1 / 16

CS 8-2

CS 8-2. Conducting Vendor Audits Thursday, April 7, 2005 10:30am-12:00pm Session CS8-2 Anna Nicodemus, CPA, CIA, CFE. Who We Are: A Global Company. The leading global services company 116,464 employees in more than 55 countries Revenues of $20 billion in 2004

preston-byrd
Download Presentation

CS 8-2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 8-2 Conducting Vendor AuditsThursday, April 7, 2005 10:30am-12:00pm Session CS8-2Anna Nicodemus, CPA, CIA, CFE

  2. Who We Are: A Global Company • The leading global services company • 116,464 employees in more than 55 countries • Revenues of $20 billion in 2004 • Provides strategy, implementation and hosting for clients managing the complexities of today’s economy • Brings together the world’s best technologies to address critical client business imperatives • 43% of revenue from outside of U.S.

  3. Key Points • Learn techniques for assessing risk and selecting vendors to audit (both supplier and outsourcers) • Discuss how audits should be scoped to maximize resource efficiency • Identify best practices for auditing outsourced partners

  4. Objectives and Benefits of Supplier and Provider audits • Cash savings or credits • SOXA comfort level • Performance standard checks • Quality of goods validation • Going concern validation • Compliance with industry regulations

  5. Risk Assessments for Suppliers 10 Factors or questions to consider in weighing relative risk • Tier 1 supplier • Amount of spend consistent with type of supplier • Supplier selected as part of bid process and credit checks performed • Strategic alliance partner • History of service problems or defects • Input on concerns from Finance, Legal, Purchasing or other corporate area, including prior audits • Are you their only or a major customer • End of contract term and preparing to move to new supplier or evergreen payments • Fixed price arrangement (e.g. per hour maximum charges) • Inherent industry or geographicrisk for overcharges Inherent industry risk for overcharges

  6. Risk Assessments for Outsourced Providers 10 Factors or questions to consider in weighing relative risk • Part of Core competency outsourced • Spend with provider makes this Tier 1 or strategic • Contract requires annual audit or relinquish cost recoveries • History of problems with provider and/or do penalties apply • Fiduciary responsibility • Lack of SAS 70 or prior unsatisfactory audit results • Strong or weak contract administration function • Early in transition phase versus mature • Cost plus arrangement or costs exceed forecast • Consideration being given to bringing back in-house

  7. Supplier Frauds These can be simple employee theft, conflict of interest and/or collusion • Activate inactive vendor • Sole sourcing • Overcharging • Check alteration • Self dealing • FCPA • Kickbacks

  8. Begin with the contract Audit Clause elements: • Reasonable access to provider/supplier information and people (accelerated access if fraud suspected) • Notice requirements • Access relevant to service/goods provided • Purpose of audits clear: cost validation, compliance with policies or contract terms • Confidentiality required • Process to handle audit findings and resolution • Who bears the cost

  9. Scoping Supplier Audits • Read your contract and or PO for terms and conditions • Talk to key internal customer of these goods or services and find out the benefit expected with this supplier • Understand how you are billed and for what • Understand how and if discounts or rebates apply • Verify that there are not duplicate vendors set up • Research the supplier – D&B, internet, etc. • Determine how performance or quality is measured • Controls around vendor setup

  10. Scoping Outsourced Provider Audits • Begin with a clear understanding of what responsibility you retained versus what was outsourced – consider auditing end to end process which may include your retained areas as well. Determine if outsourcer uses third-parties and/or offshores work • Remember that outsourcing doesn’t relieve you of responsibility for controls – so determine what you would expect if it was still in house • Read the contract and determine what key terms and conditions to audit • Ask for information on previous audits, SAS 70, discussion with internal audit on their program, and ask about ongoing compliance activities • Meet with internal relationship manager and key interested parties for concerns or areas of interest • Understand what is unique versus standard and focus there • Research anything you don’t understand – use the internet, other audit groups, your company internal experts, and the IIA • Add general control items (people development, specialized training, business continuity plans, and staffing) to your program

  11. Examples of Audit Steps for Suppliers • Automate what you can to look for errors, duplicates, or overages • On site- do a walkthrough to understand what they do and their processes • Follow up walkthrough by verification via documentation and back up records • Look for potential overcharges (rounding, scrap, re-work, burden or benefit rates, items not ordered) • Ask questions!

  12. Sample audit program on outsourced provider Audit Areas • Contract/Service Level Agreements compliance • Billing accuracy • Business continuity • Change control • Security (physical and logical) • Fiduciary duties • Transition project • Problem resolution

  13. Best Practice for Outsourced Providers • Treated as partnership where both parties have a vested interest in the other party’s success • Strong contract administration • Clear contract terms and process for contract addendums • Post contract discussion to ensure shared understanding of individual responsibilities and expectations • Governance board/team includes representatives from both organizations and meets regularly • Robust change control process • Escalation process for problems • Recognize that your outsourcer has done this before – leverage from this expertise and don’t reinvent the wheel

  14. Staffing • Develop in house expertise on automation type work • If specialized area – co-source. Seek bids from 3rd parties based upon specialized skill (technology, language, area) • May want to find outside firm who specializes and set up meeting between corporate department and firm and just act as liaison and maybe participate in the audit to learn some general skills. • Partner with SME from Purchasing or A/P (or other owner department) as they have expertise and interest • Track results and determine best return on investment and then stop (e.g. if 5th and 6th vendor down the list don’t product much in cost recoveries – then probably should turn the rest of vendor audits over to Purchasing to pursue on their own).

  15. Summary Auditing suppliers and outsourced providers can make you a local hero with your company as internal corporate groups may welcome your expertise and professional expertise and help for these responsibilities. Take advantage of the good will generated by these projects. Not everything you do needs to be internally directed and fearful for the corporate departments. This is a win/win/win for the company, the internal department who owns the responsibility, and internal audit.

  16. eds.com

More Related