dates Due Date Filing Date


April-23 11/05/2023 11/05/2023
May-23 11/06/2023 11/06/2023
June-23 11/07/2023 11/07/2023

GSTR-3B

Month/ Dates Due Date Filing Date


April-23 20/05/2023 19/05/2023
May-23 20/06/2023 20/06/2023
June-23 20/07/2023 20/07/2023

TDS Payment

Month/ Dates Due Date Payment date


April-23 07/05/2023 31/05/2023
May-23 07/06/2023 07/06/2023
June-23 07/07/2023 07/07/2023

Observation : It is observed that TDS for the month of April,2023 amounting to Rs 88 lacs
deposited on 31/05/2023 I.e delay in payment, Total interest on the same has yet not paid
.

Recommendation :
It is recommended that Compliance Calender should be maintained for all Statutory
Payments which should be filled by respective department and reason for delay should
be mentioned in the same and approved by higher authority to maintain audit trail of
delay statutory payments with reason.
Risk : Financial

Management Comments :

You might also like