What is an Embedded Audit Module?

An embedded audit module is code inserted into an application program that creates notifications when transactions meet certain criteria. The intent behind an embedded audit module is to give auditors real-time notifications of transactions that might be in error, or which possess characteristics that are worthy of further review. This information is useful for developing more robust internal controls, as well as for spotting instances of potentially fraudulent transactions.

Examples of Embedded Audit Modules

Several examples of embedded audit modules are noted below:

Credit approvals. Orange Corporation’s controller wants to ensure that the firm’s credit manager has approved all requests by customers for credit increases that exceed $1,000. Accordingly, the IT department embeds an audit module into the credit granting software that flags all credit increases over $1,000, and notes whether the credit manager has entered her approval code for them. If not, the system brings them to the attention of the internal audit manager, who may choose to investigate further.
Revenue recognition compliance. A company uses an ERP system to manage its sales process. To ensure compliance with revenue recognition policies, the internal audit team works with IT to implement an embedded audit module. This module monitors and logs any sales transactions that meet unusual criteria, such as discounts above 50%, orders placed outside of normal business hours, sales to high-risk customers, and transactions exceeding a specific threshold amount. Any flagged items are automatically sent to the internal audit team for review.