Internal Audit Niveshan
Internal Audit Niveshan
Internal Audit Niveshan
1 Authority Matrix
4 Vendor Master
7 urgent Payments
8 Purchase Reconciliation
12 RTGS Slips
13 Manual Payments
14 Unadjusted Advances
B Annexures
PURCHASE:
Also PO for Stationary Items , Grosseries, maintenance etc are not generated , direct
procurement is made from Vendor by Admin Department.
Risk Involved : Financial and Operational. Accountability of loss hence cannot be decided.
Management Comments :
1.2 Process of issuing PO, vendor empanelment and terms and conditions of PO.
To verify the purchase process we randomly selected 20 PO’s out of 160 PO’s raised in the
period April2023 to June 23.
Observations:
i. Approved Vendor list is not provided.
ii. Vendor Code is not mentioned on PO.
iii. In case of material for which vendors are approved, quotations are not called as
the rate and vendor is already fixed, so, no comparatives are made, however the
vendor list defines several vendors for each item.
iv. No SOP is defined for inviting Quotations neither any Format is defined for rate
and source.
Iv. Apart from Redington , Ingram , iValue , Server clinic , syscon ventures (fixed
vendors) several other vendors also for which R&S is not invited in a Format ,
Below case for reference.
Recommendations:
i. There should be system of calling quotations even when earlier quotations are
available to avail better rates and terms.
ii. Quotations should be invited from all the vendors as per the approved vendor list.
iii. The SOP should be followed in case of inviting quotations through RFQ format
and as per RFQ guidelines.
iv. PO no. Should be printed on PO
Management Comments:
Recommendation : SOP should be defined for closing PO within threshold time period.
Risk to open purchase orders include , weakness in purchasing controls open the door to
mistakes that leads to fund leakage and to billing schemes that allow fraudsters to steal
significant amount of funds over an extended period of time .
The orders should be placed only at the time of requirement and not in advance or either
open order should be given or schedule of delivery should be annexed with the order.
The purchase orders which are pending even after expiry of expected date of delivery or
where the sales order is shut should be cancelled and shut in the system as well.
Risk : LsaFinancial
Control : Manual as well as System as List of open PO’s should be reviewed timely.
Management Comments :
Observation:
i. Total 31 Vendors created in ERP from 01/04/2023 to 30/06/2023 .
i. Vendor is created by SCM department on the basis of Vendor Creation Form .
However Vendor Creation Form is not available in sample Vendors like - Pinnacle
Enterprises , Tim Infratech , Sky International , Railtel Corporation of India ltd.
ii. Vendor Creation Form does not contains the full information :
Supplier name , Party’s full address , Person to Contact , Party’s GSTN, PAN
Number and Bank details other details are missing.
iii. Sample list of Vendors background is verified by Verifacts .
iv. “General ledger account of Vendor is opened in tally by Finance department as and
when invoice is received.
Also following sample discrepancies has been observed in Vendor Master (SAGE).
As per SOP, SCM department is authorized to open the code and Finance department
has no role in opening the code in ERP neither approving the same.
Recommendations:
i. SOP should be established for maker and checker while creating Vendor
codes in ERP.
ii. Detailed verification of vendors is required as Verifacts is verifying a few
vendors .
Iii. Vendor Creation form for opening new party code should contain the
following mandatory Fields also apart from other basic requirements.
Party Description details , CIN number , TDS , SSI Registeration (MSME)
Control : Manual as well as System as system should ensure that Vendor is not
created untill Mandatory Fields are filled up.
Management Comments:
Recommendation :
It is recommended that PO date should be prior to Invoice date . Since Po’s are made
based on requirement , any change in line item or any alteration should be made in
previous PO only.
Risk : Operational
Control : Manual
Management Comments:
Management Comments
1.7 Process of urgent Indent
Part A
Observation :
There is no codification for urgent and normal indent currently and SOP is also silent
about the process of urgent indent.
It is observed in the below sample case that payment is made on urgent basis before
creation of PO .
Approval email is also not attached against the payment voucher.
Serious observation is PO is still open in ERP as on 29/08/2023 after invoice payment I.e
ERP is showing no invoice or material is received against the same.
Finance department has also not received PO against the payment till 29/08/2023.
ANNEXURE-3
Party PO Value. Invoice Invoice Voucher Payment
Name Np. Amount No. Date
Syscom 1,64,13,071 84/2023- 46,98,714/- 3783 31/07/2023
Ventures 24
Pvt. Ltd.
Management Comments:
Part B
Observation : It is observed in the below sample case that payment is made without
Invoice on urgent basis in repect of Trivandrum Project Advance . PO is totally open in
ERP, no invoice is booked against the same. Neither any invoice is forwarded to Finance
Department till 05/09/2023. Email approval is also not attached against the same.
ANNEXURE-4
Party Name Control No. Voucher No. PO No. Payment
Amount
Marushika VP/114/Aug23 4076 P2022/0151 12,24,510/-
Technology
Advisors Pvt.
Ltd.
Recommendation : It is recommended that controls and checks should be put in place
regarding taking invoice from the Vendor and coordinating with Finance department for
the same.Also PO should not be kept open in ERP after payment.
Also urgent payments should be supported by emails.
Risk : Financial and Operational .
Controls ; Manual control is advised for taking invoice from vendors , attaching supporing
emails , forwarding the same to finance department.
System controls should be there to pop up regarding the long open PO’s so they can be
closed or shut down .
Management Comments
Management Comments:
Recommendations:
i. There should be audit trail of order amendment, with specific emphasis on
rate and quantity change.
ii. The rights to amend order should be given in limited ID’s.
iii. The record of final PO should be maintained with proper authorizations.
iv. The right should not be given at such a lower level, i.e. Data Entry
Operator.
v. Po amendment report should be available in ERP.
Management Comments:
Management Comments :
Finance And Accounts
Following arears were covered by us :
4. Unadjusted Advances.
5. Statutory Compliances
Observation :
It is observed that there is no track record of cheque numbers of RTGS Slips used.
Neither any stock register is maintained for the same.
RTGS slip number neither mentioned on Vocher number nor on Payment control check
list. As a result there will be no record of which RTGS Slip has been issued to which
Vendor.
Also it may lead to misuse of RTGS slips and difference in bank reconciliation.
Below Sample Vouchers has been observed where RTGS Slip number is not mentioned.
ANNEXURE-5
Payment Voucher Control Checklist Party Name Amount
number number
4021 VP/107 Redington Limited 60,11,848/-
4020 VP/106 Syscom Ventures 12,98,939/-
4076 VP/114 Marushika 12,24,510/-
TEchnologies
3783 VP/88 Syscom Ventures 46,98,714/-
pvt. Ltd.
Control : Manual
Management Comments:
2.2 RTGS Slip Copy
Observation : It is observed that there is no record of which RTGS slip is being used as
copy of RTGS slips has not been filled up till date. Also there is no record of missting RTGS
slips .This might impact bank reconciliation and process of Audit Trail.
Sample RTGS Slip numbers is noted which has already been used , however which RTGS
slip is paid to which vendor is not recignizable.This has financial impact as RTGS slips can
be misued.
ANNEXURE-6
Recommendation :
Control: Manual and System Control as cheque entry can be posted through ERP and ERP
will ensure filling up of mandatory fields like cheque date , Party name , Bank details ,
Payment date , PDC date , Cheque/ RTGS slip number.
Management Comments:
Observation :
It has been observed that Payments to Vendors are issued throiugh RTGS Slips , Party
name , bank details and other details are filled up manually.
There are high chances of manual error where bank details like Account number mainly
can be put wrong . Manual error chances are high.
Recommendation :
Most of the companies are using online printing of cheques where cheques can be
printed at office premises . Bank details once feeded in Vendor portal can be auto picked
by the system while preparing the cheque along with vendor code , amount and name of
the party.
Risk : Financial
Management Comments:
Observation:
There is no report regarding unadjusted debit balances for a spefic report is available in
ERP . Below debit balance is taken out from Tally under Sundry Creditors however no
spefic report is there from which debit balance is standing.
Party Name Amount Month from which Remarks
debit balance is
standing
Atos Global LLP 25054 Since April’2023 Followup with SCM
Capital Land 100,000 Since May’2023 Landlord, followup
Builders to be done.
Pushpanjali Sales 126,560 Since May GST Input reversed,
followup to be
done.
Sindhanai Artificial 12,60,600 Last Financial Year Material to be
Intelligence Systems received.
Pvt. Ltd.
Spark Technologies 23,580 Last Financial Year TDS not deducted
from Payment.
Vehant 83,889 Last Financial Year TDS not deducted
Technologies Pvt. from payment.
Ltd.
Satyam Auto Service 50000 Last Financial Year Car booked
LI Digital Payment 10,00,000 More than 4 Years To be Written off.
Pvt.Ltd.
Recommendation :
It is recommended that Unadjusted debit balances report should be taken from ERP on
timely basis to ensure closing of the same immediately.
Also Vendor’s TDS payment should be deducted while making the payment.
Also Vendor followup should be done by Finance as well apart from SCM department to
ensure timely rdcovery.
Management Comments:
GSTR-3B
TDS Payment
Observation : It is observed that TDS for the month of April,2023 amounting to Rs 88 lacs
deposited on 31/05/2023 I.e delay in payment, Total interest on the same has yet not paid
.
Recommendation :
It is recommended that Compliance Calender should be maintained for all Statutory
Payments which should be filled by respective department and reason for delay should
be mentioned in the same and approved by higher authority to maintain audit trail of
delay statutory payments with reason.
Risk : Financial
Management Comments :