Case study

Austria & Netherlands: Audit and Risk Advisory collaboration for a highly automated, EDI-driven sales and manufacturing company

Supporting a NEXIA member firm in completing an ISA 315 IT risk assessment within the annual financial audit (AUT–NED)

Client Description

The client was a first-year audit engagement referred by Nexia DHW (Netherlands) to CONSULTATIO (a Nexia Austria member). The company provides end-to-end supply chain and manufacturing solutions for global technology clients (e.g., a leading global technology company).

The predecessor auditor issued a disclaimer of opinion primarily due to:

Lack of sufficient appropriate audit evidence over inventory (existence, valuation, accuracy)
Identified issues with revenue cut-off

The Client Challenge

As a direct supplier to a global technology client, the client’s order-to-cash and procure-to-pay processes are highly automated via Electronic Data Interchange (EDI). This made a primarily substantive audit approach impracticable without first obtaining a thorough understanding of the IT environment and evaluating the general IT controls in place. The company uses its ERP system for the general ledger and subledgers, but relies heavily on EDI message flows with multiple counterparties, increasing the importance of interface controls, mapping, and message integrity.

The Solution

In close collaboration with CONSULTATIO, Nexia DHW conducted an ISA 315-compliant IT risk assessment, focusing on the design and implementation of general IT controls and understanding the EDI environment.

As part of the ISA 315 cut-off tests, initial planning involved relying on EDI data to support delivery dates. Additionally, Nexia DHW successfully assisted the client in identifying inconsistencies in the accounting of supply chains and INCOTERMS, and in resolving these issues during the subsequent process.

The Nexia Value

The collaboration with CONSULTATIO was instrumental in enabling Nexia DHW to successfully perform an ISA 315 IT environment assessment as part of a complex, first-year audit. This work provided a solid foundation for assessing risks and planning appropriate audit procedures in a highly automated, EDI-driven environment.

The project highlighted the value of leveraging cross-border expertise within the NEXIA network to address complex IT-related audit challenges. The insights gained through this engagement have enhanced the approach to future audits of similar clients.