Internal Audits What is the primary role of an organization’s Internal Audit Department and how does it differ from a Recovery Audit?

 The primary function and objective of a company’s Internal Audit Department is to provide independent assurance that the overall internal controls, processes, governance and risk management of the company are operating properly. A Recovery Audit on the other hand, strives to identify and recover overpayments and under-deductions made to the company’s vendor community.  The roles of these two functions, while different, do share a number of common objectives.

How can a Recovery Audit provide added benefit to the Internal Audit function?

Internal Audit, like many other departments in an organization, are increasingly being required to accomplish greater results with fewer resources.  Working with a recovery audit team – whether it is internal or a contracted third party – can provide the Internal Audit staff with a resource that can not only enhance the company’s internal controls, but also provide additional revenue to their bottom line while accomplishing this goal.  A strong and comprehensive Recovery Audit program can be a valuable resource in several ways.

  •  Exception transactions – Most Internal Audit analyses to evaluate the internal controls of their company is based on a materiality sampling of transactions. However, recovery auditors utilize he entire Accounts Payable data set of transactions to identify recovery opportunities that occur outside of the standard processes, which often what lead to errors.  For example, invoices that bypassed the standard approval systems for one reason or another, may not be subject to the established checks that are part of the standard accounts payable process.  Reviewing the results of the recovery audit will provide Internal Audit with a view into additional potential risks and exposures.
  • Contract review – Recovery audits often review contracts and agreements for potential opportunities, comparing agreed upon rates and conditions with actual payments. Although not the primary purpose, a contract review by the Recovery Audit team can identify possible compliance or regulatory issues.  Sharing these concerns with Internal Audit will provide them with additional insight towards resolving potential issues.
  • Data analysis – In depth analysis of a Company’s data will help to identify areas for improvement. Data analysis typically performed by the Recovery Audit function in their search for recovery opportunities can also point out exposures in areas including accounts payable, purchasing, and operations. The Recovery Audit process can provide Internal Audit with useful procure-to-pay transactional metrics and analytics.
  • Vendor Master Database Management – The vendor master database is a critical component to all organizations, supporting many areas of the company including accounts payable, accounts receivable and purchasing. Most recovery audits will include an analysis of the database for accuracy as part of the audit process. A cleansed vendor master database eliminates potential errors in the procure-to-pay process such as missed purchasing opportunities, erroneous vendor payments, poor management decisions, fraud, regulatory compliance and vendor relationship issues.

Overall, recovery audits can be a significant resource to Internal Audit in achieving their overall objectives while also providing value beyond compliance and regulatory functions.  And while external recovery audits are mainly accomplished on a contingency fee basis, these additional benefits come with resulting recovery of revenue to enhance an organization’s bottom line.

Contact SAS to learn more on how we can provide Internal Audit with a valuable resource to enhance your company’s internal controls while maximizing the recovery of vendor overpayments. For more information visit our procure-to-pay audit page.


We will answer all your questions.