Internal Audit Procedures
Document Type: Procedure
Version: 1.0
Last Updated: February 2026
Distribute To: CFO, Controller, Internal Auditor
Purposeβ
Establish procedures for conducting internal audits to ensure accurate financial reporting, effective internal controls, and operational compliance.
Why Internal Audit Mattersβ
Internal Audit Benefits:β
- Catch errors before external auditors do
- Identify control weaknesses
- Detect fraud indicators
- Improve operational efficiency
- Strengthen bank/surety confidence
- Reduce external audit fees
Construction-Specific Risks:β
- Job cost misallocation
- WIP manipulation
- Unauthorized change orders
- Payroll fraud (ghost employees, time theft)
- Vendor kickbacks
- Equipment theft/misuse
Internal Audit Programβ
Audit Categories:β
| Category | Frequency | Focus |
|---|---|---|
| Financial controls | Quarterly | Cash, AR, AP, payroll |
| Job cost | Monthly | Cost allocation, WIP |
| Operational | Semi-annually | Processes, compliance |
| Compliance | Annually | Licenses, insurance, contracts |
| IT/Cybersecurity | Annually | Access controls, data security |
| Fraud indicators | Ongoing | Red flags, anomalies |
Quarterly Financial Controls Auditβ
Cash Controls:β
================================================================
CASH CONTROLS AUDIT
================================================================
Period: _______________ Auditor: _______________
================================================================
BANK RECONCILIATION REVIEW:
β All accounts reconciled monthly
β Reconciliations prepared timely (within 10 days)
β Reconciling items cleared promptly
β Independent review/approval documented
β Outstanding checks aged (list items over 90 days)
Findings:
___________________________________________________________
----------------------------------------------------------------
CASH RECEIPTS:
β Mail opened by two people or locked box
β Checks restrictively endorsed immediately
β Deposit log maintained
β Deposits made intact daily
β Receipts recorded same day
β Segregation: receive β record β deposit
Sample tested (10 receipts):
| Receipt Date | Amount | Deposit Date | Recorded Date | OK |
|--------------|--------|--------------|---------------|-----|
| | | | | |
Findings:
___________________________________________________________
----------------------------------------------------------------
CASH DISBURSEMENTS:
β Checks require dual signature above $________
β Blank check stock secured
β Voided checks defaced and retained
β Positive pay or check matching used
β Wire transfers require dual approval
β Credit cards reviewed monthly
Sample tested (10 disbursements):
| Check # | Amount | Invoice | Approval | 3-Way Match | OK |
|---------|--------|---------|----------|-------------|-----|
| | | | | | |
Findings:
___________________________________________________________
================================================================
OVERALL CASH CONTROLS RATING: β Strong β Adequate β Weak
Action items:
___________________________________________________________
================================================================
Accounts Receivable Audit:β
================================================================
ACCOUNTS RECEIVABLE AUDIT
================================================================
Period: _______________ Auditor: _______________
================================================================
BILLING REVIEW:
β Billings agree to contracts/schedules of values
β Billings prepared timely per contract
β Supporting documentation adequate
β Appropriate approval before sending
β Retainage calculated correctly
Sample billings tested:
| Project | Billing # | Amount | Contract | SOV Match | OK |
|---------|-----------|--------|----------|-----------|-----|
| | | | | | |
----------------------------------------------------------------
COLLECTIONS:
β Aging report accurate
β Collections efforts documented
β Write-offs properly approved
β Credit memos authorized
AR Aging Analysis:
| Aging Bucket | Balance | % | Trend |
|--------------|---------|---|-------|
| Current | | | |
| 31-60 | | | |
| 61-90 | | | |
| 91-120 | | | |
| Over 120 | | | |
Items over 90 days reviewed:
| Customer | Amount | Age | Status | Action |
|----------|--------|-----|--------|--------|
| | | | | |
----------------------------------------------------------------
RETAINAGE:
Total retainage receivable: $________________
Expected release timing documented: β Yes β No
Any disputes: β Yes (document) β No
================================================================
OVERALL AR RATING: β Strong β Adequate β Weak
================================================================
Accounts Payable Audit:β
================================================================
ACCOUNTS PAYABLE AUDIT
================================================================
Period: _______________ Auditor: _______________
================================================================
VENDOR SETUP:
β New vendors require approval
β W-9 obtained before payment
β Vendor master changes logged
β Duplicate vendor check performed
β Related party vendors identified
Sample new vendors (5):
| Vendor | W-9 | Approval | Duplicate Check | OK |
|--------|-----|----------|-----------------|-----|
| | | | | |
----------------------------------------------------------------
INVOICE PROCESSING:
β 3-way match (PO, receiving, invoice)
β Invoices approved before payment
β Correct job/cost code assignment
β Duplicate invoice check
β Payment terms captured correctly
Sample invoices (15):
| Invoice | Vendor | Amount | PO Match | Approval | Coding | OK |
|---------|--------|--------|----------|----------|--------|-----|
| | | | | | | |
----------------------------------------------------------------
SUBCONTRACTOR PAYMENTS:
β Pay apps reconcile to subcontracts
β Lien waivers obtained before payment
β Retainage calculated correctly
β Back charges documented
β COIs current
Sample sub pay apps (5):
| Sub | Project | Pay App | Contract | Waiver | COI | OK |
|-----|---------|---------|----------|--------|-----|-----|
| | | | | | | |
================================================================
OVERALL AP RATING: β Strong β Adequate β Weak
================================================================
Payroll Audit:β
================================================================
PAYROLL AUDIT
================================================================
Period: _______________ Auditor: _______________
================================================================
EMPLOYEE SETUP:
β New hires properly documented (I-9, W-4)
β Pay rate changes authorized
β Terminations processed timely
β Direct deposit changes verified
Sample new hires (5):
| Employee | Hire Date | I-9 | W-4 | Rate Auth | OK |
|----------|-----------|-----|-----|-----------|-----|
| | | | | | |
----------------------------------------------------------------
TIME TRACKING:
β Time records approved by supervisor
β Job/cost code allocation reviewed
β Overtime properly calculated
β GPS/time clock data matches records
Sample time records (10 employees, 1 week each):
| Employee | Hours | Supervisor Approval | Job Codes | OT Calc | OK |
|----------|-------|---------------------|-----------|---------|-----|
| | | | | | |
----------------------------------------------------------------
PAYROLL PROCESSING:
β Payroll register reviewed before processing
β Gross-to-net calculation verified
β Deductions accurate (benefits, garnishments)
β Payroll taxes calculated correctly
β Certified payroll accurate (if applicable)
Sample payroll (5 pay periods):
| Pay Date | Gross | Net | Taxes | Benefits | OK |
|----------|-------|-----|-------|----------|-----|
| | | | | | |
----------------------------------------------------------------
FRAUD INDICATORS:
β Compare employee addresses (duplicates = ghost employee risk)
β Review employees with no withholdings
β Verify terminated employees removed from payroll
β Compare direct deposit changes to employee confirmations
================================================================
OVERALL PAYROLL RATING: β Strong β Adequate β Weak
================================================================
Monthly Job Cost Auditβ
Job Cost Controls:β
================================================================
JOB COST AUDIT
================================================================
Period: _______________ Auditor: _______________
================================================================
COST ALLOCATION:
β All costs coded to valid jobs
β No costs to closed jobs
β Overhead allocation consistent
β Inter-job transfers documented
Sample cost postings (25):
| Transaction | Job | Cost Code | Amount | Support | OK |
|-------------|-----|-----------|--------|---------|-----|
| | | | | | |
----------------------------------------------------------------
BUDGET VS. ACTUAL:
Jobs with over 10% variance from budget:
| Job | Budget | Actual | Variance | Explanation | OK |
|-----|--------|--------|----------|-------------|-----|
| | | | | | |
----------------------------------------------------------------
WIP REVIEW:
β % complete calculations documented
β PM cost projections reviewed
β Over/under billings reasonable
β Revenue recognition consistent
Sample WIP calculations (5 jobs):
| Job | % Complete | Method | Support | Reasonableness | OK |
|-----|------------|--------|---------|----------------|-----|
| | | | | | |
----------------------------------------------------------------
CHANGE ORDERS:
β Change orders properly approved
β Pricing documentation adequate
β Contract value updated timely
β Revenue recognized appropriately
Pending/disputed change orders:
| Job | CO Amount | Status | Exposure | Action |
|-----|-----------|--------|----------|--------|
| | | | | |
================================================================
OVERALL JOB COST RATING: β Strong β Adequate β Weak
================================================================
Annual Compliance Auditβ
Licenses & Registrations:β
================================================================
COMPLIANCE AUDIT - LICENSES
================================================================
Date: _______________ Auditor: _______________
================================================================
CONTRACTOR LICENSES:
| License Type | Number | Expiration | Renewal Date | Status |
|--------------|--------|------------|--------------|--------|
| State contractor | | | | |
| City/county | | | | |
| Specialty | | | | |
β All licenses current
β Renewal calendar in place
β Responsible person identified
----------------------------------------------------------------
BUSINESS REGISTRATIONS:
| Registration | Expiration | Status |
|--------------|------------|--------|
| State business registration | | |
| DBA filings | | |
| Secretary of State | | |
| Local business tax | | |
----------------------------------------------------------------
PROFESSIONAL CERTIFICATIONS:
| Person | Certification | Expiration | Status |
|--------|---------------|------------|--------|
| | PE | | |
| | OSHA 30 | | |
| | Other | | |
================================================================
Insurance Compliance:β
================================================================
COMPLIANCE AUDIT - INSURANCE
================================================================
| Coverage | Carrier | Policy # | Expiration | Limits | Required | OK |
|----------|---------|----------|------------|--------|----------|-----|
| GL | | | | | | |
| Auto | | | | | | |
| WC | | | | | | |
| Umbrella | | | | | | |
| Prof/E&O | | | | | | |
β Certificates of insurance on file for all projects
β Additional insured endorsements in place
β Premium payments current
β Loss runs reviewed
================================================================
Fraud Risk Assessmentβ
Red Flag Review:β
================================================================
FRAUD INDICATOR ASSESSMENT
================================================================
Date: _______________ Auditor: _______________
================================================================
CASH/DISBURSEMENT RED FLAGS:
β Unusual vendor payment patterns
β Payments to unfamiliar vendors
β Payments just below approval thresholds
β Duplicate payments
β Payments to employees (not payroll)
β Missing documentation
β Altered documents
Analysis:
___________________________________________________________
----------------------------------------------------------------
PAYROLL RED FLAGS:
β Employees at same address
β Employees with no tax withholdings
β Excessive overtime (specific employees)
β Time approved by same person always
β Pay rate changes without documentation
β Terminated employees still paid
Analysis:
___________________________________________________________
----------------------------------------------------------------
JOB COST RED FLAGS:
β Excessive materials to certain jobs
β Equipment always charged to same job
β Costs to closed jobs
β Unusual subcontractor payments
β Write-offs without explanation
β Margin manipulation patterns
Analysis:
___________________________________________________________
----------------------------------------------------------------
BEHAVIORAL RED FLAGS:
β Employees who never take vacation
β Resistance to audits or questions
β Living beyond apparent means
β Close relationships with vendors
β Unusually protective of duties
================================================================
FRAUD RISK RATING: β Low β Medium β High
Follow-up required:
___________________________________________________________
================================================================
Audit Documentationβ
Working Paper Standards:β
- Clear purpose statement
- Population and sample selection
- Testing procedures performed
- Results and exceptions
- Conclusions
- Preparer signature/date
- Reviewer signature/date
Retention:β
- Audit working papers: 7 years
- Reports: Permanent
- Supporting documents: 7 years
Reportingβ
Audit Report Format:β
================================================================
INTERNAL AUDIT REPORT
================================================================
Audit Area: _______________
Period: _______________
Auditor: _______________
Report Date: _______________
================================================================
EXECUTIVE SUMMARY:
Overall rating: β Strong β Adequate β Needs Improvement
Key findings:
1. ___________________________________________________________
2. ___________________________________________________________
3. ___________________________________________________________
----------------------------------------------------------------
DETAILED FINDINGS:
Finding #1:
Condition: _________________________________________________
Criteria: _________________________________________________
Cause: ____________________________________________________
Effect: ___________________________________________________
Recommendation: ___________________________________________
Management response: ______________________________________
Target completion: ________________________________________
----------------------------------------------------------------
PRIOR AUDIT FOLLOW-UP:
| Prior Finding | Status | Notes |
|---------------|--------|-------|
| | | |
================================================================
DISTRIBUTION:
β CFO
β Controller
β CEO/Owner (significant findings only)
β External auditors (as needed)
================================================================
Action Item Trackingβ
Finding Follow-Up:β
================================================================
AUDIT FINDING TRACKER
================================================================
| Finding # | Description | Owner | Due Date | Status |
|-----------|-------------|-------|----------|--------|
| | | | | |
Status: Open, In Progress, Closed, Overdue
================================================================
Related Documentsβ
- Annual Audit Preparation
- Internal Controls Policy
- Fraud Prevention Policy
- Financial Reporting
Template provided by support.construction. Trust but verifyβespecially your own processes.