Logistics and e-commerce companies operate at the intersection of physical inventory, digital transactions, multi-party vendor networks, and razor-thin margins — making them one of the most complex and fraud-prone environments that an internal auditor can face.
The sector is characterised by high transaction volumes, complex return cycles, cash-on-delivery gaps, last-mile delivery fraud, marketplace commission disputes, and IT-dependent operations. A generic audit approach simply does not work here. What is needed is a purpose-built, domain-specific framework that addresses the unique risk landscape of this industry.
This article presents a comprehensive internal audit checklist — structured by functional area — designed for use by CAs, CMAs, and internal audit professionals engaged with logistics startups, e-commerce aggregators, third-party logistics (3PL) providers, quick-commerce platforms, and traditional courier companies.
₹1.4T
Annual inventory shrinkage losses in Indian logistics sector
30–40%
Of e-commerce returns flagged as fraudulent or policy abuse
22%
Average revenue leakage from unreconciled COD remittances
68%
Of logistics firms lack a documented IT disaster recovery plan
01
Warehouse & Inventory Management Audit
Physical Controls · Stock Accuracy · Shrinkage · Valuation
Inventory is the lifeblood of any logistics or e-commerce operation. Errors here cascade directly into P&L misstatement, customer dissatisfaction, and fraud exposure. The auditor must verify both physical existence and the integrity of the systems that track it.
Conduct surprise physical stock counts and reconcile with system (WMS/ERP) records — investigate variances exceeding 2%
High Risk
Verify bin-level and SKU-level accuracy — check for ghost inventory entries and zero-quantity negative stock anomalies
High Risk
Review cycle count frequency and methodology — ensure high-value SKUs are counted more frequently (minimum monthly)
Medium
Check inventory cut-off procedures at month-end — ensure goods received or dispatched near period-end are correctly included/excluded
High Risk
Verify slow-moving, obsolete, and damaged goods identification — confirm write-off approvals follow documented policy
Medium
Review CCTV coverage of all storage zones, inbound docks, and dispatch bays — check for blind spots and retention period compliance
High Risk
Verify access control systems — confirm only authorised personnel can enter high-value SKU storage zones; check visitor logs
Medium
Check whether inbound and outbound gate reconciliation is performed against WMS entries at every shift
Medium
Verify segregation of duties between receiving staff, putaway staff, and dispatch staff — no single person should control the full flow
High Risk
Confirm cost method applied (FIFO / Weighted Average) is consistent and in accordance with Ind AS 2 / AS 2
Medium
Review NRV (Net Realisable Value) assessments for slow-moving or seasonal inventory — check against current market prices
Medium
Verify intercompany inventory transfers are recorded at arm's length and do not create fictitious profits
High Risk
Check shrinkage provisions — are historical shrinkage rates used to create reasonable provisions? Is this consistent year-on-year?
Low
02
Logistics Operations & Dispatch Audit
Shipment Controls · Carrier Management · Last-Mile Fraud · POD
Last-mile delivery is the highest-cost and highest-fraud segment of the logistics chain. Fake deliveries, inflated trip sheets, and carrier kickbacks are common schemes. Auditors must trace shipments end-to-end and verify physical evidence of delivery.
Verify Proof of Delivery (POD) — check that digital or physical PODs are collected for 100% of deliveries; sample and validate signatures/OTPs
High Risk
Audit undelivered / RTO (Return to Origin) shipments — confirm these are not being marked as "delivered" while goods are diverted
High Risk
Cross-check GPS tracking data against route sheets and delivery timestamps — identify routes that are never actually travelled
High Risk
Review weight and dimension discrepancies — compare declared vs. actual weights to detect billing fraud by carriers
Medium
Check delivery attempt records — verify multiple delivery attempts are genuine and not used to inflate COD non-delivery fraud
High Risk
Review carrier rate cards and billing reconciliation — ensure billed rates match contracted rates; check for unapproved surcharges
High Risk
Audit carrier performance SLAs — compare actual delivery TAT against contracted TAT; verify penalty clauses are being enforced
Medium
Check vendor empanelment process — verify new carriers are subjected to due diligence; review for related-party conflicts
Medium
Confirm fuel surcharge calculations are per contractual formula and not manipulated during high-fuel-price periods
Medium
"Last-mile delivery fraud is the silent profit killer of Indian logistics. Auditors who don't trace every shipment to its POD — and every COD to its bank credit — are leaving the door open."
— Unified Professional, Internal Audit Practice Insights
03
Revenue Recognition & Collections Audit
COD Remittance · Payment Gateway · Reconciliation · Debtors
Revenue leakage in e-commerce and logistics is predominantly a reconciliation problem. COD collections, payment gateway settlements, marketplace payouts, and B2B invoicing each create separate reconciliation gaps that, in aggregate, can represent a material portion of topline revenue.
Reconcile COD collected by delivery agents against COD remittances received in bank — ageing of outstanding COD beyond 7 days is a red flag
High Risk
Verify COD float management — check for delivery executives who consistently delay remittances or have unexplained shortfalls
High Risk
Review COD waiver / discount approvals — ensure any COD charges waived for customers are authorised at the appropriate level
Medium
Audit COD-to-prepaid conversion incentives — confirm payments to delivery staff for conversion are not creating inflated or fictitious conversion reports
Medium
Reconcile payment gateway settlement MIS with bank credits — identify transactions in transit, failed-but-debited, or settled-but-not-booked
High Risk
Verify MDR (Merchant Discount Rate) charges are per contracted rates across all payment modes — check for rate escalations
Medium
Review refund transaction processing — ensure refunds are initiated only post return receipt verification and approved by a second authority
High Risk
Check chargeback management — review dispute resolution process; assess whether chargebacks are being monitored and recovered
Medium
Reconcile marketplace settlement statements (Amazon, Flipkart, Meesho etc.) against orders dispatched — check for payout deductions not contractually agreed
High Risk
Verify commission rates applied per product category are as per current rate card — marketplace algorithms can auto-apply rate changes
Medium
Review advertising and promotional deductions — confirm all sponsored ads and promotions were pre-approved and correctly charged
Medium
Audit marketplace penalty deductions (late dispatch, cancellations) — assess root cause and whether penalties are being disputed where applicable
Low
◆ ◆ ◆
04
Returns, Refunds & Reverse Logistics
Return Fraud · Condition Assessment · Restocking · P&L Impact
E-commerce return rates in India average 15–40% depending on category. Each return creates a complex chain of custody: pick-up, quality inspection, restocking or write-off, and either refund or replacement. This chain is riddled with fraud and control gaps.
Verify return pick-up is tracked end-to-end — from customer pick-up confirmation to warehouse receipt; identify lost-in-transit returns
High Risk
Audit quality check (QC) process at return receiving — confirm all returns are graded (sellable / refurbished / damaged / fraudulent) by a designated QC team
High Risk
Check return fraud detection controls — review cases where empty boxes, counterfeit products, or wrong items were returned; assess response protocols
High Risk
Verify restocking of returned goods — confirm QC-passed items are promptly restocked and system inventory is updated on the same day
Medium
Review refund processing TAT — ensure refunds are not initiated before return receipt is confirmed; sample-check refund approvals
High Risk
🚩 Red Flags in Returns & Refunds — Investigate Immediately
- Refunds processed before return pick-up is confirmed in the system
- High return rates from a small cluster of customer accounts (return fraud ring)
- QC staff marking damaged goods as "sellable" repeatedly — possible kickback scheme
- Returns booked in WMS but never physically received in the warehouse
- Refund amount exceeds original order value (system manipulation)
- Reverse logistics partner reporting pickups that the customer denies requesting
- Sudden spike in return rates for high-value electronics, fashion, or jewellery
05
Vendor & Supplier Management Audit
Procurement · Purchase Orders · Vendor Payments · Related Parties
Review PO approval matrix — verify all purchases above defined thresholds have dual approvals; check for PO splitting to bypass approval limits
High Risk
Verify three-way match (PO → GRN → Invoice) for all significant vendor payments — flag invoices paid without a matching GRN
High Risk
Audit vendor master data changes — check who has authority to add/modify vendor bank accounts; look for changes made just before large payments
High Risk
Review packaging material procurement — a major cost centre in e-commerce; audit wastage rates, specification compliance, and vendor quality
Medium
Check related-party vendor transactions — confirm all transactions with promoter-linked entities are disclosed, arm's length, and Board-approved
High Risk
06
Cost Management & P&L Audit
Unit Economics · Manpower · Fuel & Fleet · Overheads
Compute and trend cost-per-shipment (CPS) — separately for first-mile, mid-mile, and last-mile; identify routes or zones with anomalous cost spikes
High Risk
Audit fuel and vehicle maintenance expenses — verify odometer readings vs. GPS-logged mileage; review for inflated fuel claims
High Risk
Review manpower cost vs. productivity — check attendance records, overtime authorisation, and whether ghost employees exist on the payroll
High Risk
Verify sorting centre and hub occupancy costs — ensure rental agreements are at market rates and lease terms are reviewed periodically
Medium
Audit technology platform costs (WMS, TMS, OMS subscriptions) — confirm licences in use match licences paid for; check auto-renewals
Low
07
Statutory & Regulatory Compliance Audit
GST · Labour Laws · FDI · Consumer Protection · Customs
Reconcile GSTR-1 with GSTR-3B and e-way bill data — mismatches are a major GST audit trigger; check for unreported supplies
High Risk
Verify ITC (Input Tax Credit) claims — ensure ITC is claimed only on valid tax invoices and that GSTR-2B reconciliation is performed monthly
High Risk
Review e-way bill compliance for all inter-state movements — check for expired e-way bills, value mismatches, and vehicle number accuracy
Medium
For marketplace sellers: verify TCS (Tax Collected at Source) deducted by marketplace operators is correctly reflected in GSTR-8 and claimed in returns
Medium
Confirm reverse charge mechanism (RCM) compliance for GTA (Goods Transport Agency) services procured from unregistered providers
Medium
Verify PF/ESI compliance for all employees and gig workers — check whether gig delivery partners are correctly classified under applicable social security frameworks
High Risk
Review contract labour compliance — licenses, principal employer registers, and contractor compliance under the Contract Labour (Regulation & Abolition) Act
Medium
Check Shops & Establishments Act registrations for all warehouses and fulfilment centres — particularly for recently opened locations
Low
Confirm Consumer Protection (E-Commerce) Rules 2020 compliance — review grievance redressal mechanism, return/refund policies, and seller disclosures
Medium
08
IT Systems & Cybersecurity Audit
Access Controls · Data Integrity · OMS/WMS · Incident Response
E-commerce and logistics are entirely technology-dependent. A breach or system failure doesn't just disrupt operations — it can expose customer data, enable financial fraud, and generate regulatory penalties under DPDP Act 2023.
Review user access rights in OMS, WMS, TMS, and ERP — check for excessive privileges, dormant accounts, and shared login credentials
High Risk
Audit privileged access and super-user activities — review system administrator logs for after-hours access, manual overrides, or data deletions
High Risk
Verify data backup and recovery procedures — confirm backups are tested at least quarterly and RPO/RTO targets are defined and achievable
Medium
Review customer data protection measures — check encryption standards, PII data handling policies, and DPDP Act 2023 compliance readiness
High Risk
Check API integration security between OMS and marketplace platforms — unauthorised API access can expose order data and enable price manipulation
Medium
Assess incident response and cybersecurity breach protocol — verify a documented plan exists and is tested annually
Medium
✔ Best Practices — High-Impact Audit Recommendations
- Implement automated daily reconciliation for COD, payment gateway, and marketplace settlements — do not rely on monthly manual reconciliation
- Adopt continuous control monitoring (CCM) tools to flag anomalies in real time rather than discovering them post-period
- Require video-based POD for high-value shipments (₹5,000+) as a standard control, not just in dispute cases
- Conduct annual forensic inventory audit at all major fulfilment centres with an independent team, not the in-house warehouse staff
- Establish a vendor fraud hotline — most procurement fraud is first identified by another vendor, not management
- Create a return fraud analytics dashboard flagging customers with >3 returns in 90 days for manual review
- Ensure role-based access reviews are conducted every quarter — not just at the time of joining and resignation
∑
Audit Priority Summary
Risk-Based Planning Reference for Audit Managers
| Audit Area |
Primary Risk |
Priority |
Recommended Frequency |
| COD Remittance Reconciliation |
Cash misappropriation by delivery staff |
● High |
Weekly / Continuous |
| Last-Mile POD Verification |
Fake delivery marking, cargo theft |
● High |
Daily sampling |
| Return Fraud & QC Controls |
Return fraud, empty box returns, refund abuse |
● High |
Weekly |
| Physical Inventory Count |
Inventory theft, WMS manipulation |
● High |
Monthly (surprise) |
| GST / ITC Reconciliation |
Penalty & interest, department scrutiny |
● High |
Monthly |
| Vendor Payment & PO Audit |
Fictitious vendors, procurement fraud |
● High |
Quarterly |
| Carrier Rate Reconciliation |
Overbilling by 3PL partners |
● Medium |
Monthly |
| Marketplace Settlement Audit |
Commission leakage, unapproved deductions |
● Medium |
Monthly |
| IT Access Review |
Unauthorised system access, data fraud |
● Medium |
Quarterly |
| Labour & PF/ESI Compliance |
Regulatory penalties, gig worker classification |
● Medium |
Half-yearly |
| Fleet & Fuel Costs |
Inflated fuel claims, odometer fraud |
● Medium |
Monthly |
The Auditor's Mandate in a High-Velocity Industry
Logistics and e-commerce move at a pace that leaves traditional annual audit cycles looking hopelessly inadequate. By the time a year-end audit discovers a COD remittance gap or a carrier overbilling scheme, months of losses have already accumulated.
The internal auditor working in this sector must be a real-time partner to operations — embedding continuous monitoring, risk-based sampling, and data analytics into the audit process rather than relying solely on periodic reviews.
Use this checklist as a living document: customise it to your organisation's scale, adapt the risk ratings to your specific geography and business model, and revisit it every six months as new schemes and system vulnerabilities emerge. In an industry defined by speed, the auditor who moves fastest wins.
#InternalAudit
#Logistics
#ECommerce
#AuditChecklist
#CODFraud
#InventoryAudit
#GSTCompliance
#RiskManagement
#CA
#CMA
UP
Unified Professional Editorial Team
Unified Professional is a knowledge platform for CA, CMA & CS professionals — delivering insights on audit practice, technology, regulation, and career growth. Published at
unifiedprofessional.com