top of page
  • Fullah Kamara

Demystifying Revenue Audits: A Comprehensive Guide from Planning to Substantive Testing


The revenue cycle plays a vital role in the financial health and sustainability of any business. It encompasses important steps such as receiving customer orders, approving credit, shipping goods, billing customers, and collecting cash. Revenue and accounts receivable are the two most significant accounts that impact the revenue cycle. During an audit, auditors need to obtain evidence for these accounts based on financial statement assertions. The occurrence assertions is the most critical for revenue, especially when there are incentives to overstate revenues. For accounts receivable, existence and valuation assertions are usually more relevant. By using the cycle approach, auditors recognize the interrelationship of accounts, where evidence gathered for accounts receivable also provides evidence for recorded revenue, and vice versa. The auditor examines sales transactions and internal controls, gathering evidence on credit authorization and valuation. Sales transactions also play a role in computing commissions for sales staff. Thus, the accuracy of recorded transactions in the revenue cycle is crucial for management decisions, other stakeholders, and the preparation of financial statements.

Processing Sales Transactions:

Some clients have numerous revenue processes and different revenue methods. For example, purchasing building supplies is distinct from purchasing a blouse from a department store, and both are distinct from purchasing a work of literature online. A credit card or cash is almost certainly required for payment for both the online and offline sales. Construction equipment sales, however, frequently contain a receivable or a loan from a third party. Some sales transactions involve long-term contractual arrangements, which have an effect on the client's timing for recording income, while others do not. Despite these differences, procedures and accompanying paperwork are present in the majority of sales transactions. The sales process includes the following:

1. Receive a Customer Purchase Order:

The receipt of a purchase order from a client or the creation of a sales order by a salesperson marks the start of the revenue cycle. A clerk at a checkout counter, a salesperson calling a client, a catalog sales company's customer service representative answering a toll-free call, a computer receiving purchase order data electronically from the customer's computer, or the sales department directly receiving the purchase order are all possible methods of taking an order. For instance, think about a customer care representative for a catalog retailer taking a phone order. The agent enters the data manually into a computer file, giving each transaction a special identification number. The computer file, also known as a transaction log, is used for control and reconciliation purposes and contains all the data for sales orders placed during a period.

2. Check Inventory Status:

Many organizations have Enterprise Resource Planning (ERP) systems (such as Oracle ERP Cloud, Microsoft Dynamics 365 Business Central, and SAP Business One) that can tell a customer how much inventory they currently have and when they may expect it to arrive. The buyer is made aware of any possible backordered items and the anticipated delivery date.

3. Generate Backorder (if any):

A confirmation of the backorder is generated and sent to the customer whenever an item needs to be placed on backorder for later delivery to the customer. The customer is frequently offered the opportunity to cancel the order if the backorder is not filled within a particular period of time. In order to satisfy both current customer demand and anticipated inventory needs, a precise list of backordered items should be kept. This is often accomplished by adding a distinct field to each individual inventory record to indicate backordered items.

4. Obtain Credit Approval:

To reduce the risk of credit losses, some organizations have established formal credit approval policies that outline specific requirements and procedures for screening prospective and existing customers. Some businesses reduce credit risk by only accepting credit or debit card payments. Others need a check or money order to be included with the order, and the business may wait to send the goods until the check or money order has cleared to make sure the payment can be collected.

Due to the convenience of using credit to conduct business, many companies provide it to some of their clients with good credit standing based on their credit reports. However, there is a risk that the customer may fail to repay the outstanding amount. Nonpayment can occur for a variety of reasons, from a customer's inability to make payments due to financial difficulties to bankruptcy or their discontent with or return of the goods they got. As such, businesses must have a credit approval procedure that (a) assesses the creditworthiness of prospective customers and (b) updates the creditworthiness of current customers, including their payment histories. A computer program that holds data on current account balances and credit scores may evaluate sales orders and customer credit information as part of the credit approval process to decide if the business should grant the customer credit or increase a credit limit. The majority of businesses establish credit limits for clients and create controls to make sure that a future sale won't cause the customer's credit limit to be exceeded.

5. Prepare Shipping and Packing Slips:

Many organizations have digitized the distribution procedures for delivering items from the warehouse to customers. Computerized machines are taking the place of warehouse workers by retrieving goods in accordance with a customer's sales or purchase order. Real-time tracking of commodities is made possible by bar codes.

6. Ship and Verify Shipment of Goods:

Common carriers like independent trucking lines, railroads, or air freight companies transport the majority of commodities to customers. The shipper creates a bill of lading that includes information on the packages that will be delivered to the customers by a common carrier, the shipping conditions, and the delivery address. A formal legal document, the bill of lading, assigns duty to the shipper. The bill of lading is signed by a common carrier representative as confirmation of delivery of the goods. By (a) filling out the packing slip and returning it to the billing department, (b) electronically tracking items shipped and sending the shipping information to the billing department, or (c) creating independent shipping documents and sending a copy of them to the billing department, the shipping department confirms the shipment.

7. Prepare and Send the Invoice:

Invoices are often prepared when the company learns that the goods have been dispatched. The terms of the sale, the payment arrangements, and the costs of the shipping goods should all be listed on the invoice. As evidence for the audit, the invoice will be a key document that auditors inspect.

8. Send Monthly Statements to Customers:

Some companies prepare and mail monthly statements of open items to customers as a form of control. The customer's activity for the preceding month is reported in full on the monthly statement, along with a list of all open items.

9. Receive Payments:

For the purpose of determining the final value of both cash and accounts receivable, all revenue receipts must be properly recorded. The cash receipt is typically considered part of the cash transaction cycle.

Summary of the Audit Process in the Revenue Cycle

The revenue cycle audit involves a number of steps that the auditor must take in order to evaluate the risk of material misstatement and form an audit opinion. These processes consist of substantive procedures, tests of controls, and risk assessment. The auditor obtains data on inherent risks, fraud risks, the effectiveness and efficiency of internal controls, and planning analytical procedures. Based on this data, the auditor recognizes the potential for material misstatements and chooses the best audit response.

The auditor tests controls and takes into account their impact on substantive evidence when performing an integrated audit or a financial statement audit where controls are relied upon. In other audits, the auditor only uses substantive tests to gather proof of the financial statements' accuracy and assess control risk as high.

Identifying Inherent Risks in the Revenue Cycle:

The timing of revenue recognition is a significant inherent risk in the revenue cycle, as companies could recognize revenue without satisfying their performance obligations. Determining the date of a sale can be difficult in complex sales transactions. For instance, some revenue transactions could contain contingencies or lengthy return periods. The client's business model, earnings procedure, sales terms, customer return policies, and any combination of leases and sales must all be understood by the auditor in order to identify risks or what can go wrong.

Criteria for Revenue Recognition

It is sometimes challenging to decide when and how much revenue to recognize for some complex contracts. ASC 606 accounting standards describe a five-step approach for revenue recognition. The procedures include identifying the contract with the customer, identifying the performance obligation, determining the transaction price, allocating the transaction price to the performance obligations, and recognizing the revenue as the company satisfies the performance obligation.

Each phase carries a certain amount of risk, such as the possibility that revenue may be recognized even in the absence of a contract or that it won't be recognized at all when a contract exists. The auditor should evaluate the controls that are in place to handle these risks, including contract identification, performance obligation assessment, transaction price estimation, and precise performance obligation fulfillment tracking.

Side Letter Agreement and Auditor's Responsibilities:

Supplementary agreements to principal contracts are known as side letter agreements or side agreements. They could consist of price reductions, unusual return policies, or added services. As part of their fraud detection processes, auditors have a duty to find secret side letter agreements. Inquiries concerning any additional agreements that are not mentioned in the official contract may be sent to salespeople and customers as part of these procedures.

Inherent Risks: Accounts Receivable

The accuracy of the net amount poses the biggest inherent risk in relation to accounts receivable. Receivables might not be collected, or they might not be reported appropriately. Poor-quality products, consumers with questionable credit histories, and channel stuffing are additional concerns. Auditors pay close attention to claims made in financial statements, such as existence and value. The risk associated with owning receivables is heightened if a business sells its receivables but continues to be responsible for their collection. Research shows the majority of frauds include improper revenue recognition. Professional audit standards require auditors to assume fraud risks relating to improper recognition exist in every audit. Fraudsters use a variety of techniques to falsely report transactions, including registering consignment sales as final sales, recognizing revenue on nonexistent shipments, and producing fictitious invoices.

Identifying Fraud Risk Factors

Managers might be under pressure to overstate revenue for a variety of reasons. For instance, the business may be seeing a sharp decline in demand for its main product, technological advances (new technological breakthroughs) in the client's industry may be rendering the company's products obsolete, or an overall decline in the sector may be adversely hurting revenue (changes in consumer preferences). A specific earnings target may be a requirement for receiving management incentives or stock options that might incentivize managers to overstate revenue. There might be a pending merger, and management might be trying to get the best deal available. In other situations, management might publish upbeat statements about the company's earnings per share, net income, and revenues before the auditor has finalized his or her audit. The management is under a great deal of pressure to meet analysts earnings forecasts.

Identifying Control Risks:

The auditor must understand the controls that the client has designed and implemented to mitigate such risks after gaining awareness of the fraud risks inherent in material misrepresentation in the revenue and accounts receivable accounts. The auditor often gains this understanding through a process walkthrough, inquiry of management, observation, and inspection of the client's records. Both entity-wide controls and transaction controls at the assertion level are taken into account by the auditor. This knowledge gives the auditor a foundation for determining the initial control risk for each relevant account and assertion.

The auditor concentrates on the relevant assertions for each account and determines the controls that relate to the risks for these assertions as part of this understanding. The auditor uses this knowledge to pinpoint key controls that need to be evaluated in an integrated audit or a financial statement-only audit, if the auditor relies on controls.

Controls Related to Existence:

Controls for existence should offer a reasonable level of assurance that sales and receivables are only reported when revenue has been earned and have a legal right to receive payments from the customer. The distribution of monthly statements to clients is a control measure to reduce the risk that unearned revenues are not recognized as earned. However, control should be established so that these statements are prepared and mailed by a party separate from the department that first processed the transaction. A department or person who is separate from the entity responsible for the initial recording of the transactions should receive client questions concerning their account balances.

Controls Related to Completeness:

Completeness controls are meant to give a reasonable level of assurance that all sales transactions pertaining to the company are recorded. For instance, transactions may not be recorded due to control failure or sloppy procedures. Companies may decide to skip transactions in particular circumstances if they want to reduce their taxable income. As such, the auditor must consider the controls that ensure the completeness of transactions in the revenue cycle. Examples of such controls include using prenumbered shipping documents and sales invoices, immediately entering transactions using an online entry system and immediately assigning a unique identification number, reconciling shipping records with billing records, making sure that supervisors review transactions, and reconciling inventory against sales units.

Controls Related to Valuation:

It should be reasonably simple to implement controls linked to the accurate valuation of routine sales transactions. Sales should only be conducted using official price lists, such as the price displayed on a Wal-Mart scanner or the price a salesperson finds in the company's online database. In these cases, the control mechanisms should limit access to the computer master files and ensure that allowed price adjustments are correctly inputted by authorized personnel only and reviewed by someone above the preparer.The most frequent cause of valuation difficulties is the use of odd or ambiguous sales terminology. Examples include sales where the buyer has a right of action against the seller, franchise sales, packaged sales, cost-plus contracts, or other long-term agreements with partial payment clauses. The company should have established policies and procedures for handling these complex transactions if they are common, and the auditor should be familiar with these procedures.

Returns and allowances also have an impact on the valuation of sales. Unusual returns or allowances could be the initial indicator that a company has improperly reported revenue. Formal rules and procedures for outlining contractual return terms in the sales contract and approving acceptance of returns are among the controls that the client should put in place for recognizing and immediately recording returned items.

Important risks associated with account receivable valuation also need to be addressed by the client. Formal credit procedures ought to offer a solid level of confidence in the conversion of accounts receivable into cash. Companies should follow protocols, including establishing a formal credit policy, continually checking accounts receivable for signs of rising risk, and providing sufficient segregation of duties in the credit department.Management's method for calculating the allowance account is another factor in how net receivables are valued. For this allowance account, management ought to have a well-managed process in place for creating a fair and reasonable estimate.

Documenting Controls:

For both integrated audits and nonintegrated audits, auditors must document their understanding of the internal controls. Understanding the process is a necessary first step in documenting controls, and looking for potential internal control weaknesses is the second. Each "no" response on the questionnaire indicates a potential weakness in internal controls. The auditor should take into account the influence on the initial assessment of control risk if a negative response is provided. For instance, if a question about the separation of roles between those who handle cash and those who approve write-offs or account changes receives a negative response, there is a chance that someone might handle cash and then commit fraud by writing off a customer's balance. The auditor will probably determine that there is a significant control risk in this area if there is no compensating control for this weakness.

Performing Planning Analytical Procedures:

Auditors identification of probable material misstatements is made easier by planning analytical procedures. During audit planning, the goal of preparing analytical procedures is to identify accounts with a higher risk of misstatement, which serves as a foundation for designing and implementing a response to the identified risks. Planning analytic processes can be quite imprecise. The following are the steps involved in planning analytical procedures:

1. Determine if a specific analytical approach is appropriate for a given account(s) or assertion(s), taking into account the potential for material misstatement and the planned tests of details.

2. Evaluate the reliability of the data that was utilized to create a ratio or account balance expectation.

3. Develop an expectation for recorded account balances or ratios, then assess whether it is precise enough to achieve the relevant goal.

4. Define the circumstances under which a discrepancy between the auditor's expectations and the client's records would be deemed significant.

5. Identify any notable unexpected variations by comparing the client's recorded amounts with the auditor's expectations and investigate any difference.

Make sure that the auditor's expectations, the findings, and the audit processes used are properly documented.

The auditor should exercise professional judgment when selecting the right controls to test. The auditor would also need to add observation, inspections, and/or re-performance in order to support the inquiry, as inquiry alone is typically insufficient proof. For the purpose of identifying further suitable procedures, the outcomes of tests of controls are analyzed. If control weaknesses are found, the auditor will determine how serious they are and adjust the initial control risk assessment accordingly. If no control weaknessses are found, the auditor will assess the degree to which controls may offer proof of the accuracy of account balances and will arrange substantive audit procedures in accordance with that assessment.

Obtain Substantive Evidence About Accounts, Disclosures, and Assertions in the Revenue Cycle:

The auditor's objective in carrying out substantive processes is to achieve a reasonable level of assurance on the suitability of the client's revenue recognition rules and the conformity of revenue transactions with GAAP. All relevant assertions relating to key revenue cycle accounts and disclosures should be subject to substantive procedures, such as substantive analytical procedures and tests of details. Even if the auditor has proof that controls are working effectively, they cannot rely solely on control testing to show that these accounts and assertions are reliable. In the revenue cycle, substantive tests often show the occurence of sales transactions, their accurate valuation, the existence of accounts receivable, the reasonableness of the allowance account balance, and the absence of fraudulent transactions in the financial statements.

Performing Substantive Analytical Procedures Over Revenue and Accounts Receivable:

The seven-step used for preparing planning analytical procedures is also followed while conducting substantive analytical procedures as part of the revenue cycle.

Step 1: Select Appropriate Analytical Procedures

The pertinent analytical procedures for carrying out substantive analyses need not be distinct from those for planning analytics. However, the substantive analytical procedures are carried out more precisely by the auditor, who frequently makes use of disaggregated data. While planning analytics are at high level. The auditor, for instance, can do ratio and trend analysis by product line, area, or business unit. In addition, ratios and trends can be compared with the industry averages as a whole and with comparable prior periods (such as monthly, quarterly, or yearly).

Step 2: Evaluate the reliability of the data used to develop the expectations.

The auditor may assess the operational effectiveness of controls over the creation of the information utilized in such analyses when assessing the reliability of data used to develop the expectations in substantive analytical procedures. The auditor may also use information from unbiased outside sources (such as industry ratios), as this information is generally regarded as more reliable.

Step 3: Develop Expectations

Compared to those created during the planning of analytical procedures, the auditor's expectations for substantive analytical procedures are more precise. More disaggregated data is used, which results in an improvement in precision. The kind, size, and complexity of the organization determine the optimum level of disaggregation.

Step 4 and Step 5: Define and Identify Significant Unexpected Differences

At this stage, the auditor tries to determine whether or not their expectations differ materially from what the client has recorded. The auditor's assessment of the risk of a material misstatement, the desired level of assurance, and the materiality all have an impact on how big of a difference they deem significant. The auditor then looks for any notable discrepancies by comparing the client's recorded amount with the auditor's expectations.

Step 6 and Step 7: Investigate Significant Unexpected Differences and Ensure Proper Documentation:

The auditor might choose how to look at substantial unexpected differences with the help of materiality and the required level of assurance. The auditor investigates these differences through a substantive test of details. The auditor will record the information acquired and decisions made through in-depth analytical procedures.

Substantive Tests of Details for Revenue Transactions:

Inspection of relevant client documentation is the main component of the substantive test of details for revenue transactions. The auditors might sometimes utilize AI tools like DataSnipper to speed up the document reviews. The auditor may also perform journal entries testing to address the fraud risk using data analytics tools like TeamMate Analytics (TMA). These tests focus on the existence and valuation assertions, but the auditor might also perform tests of details relating to the completeness assertion.

Revenue: Occurrence and Valuation Assertions:

For revenue accounts, the assertions of occurrence and valuation are typically the most important. The occurrence assertion is supported by vouching a sample of recorded sales transactions in the sales journal back to customer orders and delivery documentation. To obtain assurance regarding the valuation assertion, the auditor compares the quantities billed and shipped with customer orders and verifies the clerical accuracy of the sales invoices. These processes also offer proof of the existence and worth of receivables.

Revenue: Completeness Assertion:

The auditor anticipates that the client used pre-numbered shipping and invoicing documents in order to verify the assertion of completeness. We want to make sure that all sales that belongs to the client have been included in the sales journal. To determine whether the client has recorded all shipments as sales transactions in line with the revenue recognition accounting standards, the auditor chooses a sample of shipping documents and trace them into the sales journal.

Revenue: Cutoff Issues:

Additional audit attention should be given to sales transactions recorded around just (tipically 5 days) before and (5 days) after year-end. The auditor is concerned with whether a recorded revenue transaction occurred before or after the end of the accounting period. We would like to make sure 2023 revenue is not included in 2024, vice versa. Performing cutoff tests with sales transactions recorded several days before and after year-end is important to ensure both the existence and completeness of the revenue.

Accounts Receivable: Substantive Procedures

In terms of accounts receivable, substantive procedures include requesting from the client an aged accounts receivable report. The auditor can create an aged accounts receivable report manually using Excel formulas or build aging information using data analytics techniques. The aged trial balance can be used by the auditor to choose material customer balances for confirmation, identify sums owed by related parties such as officers, employees, or other linked parties, and assist in determining if the reserves for doubtful accounts are reasonable by identifying past-due balances.

Confirmation of Accounts Receivable

Inquiring about the presence of and quantity of debt owed to the client from the client's customers is a common auditing practice. Positive confirmations typically offer reliable proof of the presence of receivables as well as the accuracy of collections, sales discounts, sales returns, and allowances. Negative confirmations are an option for the auditor as well; however, they are rarely utilized in the real world today.

Sample Selection and Sampling Unit

When choosing certain receivables to confirm, the auditor can use a variety of strategies that apply to both paper-based and electronic confirmations (using A customer's whole account balance or a single or several unpaid invoices that make up that balance can serve as the sampling unit.

Undeliverable Confirmations

The auditor should ascertain the cause when confirmations are returned as undeliverable. If the incorrect address was used, the correct address should be obtained before sending another request. The auditor should assume that the account either doesn't exist or might be fake if a legitimate address cannot be found.

Follow-Up for Positive Confirmations After Non-Responses

The auditor must carry out follow-up processes for positive confirmations that are not returned in a timely manner. This might entail making a second or third request, and for reasonably substantial amounts, the auditor might think about calling the customer for a prompt written response. Customers should reply positively to requests for confirmation; otherwise, the auditor should take alternative steps to confirm the existence of the receivable, such as vouching for subsequent cash receipts, etc.

Follow-Up Procedures for Exceptions Noted on Confirmations

The auditor looks into any exceptions that customer reports between their records and the amount on the confirmation to ascertain their nature. The auditor will review the magnitude and cause of the misstatement with the client to determine the proper course of action if it appears that it will materially affect the financial statements.The auditor must collect additional evidence during the roll-forward period if the confirmation was sent during the interim date. This could entail comparing the balances of individual customers as of the intermediate confirmation date with their year-end balances, evaluating cutoffs, comparing monthly sales and collections, and more.

Substantive Procedures for the Allowance Account

The purpose of substantive processes relating to the allowance for doubtful accounts is to assess whether the client's estimate of the allowance is reasonable. This could involve looking into whether or not client accounts are collectible, using independent estimation models, looking over credit reports, looking over customer correspondence , looking over financial statements, etc.

Documenting Substantive Procedures.

The extent of confirmations, response rates, exceptions, misstatements, and projections to the population are just a few of the different facets of the substantive procedures that must be documented by the auditor. Tests of the adequacy of the allowance for doubtful accounts, investigations into the sale or assignment of receivables, cutoff tests, roll-forward processes for confirmations that were sent at the interim date, and more may all require additional evidence.


Overall, the revenue cycle audit is a comprehensive process that includes numerous critical elements that let auditors assess the possibility of material misstatements and formulate an audit opinion. As the revenue cycle is subject to fraud risk, auditors should maintain unpredictability and professional skepticism when auditing this area. These actions include risk analysis, assessments of the controls, and substantive procedures. Auditors can spot potential material misstatements and choose the best audit response by gathering information on inherent risks, fraud risks, internal control effectiveness, and developing analytical techniques.


PCAOB: (accessed September 20, 2023)

PCAOB: (accessed September 20, 2023)

PCAOB: (accessed September 20, 2023)

AICPA: (accessed September 20, 2023)

Journal of Accountancy: (accessed September 20, 2023)

FASB: (accessed September 20, 2023)

ACCA: (accessed September 20, 2023)

7 views0 comments


bottom of page