How to Test/Document the Close/Consolidation Process 484
How do you document and test Analytical type Controls?%0AHi there,%0AI’d be very interested to start a discussion on the above. The company I work for is a large Multinational which has various levels of Consolidation and Analytical Review. I work at the Group Level and have been tasked with Documenting the Consolidation and Close Process. I’m new in the company, and while we have the processes documented in text form for quite some time, I think that the identification of the Close Controls, is somewhat vague, such as ‘Each controller is responsible for certain reporting units. The controller reviews all relevant financial reports relating to the reporting unit that is his/her responsibility.’%0AWe have a 31.12 FY and were hoping to dry run our YE Controls in advance of going live 31.12.05, so the questions remain…%0AHow can you test this/these type(s) of control(s)?%0ADo you go down the road of prescriptive type controls (above % ratios = review etc)?%0AHow do you write a control that relies on a person’s expert knowledge to follow up on unusual items?%0AHow to do you document these follow ups (keep e-mails, checklists, conference call minuets etc)?%0AHas anyone else come across this problem, surely yes?%0AI await in anticipation… :?:
Denis last edited by
What you have there sounds a bit weak to me.
Firstly, there is an element of the close process which is mechanical - something like this:
At an organisational unit level:
- Close Sub-Ledgers
- Balance Inter-Company
- Calculate Provisions and Accruals
- Post General Ledger journals
- Close General Ledger
- Prepare ConsolidationPack
At Group Level:
- Compile Conolidation Packs
8, Make consolidation adjustments
- Compile Financial Statements
You need to consider what risks apply at each stage (Completeness, Existence, etc.) and what controls are required to meet those risks. Whilst undoubtedly some of the controls you refer to will exist they will not cover all of your risks so you will need to consider things like access to systems, authorisation of jornals, etc.
Going back to your original question, it sounds like you have an evidnecing issue. It is not enough that ‘Controller reviews reports’ - you need to know what did the review involve, how did he evidence is and how were any issues followed up.
Thanks for the reply. I agree with you that it is primarily an evidencing issue.
Indeed the more functional parts of the Close Process are easier to work out, but it’s the Analytical Review type controls that we’re trying to formalise at present. We’ve started with a Checklist, but even that doesn’t answer how the items are checked, whether it’s done consistently between different Country Unit Controllers and how to evidence this.
Are you directly involved with this issue, or have you had to address the same type of issues?
kymike last edited by
Our auditors were happy with the use of checklists that were signed off on to evidence the occurence of certain close process activities. To me, this helps to ensure the ‘completeness’ aspect of the close process in identifying all of the accruals, reviews, postings, etc. that need to happen when closing the books. I don’t think that SOX really intended for us to keep all draft or preliminary reports to evidence review of such and help document any corrective actions taken prior to final close. To me, this isn’t much different than using a manager’s signature on an account reconciliation to evidence his review (a key control). You will know that he at least touched the reconciliation, but you can’t really determine how thorough the review was. If, in testing, you discover an error that the manager missed, you could conclude that his review was not very thorough. On the other hand, you could not make the alternative conclusion if the reconciliation had no errors as the manager may or may not have reviewed thoroughly and maybe got lucky that there were no errors.
At the end of the day, you need to go with whatever your management team feels is necessary to evidence execution of proper controls and work with your external auditor to get them comfortable as to your approach. There is currently no prescribed way to do this, so don’t let your auditor strong-arm you into doing something that is overkill.
Thanks for the input, this is very interesting and is exactly the issue at hand for us. Can I be crystal clear though. Do you mean that you are NOT keeping evidence of the reviews done by your ‘Controllers’ (or whatever the title of the person doing the analytical review is), and that you are simply using a checklist.
Perhaps I could give an example by way of illustration:
One item from our proposed checklist reads as follows:
Review forms (that’s our word for the excel reporting packs received from the country units) and ensure that we understand:
- results by Line of Business ytd and quarter on quarter
- background to all exceptional items and accounting for it
- review for large/ unexpected amounts/movements
- all movements in shareholders’ equity
- reasons for changes in latest forecast compared to previous forecast
- how know (current) issues have been reflected in the forms
If I understand you correctly, you would simply put this on a list, and get the controller/reviewer to initial and date it?
But no documentary back-up for the reviewed items is kept?
and your auditors were happy with this approach?
kymike last edited by
For the most part, this is correct.
We do have quarterly review meetings with the controller where a standard deck is prepared for discussion. This includes general explanations for fluctuations from prior year, unusual items, judgemental reserves and any other items that the controller wants to cover on a regular basis. Our auditor sits in on this review meeting with us (full disclosure) so that they know what is covered. They also get a copy of the review deck. We are also multi-national. The review of the international results is done on a consolidated basis with the corporate controller, with some country-specific information.
We do keep prior period presentations. What we don’t necessarily keep are the preliminary or draft discussion documents that are prepared working up to the final quarterly review deck.
The checklists are maintained by our various entity controllers for two reasons - to ensure that they are thinking about everything that they need to cover in their period close cycles and to evidence that these itemsm were considered or completed. I would expect to see notes on the checklists speaking to anything not completed or significant issues that arose during the close cycle and how they were resolved.
I hope that this helps.
Denis last edited by
what kymike describes is generally what I would expect to find.