Audit Trail Examples: How Auditors Determine Which Tracks to Follow

Audit Trail Examples: How Auditors Determine Which Tracks to Follow
Page content

Audit trails are the chronological sequences of activities related to a particular transaction, which an auditor retraces in order to track down the original entry or root transaction. However, the simplicity of tracking entries could be made complex by the quality of data available for the purpose of carrying out certain audit tasks.

Understand the significance of a system that maintains trackable inputs derived from source documents, as it shows how they were processed in generating the computerized outputs. Perceive how different types of auditors make use of this control feature as we link their key functions to the data generated by the system.

800px-Audit components

Internal Auditors

The main objective of an internal examiner is to determine the strength or weaknesses as well as the sufficiency or insufficiency of the internal controls in place during the processing of daily transactions.

Internal controls are the built-in checks-and-balances present in every operational procedure, which the auditor is tasked to test and assess. Hence one of his goals is to determine if the audit trails are easily traceable and if they are constantly being reviewed by a designated control officer.

In a computerized system, the resident control officer reviews the daily transaction log as it furnishes information of all individual account movements that have been processed and which cause changes in different accounts. These account movements can be validated for accuracy against a batch control.

A batch control shows information if records have been processed as inputs and if the inputs have been processed more than once. This is where similar types of transactions are grouped into a batch and then compared to determine if they have the same transaction code and the same dates.

In a double entry system of accounting, a debit transaction has a corresponding credit and vice versa. Therefore a batch control for a particular type of transaction has a corresponding inter-related batch control of a different type, against which financial totals can be compared.

We will use as an example a batch control for sales transactions that was processed by an outgoing cashier. We will assume further that the batch total of the sales transactions reflected an increase of $5,000 in the sales account. This should likewise cause the cash balance to increase by the same amount but using a different type of batch control, which in this case would be the total cash receipts transactions. Any imbalance between the two different batch controls should prompt the control officer to work back through a series of verifications.

Errors detected in the batch are traced to ensure that immediate corrections are instituted before they are processed as valid transactions that would change the data for a specific batch file. An error file is created to determine the areas for further investigations, particularly those errors that caused an entire batch to be rejected.

The internal auditor therefore makes a random test of tracking down errors via their audit trails to determine if the computer’s control features can efficiently protect the input/output data and their processing. To assess the strength of the controls, his main concern would be the diligence by which the resident control officer reviews the audit trails in order to track down the causes of errors.


The External Auditors

There are two different types of external auditors and there is also a divergence in their main objectives for tracking transactions through their trails. There is the independent auditor who is tasked to certify if the financial statement reports show a fair presentation of the company’s financial conditions and the results of its operations for the year. The second type is the forensic accountant who performs investigative work.

(1) Independent Certified Public Accountant

Similar to the internal auditor, the external examiner performs an assessment of the internal control measures in place during the processing of transactions. His objective, however, is to find out how much of the information in the financial reports has the likeliest possibility of being manipulated. The substantial increases or decreases in annual reports will be verified by tracking the trails of the transactions that present major changes.

In a manual accounting system, transaction logs can be represented by the subsidiary ledger entries. The total of each type of transaction can be matched against the related accounting entry posted in the general ledger for the related account.

An examiner can verify the total sales in a computerized system against batch controls for all official receipts issued for each day. The objective is to determine if the sales entry for a particular date actually originated from legitimate sales transactions.

If all sales transaction covered by the scope of audit can be matched with information for corresponding official receipts, the examiner can safely surmise that the total sales reported are in order at this point. However, if a company allows credit purchases, a different batch will be used to validate the sales entry. In this case, the data to be extracted are the sales invoices issued to customers who made purchases on credit. In the event that the financial totals for two related batches do not match the total sales reported, the external auditor will trace the difference through the audit trail. However, he is not required to test all transactions but only a random tests of a rationally selected sample will suffice.


(2) The Forensic Accountant

The forensic accountant’s (FA) objective is more complicated and requires a more detailed examination of the audit trail. Usually, the FA is tasked to determine the modus operandi used in perpetuating a fraud by establishing the accounting manipulations performed. In addition, he should be able to ascertain the aggregate amount that was misappropriated.

The primary purpose of his examination is to present evidence in court by showing the general ledger accounts that were affected and the entries used in order to manipulate the transactions.

We will still use our previous example about the validation of the sales entries. For this purpose, however, the FA will trace the validity of the sales transactions by validating information against batch controls for all products sold in a particular day. In this case, the entries affect the inventory account and the cost of goods sold.

Supposing that in one of the batch controls for inventory, the aggregate amount for inventory reduction was larger than the total sales recorded for the day. This denotes that there were stocks withdrawn and sold but have no corresponding sales entry, either as COD or sales on credit. Perceive that the norm would be a higher amount of sales over inventory reduction, inasmuch as sales comprise cost of goods plus price mark-ups.

The FA therefore will perform a detailed investigation of the entries that have reduced the inventory by tracking down each data input that was processed. His goal would be to determine the following:

(a) The point in time during the day that a sold product was not captured as a sales transaction in order to establish a pattern. Is the manipulation being done during peak or lean hours?

(b) The person responsible for the infraction and others who may have had a direct responsibility in allowing the manipulation to happen. This is to ascertain if there is connivance or lack of supervisory controls implemented.

(c) In verifying the audit trail of the transaction, the forensic accountant should have an idea of the data to look for. To illustrate by way of example, supposing that $2,000 worth of electronic appliances reduced the present inventory level but there was no corresponding sales transaction that would match the said item.

Roughly, if the selling price of the item is $2,500, the computer should have recognized the following related data entries:

  • Increase in Cash or Accounts Receivable - $2,500 (Dr.) – No Data Available
  • Increase in Sales - $2,500 (Cr.) - No Data Available
  • Increase in Cost of Goods Sold - $2,000 (Dr)
  • Decrease in Purchases Inventory - $2,000 (Cr.)
  • Cost to Sales Variance (Gross Profit) $500 - No Data Available

In lieu of the missing data and through a process of elimination, the forensic accountant found two undocumented and therefore unauthorized transactions that were used to balance the general ledger account:

  • Decrease in Accounts Payable - $2,000 (Dr)
  • Increase in Purchase Returns - $2,000 (Cr)

The FA now has a lead about which accounts are being manipulated as far as the missing sales entries are concerned. The trace-back procedure, however, has to delve deeper in order to determine the method used to cover up for the accounts payable. One way of validating these entries is to send out confirmation letters to the suppliers.

This also denotes that the perpetrator has unauthorized access to the accounts payable module or he is in connivance with the person in charge of that module. Hence, the forensic accountant can hasten the investigations by interviewing the users as a means to determine the extent of their participation and the total amount involved.

Inasmuch as the above explanations provide insights into how an audit trail is used by different types of audit examiners, business owners, managers and even resident control officers will have formed a new perspective in scrutinizing the different sets of data generated by a computerized business system.

Reference Materials and Image Credit Section:


  • Explanations and examples were based on the author’s actual experience as a senior auditor of a universal bank.

Image Credit: