Chapter 8 Systems and Controls

Download as pdf or txt
Download as pdf or txt
You are on page 1of 4

CHAPTER 8 SYSTEMS AND CONTROLS

→ The extend of substantive procedures to be performed depends on results auditors assessment of control
risk. 1. If the control risk is low :-
• the auditor can place more reliance on internal controls
• This increases the appropriateness of interim audit testing and less quantity of detailed substantive
procedures can be performed at the final audit.
• The audit strategy and plan will be updated to reflect that fewer substantive procedures can be performed.
2. If control risk is high :-
• Increase the volume of procedures conducted at and after the year end.
• Increase the level of substantive procedures, in particular, test of detail.
• increase the locations included in the audit scope.
• place less reliance on analytical procedures
• place less reliance on written representations from management
• Obtain more evidence from external sources
• Update the audit strategy and plan to reflect the additional testing.
→ Limitations of Internal controls
• Auditor can never eliminate the need for substantive procedures entirely because of inherent limitations:-
- Human error, - Ineffective controls, - Collusion of staff ( staff work together and collude together), -
Management override, Uses of management judgement on the nature and extent of controls it chooses.
→ COMPONENTS OF INTERNAL CONTROL
1. The control environment:- this includes governance and management function of an organisation.
• Focuses largely on the attitude, awareness and actions of those responsible for designing, implementing
And monitoring internal controls.
• Elements of internal control environment.
- How managements responsibility are carried out, demonstrating management’s commitment to the
integrity and ethical values
- How TCWG demonstrate independence from management and exercise oversight of the system.
- How the entity assigns authority and responsibility in pursuit of its objectives.
- How the entity attracts develops and retains competent people(Recruitment , Training , appraisal policies).
- How entity holds individuals accountable for their responsibilities.
• When assessing the control environment the auditor may consider how the management responds to the
findings and recommendations of the internal audit function regarding identified deficiencies.
2. The entity’s risk assessment process
• The auditor must obtain an understanding of entity’s process for identifying business risks, the entity
must then evaluate whether the process is appropriate to the entity’s circumstances taking into
consideration the nature and complexity of the entity.
•Auditor identifies instances where management failed to identify risks of material misstatement,and should
obtain understanding of why the entity’s process failed to identify the risks, consider implications the audit.
3. The entity’s process to monitor the system of internal control
• Clients continual process of evaluating the effectiveness of controls over time and taking necessary
remedial actions.
4. The information system and communication
• Consists of all the activities and policies relevant to financial reporting and communication
5. Control activities
• Control activities are policies (what should or should not be done) and procedures (actions to implement
policies) to achieve the control objectives of management and TCWG.
→ Examples of direct controls
• Sales :- A credit check on a customer reduces the risk of sales being made to a customer who may be unable
to pay thereby reducing the risk of irrecoverable debts. This reduces the risk of misstatement of receivables.
• Purchases :- Purchase requisitions and orders must be approved before being placed with the supplier.
Authorisation ensures the purchase is valid for business use reducing the risk of fraudulent purchases.
→ IT CONTROLS
• IT controls are divided into :- 1. General controls 2. Information processing controls
1. General controls:- support continued proper operation of the IT environment, including the effective
functioning of the information processing controls and the integrity of info in the information system.
2. Information processing controls:- relate to the processing of info in IT applications or manual processes
that directly address risks to the integrity of information. These may be automated ( in applications)/manual.
→ASCERTAINING THE SYSTEM(Procedures to obtain evidence regarding design and implementation of controls)
• Enquiries of Relevant personnel • Observing the application of controls • Tracing a transaction through the
system to understand what happens (walkthrough test) • Inspecting documents (Internal procedure manual)
→ For controls which don’t address a significant risk must be tested by auditor atleast once every third audit.
→DOCUMENTING CLIENTS SYSTEM Auditor must document clients system before evaluating if its adequate.
• Narrative notes:- Written description of a system
• Flowcharts:- diagrammatical representation of the system.
• Internal control Questionnaire (ICQ :-A list of controls given to client and asked whether those controls
are in place(objective type questions yes/no questions)eg.Does the company perform credit check on
customers
• Internal control evaluation Questionnaires (ICEQ) :- The client is asked to describe the controls they have
in place for a given control objective. ( More detailed questions about controls) eg. How does the company
ensured goods are only purchased for Valid business use.
→ TESTING THE SYSTEM
• Test of controls are performed only on those controls that the auditor has determined are suitably designed
to prevent, or detect and correct a material misstatement in a relevant assertion.
• Methods of control testing include :- 1. Observation of control activities 2. Inspection of Documents 3.
Using test data to ensure programmed controls are working effectively.
→ COMMUNICATING CONTROL DEFICIENCES ( IAS 265) (Communicated in management letter/report to
management usually sent at the end of audit process).
• Communicate any deficiencies that are of sufficient importance to merit management’s attention to
management • Communicate significant deficiencies to the TCWG ).
→ Deficiencies occur when:-
• A control is designed, Implemented or operated in that it unable to prevent or detect or correct a
misstatements in the FS on a timely basis
• A control necessary to prevent, detect and correct a misstatement in the FS on a timely basis is missing.
→ When the auditor reports deficiencies :- 1. The report is not a comprehensive list of deficiencies, but only
those that have come to light during the normal audit procedures. 2. The report is for the sole use of the
company 3. No disclosure should be made to third parties w/o Written agreement of the auditor 4. No
responsibility is assumed to any other parties. ( If asked for a covering letter this should be included in it )
→ TEST YOU UNDERSTANDING 1 ( Murray co sales cycle)
Direct Controls Test of control
→ Format of how to answer :- 1. • Inspect a sample of customer files to ensure a credit
1.i. Identify the control:- Credit checks are performed check has been performed.
and credit limits are set. •Inspect the customers account withing the system to
ii. Benefit of having the control :- Sales are only made endure credit limits have been put in place.
to customers that are likely to make a full and prompt
payment, reducing the risk of irrecoverable debts.
iii. Consequence if the control would be missing:-
Irrecoverable debts will reduce profit and cash inflow
and if not written off will result in overstatement of
receivables.(point optional).
2.• A second member of the warehouse team checks 2. • Visit the warehouse and observe the goods despatch
the goods packed, signing the GDN to evidence the process to assess whether all goods are double checked
check : Segregation of duties. against the GDN prior to signing and despatch.
• Segregation of duties reduces the risk of fraud or theft • Inspect the GDN for evidence of the signature to confirm
which results in loss for company and potential the physical goods have been checked to the GDN and the
misstatements in accounting records. GDN against the order prior to despatch.

3. • Customers sign the GDN and return it to murray 3. • Inspect a sample of GDNs retained by the warehouse
co : this helps to minimize disputes as proof of delivery to ensure they are signed by the customers to confirm
and acceptance of goods is obtained. receipt of goods and to confirm they are retained in the
• Disputes with customers may result in overstatement warehouse in case of disputes.
of receivables and loss of customer goodwill.

4. • The invoice is raised from the GDN: This ensures 4. • Inspect the GDNs for evidence of being matched to
the invoice related to the actual quantity of goods invoices. Agree the details on both to ensure control has
despatched rather than the order which may be been effective.
different
• This reduces the risk of customers being invoiced
incorrectly which would result is misstatement of
revenue and receivables. This could cause customer
dissatisfaction and a loss of customer goodwill

5. • Sales invoices are prepared using the company 5. • Inspect the price list for approval by the directors.
price list : this ensures customers are invoiced • Obtain a copy of the current price list and match a
correctly. sample of invoices to agree correct prices have been used.
• Incorrect invoicing will lead to misstatement of • Agree the prices in the system to approved price list
revenue and receivables. This could also cause • Enquire of management who has authority to amend the
customer dissatisfaction and a loss of customer standing data such as prices in the system to ensure only
goodwill. persons having the authority have access.
• Try to input a change to the prices in the system using a
user ID of a clerk to ensure that the system does not allow
access to this standing data.

6. • Discounts must be requested by a sales manager 6. • With the clients permission, attempt to process an
and authorised by sales director: Segregation of duties invoice with a sales discount not authorised by the sales
and Authorisation. director. The system should reject the
• This reduces the risk of fraud and unauthorised invoice.
discounts which will result in loss of revenue for the • Inspect sales orders with discounts given for evidence of
company and possible misstatement within the the sales director's signature
accounting records. authorising the discount.

7. • Review of the receivables ledger for credit 7. • Inspect the receivables ledger for evidence of monthly
balances: identifies possible overpayments or errors review for credit balances such as a
within the receivables ledger. manager's signature.
• Errors in the accounting records can be
promptly corrected.

8. • Monthly customer statements sent to customers: 8. • For a sample of customers, inspect copies of monthly
reminds customers of the invoices they need to pay and statements sent out to confirm statements
enables them to identify errors in invoices which can be are in fact issued.
notified to Murray Co.
• This can reduce the risk of irrecoverable debts.
Irrecoverable debts will reduce profit and cash
inflows and if not written off will result in
overstatement of receivables.

9. • Receipts are counted by the office assistant, 9. • Observe the cash receipt process to assess the
recorded by the cashier, and the sales ledger clerk adequacy of segregation of duties.
agrees the amount received to the amount invoiced:
segregation of duties.
• Segregation of duties reduces the risk of fraud which
could cause misstatement in the accounting
records and loss for the company.

Control Deficiency Recommendation


→ Format of how to answer:- 1. • Credit checks should be performed annually to
1. i.Identify the deficiency:- Credit checks are only ensure the credit limit originally given to the customer
reperformed if a customer requests a increase in credit is still appropriate.
limit . • If the credit status has changed, the credit limit
ii. Explain the deficiency:- A customers credit rating should be revised.
may be deteriorated but Murray co will not know and
continue to give the same level of credit.
iii. Consequence:- This will increase the risk of
irrecoverable debts, affecting profit and cash flow.
Irrecoverable debts may result in possible
overstatement of receivables.
2. • Credit limits are checked after the order has been 2. • Credit limit should be checked before the order is
accepted. confirmed to ensure the customer has sufficient credit.
• The customer may not have sufficient credit which
may result in irrecoverable debts and a reduction to
profit. Irrecoverable debts may result in overstatement
of receivables.

3. • Sales invoices are not sequentially numbered. 3. • Sales invoices should be sequentially numbered
• Goods may not have been invoiced which will result in and a sequence check should be performed by the
lost revenue and profit for the Company. accounts department on a daily/weekly basis.
• The company will not be able to identify if any • Any breaks in the sequence should be
invoices are missing resulting in understatement of investigated.
revenue.

4. • No review is performed to ensure all goods have 4. • A review should be performed to ensure that every
been invoiced. GDN has a matching invoice to ensure all
• Goods may not have been invoiced which will result in goods have been invoiced.
understatement of revenue.

5. • The receivables ledger is only reconciled when the 5. • The receivables ledger should be reconciled to the
sales manager has time. control account on a monthly basis.
• Errors may exist within the receivables accounting • The reconciliations should be reviewed by a different,
records which will not be identified and responsible official to ensure the
resolved on a timely basis. reconciliation has been performed properly.
6. • The credit controller only follows up on balances 6. • Credit control procedures should be followed to
which are six months overdue. ensure full and prompt payment by customers,
• This increases the risk of irrecoverable debts which e.g. a telephone call to the customer
will reduce profit and cash inflows. Irrecoverable debts followed by a letter.
may result in overstatement of receivables.

You might also like