The Invoice Management System (IMS) has transformed GST compliance from a reconciliation-driven exercise into a behaviour-driven control framework. Under IMS, compliance is no longer judged only by final tax outcomes, but by the quality of decisions, consistency of processes, and strength of evidence trails recorded in the system.
In this environment, traditional internal audit approaches are no longer sufficient. Organisations now require IMS-specific internal audit checklists to independently assess whether controls are working as intended, risks are being managed proactively, and governance standards are being consistently applied.
This article explains the purpose of IMS-focused audit checklists, outlines key checklist areas, and shows how they help organisations move from reactive compliance to continuous assurance.
Why IMS-Specific Internal Audit Checklists Are Necessary
Under IMS, every invoice-level action, acceptance, rejection, pending status, or deemed acceptance, is:
- Time-stamped
- Linked to a specific user
- Preserved as audit evidence
As a result, internal audit can no longer focus only on what was reported. It must evaluate:
- How decisions were taken
- Whether controls were consistently applied
- Whether evidence supports system behaviour
IMS-specific checklists convert legal and operational expectations into verifiable audit tests, enabling early identification of weaknesses before they escalate into departmental scrutiny or disputes.
Importantly, these checklists are designed to support assurance, not fault-finding, and to strengthen governance maturity over time.
Governance and Control Environment Checklist
Objective
To assess whether the overall IMS governance framework is defined, documented, and operational.
Key Areas Reviewed
- Existence of a documented IMS governance framework approved by management
- Clearly defined roles and responsibilities for IMS actions
- Proper segregation of duties between preparation, review, and approval
- Documented SOPs aligned with IMS workflows
- Periodic management review of IMS risks and key metrics
Weak governance often appears not as explicit non-compliance, but as inconsistent and ad-hoc decision-making. This checklist helps identify such gaps early.
IMS Access and User Behaviour Checklist
Objective
To ensure that system access is controlled and user behaviour is accountable.
Key Areas Reviewed
- Role-based access defined for all IMS users
- Maker–checker controls for critical actions
- Periodic access reviews and timely updates
- Absence of shared or generic user IDs
- Review of audit logs for unusual or high-risk behaviour
Under IMS, access control is a primary audit focus, because every action carries tax consequences.
Invoice Acceptance Checklist
Objective
To verify that invoice acceptances are reasoned, consistent, and supported by evidence.
Key Areas Reviewed
- Clearly documented acceptance criteria
- Evidence of receipt of goods or services
- Evaluation of ITC eligibility under applicable provisions
- Independent review of high-value acceptances
- Consistency of acceptance across similar invoices and vendors
Unquestioned or blanket acceptance is a recurring audit red flag and often indicates weak controls rather than genuine eligibility.
Pending Invoice Management Checklist
Objective
To assess whether pending invoices are actively managed and not used as a risk-avoidance tool.
Key Areas Reviewed
- Clear reasons documented for keeping invoices pending
- Ageing analysis maintained and reviewed regularly
- Evidence of vendor follow-ups
- Defined escalation triggers and escalation actions
- Monitoring of statutory ITC time-limit exposure
Prolonged pending without action weakens both compliance outcomes and audit defence.
Invoice Rejection Checklist
Objective
To ensure that rejections are legally justified, consistent, and properly communicated.
Key Areas Reviewed
- Clear recording of rejection reasons
- Alignment of reasons with legal or factual defects
- Timely communication to vendors
- Exclusion of rejected invoices from ITC claims
- Consistency of rejection grounds across periods
Improper or inconsistent rejections often lead to supplier disputes and audit challenges.
Reconciliation Checklist (ERP-IMS-GSTR 2B)
Objective
To confirm that reconciliations are complete, accurate, and contemporaneous.
Key Areas Reviewed
- ERP inward invoices reconciled with IMS data
- Final GSTR-2B regenerated after all IMS actions
- Differences investigated and resolved
- Reconciliations reviewed and approved
- Version control maintained
Reconciliation quality remains a core determinant of audit confidence, even in a behaviour-driven system.
ITC Eligibility and Time-Limit Checklist
Objective
To assess whether ITC eligibility and statutory timelines are actively monitored.
Key Areas Reviewed
- Identification and exclusion of blocked credits
- Correct computation of common credit reversals
- Tracking of statutory time limits
- Identification and documentation of lapsed credits
- Prompt corrective actions
Time-barred ITC is irreversible and therefore represents a critical audit risk.
Vendor Governance Checklist
Objective
To evaluate whether vendor compliance risks are identified and managed.
Key Areas Reviewed
- Existence of a vendor risk classification framework
- Enhanced monitoring of high-risk vendors
- Payment linkage to IMS acceptance where appropriate
- Escalation of repeated vendor defaults
- Documentation of vendor communications
Under IMS, vendor governance is increasingly viewed as a recipient responsibility.
Documentation and Evidence Checklist
Objective
To verify that evidence supporting IMS actions is preserved and retrievable.
Key Areas Reviewed
- Retention of IMS action logs
- Archiving of reconciliations and working papers
- Availability of vendor correspondence
- Documentation of approvals and signoffs
- Secure, indexed record storage
Evidence gaps often undermine otherwise correct tax positions.
Analytics-Based Audit Checklist
Objective
To use data analytics for identifying behavioural risks.
Key Areas Reviewed
- Analysis of deemed acceptance ratios
- Review of pending ageing trends
- Identification of vendor concentration risks
- Analysis of action timing near filing deadlines
- Investigation and explanation of outliers
Analytics help internal audit focus on patterns rather than isolated errors.
Management Reporting and Escalation Checklist
Objective
To ensure that IMS risks are visible to management.
Key Areas Reviewed
- Periodic IMS dashboards prepared
- Escalation of key risks to senior management
- Tracking of corrective actions to closure
- Root-cause analysis of repeat issues
Management visibility reinforces accountability and control discipline.
Common Internal Audit Gaps Observed Under IMS
Recurring gaps include:
- Absence of documented rationale for IMS actions
- Weak monitoring of pending invoices
- Inconsistent treatment of similar cases
- Inadequate evidence retention
- Limited use of analytics
Identifying these gaps early prevents audit escalation and dispute risk.
Final Takeaway
IMS-specific internal audit checklists provide a structured, objective method to evaluate compliance quality, control effectiveness, and governance maturity. They translate IMS expectations into actionable assurance routines and help organisations shift from periodic review to continuous compliance assurance.
In the IMS era, internal audit is not an after-the-fact exercise, it is a living control mechanism. Organisations that embed IMS-focused audit checklists into their governance framework will identify risks earlier, strengthen audit defence, and reinforce disciplined compliance behaviour across functions.
Source: ICMAI Handbook on Invoice Management System under GST (January 2026)