Systems and controls

Effect of controls on the audit

 

This  considers the basic components of control systems and how the auditor fulfils their objectives for assessing control risk.

 

The auditor will ascertain the internal control system to assess whether it is likely to be reliable. If so, they will test the controls to ensure they are in place and working effectively.

 

Impact of tests of controls on the audit strategy and plan

 

The extent of substantive testing to be carried out will depend on the results of the tests of controls which will affect the auditor’s assessment of control risk.

 

 

If control risk is low

 

  • The auditor can place more reliance on internal controls and evidence generated internally within the entity.

 

  • This increases the appropriateness of interim audit testing and allows the auditor to reduce the quantity of detailed substantive procedures performed at the final audit stage.

 

  • The audit strategy and plan will be updated to reflect that fewer substantive procedures may be required or smaller sample sizes can be tested at the final audit stage.

 

If control risk is high

 

  • Increase the volume of procedures conducted at and after the year-end. [ISA 330, A2]

 

  • Increase the level of substantive procedures, in particular, tests of detail. [ISA 330, A2]

 

  • Increase the locations included in the audit scope. [ISA 330, A2]

 

  • Place less reliance on analytical procedures as the information produced by the client’s systems is not reliable.

 

  • Place less reliance on written representations from management if the control environment generally is considered to be weak.

 

  • Obtain more evidence from external sources e.g. external confirmations from customers and suppliers.

 

  • Update the audit strategy and plan to reflect the additional testing required at the final audit stage.

 

Limitations of internal controls

 

The auditor can never eliminate the need for substantive procedures entirely because there are inherent limitations to the reliance that can be placed on internal controls due to:

 

  • Human error. [ISA 315, A54]

 

  • Ineffective controls. [ISA 315, A54]

 

  • Collusion of staff in circumventing controls. [ISA 315, A55]

 

  • The abuse of power by those with ultimate controlling responsibility (i.e. management override). [ISA 315, A55]

 

  • Use of management judgment on the nature and extent of controls it chooses to implement. [ISA 315, A56]

 

As a result, the auditor must always perform substantive testing on material balances in the financial statements. [ISA 330, 18]

 

2      Components of an internal control system

 

ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment, states that auditors need to understand an entity’s internal controls. To assist this process it identifies five components of an internal control system:

  • The control environment

 

The control environment includes the governance and management function of an organisation.

 

It focuses largely on the attitude, awareness and actions of those responsible for designing, implementing and monitoring internal controls.

 

[ISA 315, A77]

 

Elements of the control environment that are relevant when the auditor obtains an understanding include the following:

 

  • Communication and enforcement of integrity and ethical values

 

  • Commitment to competence

 

  • Participation by those charged with governance

 

  • Management’s philosophy and operating style

 

  • Organisational structure

 

  • Assignment of authority and responsibility

 

  • Human resource policies and practices.

 

[ISA 315, A78]

 

When assessing the control environment the auditor may also consider how management has responded to the findings and recommendations of the internal audit function regarding identified deficiencies in internal control relevant to the audit, including whether and how such responses have been implemented, and whether they have been subsequently evaluated by the internal audit function. [ISA 315, A80]

 

Evidence regarding the control environment is usually obtained through a mixture of enquiry and observation, although inspection of key internal documents (e.g. codes of conduct and organisation charts) is possible.

 

  • The risk assessment process

 

The risk assessment process forms the basis for how management determines the business risks to be managed, i.e. threats to the achievement of ongoing business objectives. These processes will vary depending on the nature, size and complexity of the organisation. [ISA 315, A88]

 

Threats to business objectives can lead to misstatement in the financial statements, e.g. non -compliance with laws and regulations may lead to fines and penalties, which require disclosure or provision in the financial statements.

 

If the client has robust procedures for assessing the business risks it faces, the risk of misstatement overall will be lower.

 

(iii)    The information system

 

The information system refers to all of the business processes relevant to financial reporting and communication. It includes the procedures within both information technology and manual systems.

 

The information system includes all of the procedures and records which are designed to:

 

  • Initiate, record, process and report transactions.

 

  • Maintain accountability for assets, liabilities and equity.

 

  • Resolve incorrect processing of transactions.

 

  • Process and account for system overrides.

 

  • Transfer information to the general/nominal ledger.

 

  • Capture information relevant to financial reporting for other events and conditions.

 

  • Ensure information required to be disclosed is appropriately reported. [ISA 315, A90]

 

(iv)  Control activities

 

The control activities include all policies and procedures designed to ensure that management directives are carried out throughout the organisation.

 

Examples of specific control activities include those relating to:

 

  • Authorisation

 

  • Performance review

 

  • Information processing

 

  • Physical controls

 

  • Segregation of duties. [ISA 315, A99]

 

 Examples of control activities

 

Authorisation – approval of transactions prior to being processed

 

  • A manager signing off an employee’s timesheet to confirm that the hours stated have been worked and can be paid. This should ensure the employee is not claiming for hours not worked.

 

  • A manager signing a purchase order to confirm the order can be placed with the supplier. This should ensure that the goods are for a valid business use and the items are needed.

 

Performance review – to identify unusual differences between data

 

  • Managers should compare actual spend against budgeted spend to detect unusual fluctuations. If actual spend is significantly higher than budget the department may have spent more than it should or it could indicate an error when processing the transactions.

 

  • Management may compare the company’s results with those of competitors as a benchmark.

 

Information processing – to ensure completeness and accuracy of processing

 

  • Preparation of a bank reconciliation to ensure cash transactions have been recorded completely and accurately.

 

  • Batch totals used when inputting data to ensure items are not omitted.

 

Physical controls – to prevent unauthorised access

 

  • Restrictions on access to assets such as keeping cash in a safe to prevent theft.

 

  • Password restrictions to prevent unauthorised access to computer files.

 

Segregation of duties – Assigning the responsibility for recording transactions, authorising transactions and maintaining custody of assets to different employees to prevent the risk of fraud and error.

 

  • Warehouse staff should not be responsible for the inventory count as this would not detect if goods were being stolen by staff throughout the year.

 

  • Employees who authorise transactions should not be the ones who originate the transaction.

 

IT controls

 

IT affects the way in which control activities are implemented. It is important that auditors assess how controls over IT maintain the integrity and security of information held. Such controls are normally divided into application and general controls. [ISA 315, A107]

 

An effective IT system should include both application and general control procedures.

 

Application controls

 

Application controls are either manual or automated and typically operate at the business process level. Application controls relate to data integrity and ensure that only valid data is being processed and is being processed completely and accurately. [ISA 315, A109]

 

Examples include:

 

  • Batch total checks (e.g. when entering invoices onto the system the system may give a batch total i.e. the number of invoices actually entered. The clerk entering the invoices can then double check that the correct number of invoices has been entered and none have been missed or entered twice).

 

  • Sequence checks (to ensure the number sequence is complete and no items are missing).

 

  • Matching master files to transaction records (e.g. sales invoice discounts to ensure the prices/discount levels being applied are correct).

 

  • Arithmetic checks (to verify arithmetical accuracy).

 

  • Range checks (to ensure that data stays within reasonable ranges).

 

  • Existence checks (e.g. to check employees exist).

 

  • Authorisation of transaction entries (to ensure the transaction is valid and should be processed).

 

  • Exception reporting (the system may generate an exception report when something which isn’t usual has occurred e.g. changes to bank details of employees which wouldn’t be expected to change often).

 

General controls

 

General IT controls are policies and procedures that relate to many applications. They support the effective functioning of application controls by helping to ensure the continued proper operation of information systems.

 

E.g. controls over:

 

  • Data centre and network operations e.g. not allowing non-company issued laptops to connect to the network.

 

  • System software acquisition – tendering, testing, controls during installation, training.

 

  • Program change and maintenance – testing, authorisation, restricted access.

 

  • Access security – passwords, door locks, swipe cards.

 

  • Business continuity/disaster recovery – back up procedures to enable data to be restored, backup power supply.

 

[ISA 315, A108]

 

  • Monitoring of controls

 

This is the client’s process of assessing the effectiveness of controls over time and taking necessary remedial action. If a control is not implemented properly, or is simply considered ineffective, misstatements may pass undetected into the financial statements.

 

Monitoring can be either ongoing or performed on a separate evaluation basis (or a combination of both).

 

[ISA 315, A110]

 

Monitoring of internal controls is often the key role of internal auditors.

 

3         Ascertaining the systems

 

Procedures used to obtain evidence regarding the design and implementation of controls include:

 

  • Enquiries of relevant personnel.

 

  • Observing the application of controls.

 

  • Tracing a transaction through the system to understand what happens (a walkthrough test).

 

  • Inspecting documents, such as internal procedure manuals.

 

It should also be noted that enquiry alone is not sufficient to understand the nature and extent of controls.

 

Auditors can also use their knowledge of the client and the operation of the systems from prior years. However, the auditor cannot simply rely on their knowledge from the prior year audit as changes may have occurred. Systems knowledge must be updated and the systems tested once more.

 

4         Documenting client systems

 

The auditor must document the client’s control systems before evaluating whether the system is adequate and working effectively.

 

Possible ways of documenting systems include:

 

  • Narrative notes – a written description of a system.

 

  • Flowcharts – diagrammatical representation of the system.

 

  • Organisation chart – diagram showing reporting lines, roles and

 

  • Questionnaires – a prepared list of questions in relation to the clients control system. There are two types of questionnaire that can be used:

 

Internal Control Questionnaire (ICQ) – a list of controls is given to the client and they are asked whether or not those controls are in place.

 

Internal Control Evaluation Questionnaire (ICEQ) – the client is asked to describe the controls they have in place for a given control objective. A control objective identifies the risk that the entity needs to manage.

 

ICQ wording ICEQ wording
Does a supervisor authorise all How does the company ensure that
weekly timesheets? only hours worked are recorded on
timesheets?
Does the company perform a How does the company try to
regular credit check on all minimise the risk of irrecoverable
customers? debts?
Does a manager or director How does the company ensure
authorise purchase orders goods are only purchased for a valid
before an order is place? business use?
Is a bank reconciliation How does the company ensure
performed regularly? discrepancies in the cash book are
identified and resolved?
Is a regular inventory count How does the company ensure its
performed? inventory system is up to date and
discrepancies in the inventory
records are identified?
Is a regular reconciliation How does the company ensure the
performed between the physical non-current asset register is up to
non-current assets and the non- date and accurate?
current asset register?

 

The method adopted is a matter of auditor judgment.

 

 
Documentation Advantages Disadvantages
Method
Narrative notes • Simple to record • May be time consuming
• Facilitate and cumbersome if the
system is complex
understanding by all
audit staff • May be more difficult to
identify missing controls
Flow charts • Easy to view the • May be difficult to amend
whole system in one as the whole diagram may
diagram need to be re-drawn
• Easy to spot • There is still a need for
missing controls due narrative notes to
to the use of accompany the flow chart
standard symbols increasing the time
involved to document the
system fully
Internal control • Quick to prepare • Controls may be
questionnaires • Can ensure all overstated as the client
(ICQs) knows the answer the
controls are present
auditor is looking for is
‘yes’
• Unusual controls are
unlikely to be included on
a standard questionnaire
and may not be identified
• May contain a number of
irrelevant controls
Internal control • The client has to • The client may still
evaluations respond with the overstate controls as they
(ICEs) control they have in may say a control is in
place rather than a place for the control
yes/no answer objective even if it is not
which should mean • The checklist may contain
controls are less
control objectives not
likely to be
relevant to the client
overstated
• Unusual risks and
• Quick to prepare as
therefore objectives may
a list of control
not be identified
objectives can be
compiled and the
client is asked what
controls they have
in place to address
them

 

5      Testing the system

 

A test of control involves the auditor obtaining evidence that the client has implemented the controls they say they have, and that they have worked effectively, during the period.

 

Typical methods of controls testing include:

 

  • Observation of control activities, e.g. observing the inventory count to ensure it is conducted effectively and in accordance with the count instructions.

 

  • Inspection of documents recording performance of the control, e.g. inspecting an order for evidence of authorisation.

 

  • Computer assisted audit techniques (such as test data to ensure the programmed controls are working effectively. See the ‘Evidence’ ).

 

 

Designing valid tests of controls

 

To design a test of control the auditor must first identify the controls they want to test.

 

A control is an activity applied in addition to the normal processing of the system to ensure that the system has operated as it should.

 

Just because errors have not been made does not mean that controls have worked effectively. The person performing the processing may not have made any errors. There may have been no controls in place.

A control would be an additional activity to ensure the person has not made any errors.

 

For example if the client claims to perform bank reconciliations the auditor should look at the file containing the reconciliations to verify that they are done and then re-perform the reconciliation to ensure it has been done properly to test the effectiveness of the control. Simply performing the reconciliation and finding that it reconciles does not prove that the client has done the reconciliation themselves. Therefore, re-performance of the reconciliation on its own is not a valid test of control.

 

Similarly, performing a sequence check on a set of documents does not mean the client has performed a sequence check. It may just mean that no documents have gone missing. A sequence check is the control to ensure that no documents have gone missing.

 

6         Communicating control deficiencies

 

ISA 265 Communicating Deficiencies in Internal Control to Those Charged with

Governance and Management requires the auditor to:

 

  • Communicate any deficiencies that are of sufficient importance to merit management’s attention to management, and

 

  • Communicate significant deficiencies to those charged with governance. [ISA 265, 9 & 10]

 

Deficiencies occur when:

 

  • A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct misstatements in the financial statements on a timely basis, or

 

  • A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing.

 

[ISA 265, 6a]

 

Significant deficiencies are those which merit the attention of those charged with governance. [ISA 265, 6b]

 

Examples of matters the external auditor should consider in determining whether a deficiency in internal controls is significant include:

 

  • The likelihood of the deficiencies leading to material misstatements in the financial statements in the future.

 

  • The susceptibility to loss or fraud of the related asset or liability.

 

  • The subjectivity and complexity of determining estimated amounts.

 

  • The financial statement amounts exposed to the deficiencies.

 

  • The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to the deficiency or deficiencies.

 

  • The importance of the controls to the financial reporting process.

 

  • The cause and frequency of the exceptions detected as a result of the deficiencies in the controls.

 

  • The interaction of the deficiency with other deficiencies in internal control. [ISA 265, A6]

 

The auditor communicates the deficiencies in a management letter or report to management. It is usually sent at the end of the audit process.

 

In the exam you may be required to prepare extracts for inclusion in a report to management. This requires you to identify and explain the deficiencies within the control system described in a scenario. You will have to suggest a recommendation to overcome each deficiency.

 

Deficiency                              A clear description of what is wrong.

 

Consequence                       What could happen if the deficiency is not corrected?

 

Focus on what matters to the client – the risk of lost profits, stolen assets, extra costs, errors in the accounts.

 

Recommendation             This must deal with the specific deficiency you have

 

observed. It must also provide greater benefits than the cost of implementation.

 

Try to specify exactly how the recommended control would operate including suggesting who should carry out the control procedures, and how frequently it should be performed.

 

When the auditor reports deficiencies, it should be made clear that:

 

  • The report is not a comprehensive list of deficiencies, but only those that have come to light during normal audit procedures.

 

  • The report is for the sole use of the company.

 

  • No disclosure should be made to a third party without the written agreement of the auditor.

 

  • No responsibility is assumed to any other parties.

 

If you are asked for a covering letter in the exam, you should include the above matters within it.

 

 

Management letter extract

 

Deficiency Consequence Recommendation
Purchase invoices There is a possibility All invoices should be
were missing from that purchases and sequentially filed on
the sequentially liabilities are not receipt by the
numbered invoice completely recorded. accounts department.
file. This could result in Regular sequence
late payment of checks should be
invoices which could performed to ensure
cause damage to the completeness. Any
company’s missing items should
relationship with the be investigated and
supplier resulting in copies requested if
removal of credit necessary.
terms or discounts.

 

Objectives

 

The objectives of controls in the sales system are to ensure that:

 

Stage Objective
Ordering • Goods are only supplied to customers who pay
promptly and in full.
• All orders are processed.
Despatch • Orders are despatched promptly and in full to
the correct customer.
• All orders are despatched.
Invoicing • All goods despatched are invoiced.
• Invoices are raised accurately.

 

Recording • Only valid sales are recorded.
• All sales and related receivables are recorded
and in the correct accounts.
• Revenue is recorded in the period to which it
relates.
• Sales are recorded accurately and related
receivables are recorded at an appropriate
value.
Cash received • Cash received is allocated against the correct
customer and invoices to minimise disputes.
• Overdue debts are followed up on a timely
basis.
• Irrecoverable debts identified and written off
appropriately.

 

 



Test your understanding 1

 

Murray case study: Sales cycle

 

Ordering

 

For all new customers, a sales manager completes a credit application which is checked with a credit agency and a credit limit is entered onto the sales system by the credit controller. The sales system prompts sales managers to complete an annual credit check for existing customers, and the credit controller amends or approves existing credit limits for these customers. Approved customers are assigned with a unique customer account number.

 

Orders are placed with the sales team. The orders are entered onto the sales system by a sales assistant. The system automatically checks that the goods are available and that the order will not take the customer over their credit limit. The system generates two order confirmations, one of which is sent to the customer by mail/email confirming the goods ordered and likely despatch date, the other is retained on file.

 

Goods despatch

 

The warehouse receives the order electronically and goods despatch notes (GDNs) are generated automatically. A member of the warehouse team packs the goods from the GDN and a second member of the team double checks the goods packed to the GDN, signing the GDN to evidence the check.

 

Two copies of the GDN are sent with the goods ordered. One copy is retained by the customer and the other is signed by the customer and returned to Murray Co to confirm receipt of the goods and retained by the warehouse.

 

A copy of the GDN is sent to the sales team who update the system, confirming despatch of the goods. A weekly report is sent automatically to the sales manager who follows up on any incomplete orders with the warehouse manager.

 

Invoicing

 

Once despatched, a copy of the GDN is sent to the accounts team at head office and a sequentially numbered sales invoice is raised from the GDN. Periodically a computer sequence check is performed for any missing sales invoice numbers.

 

When the invoice is sent to the customer, the system GDN is marked as “invoiced”. A system report is reviewed by the senior accountant on a fortnightly basis for any GDNs that have not been invoiced. The report is printed and signed as evidence of review.

 

The system generates customer invoices using the company price list, which is updated quarterly. Discounts must be requested by a sales manager and authorised by the sales director to allow the accounts team to raise an invoice.

 

Recording transaction

 

The receivables ledger is reviewed for credit balances by the senior accountant on a monthly basis and the receivables ledger is reconciled with the receivables ledger control account on a monthly basis by the sales ledger manager and reviewed by the company accountant.

 

Monthly customer statements are sent to customers.

 

Cash receipt

 

Receipts are counted by the office assistant, recorded by the cashier in the cash book, and the sales ledger clerk is notified of the receipt. The sales ledger clerk agrees the amount received to the amount invoiced and marks the invoice as paid.

 

The credit controller reviews the aged receivables analysis on a fortnightly basis and investigates any old balances. Overdue debts are chased with a telephone call initially, followed by a copy invoice, and then a warning letter before the debt is passed to a debt collection agency.

 

Required:

 

Identify and explain the controls in Murray Co’s sales system and suggest how the auditor would test those controls.

 

Illustration 1: Murray Co goods despatch note

 

The key document in the sales cycle is the goods despatch note:

 

Murray Co Goods Despatch Note
“Supplying Equipment to the Sporting Nation” Ref: AB123456MC
www.murraysports.com
Murray Company
1 Murray Mound,
Wimbledon, London
WN1 2LN
Destination
Customer Ref: W004 Order Number:
Customer Name: Winners Co ZY987654WS
Customer Address: 2 Edinburgh St,
Dunblaine, Scotland DL2 2ES
Line  Product Description Quantity Quantity
Number Quality and
quantity of
goods checked
and agreed

 

 

001 4378493729 Tennis racket 24
002 3257845743 Tennis balls 6
(packs of 6)

 

Yes

 

Yes

 

 

003 4357849574 Tennis court net 3
004 3473895789 Tennis 3
scoreboard

 

Yes

 

Yes

 

 

005 4574895743 Winner’s trophy 1
006 3457435437 Runner-up 1
trophy
007 4830998543 Participant’s 24
medal

 

Signed:

 

Yes

 

Yes

 

Yes

A Warehouse Packer

Objectives

 

The objectives of controls in the purchases system are to ensure that:

 

Stage Objective
Ordering • All purchases are made with suppliers who
have been checked for quality, reliability and
pricing.
• Purchases are only made for a valid business
use.
• Orders are placed taking consideration of
delivery lead times to avoid disruption to the
business.
Goods received • Only goods ordered by the company are
accepted.
• Goods received are recorded promptly.

 

Invoice received • Invoices received relate to goods actually
received.
• Invoices received relate to the company.
• Invoices received are correct in terms of
quantities, prices, discounts.
Recording • All purchases and related payables are
recorded.
• Purchases are recorded accurately and related
payables are recorded at an appropriate value.
• Purchases are recorded in the period to which
they relate.
• Purchases and payables are recorded in the
correct accounts.
Cash payments • Payments are only made for goods received.
• Payments are only made once.
• All payments are made on time.

 

 

Test your understanding 2

 

Murray case study: Purchases cycle

 

Ordering

 

Goods or services are obtained by placing a purchase requisition with the centralised purchasing department. Requisitions are sequentially pre-numbered and a weekly sequence check is performed. All requisitions must be authorised by an appropriate manager.

 

On receipt of a purchase requisition, a purchase officer agrees the manager’s signature to the signatory list held on file and checks inventory levels where appropriate. Orders are placed with suppliers using sequentially pre-numbered purchase orders.

 

Orders can only be placed with suppliers from the approved supplier list. Suppliers can only be added to the approved suppliers list by the procurement team once the terms of the contract have been agreed, and references obtained. Written confirmation is requested for all orders placed, and the purchase officer agrees the quoted price against the agreed price list and ensures any bulk discounts to which Murray Co is entitled, have been honoured.

 

Goods receipt

 

Goods are received into the central warehouse. Goods are inspected for condition and quantity by a warehouse operative, and agreed to the purchase order before the supplier’s delivery note is signed to accept the goods.

 

A sequentially pre-numbered goods received note (GRN) is prepared by the warehouse team manager, and grid-stamped. The grid stamp is signed by the warehouse operative to confirm that the goods have been inspected for condition and quantity and agreed to the purchase order.

 

The warehouse manager updates the inventory system on a daily basis from the prepared GRNs. The warehouse manager checks the sequence of purchase orders received on a weekly basis and informs the purchasing department of any missing orders so that they can be followed up.

 

Invoicing

 

On receipt of an invoice by the head office accounts team, the invoice is matched to and filed with the relevant GRN, using the purchase order number marked on the invoice (if there is no purchase order number marked on the invoice, this must be obtained from the supplier). The invoice number is noted on the GRN grid stamp. The invoice is also checked to the original purchase order to ensure the agreed prices and discounts have been honoured.

 

A monthly check of GRNs is made by the purchases ledger manager, to identify any GRNs for which no invoice has been received.

 

Recording transaction

 

The purchases ledger clerk enters invoices into the system in batches. A batch control sheet is used, which details the number of invoices and the total value. These details are checked to the system batch report.

 

Each invoice is stamped as “recorded” once the details have been entered onto the system. The purchase ledger manager inspects the file of invoices on a monthly basis to ensure that all invoices have been recorded.

 

Suppliers are required to submit monthly supplier statements, which are reconciled to the supplier’s ledger account by the purchases ledger manager. The purchase ledger is reconciled to the purchase ledger control account on a monthly basis by the purchase ledger manager, and reviewed by the company accountant.

 

Cash payment

 

The list of payments is sent to the company accountant, who agrees the details of each payment to the relevant invoice and signs each invoice to authorise payment and evidence the check. The list of payments is signed by the accountant once all invoices have been checked, and sent to the cashier’s office for payment.

 

If any individual payment is for more than $25,000 or total payments are for more than $250,000 a second signatory is required. These payments must also be checked and signed by either the financial controller, or finance director.

 

Payments are made by the cashier’s office by bank transfer. Invoices are stamped as “paid”, and returned to the purchases ledger team who record the payment and file the invoices (separately from invoices not yet paid).

 

The purchase ledger manager checks GRNs on a monthly basis to ensure that invoices have been received and paid on a timely basis.

 

Required:

 

Identify and explain the controls in Murray Co’s purchases system and suggest how the auditor would test those controls.

 

 

Illustration 2: Murray Co goods received note

 

The key document in the purchases cycle is the goods received note:

 

Murray Co Goods Received Note
Quality of goods checked A2012/123478
Purchase Order number:
MC/34324832809/RC
Date of receipt: 31st August 20X4
Time of receipt: 12:48pm
Description Quantity Quantity Quality of goods
ordered received checked
Vectran 75kg 75kg Yes

 

 

Sign to confirm

 

quantity and quality of

goods checked:       Warehouse Operative

 

Inv

Problems with fraud

 

Fraud is specifically designed to mislead people. Consider the following example:

 

  • A company only deals with suppliers on a list authorised by the finance director (FD).

 

  • Payments to suppliers are made after the purchases clerk identifies the monthly payments to be made and prepares the cheques.

 

  • The cheques are signed by the FD, who confirms the amounts paid and supplier names to supporting documentation.

 

  • The cheques are countersigned by the managing director, who does not check the details but has a good knowledge of who the suppliers are.

 

  • This appears like a sensible combination of authorisation controls and segregation of duties. The auditor would place reliance on the control system and reduce substantive testing of purchases.

 

However, now consider the implication if one of the suppliers is actually controlled by the FD. The supplier regularly overcharges the company and the purchases clerk is being bribed by the FD in return for their silence.

 

It is for this reason that the auditor must always perform some substantive procedures and must always maintain an attitude of professional scepticism.

 

 

Non-current assets

 

Expenditure on non -current assets should be controlled in a similar way to other purchases. However, because of the significant amounts involved, additional controls should be in place.

 

Control objectives:

 

  • Assets are only purchased if there is a business need.

 

  • Assets are purchased at an appropriate price.

 

  • The company can afford the capital expenditure proposed.

 

  • Capital expenditure is appropriately treated in the accounting records.

 

  • Capital expenditure is completely and accurately recorded in the accounting records.

 

  • Assets are covered by adequate insurance to prevent loss to the company.

 

  • Documents relating to assets are safeguarded from theft or damage.
Control Test of control
Requisitions for capital Inspect the requisition for the
expenditure should be made by signature of the person
an appropriate person. requisitioning the assets.
Ensure this is a person of
suitable authority by agreeing
the name to a list of people
authorised to make such
requisitions.
Authorisation for purchases of Inspect the purchase order for
non-current assets should be at signature of appropriate senior
a more senior level. person(s).
Several quotations should be Inspect the purchase
obtained before purchase in requisition for the quotations to
order to obtain the best price. ensure they have been
obtained.
An annual capital expenditure Inspect the annual budget to
budget for each department ensure it has been prepared.
should be prepared and Inspect board minutes to
authorisation should only be
confirm the budget has been
given for purchases which have
approved by the board.
been budgeted.
Inspect orders for capital
expenditure items to ensure
they have been authorised by
a responsible official.
Regular review of revenue Inspect management
expenditure should be accounts/revenue expenditure
performed to ensure items of a lists for evidence of review.
capital nature have not been Enquire of management how
written off in error. discrepancies are dealt with.
A regular reconciliation of the Inspect the reconciliation of the
asset register to the physical asset register and evidence of
assets held should be approval by a senior person to
performed. ensure the reconciliation has
been performed correctly.

 

An asset register should be Inspect the asset register to
maintained which includes cost, ensure details expected to be
depreciation, location, recorded have been recorded
responsible employee, to ensure good control is
insurance details, etc. maintained over assets.
Adequate insurance cover Inspect insurance policies to
should be purchased. ensure they are in place.
Review the policies to
ascertain the level of cover in
place and compare this with
the value of assets to ensure it
is sufficient.
Documentation such as title Inspect the storage facilities for
deeds, vehicle registration important documentation to
documents, insurance policies, ensure it is appropriately
etc. should be stored in a secure and adequate back ups
secure, fire-proof location. have been maintained in case
of a fire or flood.

Objectives

 

The objectives of controls in the payroll system are to ensure that:

 

Stage Objective
Clock cards (or timesheets) • Employees are only paid for work
submitted. actually done.
Payroll calculation • Only genuine employees are paid.
• Employees are paid at the correct
rates of pay.
• Gross pay is calculated and
recorded accurately.
• Net pay is calculated and
recorded accurately.
Standing data amendments • Standing data is kept up to date.
• Access to standing data is
restricted to prevent fraud or error
occurring.
Recording • All payroll amounts are recorded.
• Payroll amounts are recorded
accurately.
• Payroll costs are recorded in the
period to which they relate.
Payments to employees and tax • Correct amounts are paid to the
authorities employees and taxation
authorities.
• Payments are made on time.
• Payments are only made to valid
employees.

 

Test your understanding 3

 

Murray case study: Payroll cycle

 

Clock cards submitted and input

 

Murray Co employs a total of 300 people, 200 of these being workers who are paid weekly in cash. Weekly paid workers are required to record their times of arrival and departure at the factory using a clock card which is inserted in a time recording clock. Use of the time recording clock is supervised by the relevant factory manager.

 

On a weekly basis the cards are collected and passed to the works office where the clerk totals up the hours worked on each card and lists the total hours worked (a ‘hash’ total). The cards and the total hours list are then passed to the wages clerk who enters the hours worked into the payroll system and agrees the total entered.

 

Gross pay, deductions and net pay calculated

 

The payroll system calculates the gross and net pay and a payroll report is generated by the payroll manager. The payroll manager recalculates a sample of employee wages and compares his figures to the amounts calculated by the payroll system. He passes the payroll report to the wages clerk who creates a payment list detailing the payments to be made to the monthly paid employees and the taxation authority.

 

The payroll report and payment list are passed to the company accountant. The company accountant reviews the payment list for any unusual amounts and compares each employee’s net pay on the payroll report to the payment list. He also compares the totals with the previous week as a reasonableness check. Once all of these procedures are complete, the company accountant signs both documents and raises a cheque requisition for the weekly paid workers. The signed payroll report is returned to the payroll clerk who generates the payslips from the payroll system. The payslips, cheque requisition and signed payment list are then passed to the cashier’s department for processing.

 

Payments to employees and tax authorities

 

The cashier draws a cheque for the net amount of the payroll which is then signed by two directors. The cheque is given to a secure cash transit company who draw the money from the bank and deliver it under guard to the cashier. The cashier then puts the money into pay envelopes along with a pay slip for weekly paid workers.

 

The sealed envelopes and relevant clock cards are then used for payouts. Each worker obtains their money once they have identified themselves and signed their clock card. Unclaimed wages are held for three weeks before being banked.

 

Monthly paid workers and the tax authorities are paid by bank transfer on the last day of each month, as per the payment list authorised by the company accountant.

 

Payroll costs and payments recorded

 

A copy of the payroll list is sent to the head office accounts team who record the payroll expense and payments made. Any unclaimed wages are notified by the wages office to the head office team on an anomalies list completed once all of the clock cards have been returned. The head office accounts team check the bank statements to ensure that this money has been banked.

 

Standing data and other amendments

 

Leaver and joiner forms must be completed and authorised by the employee’s immediate manager and the finance director at least one month before the amendment is required to the payroll. Other amendments to standing data, e.g. pay rises and hourly rates, are completed on a specific form for this purpose, and authorised in the same way. A monthly report of amendments to standing data is sent to the finance director for review and authorisation. Standing data files are sent to departmental managers on a quarterly basis for review.

 

Required:

 

Identify and explain the controls in Murray Co’s payroll system and suggest how the auditor would test those controls.

Objectives

 

The objectives of controls in the inventory system are to ensure that:

 

  • Inventory levels meet the needs of production (raw materials and components) and customer demand (finished goods).

 

  • Inventory levels are not excessive, preventing obsolescence and unnecessary storage costs.

 

  • Inventory is safeguarded from theft, loss or damage.

 

  • Inventory received and despatched is recorded on a timely basis.

 

  • All inventory is recorded.

 

  • Inventory should be recorded at the appropriate value.

 

  • Only inventory owned by the company is recorded.

 

The following controls over inventory relate to the period after purchase and before sale i.e. when the goods are being stored in the warehouse.

 

Control Test of control
Inventory should be maintained at Use test data to place an order to
an appropriate level through the use reduce inventory of an item to below the
of automatic ordering systems when reorder level and trace through the
inventory reaches a certain level or system to see if an order is
by checking inventory levels before automatically generated.
orders are placed. Observe the ordering clerk checking
inventory levels before placing an order.
Inventory should be kept in a Visit the warehouse and attempt to
warehouse with access restricted to enter. Ensure that doors are kept closed
warehouse staff by the use of swipe requiring the swipe card or code to gain
card or keypad access. access.
CCTV should be in place to monitor Inspect the warehouse area to see the
people around the entrance to the CCTV in place and visit the location of
warehouse to ensure people don’t the camera feed to ensure the cameras
follow other people into the are monitored.
warehouse to avoid the need for a
code/swipe card.
Inventory should be kept in Visit the warehouse and inspect the
appropriate conditions e.g. conditions of storage. Inspect evidence
temperature controlled environment of monitoring the conditions on a regular
for perishable items. basis such as temperature logs.
Fire/smoke/heat detectors and Inspect the warehouse to see the
sprinkler systems should be in place detectors and sprinkler systems are in
to reduce the risk of damage place.
caused by fire. Inspect certificates confirming they have
been checked and tested on a regular
basis.
Inventory should be insured in case Inspect insurance policies to ensure
of theft or damage. they cover inventory, that adequate
cover is in place by comparing against
inventory value and that the policy has
not lapsed.
Inventory movements should be Inspect the GRNs and GDNs to see
recorded in the system promptly they have been stamped as entered into
using the GRNs and GDNs. The the system.
GRNs and GDNs should be Compare the date on the stamp to the
stamped to confirm they have been
date on the GRN/GDN to ensure they
input to ensure the system is up to
have been entered promptly.
date.

 

Inventory counts should take place Obtain inventory counting instructions
on a regular basis so that physical and review to ensure the count will be
inventory quantities can be appropriately organised and controlled.
reconciled with the accounting Attend the inventory count to ensure the
system on a regular basis to ensure
count is carried out in accordance with
the records are accurate and up to
the instructions and perform test counts
date.
to ensure the client’s counts are carried
out accurately.
Inventory should be reviewed during During the count review the inventory to
the count for damage or ensure damaged or obsolete items are
obsolescence and valued separately identified.
separately from the other inventory
by making an allowance to write the
inventory down to NRV.

 

See the ‘Procedures’  for detailed controls over inventory counts.

Objectives

 

The objectives of controls in the cash cycle are to ensure that:

 

  • Petty cash levels are kept to a minimum, preventing theft.

 

  • Payments can only be made for legitimate business expenditure.

 

  • Cash can only be withdrawn for business purposes.

 

  • Cash is safeguarded to prevent theft.

 

  • Receipts are banked on a timely basis to prevent theft.

 

  • Cash movements are recorded on a timely basis.

 

The following controls over cash relate to the period after receipt from a customer and before being used to pay for expenses. In addition, there should be adequate controls over access to cash and bank records.

 

Control Test of control
An imprest system of petty cash In the presence of the client, count the
should be used for items of petty cash to ascertain that the level is
expenditure less than $x. All other at the limit set. Inspect the petty cash
reimbursements should be made vouchers to ensure amounts reimbursed
through an expense claim and are below the limit stated.
processed as a bank payment.
Petty cash reimbursements must be Inspect the petty cash reimbursements
supported by an invoice to confirm for the supporting invoice and the
the expenditure was incurred and is signature of the person authorising the
business related before being reimbursement.
authorised and paid.
Cash withdrawals must be Inspect the withdrawal request for
authorised by a manager. evidence of the manager’s signature
authorising that the money can be taken
out of the bank.
Cash and cheque books/stationery In the presence of the client, inspect
should be stored in a locked safe where the cash and cheque books are
with restricted access. stored to ensure they are secure e.g.
within a safe.
Enquire of management who has
access to the safe to ensure this is
restricted to people with suitable
seniority.

 

Controls over bank transfers and Enquire of management who has
online banking should be in place, access to the online banking system.
e.g. secure passwords and PINs. Inspect transactions in the banking
system for the username of the person
initiating and authorising transactions to
ensure this corroborates what has been
said. Assess whether the person
authorising the transactions is of
suitable seniority.
Cash and cheques received should Inspect the paying in books or bank
be banked frequently. statements to identify how frequently
deposits are paid in to ensure this is
adequate.
Regular bank reconciliations Inspect the file of bank reconciliations to
prepared and then reviewed by ensure they are performed regularly.
personnel of appropriate seniority. Inspect the reconciliation for a
manager’s signature as evidence it has
been reviewed and approved.
Reperform the reconciliation to ensure it
has been carried out effectively.

 

 

Exam question approach

 

The exam will regularly feature a requirement asking for identification and explanation of control deficiencies from a scenario and recommendations to overcome the deficiencies identified.

 

Identification and explanation

 

Identification of the deficiencies is usually quite straightforward. You should look for information which indicates:

 

  • Controls are missing e.g. Sales orders are not sequentially numbered.

 

  • Controls are not effective e.g. Bank reconciliations are supposed to be performed but often don’t get done due to lack of time.

 

Work with the information provided. Do not assume that because something isn’t mentioned it isn’t happening.

 

Explanation of the deficiency requires you to give a business risk or a risk of misstatement in the accounting records. It is not an explanation if you only say this should not be done or this should be done. You must explain what the control would achieve if it was in place and working effectively. The explanation needs to be sufficiently detailed. If you only explain the deficiency in part you will not earn the explanation marks.

 

Recommendation

 

The recommendation also needs to be sufficiently detailed. Try and recommend which person within the company should perform the control and how frequently. Sometimes a control requires more than one element to be effective therefore make sure you suggest everything that needs to happen to make the control effective.

 

Control deficiency Recommendation
Poor Sales orders are not Orders should be
answer sequentially numbered. sequentially
Deficiency is not explained. numbered.
Why does it matter if the sales Recommendation is
orders are not sequentially not sufficiently
numbered? detailed. How does the
client know the
sequence is complete?
Better Sales orders are not Orders should be
answer sequentially numbered. sequentially
Orders will be difficult to trace numbered.
and orders may not be A sequence check
fulfilled. should be performed
Deficiency is still not fully and any breaks in the
sequence investigated
explained.
and resolved.
What are the consequences to
the company if they have Recommendation is
unfulfilled orders? now sufficiently
detailed.
Good Sales orders are not Orders should be
answer sequentially numbered. sequentially
Orders will be difficult to trace numbered.
and orders may not be A sequence check
fulfilled. should be performed
Customers will be dissatisfied and any breaks in the
sequence investigated
if orders are not fulfilled
and resolved.
resulting in complaint and loss
Recommendation is
of future revenue.
Deficiency is now fully sufficiently detailed.
explained as a business risk.

 

Control deficiency Recommendation
Poor Bank reconciliations are Bank reconciliations
answer supposed to be performed but should be performed.
often don’t get done due to Recommendation is
lack of time.
not sufficiently
Deficiency is not explained. detailed. Who should
Why does it matter if the bank perform the bank
reconciliation does not get reconciliation?
performed? How often should it be
performed?
How does
management know it
has actually been
done?
Better Bank reconciliations are Bank reconciliations
answer supposed to be performed but should be performed
often don’t get done due to weekly.
lack of time. Recommendation is
Errors could occur. slightly better but is still
Deficiency is still not fully not sufficiently
detailed.
explained.
Errors in what?
Good Bank reconciliations are Bank reconciliations
answer supposed to be performed but should be performed
often don’t get done due to on a weekly basis by
lack of time. someone independent
Errors could occur. of maintaining the cash
book and the
The cash book may be
reconciliation should
incorrect resulting in be reviewed by a
misstatement of the bank and responsible official.
cash figure in the financial Recommendation is
statements.
now sufficiently
Deficiency is now fully
detailed.
explained as a risk to the
accounting records.

 

Test your understanding 4

 

Rhapsody Co supplies a wide range of garden and agricultural products to trade and domestic customers. The company has 11 divisions, with each division specialising in the sale of specific products, for example, seeds, garden furniture, and agricultural fertilizers. The company has an internal audit department which provides reports to the audit committee on each division on a rotational basis.

 

Products in the seed division are offered for sale to domestic customers via an Internet site. Customers review the product list on the Internet and place orders for packets of seeds using specific product codes, along with their credit card details, onto Rhapsody Co’s secure server. Order quantities are normally between one and three packets for each type of seed. Order details are transferred manually onto the company’s internal inventory control and sales system and a two part packing list is printed in the seed warehouse. Each order and packing list is given a random alphabetical code based on the name of the employee inputting the order, the date and the products being ordered.

 

In the seed warehouse, the packets of seeds for each order are taken from specific bins and despatched to the customer with one copy of the packing list. The second copy of the packing list is sent to the accounts department where the inventory and sales computer is updated to show that the order has been despatched. The customer’s credit card is then charged by the inventory control and sales computer. Bad debts in Rhapsody are currently 3% of the total sales.

 

Finally, the computer system checks that for each charge made to a customer’s credit card account, the order details are on file to prove that the charge was made correctly.

 

Required:

 

In respect of sales in the seeds division of Rhapsody Co:

 

  • Explain FOUR deficiencies in the sales system, and

 

  • For each deficiency provide a recommendation to overcome that deficiency.

 

(8 marks)

 

Test your understanding 5

 

Whilst performing tests of controls, many control deviations were found. The auditor has therefore concluded that reliance cannot be placed on the internal controls.

 

Required:

 

Explain THREE actions that the auditor may now take in response to this problem.

 

(3 marks)

 

 

Test your understanding 6

 

  • Define ‘tests of control’ and explain the importance of tests of control in the audit of a company.

 

(2 marks)

 

  • You are an audit senior working at a medium sized firm of auditors. One of your clients is an exclusive hotel called ‘Numero Uno’ situated in the centre of Big City. As part of your audit procedures you are assessing the controls surrounding payroll. You have read last year’s audit file and have obtained the following information:

 

The hotel employs both full and part time staff. Due to the nature of the business most of the work is done in shifts. All staff are paid on a monthly basis.

 

New members of staff are given an electronic photo identification card on the day they join by the personnel department. This card is used to ‘clock in’ and ‘clock out’ at the start and end of the shift to record the hours worked.

 

At the end of each week the information recorded on the system is sent automatically to the payroll department and also to the head of each of the three main operating divisions: Rooms, Food & Beverage and Corporate Events. Each division head must reply back to the payroll department by email to authorise the hours worked by their staff.

 

The payroll clerk collates all the authorised information and then inputs the hours worked into a standardised computerised payroll package. This system is password protected using an alphanumerical password that only the payroll clerk and the finance manager know.

 

Once the hours have been entered, the calculations of gross pay and taxation are calculated automatically along with any other statutory deductions. At the end of the calculations a payroll report is produced and printed. The finance manager reviews the report and compares the data to last month to identify and follow up any unusual variances. When he is satisfied with the information he authorises the payroll run by signing the payroll report and the payroll clerk submits the data.

 

Payslips are sent to the home address of each employee and payment is made by bank transfer.

 

Required:

 

With reference to the scenario:

 

  • Identify and explain FOUR STRENGTHS within the hotel’s internal control system in respect of payroll.

 

(4 marks)

 

  • For each of the identified strengths, state a test of control the auditor could perform to assess if the controls are operating effectively.

 

(4 marks)

 

 

Test your understanding 7

 

You are testing the controls over the payroll system of Bunbury Co. You have confirmed that the following controls have operated throughout the year:

 

  • Sample check of payroll calculations by a payroll manager.

 

  • Review of the payroll listing once prepared before details are entered into the banking system.

 

  • Segregation of duties between calculation of monthly payroll and responsibility for changes to standing data.

 

  • Each department manager receives a list of employees in their department for them to sign to confirm those employees should be paid.

 

  • Which of the following is the main reason for the control of segregation of duties between calculation of payroll and responsibility for changes to standing data?

 

A Changes to standing data must be performed by a manager whereas payroll calculations can be performed by a payroll clerk

 

B If one person was responsible for both they would be more likely to make errors due to a high workload

 

C If one person was responsible for both they could increase their salary and make fraudulent payments to themselves

 

D Each individual role within an organisation must be carried out by different people

 

  • Which of the following procedures would provide the most reliable evidence that the first control, payroll calculations are checked by a payroll manager, is working effectively?

 

A Enquiry with the payroll clerk performing the payroll calculation B Enquiry with the payroll manager performing the check

C  Recalculation of the payroll amounts by the auditor

 

D Inspection of the payroll report for evidence that a sample of payroll amounts are checked

 

  • Which of the following is NOT a test of control?

 

A Inspection of employee contracts to confirm the salary the employee should be paid

 

B Inspection of payroll reports for evidence of authorisation by the manager

 

C Inspection of the list of employees for each department for evidence of the department manager’s review

 

D Observation of the payroll function to confirm segregation of duties is in place

 

  • Which of the following is a control objective relevant to the control that each department manager reviews the list of employees?

 

A To ensure payroll is accurately calculated B To ensure only valid employees are paid

C To ensure employees are paid for the correct hours D To ensure employees are paid at the correct salary

 

  • Which of the following could be used by Bunbury Co to monitor the effectiveness of the company’s controls? A Internal audit assignments

 

B Performing bank reconciliations C Authorisation of payments

D  Segregation of duties

 

 

Test your understanding 8

 

You are performing the risk assessment for the audit of Kununurra Co, a client your firm has audited for the past two years. From your review of last year’s audit file you have found that no significant control deficiencies were identified. The systems are documented on the permanent audit file in the form of flow charts and narrative notes.

 

  • Which of the following best describes the requirement of the auditor in respect of the controls documentation?

 

A The auditor must document the systems this year as they may have changed since last year

 

B The auditor may enquire whether the systems have changed since last year and if not no further work is necessary

 

C The auditor must perform procedures to ensure the systems work as documented on file e.g. by performing walkthrough tests

 

D No work is necessary on systems documentation unless the client informs the auditor that changes have occurred

 

  • Which of the following best describes the auditor’s approach in respect of reliance on internal controls?

 

A Tests of controls must be performed over material areas of the financial statements

 

B Tests of controls must be performed each year over the areas where the auditor is hoping to place reliance on the controls

 

C Tests of controls are not necessary this year as no deficiencies were identified last year

 

D Tests of controls must be performed over all areas irrespective of whether the auditor is planning to place reliance on those controls

 

  • Which of the following would NOT be included in an internal control evaluation questionnaire?

 

A How does the company ensure sales are only made to creditworthy customers?

 

B How does the company ensure that purchases are only made for a valid business use?

 

C How does the company ensure that all purchases are recorded?

 

D Is access to the warehouse restricted to authorised personnel only?

 

  • Internal controls should be monitored on an ongoing basis to ensure they are adequate, relevant and working effectively. Which of the following will NOT monitor the internal controls of a company?

 

A External auditor B Management

C Consultancy firm hired by management D Internal auditor

 

  • Match the description to the appropriate method of documenting a control system.

 

                                                                 ICQ/ICE                     Flowchart                        Narrative

 

notes

 

A diagram depicting the

controls in place at each stage

of a process

 

A disadvantage of this method

may be that controls are

overstated

 

An advantage of this method

is that they are easy to

prepare in advance and

therefore efficient

 

For larger systems this

method may be time

consuming and it may be

difficult to identify missing

controls

Test your understanding 1

 

Ordering

 

Control Test of control
Credit checks, setting of credit Inspect a sample of new and
limits, and checks that an order existing customer files to ensure a
will not take a customer over their recent, satisfactory credit check
credit limit: ensures that sales are has been obtained.
only made to customers that are Review the customer’s file and
likely to make a full and prompt
ensure that credit reports are
payment, reducing the risk of
obtained on a regular basis by
irrecoverable debts. Irrecoverable
looking at the dates on the reports.
debts will reduce profit and cash
Inspect the customer’s account to
inflows.
ensure that credit limits have been
put in place.
Try to enter an order into the
system that will take the customer
over their credit limit. The system
should reject it.
Checking that the goods are With the client’s permission,
available: ensures that orders can attempt to enter an order for goods
be fulfilled and despatched that are known to be out of stock.
promptly. Goods not despatched The system should reject the
promptly can result in complaints order.
from customers resulting in a loss Where orders are taken when the
of customer goodwill.
goods are out of stock, review the
unfulfilled orders file for evidence
of review such as a log in the file
detailing when it was last
reviewed. This ensures it is
checked frequently so that orders
are fulfilled as soon as possible.
Written confirmation of the order: Select a sample of sales made and
ensures that orders are recorded inspect a copy of the written order
accurately and that customers retained on file to ensure the order
receive the goods they ordered. was confirmed in writing to
Incorrect orders will result in minimise the risk of discrepancies.
dissatisfied customers and a loss
of customer goodwill.

 

Approved customers are assigned a unique customer account number: to ensure that sales are only made to customers that have been approved for credit, therefore minimising irrecoverable debts. Irrecoverable debts will reduce profit and cash inflows.

 

With the client’s permission, attempt to enter an order for a fictitious customer account number. The system should reject the order.

 

 

Goods despatch

 

Control Test of control
Order received electronically by Input a fictitious order into the
warehouse and automatic system and trace it through to the
generation of GDN: eliminates risk despatch system to ensure the
of human error/oversight ensuring GDN is automatically generated.
that all orders are fulfilled.
Unfulfilled orders can result in
dissatisfied customers resulting in
a loss of customer goodwill.
Second member of warehouse Visit a warehouse and observe the
team checks the goods packed, goods despatch process to assess
signing the GDN to evidence the whether all goods are double
check: segregation of duties checked against the GDN prior to
reduces the risk of signing and sending out.
misappropriation of assets which Inspect the GDN for evidence of
results in loss for the company.
the signature to confirm the
physical goods have been checked
to the GDN and the GDN has been
checked against the order prior to
despatch.
Customers sign the GDN and Inspect a sample of GDNs retained
return it to Murray Co: helps to by the warehouse to ensure they
ensure that customers pay in full are signed by customers to confirm
as proof of delivery and receipt of goods and to confirm
acceptance of goods is obtained. they are retained in the warehouse
This reduces the risk of disputes in case of disputes.
with customers which can result in
a loss of customer goodwill or
goods being sent again to a
customer which results in loss for
the company.

 

Weekly report to sales manager: Inspect the weekly sales report for
monitors despatch of goods to the sales manager’s signature as
ensure that all orders are fulfilled. evidence of his review. Enquire of
Unfulfilled orders can result in the manager what actions are
dissatisfied customers resulting in taken where orders have not been
a loss of customer goodwill. fulfilled.
Invoicing
Control Test of control
The invoice is checked to the GDN: Inspect the GDNs for evidence of
the invoice is raised from the GDN being matched to invoices. Agree
and not the original order, ensuring the details on both to ensure the
the invoice is sent for the correct control has been effective.
quantity of goods despatched. This
reduces the risk of the customer
being invoiced incorrectly for goods
not received which could cause
customer dissatisfaction and a loss
of customer goodwill.
Sequentially numbered sales Review the last system generated
invoice and computer sequence sequence check of sales invoices
check: to ensure that all invoices to identify any omissions.
are processed – if any invoice in Review the report produced by the
the sequence is missing it can be
system and inspect for evidence of
traced. Goods which have not been
a manager’s review to confirm the
invoiced will result in lost revenue sequence is complete and the
and profit for the company.
report has been reviewed.
System GDN marked as Inspect the GDNs to make sure
“invoiced” to prevent the customer they have been marked ‘invoiced’.
being invoiced twice. If a customer
is invoiced twice this could cause
customer dissatisfaction and a
loss of customer goodwill.
System report reviewed by the Inspect the file of GDNs with no
senior accountant: to ensure that invoice system reports for
all goods are invoiced. Goods evidence of completion on a
which have not been invoiced will fortnightly basis such as a
result in lost revenue and profit for manager’s signature.
the company.
Company price list: to ensure that Inspect the price list for approval
customers are charged the correct by the directors.
price. This reduces the risk of the Obtain a copy of the current price
customer being invoiced
list and agree for a sample of
incorrectly which could cause
invoices that relevant/current
customer dissatisfaction and a
prices have been used.
loss of customer goodwill.

 

Agree the prices in the system to
the approved price list.
Enquire of management who has
authority to amend standing data
such as prices in the system to
ensure only persons of suitable
authority have access. Try to input
a change to the prices in the
system using a user ID of a clerk
to ensure that the system does not
allow access to this standing data.
Discounts must be requested by a With the client’s permission,
sales manager and authorised by attempt to process an invoice with
the sales director: segregation of a sales discount without
duties and authorisation prevents authorisation from the sales
fraud and unauthorised discounts director. The system should reject
which will result in loss of revenue the invoice.
for the company. Inspect sales orders with discounts
given for evidence of the sales
director’s signature authorising the
discount.
Recording transactions
Control Test of control
Review of receivables ledger for Inspect the receivables ledger for
credit balances: identifies evidence of monthly review for
overpayments which may be credit balances such as a
caused by goods invoiced where manager’s signature.
no sale was recorded. This helps
to identify errors in the accounting
records which can then be
corrected.
Receivables ledger reconciliation: Inspect the receivables ledger
ensures that debts and receipts reconciliations for evidence of
recorded in individual customer performance on a monthly basis.
ledgers have also been recorded Inspect the reconciliations for the
in the accounts (and vice versa).
company accountant’s signature
Segregation of duties monitors as evidence of review.
performance of controls and Reperform the reconciliation to
prevents fraud which could cause
ensure it has been carried out
loss for the company.
effectively.

 

Monthly customer statements sent to customers: enables customers to identify errors in invoices and receipts and notify the company. Statements may also act as a reminder of payment and reduce the risk of irrecoverable debts. Irrecoverable debts will reduce profit and cash inflows.

 

For a sample of customers with outstanding balances, inspect copies of monthly statements sent out to confirm statements are in fact issued.

 

 

Cash receipt

 

Control Test of control
Receipts are counted by the office Observe the cash receipt process
assistant, recorded by the cashier, to assess the adequacy of
and the sales ledger clerk agrees segregation of duties.
the amount received to the
amount invoiced: Segregation of
duties prevents fraud which could
cause loss for the company.
The invoice is marked as paid: For a sample of cash receipts,
ensures that customers are not inspect the relevant invoice to
chased for debts they have paid ensure it has been marked as
which could result in dissatisfied paid.
customers and a loss of customer
goodwill.
The credit controller reviews the Inspect the aged receivables
aged receivables to identify old analysis for evidence of fortnightly
balances which require review such as a manager’s
investigation. This reduces the signature.
risk of irrecoverable debts which
will reduce profit and cash inflows.
Credit control procedures are then Inspect records of contact made
followed: to ensure full and prompt with customers who have overdue
payment by customers. This debts, to ensure compliance with
reduces the risk of irrecoverable credit control procedures.
debts which will reduce profit and E.g. notes of telephone calls,
cash inflows. copies of letters sent.

 

 
Test your understanding 2
Ordering
Control Test of control
Centralised purchasing Inspect organisation chart to verify
department: ensures that that a centralised purchasing
purchasing is cost effective and department is in place.
only necessary goods and Enquire of the purchasing director
services are procured reducing
whether all purchases must go
the risk of loss to the company
through the department or if some
and unnecessary cash outflow.
purchases are made within
individual departments to assess
the effectiveness of the control.
Inspect a sample of purchase
orders to ensure they have been
generated by the central
purchasing department.
Sequentially pre-numbered Enquire of the staff responsible for
requisitions and sequence check the sequence check what they do
performed by the purchasing to evidence the control e.g. a log in
department: ensures that all the file with a signature to confirm
requisitions are fulfilled, the sequence check has been
preventing stock outs/ performed for that week.
manufacturing delays. Inspect the log and ensure it is
Delays will result in dissatisfied completed weekly and is up to
customers which will reduce date.
customer goodwill. Inspect the log for a signature to
confirm the check has been
performed.
Requisitions are authorised and Inspect a sample of requisitions for
manager’s signature agreed: the signature of an appropriate
ensures only necessary goods manager.
and services are procured
reducing the risk of loss to the
company and unnecessary cash
outflow.
Inventory levels are checked prior Inspect a sample of requisitions for
to ordering: ensures only evidence of inventory levels having
necessary goods and services are been checked first, such as a
procured reducing the risk of loss signature.
to the company and unnecessary Observe the ordering process to
cash outflow.
see the ordering clerk checking
inventory levels first.

 

Sequentially pre-numbered Review the purchase orders for
purchase orders and weekly evidence of the warehouse
check by warehouse manager: to manager’s weekly sequence check
ensure that all goods and services such as a signature to confirm it
ordered are received so any has been performed.
missing purchase orders can be
followed up. This reduces the risk
of production delays which will
result in dis-satisfied customers
and a loss of customer goodwill.
Approved supplier list: gives For a sample of purchase orders
assurance about the quality of placed, agree the supplier name to
goods and services and reliability the approved supplier list.
of the suppliers. Poor quality Attempt to place an order with an
supplies will affect the quality of
unapproved supplier. The system
the product sold resulting in
should not allow it to proceed.
complaints from customers and
damage to the company’s
reputation reducing future sales.
Written confirmation for all orders: For a sample of purchase
ensures all and only necessary requisitions, inspect the purchase
goods and services are received. order and written confirmation from
This reduces the risk of disputes the supplier.
with suppliers which could cause
production delays resulting in
dissatisfied customers and a loss
of customer goodwill.
Price agreed to price list and Inspect a sample of purchase
discounts checked: ensures that orders for evidence of prices
the correct prices are being having been agreed to price list
charged by the supplier and such as a signature of the person
discounts are being obtained. This checking.
ensures the correct amounts will Select a sample of orders and
be paid reducing the risk of loss to
agree to the authorised price list to
the company and unnecessary test the effectiveness of the
cash outflow.
control.

 

 
Good receipt
Control Test of control
Goods received into the central Visit a warehouse and inspect the
warehouse. Having one, secure delivery area for security of goods
delivery area prevents goods e.g. locked area, security guard,
received being lost or stolen CCTV.
reducing the risk of loss to the
company.
Goods are inspected for condition Observe the goods receipt process
and quantity and agreed to the to ensure goods are inspected for
purchase order. This prevents condition and quantity before the
Murray Co from having to pay for supplier’s delivery note is signed.
unnecessary, or poor quality Inspect the delivery note for a
goods which would result in loss
signature confirming the goods
for the company and unnecessary
have been checked on arrival.
cash outflow.
Sequentially pre-numbered goods Inspect evidence of the sequence
received note (GRN) prepared by check being performed such as a
the warehouse team manager and signature of the warehouse
a sequence check performed by manager.
the purchase ledger manager.
This ensures that all goods
received are recorded which will
reduce disputes with suppliers
over payment for goods.
Grid stamp: a grid stamp is a grid Inspect a sample of GRNs to
that can be ink-stamped onto any ensure grid-stamped and signed
document, with boxes for by the warehouse operative to
recording different information confirm the goods have been
such as confirmation the goods inspected and agreed to the PO.
have been inspected for condition
and agreed to the PO. This
prevents Murray Co from having
to pay for unnecessary or poor
quality goods reducing the risk of
loss to the company and
unnecessary cash outflow.

 

Inventory system updated on a Inspect a sample of GRNs for the
daily basis by the warehouse previous day to ensure the
manager: prevents unnecessary inventory system has been
goods being ordered, ensures updated for them.
inventory levels are up-to-date
when checked before acceptance
of customer orders. This reduces
the risk of not being able to fulfil
customer orders which could
result in dissatisfied customers
and a loss of customer goodwill.
Invoicing
Control Test of control
The invoice is matched to the Inspect a sample of invoices and
GRN: by matching the invoice to ensure filed with the relevant GRN,
the GRN and not the original order and the invoice number is written
it ensures that only goods that on the GRN.
have been received are paid for
reducing the risk of loss to the
company and unnecessary cash
outflow.
Using the purchase order number Inspect a sample of invoices for
marked on the invoice: when the PO number and that it is
placing an order, the supplier will matched to the relating GRN and
be given the purchase order requisition.
number. This allows the purchase
to be matched to the relevant
GRN and requisition and the
company can efficiently trace the
relevant documentation in case of
queries.
The invoice number is noted on Review the GRN for the grid
the GRN grid stamp, and a stamp.
monthly check of GRNs with no Inspect evidence of signature to
invoice: this prevents the goods
confirm the monthly check has
received being invoiced twice
been carried out by the purchase
which would cause loss to the
ledger manager.
company.

 

 
Recording transaction
Control Test of control
Batch controls: the system will Inspect a sample of batch control
notify the clerk inputting the data sheets for evidence of completion
of how many invoices has been and agreement to the batch
input. This will be checked to the system report.
physical number of invoices and
will highlight if too many or too few
invoices have been entered. This
ensures accuracy of the
purchases and payables figures in
the accounting records enabling
invoices to be paid on time
reducing the risk of disputes with
suppliers.
Invoice stamped as “recorded” Select a sample of invoices
and checks to ensure all invoices recorded on the system and
recorded: Prevents under or inspect them to ensure they are
overstatement of trade payables marked as “recorded”.
reducing the risk of disputes with
or late payments to suppliers.
Supplier statement reconciliations: For a sample of suppliers, inspect
enables mis-recorded purchases, the monthly supplier statements
payments and liabilities to be received for evidence of the
identified and corrected. This reconciliation being performed.
reduces the risk of disputes with Reperform the reconciliation to
suppliers and ensures accuracy of confirm it has been reconciled
the accounting system relating to correctly to test the effectiveness
purchases and payables. of the control.
Control account reconciliation: Inspect the purchase ledger
ensures that credits and payments reconciliations for evidence of
recorded in individual supplier performance and review on a
ledgers have also been recorded monthly basis. Reperform the
in the accounts (and vice versa). reconciliation to ensure it has been
Segregation of duties monitors carried out effectively.
performance of controls and
ensures accuracy of the
accounting system in relation to
purchases and payables.

 

Cash payment

 

Control Test of control
The company accountant checks For a sample of payments made,
and authorises payments: inspect the payment list for
payments should only be evidence of the company
authorised by a senior member of accountant’s review and
the finance department to prevent authorisation.
error or fraud which could result in
loss for the company.
Individual payments of more than Inspect a sample of invoices
$25,000 or total payments of more > $25,000 for evidence of a second
than $250,000 require a second signatory and agree that the
signatory: a second signatory signature is of someone with
prevents fraud on unusual authority to authorise such
transactions which could result in amounts.
loss for the company. The Inspect the invoices for the
additional check by the financial
additional signature of the financial
controller or finance director
controller or finance director.
further enhances this control.
Payments are made by the Observe the process of payments
cashier’s office and recorded by from the cashier’s office to ensure
the purchase ledger team: segregation of duties is in place.
segregation of duties prevents
fraud which could result in loss for
the company.
Invoices are stamped as “paid” Inspect the file of paid invoices and
and filed separately from invoices ensure kept separate from invoices
not yet paid: this prevents invoices not yet paid. Inspect them stamped
being paid twice which could as ‘Paid’.
result in loss for the company and
unnecessary cash outflow.
GRNs are checked on a monthly Review evidence of the purchase
basis: to ensure that suppliers are ledger manager’s monthly invoice
paid on a timely basis, which review such as a signature.
ensures that early settlement
discounts available are obtained,
and supplier goodwill is
maintained.

 

 
Test your understanding 3
Clock cards submitted and input
Control Test of control
Clock card to record time and Observe the use and
supervision of clock card use: supervision of clocking in and
ensures that only genuine out procedures to ensure that
employees are paid for work done. employees are not able to clock
This reduces the risk of unnecessary in for other people.
additional expense for the company
which reduces profit.
Hash total and agreement of the Observe the process of the
total: segregation of duties by works office clerk totalling the
performing and checking the hours and passing the list to the
procedure reduces the risk of human wages clerk to confirm
error and therefore the risk of segregation of duties is in place.
incorrect payments being made Inspect a sample of payroll
which will affect profit.
sheets for the wages clerk’s
signature as evidence they have
checked the total hours list.
Payroll calculation and payment list created
Control Test of control
Payroll is calculated automatically by Review a sample of the
the payroll system and the payroll calculations performed by the
manager recalculates a sample of payroll manager.
wages: Calculation by the system is
less vulnerable to error and a
sample check by the payroll
manager ensures the system
calculates the wages accurately,
minimising the risk of incorrect
payments being made.
The company accountant’s review of Inspect the payroll report and
payroll: ensures that any anomalies payment list for the signature of
can be identified and resolved. Payroll the company accountant
is a significant cost for most confirming the reports have
companies and it is important that a been checked to each other and
responsible individual, independent of a review has been performed.
preparation of payroll undertakes this
role. This reduces the risk of
payments being made to ghost
employees or incorrect amounts being
paid which would cause unnecessary
expense and reduce profit.

 

Payroll is calculated by the payroll Inspect the monthly payment list
department. The company and payroll report for the company
accountant raises the cheque accountant’s signature.
requisition and authorises the For a sample of cheques raised for
payment list. The cashie’s
wages, inspect the cheque
department makes the relevant
requisition to ensure it has been
payments: segregation of duties
completed by the company
prevents fraud and error which
accountant.
could result in loss for the
company.
Payments to employees and tax authorities
Control Test of control
Payroll cheque is signed by two Inspect the bank mandate to
directors: this is likely to be a large ensure it requires the signature of
amount of money and therefore two directors for large cheques.
requires authorisation by two
senior personnel to prevent fraud
and error which could result in
loss to the company.
Cash is delivered by a secure Observe the cash being delivered
transit company, under guard: due by the security firm.
to the amount of cash likely to be Inspect invoices for services of the
needed to pay the weekly paid
security firm to ensure the service
workers, it would not be
is provided weekly.
appropriate for Murray Co staff to
go to the bank to get the money
themselves as this would threaten
their personal safety.
Workers must identify themselves Observe payment of weekly wages
and sign their clock cards before to confirm identification is checked.
receiving their money. This Inspect a sample of clock cards to
ensures that only genuine
ensure they have been signed by
employees are paid, reducing the
the worker.
risk of unnecessary additional
expense for the company which
reduces profit.

 

Payroll costs and payments recorded

 

Control Test of control
The head office accounts team Inspect the anomalies list to see it
record the payroll expense and has been prepared.
payments and the wages office Enquire of the wages office and
notify the team of unclaimed
the head office team that this
wages: segregation of duties
notification occurs on a weekly
prevents fraud and error which
basis to corroborate the control
could result in loss for the
works effectively.
company.
Bank statements are checked for Inspect the anomalies list or bank
deposit of unclaimed wages: statements for evidence that the
prevents misappropriation which bank statements are checked to
would result in loss for the ensure any unclaimed wages have
company. been banked.
Standing data and other amendments

 

Control Test of control
Completion and authorisation of Select a sample of employees with
standing data forms: ensures that pay rises or other amendments
only genuine employees are paid from human resources records and
and at authorised rates of pay. inspect the system details to
This reduces the risk of payments ensure that the relevant payroll
being made to ghost employees form has been completed and
or incorrect amounts being paid authorised on a timely basis.
which would cause unnecessary
expense and reduce profit.
Use of specific forms such as for Select a sample of leavers and
starters and leavers: prevents joiners from human resources
errors in processing information. records and trace the changes to
This reduces the risk of incorrect the system to ensure that payroll
forms have been completed and
payments being made which
authorised on a timely basis.
would result in employee
dissatisfaction or payments being
made to people no longer working
for the company which would
result in loss to the company.

 

Monthly review of standing data Select a sample of amendments
amendments and quarterly review made to standing data and trace to
of standing data files: ensures that the monthly report authorised by
any unauthorised amendments to the finance director, and the
standing data are identified and relevant amendment form.
resolved. This reduces the risk of Inspect the standing data files sent
payments being made to ghost
to departmental managers for
employees or incorrect amounts
evidence of review.
being paid which would cause
For any anomalies identified by
unnecessary expense and reduce
profit. departmental managers, enquire of
and corroborate the reasons for
the anomaly and what action was
taken to resolve the issue.
Test your understanding 4
Deficiency and effect Recommendation
Recording of orders
Orders placed on the Internet site The computer system should be
are transferred manually into the upgraded so that order details are
inventory and sales system. transferred directly between the
Manual transfer may result in two computer systems. This will
error, for example in recording remove manual transfer of details
order quantities or product codes. limiting the possibility of human
Customers will be sent incorrect error.
goods resulting in increased
customer complaints and a loss of
customer goodwill.
Control over orders and
packing lists
Each order/packing list is given a Orders/packing lists should be
random alphabetical code. This controlled with a numeric
type of code makes it difficult to sequence.
check completeness of orders. At the end of each day, a
Packing lists can be lost resulting sequence check should be
in goods not being despatched to performed and any gaps in the
the customer which will result in a sequence should be investigated.
loss of customer goodwill. The
order may be sent but the
customer’s credit card may not be
charged which would result in loss
for Rhapsody.

 

 

Obtaining payment

 

The customer’s credit card is charged after despatch of goods to the customer, meaning that goods are already sent to the customer before payment is authorised.

 

Rhapsody Co will not be paid for the goods despatched where the credit company rejects the payment request. Given that customers are unlikely to return seeds, Rhapsody Co will automatically incur an irrecoverable debt which reduces profit and cash inflow.

 

Completeness of orders

 

There is no overall check that all orders recorded on the inventory and sales system have actually been invoiced and the customer’s credit card charged.

 

Orders despatched may not have been invoiced resulting in understatement of revenue and profit. If the credit card has not been charged the company will experience a reduction in cash flow.

 

 

Authorisation to charge the customer’s credit card should be obtained prior to despatch of goods and the card should be charged on despatch to ensure Rhapsody Co is paid for all goods sent to customers.

 

An exception report should be generated each week of orders not invoiced. Orders where there is no corresponding invoice should be investigated.

 

Test your understanding 5

 

The auditor could expand the amount of controls testing in that audit area.

 

This may indicate that the control deficiency was not as bad as initially thought.

 

The problem could be raised with those charged with governance to ensure that they are aware of the problem.

 

The auditor could perform additional substantive procedures on the audit area. If controls have not worked effectively in this area there is a greater risk of misstatement. Substantive procedures will be used to quantify the misstatement.

 

If the matter is not resolved, then the auditor will also need to consider a modification to the auditor’s report.

 

Test your understanding 6

 

  • Tests of control

 

A test of control tests the operating effectiveness of controls in preventing, detecting or correcting material misstatements.

 

It is important for the external auditor to test controls to ensure their initial understanding obtained when assessing the control environment and internal controls is appropriate.

 

This will allow the auditor to identify and assess the risks of material misstatements in the financial statements and to determine to what extent to rely on the internal control system during the audit.

 

The auditor will then be able to design sufficient and appropriate substantive audit procedures to reduce detection risk, and therefore audit risk, to an acceptable level.

 

  • Payroll system strengths and tests of control

 

Strengths in the control system at the hotel in respect of payroll are set out below including the test of control to be performed by the auditor.

 

Strength (i) Test of control (ii)
All staff are assigned a unique ID Ask a sample of employees to
card by the personnel department confirm who provided them with
to record hours worked. their unique ID card on joining the
Segregation of duties between business.
allocating the cards and Inspect the ID cards for existence.
processing payroll will reduce the Agree the employee details to HR
risk of the creation of ‘ghost’ records.
employees by the payroll
department which would result in
additional cost for the company
and a reduction in profit.
Hours worked are authorised by Inspect the email sent by the
divisional heads. divisional head for a sample of
There is a reduced risk that hours months and agree to the
employee’s hours recorded on the
are overstated as the divisional
payroll system.
head is more likely to identify
errors or anomalies. This reduces
the risk of incorrect payments
being made which will affect profit.

 

 
The payroll system is password The auditor should use test data
protected with an alphanumerical and enter a ‘dummy’ password
password known only to the payroll into the payroll system to ensure
clerk and finance manager. that access is not granted.
The password is difficult to guess
and therefore will limit the risk of
unauthorised access which could
lead to payroll data being
manipulated. This reduces the risk of
fraud and loss to the company.
Payroll calculations are automatically The auditor should recalculate a
calculated by the standardised sample of employee’s monthly
payroll software. pay from across the year and
There is a reduced risk of human compare to the calculations on
error as the calculations are the payroll report for those
automatically generated using a months.
standardised software package.
This reduces the risk of incorrect
payments being made to employees
which could result in unnecessary
expense for the company or
dissatisfied employees.
The finance manager reviews the For a sample of months, inspect
payroll report and compares to last the payroll reports for evidence
month before the final payroll is of the finance manager’s
processed. signature confirming that the
The comparison of data to the prior review has been performed.
month should highlight any unusual
movements that could be errors
before the payroll is processed. This
reduces the risk of incorrect payments
being made to employees which could
result in unnecessary expense for the
company or dissatisfied employees.
Payslips are sent to the home Ask a sample of employees to
address of each employee. confirm they receive their
This should reduce the risk that monthly payslips via post to
payslips are misplaced or their home address.
manipulated. It would also reduce
the risk of a confidentiality breach.
Payments are sent by bank transfer Inspect the bank statements to
to each employee. identify payments made to a
This will reduce the risk of payments sample of employees on the
being stolen or handed to the wrong payroll report for a selection of
employee which could result in loss months.
for the company.

 

Test your understanding 7

 

(1) C Segregation of duties helps to prevent fraud.
(2) D Enquiry is not the most reliable form of evidence as the
clerk or the manager could say what they think the
auditor wants to hear. Recalculation of payroll by the
auditor is a substantive test and does not confirm the
manager has performed the necessary checks.
(3) A Inspection of employee contracts to confirm salary
details is a substantive procedure.
(4) B The department manager would identify if any fictitious
employees or employees who had left the company
were included on the list and could notify the payroll
department before any invalid payments were made.
(5) A Internal audit can monitor the effectiveness of controls
by regularly testing them. B, C and D are all examples
of control activities that would be tested for
effectiveness.

 

Test your understanding 8

 

  • CThe auditor must ensure the systems documentation held on file is still correct. This can be achieved through a combination of enquiry and walkthrough tests but enquiry alone is not sufficient appropriate evidence.

 

  • BTests of controls are only performed when the auditor is planning to place reliance on those controls. If the auditor has decided that substantive testing is more efficient for a specific balance it is not necessary to test the controls over that area. Reliance cannot be placed on the results of tests of controls performed in previous years as the auditor would need to confirm they had worked effectively in the current year.

 

  • DAn internal control evaluation questionnaire asks the client to respond with the control in place that addresses the risk. Restricted access as given in answer D is a control. This question would be included in an internal control questionnaire rather than an internal control evaluation questionnaire.

 

  • AThe external auditor should not monitor the controls as this requires ongoing involvement in the company on a regular basis. Whilst the external auditor may test the controls and identify deficiencies, this does not constitute monitoring. Management are ultimately responsible for the internal controls including assessing whether they are effective and whether any improvements are required. They may utilise an external consultant or internal audit function to help them fulfil this responsibility.

 

(5)

 

ICQ/ICE Flowchart Narrative
notes
A diagram depicting the controls in ü
place at each stage of a process
A disadvantage of this method may ü
be that controls are overstated
An advantage of this method is that ü
they are easy to prepare in advance
and therefore efficient
For larger systems this method may ü
be time consuming and it may be
difficult to identify missing controls
(Visited 336 times, 1 visits today)
Share this:

Written by 

Leave a Reply

Your email address will not be published. Required fields are marked *