The world’s #1 internal audit resource – search below

Created for IA pros using a desktop, this is an instantaneous search engine that will instantly scour through one of our thousands of articles and pieces and deliver super useful results. Search for anything – we probably have something on it somewhere.

, , , ,

Mastering Process Walkthroughs: Documenting Business Processes in Audits

albinoyeti Group

·

Process walkthroughs are a cornerstone of effective internal auditing. They enable auditors to grasp how a particular workflow or function operates in practice, from start to finish. By understanding the real-world flow of activities—and documenting each step along the way—auditors can more accurately pinpoint control weaknesses, compliance gaps, and opportunities for improvement. Yet, many audits skip over or rush through this critical phase. Without a proper walkthrough, the audit team risks basing its conclusions on incomplete or outdated information.

In this article, we’ll explore the essential techniques for conducting thorough process walkthroughs and mapping out business workflows during audit fieldwork. We’ll begin with why walkthroughs are so crucial, then move on to planning, execution, documentation, and analysis. By the end, you’ll have a clear roadmap on how to integrate process walkthroughs seamlessly into your audits, enhancing the quality of your findings and driving meaningful improvements within the organization.

The Role of Process Walkthroughs in Internal Audits

A process walkthrough is more than just an interview or a cursory glance at procedures. It’s a methodical, step-by-step journey through a specific workflow—such as accounts payable, inventory management, or customer onboarding—to see how tasks and controls actually function. This “on-the-ground” perspective helps auditors identify hidden risks and understand how employees interact with systems and controls day to day.

Successful walkthroughs require planning, active listening, structured questioning, and clear documentation. The goal is to create a vivid picture of the process from the moment an input triggers action to the moment the output is finalized.

Why Walkthroughs Are Essential for Quality Audits

A well-executed walkthrough is beneficial for several reasons:

  • Accurate Understanding of Operations
    Policies and procedures often tell only part of the story. Real-life execution may deviate from official documents due to workarounds, lack of updates, or other practical realities.
  • Identification of Control Points
    Walkthroughs reveal where risks might emerge and where controls should be in place. You can see firsthand if those controls are effectively designed and consistently applied.
  • Enhanced Credibility and Rapport
    By engaging in a collaborative process with the auditee, you build trust. Employees feel heard and are more likely to share genuine insights and challenges when they see your interest in how things really work.
  • Better-Targeted Testing
    Once you see how the process flows, you can tailor your subsequent audit testing to focus on the most critical or vulnerable points, maximizing the efficiency and relevance of your work.

Common Misconceptions About Walkthroughs

  • “We Have the Procedure Manual—No Need for a Walkthrough.”
    Procedure manuals can be outdated or incomplete. People often rely on tribal knowledge or shortcuts that aren’t documented. Walkthroughs unveil these nuances.
  • “Walkthroughs Are Too Time-Consuming.”
    While walkthroughs do take time, they often save effort in the long run. Uncovering process details upfront reduces guesswork later, preventing rework or missed issues.
  • “We Can Skip It If We Know the Process Already.”
    Even if you’ve audited the area before, processes evolve. Staff change, new software might be introduced, or market demands might alter workflows. Keeping your information fresh is vital.

Planning a Successful Process Walkthrough

Like any audit activity, walkthroughs benefit from meticulous planning. Although small organizations might have fewer resources or more fluid processes, the fundamental principles still apply.

Selecting the Right Processes

First, identify which processes are critical to the audit objective. This usually emerges from your risk assessment or audit plan. The processes you choose should have a direct impact on the organization’s strategic goals, financial reporting, or compliance requirements. For instance, in a finance audit, you might select the accounts payable process if it involves large transaction volumes or a known history of errors.

Defining Walkthrough Objectives and Scope

Determine what you need to learn from the walkthrough. Are you primarily looking at the effectiveness of controls? Are you interested in efficiency, compliance, or fraud risks? Clarifying these objectives early helps keep the walkthrough focused and ensures you collect the right information.

  • Scope: Which departments, sub-processes, or system interactions fall under your review? Decide whether you’ll examine the entire end-to-end process or a specific subset, such as purchase order approvals or exception handling.
  • Boundaries and Interfaces: Understand any handoffs between teams or systems. For example, accounts payable might interface with procurement, inventory, or treasury functions. Identifying these boundaries helps you capture the full picture.

Gathering Preliminary Information

Before you set foot in the department, do your homework:

  • Policies and Procedures: If they exist, read them to establish a baseline of the “official” process.
  • Prior Audit Reports: Look for previous findings or issues relevant to the area.
  • Data and Metrics: If available, review key performance indicators, error rates, or throughput volumes. This can guide your focus to potential problem areas.
  • Organizational Charts: Identify who owns the process, which staff execute it, and how they’re structured.

With this knowledge in hand, you can formulate targeted questions and anticipate areas that need special attention during the walkthrough.

Setting Up the Walkthrough Session

Planning the logistics is critical:

  • Scheduling and Timing: Coordinate with the process owners and relevant staff, ensuring you have enough time to observe key steps without rushing. Walkthroughs often last anywhere from an hour to several days, depending on complexity.
  • Selecting Participants: Involve employees who perform or oversee each stage of the workflow, not just supervisors. Sometimes frontline staff offer the richest insights.
  • Communication: Let participants know the purpose of the walkthrough, what you’ll be doing, and why it matters. This builds trust and reduces anxiety.

Conducting the Walkthrough: Techniques and Best Practices

With the groundwork laid, it’s time to conduct the actual walkthrough. This phase requires a blend of soft skills, technical know-how, and a structured approach to ensure you capture accurate, comprehensive information.

Observing the Process in Real Time

A significant part of the walkthrough involves seeing the process “in action.” Depending on the nature of the workflow, you might:

  • Shadow an Employee: Follow them as they complete a routine transaction or task, asking clarifying questions along the way.
  • Review System Entries: Watch as data is entered, validated, and approved within the relevant software.
  • Tour Physical Facilities: If the process involves physical products, inventory management, or production lines, spend time observing how items are received, inspected, stored, or shipped.

Taking notes during real-time observation helps you capture the sequence of events accurately. However, always remain respectful of the employee’s pace and tasks, minimizing any disruptions to their normal duties.

Asking Probing Questions

During or immediately after your observations, ask open-ended questions to delve deeper. For instance:

  • “Could you walk me through what happens when…?”
  • “What do you do if you spot an error at this stage?”
  • “Is there any step that feels redundant or overly complicated?”
  • “What happens if the system goes down? How do you handle downtime or backups?”

Encourage employees to share examples, especially if they’ve encountered exceptions or anomalies. These anecdotes often highlight areas where controls fail or processes break down.

Verifying Controls in Real Situations

You’ll want to confirm whether stated controls are actually functioning:

  • Approvals and Signatures: Ask employees to show you how approval routes work in the system. Watch for cases where employees share logins or skip steps due to time constraints.
  • Reconciliations and Reviews: If the process includes a daily or monthly reconciliation, examine the documentation. Is it performed regularly and reviewed by someone independent?
  • Segregation of Duties: Ensure no single individual can initiate, approve, and record the same transaction. A walkthrough often reveals shortcuts that might bypass segregation rules.
  • Exception Handling: Look at how the process handles out-of-the-ordinary situations, like returns or disputes, to see if controls remain intact under stress.

Maintaining an Open Mind

While you should have a checklist of questions and areas to investigate, remain flexible. Sometimes an employee might mention something unexpected—a systemic glitch, an informal workaround, or unrecorded steps. These insights can be invaluable, revealing hidden risks or improvement opportunities.

Documenting the Process Flow

One of the primary outcomes of a walkthrough is a clear, visual or written map of the process. This documentation isn’t just for compliance; it’s your reference for analyzing gaps, designing tests, and communicating findings.

Choosing the Right Documentation Format

There’s no one-size-fits-all approach to documenting a workflow. Common methods include:

  • Flowcharts: Often created in software like Visio, Lucidchart, or even PowerPoint. Arrows show the flow of tasks, and shapes depict decisions, inputs, and outputs.
  • Narrative Descriptions: A written step-by-step explanation of what happens, who does it, and how. This is useful when the process has many nuances that might get lost in a simple diagram.
  • Swimlane Diagrams: These diagrams illustrate not just the sequence of steps, but also the responsible party or department for each segment. It’s especially helpful in cross-functional processes.
  • Mapping via Audit Tools: Some specialized audit or BPM (business process management) tools allow you to build flow diagrams directly, linking each step to risk and control information.

Detailing Each Process Step

Regardless of the format, capture the following details for each major process step:

  • Step Description: What task is performed and by whom?
  • Input and Output: What triggers the step, and what does the step produce or modify?
  • Systems Involved: Which software or tool is used at this stage?
  • Key Controls: Where do approvals, reviews, or reconciliations occur?
  • Exceptions: Note what happens if errors or unusual situations arise.
  • Timing or Frequency: Is this step daily, weekly, or ad hoc?

Stay consistent in your labeling and structure, so it’s easy to compare multiple processes or sub-processes within the same engagement.

Linking Risks and Controls

A powerful next step is to annotate each segment of the process with potential risks and the controls meant to mitigate them. For example, if the process involves issuing payments:

  1. Risk: Unauthorized or duplicate payments.
  2. Control: Two-level approval within the accounting system.

By directly linking steps to their associated risks and controls, you create a blueprint that simplifies your subsequent testing. You’ll know exactly where to focus your attention.

Version Control and Accessibility

Keep track of document versions to reflect updates or changes discovered over time. Make sure the final version is readily available to the audit team and relevant stakeholders. Some auditors store these process maps in a shared drive or an audit management system for easy reference. The goal is to avoid duplicating efforts in future audits and to maintain a historical record of how the process has evolved.

Identifying and Evaluating Key Control Points

Walkthroughs don’t just reveal how a process works; they also help you spot specific points where a control either prevents or detects errors or irregularities. Identifying and assessing these control points is one of the most valuable outcomes of a walkthrough.

Pinpointing High-Risk Steps

As you review the documented workflow, certain steps may stand out as particularly risky:

  • Manual Input: Any stage where employees manually enter data is prone to human error or potential fraud.
  • Complex Calculations: Activities that rely on complex formulas or multi-step computations can hide inaccuracies.
  • Access Control: Points where users gain or elevate system permissions.
  • Approvals and Overrides: Where managers or system administrators can override normal procedures.
  • Reconciliations: If these are not done regularly or by an independent party, it becomes a weak point.

High-risk steps deserve special scrutiny. Typically, these will be focal points in your audit testing plan.

Assessing Control Design and Effectiveness

Once key controls are identified, consider their design:

  1. Design Effectiveness: Is the control well-structured to mitigate the identified risk? For instance, a two-level approval might be designed to prevent unauthorized transactions, but if both approvals are performed by the same person (in practice), the design is flawed.
  2. Operating Effectiveness: Even if the design looks good on paper, is the control consistently followed? Walkthroughs often reveal cases where employees bypass or ignore a control due to time pressure or convenience.

Mapping Controls to Risks

A best practice is to create a risk-control matrix that lists:

  • The risks identified in the process
  • The controls designed to mitigate each risk
  • Your assessment of each control’s adequacy (e.g., strong, moderate, weak)

This matrix becomes the backbone of your audit testing strategy, guiding you to the most critical areas for further investigation.

Asking the Right Questions and Fostering Dialogue

An underappreciated art in process walkthroughs is how you frame your questions and conversations. Effective questioning uncovers deeper insights, reveals hidden risks, and ensures you’re getting an authentic view of the process.

Types of Questions

  • Open-Ended Questions: “Can you walk me through how you process an invoice from receipt to payment?” invites descriptive answers.
  • Scenario-Based: “What happens if an invoice doesn’t match the purchase order?” helps uncover exception handling and identify unanticipated issues.
  • Why and How: “Why do you perform this additional check?” encourages staff to explain rationales, which might lead to discovering outdated procedures or inefficiencies.
  • Follow-Up Probes: “Can you show me an example of that?” can validate whether stated procedures align with real-world practice.

Active Listening

Active listening techniques—paraphrasing, summarizing, and clarifying—demonstrate respect and attentiveness. For example: “So, you’re saying the system automatically flags any invoice over $10,000 for managerial approval, but that feature hasn’t worked for two weeks due to a software glitch—did I capture that correctly?”

Repeating or confirming what you’ve heard ensures accuracy and signals to employees that their input is valued.

Building Trust and Openness

When staff feel comfortable, they’re more likely to share candid insights. Techniques include:

  • Empathy: Acknowledge the challenges they face. “It must be difficult to manage these approvals when the system frequently goes down.”
  • Positivity: Commend employees when you see well-implemented controls or innovative solutions. “This automated reminder for overdue invoices seems like a great way to reduce missed payments.”
  • Clarity on Your Role: Reinforce that you’re not there to judge them personally, but to understand the process and help the company improve.

Common Pitfalls and How to Avoid Them

Even experienced auditors can run into issues when conducting walkthroughs. Being aware of common pitfalls can help you steer clear of them.

Over-Reliance on One Person’s Perspective

If you only speak with a single staff member, you may miss alternative practices or departmental nuances. To avoid a narrow viewpoint:

  • Interview Multiple People: At least check with a supervisor, a frontline employee, and perhaps someone in a related department.
  • Compare Notes: Ask each stakeholder how the process is supposed to work and look for discrepancies or differing interpretations.

Failing to Capture Exceptions and Edge Cases

Processes often look neat on paper but can get messy when exceptions arise. Make sure to ask specifically about unusual scenarios—urgent orders, returns, or system downtime—to see if the official process holds up under stress.

Not Documenting In-the-Moment Observations

High-quality field notes are crucial. If you wait too long to write them up, you risk forgetting small but significant details. Take quick notes during the walkthrough (if it doesn’t disturb the flow) or jot them down immediately afterward.

Skipping Direct Observation

Interviewing staff about what they do is helpful, but direct observation can reveal a world of detail—like steps that employees forget to mention or shortcuts they’ve adopted without realizing it. Whenever possible, watch processes unfold in real time or use a sample transaction as a test case.

Treating Walkthroughs as a One-Time Task

A single walkthrough might not capture the full scope of a dynamic process—especially if you’re dealing with high transaction volumes or varied workflows. Be open to the idea of conducting multiple mini-walkthroughs at different times or under different conditions.

Using Walkthroughs to Inform Audit Testing

Conducting a walkthrough isn’t the end of the journey; it’s the foundation for deeper audit work. By synthesizing what you’ve learned, you can target your testing where it matters most.

Linking to the Audit Plan

Review your risk assessment and audit plan in light of the walkthrough findings. You might discover new risks that warrant additional testing, or you might refine the scope if certain areas appear more secure than initially assumed.

Designing Specific Control Tests

Use your risk-control matrix to guide your test procedures. For example, if you found that manual checks above $10,000 must be approved by two managers, you can select a sample of payments above that threshold and verify the presence of dual approvals.

Assessing Operating Effectiveness

Walkthroughs give you initial insights, but testing confirms whether controls are consistently applied across all relevant transactions. Focus on the steps or controls that seemed weak or reliant on a single individual. If the process is stable and heavily automated, your testing might focus on system configuration checks.

Prioritizing Follow-Up

If you discover high-risk issues—like the system glitch that fails to flag large payments—these become prime areas for immediate or near-term follow-up. Document them in your audit workpapers and ensure they remain a focal point in your final reporting.

Reporting on Walkthrough Observations

The information gathered during process walkthroughs plays a pivotal role in shaping your audit report. While you don’t need to include every minor detail, the key findings and insights can illustrate the “why” behind your recommendations.

Highlighting Process Gaps and Control Weaknesses

Describe how the process currently operates versus how it should operate. If you identified a missing control step or a frequent override, specify where in the workflow it occurs. For example: “During a walkthrough of the invoice approval process, we observed that the system-based threshold for management approval does not function consistently due to a software bug, allowing invoices over $10,000 to be paid with only a single approval.”

Providing Actionable Recommendations

Offer guidance that addresses the root cause of issues. If staff are bypassing an approval process because it’s too cumbersome, the recommendation might involve streamlining the steps or providing better training. Always tie recommendations back to specific risks, so management understands the consequences of inaction.

Including Positive Observations

Don’t overlook what the auditee is doing well. A balanced report that also praises strong controls or efficient procedures can help build goodwill and demonstrate the audit’s objectivity.

Aligning with Management Responses

Once your draft report is ready, discuss it with the process owner and management. Their response—acceptance of recommendations, alternative solutions, or planned implementation timelines—becomes part of the final report. This transparency ensures everyone agrees on the next steps and fosters accountability.

Leveraging Walkthroughs for Continuous Improvement

A single, well-run walkthrough can spark broader changes that outlast the immediate audit cycle. By fostering a culture of process awareness and documentation, you help the organization continuously refine and adapt its workflows.

Updating Process Documentation

Encourage departments to update their procedures, flowcharts, or training materials whenever there’s a significant change. This makes future audits smoother and reduces the risk of employees relying on outdated instructions.

Ongoing Monitoring

If the process is critical or high-risk, management might implement ongoing monitoring. This could involve real-time alerts for large transactions, weekly reconciliation checks, or internal quality reviews. Effective monitoring can detect issues before they escalate.

Sharing Knowledge Across Departments

Sometimes, a best practice in one department can address similar challenges in another area. By sharing your walkthrough observations, you can help other parts of the organization strengthen their processes preemptively.

Auditor Skill-Building

Process walkthroughs are a skill that auditors refine over time. Each walkthrough teaches new lessons—about interpersonal communication, technology reliance, or operational shortcuts. Building a repository of lessons learned helps your audit team evolve and tackle more complex reviews in the future.

Final Thoughts

Process walkthroughs are one of the most powerful tools in an auditor’s arsenal. They bridge the gap between “theoretical” procedures and on-the-ground realities, enabling auditors to truly understand how a business function operates. By carefully planning your walkthrough, asking the right questions, and documenting every step in detail, you’ll gain invaluable insights that shape more effective testing, support stronger findings, and yield actionable recommendations.

In an environment where risks constantly evolve and organizational processes are never static, a rigorous approach to process walkthroughs ensures you stay ahead of potential issues. It fosters better communication with auditees, cultivates a deeper appreciation for operational complexities, and ultimately enhances the credibility and impact of the internal audit function.

By mastering walkthrough techniques and integrating them into every appropriate engagement, you’ll elevate the quality of your audits, mitigate risks more effectively, and support continuous improvement across the organization. Above all, you’ll contribute to a culture where transparency, accuracy, and accountability thrive—delivering undeniable value to your stakeholders and strengthening the organization’s governance as a whole.

Comments

Leave a Reply

Discover more from internalauditguide.com

Subscribe now to keep reading and get access to the full archive.

Continue reading