Aud679 - Fa SS - Jul2023
Aud679 - Fa SS - Jul2023
Aud679 - Fa SS - Jul2023
AUD679
JUL 2023
SOLUTIONS SET 1
QUESTION 1(A)
a.
System Application Error
The use of software application in processing transactions will eventually reduce the risk of
human error. However, the risk of system error might increase since the system requires to be
upgraded from time to time due to the expansion of business operations. Too many
changes and flaws in the system program procedures will lead to the issue of reliability of
the software. At the same time risks such as operating system crashes, transmission error or
missing data can occur.
Hardware Failure
Computer hardware such as central processing unit (CPU), monitors, servers, etc. can easily
malfunction if not properly maintained and protected. A proper procedure in handling computer
hardware is important to prevent it from physical damage. Damages could be due to
inappropriate use, sabotage or environmental disasters such as a fire, blackout, flood or an
earthquake.
Computer Crime
Business transactions conducted via the Internet can expose the oganisation’s electronic data
to attacks from hackers, competitors, terrorist groups, previous employees or industrial spies.
These identified parties will attack to look for valuable data or to harm the computer system.
There are unlimited types of computer attacks such as hacking, spamming, spoofing or
sending viruses and worms.
1. Security
To ensure access to the system and its data is restricted to authorised personnel only.
2. Confidentiality
To ensure that sensitive information of an organisation is protected from unathorised access
or disclosure.
3. Privacy
To ensure personal information of any third party such as customers’ addresses, contact
numbers, etc. are treated in accordance with the organisational business policy and protected
from unauthorised access or disclosure.
4. Processing integrity
To ensure business data are processed accurately, completely in a timely manner with proper
authorisation.
5. Availability
To ensure the operating system and its data are available at all times to meet the needs of
business operations.
(Any 3 points with explanation = 3 x 2 = 6 marks)
1
AUD679 – JUL 2023
QUESTION 1 (B)
1. OBJECTIVITY√½
Internal auditors are required to reveal all pertinent information that they are aware of
that, if revealed, may distort the reporting that is being examined√. If the CAE chose
not to report the audit findings, it would be in violation of its commitment to follow a
code of ethics ensuring objectivity. √
2. INTEGRITY√½
Every item of information shared during a meeting is private and can only be disclosed
by a designated individual√. Hafidz lacked integrity in this situation because, after
reading the meeting minutes, he told his friend the meeting's secret information
concerning the demotion of his job in the marketing department√. He is violating the
integrity principle.
3. INTEGRITY √½
Being an experienced internal auditor, Mrs. Sarah is expected to set an example for
her subordinates by following all procedures or standards set by her profession and
the organization where she works. The trust given to her should be exercised diligently
and provide a reasonable judgement on tasks executed√. By expecting that all the
internal auditors in her department know their duties, she is not being fair to her staff,
and this shows that she lacks integrity in making a judgement on the staff assignment.
√. She is violating integrity principle.
4. CONFIDENTIALITY√½
Mr. Anwar introduced the use of social media to communicate with one another via
Whatsapp Application group which he created for each team to speed up reporting
processes√ However, he did not limit who are eligible to be allowed to access the
information on matters reported as this later would be misused or leaked by
irresponsible staff for their personal purposes√. He is violating confidentiality principle.
(4 x 2½ mark = 10 marks)
(Total: 20 marks)
QUESTION 2
a. Explain two (2) knowledge and skills that internal auditors should possess.
2
AUD679 – JUL 2023
b. Discuss the responsibilities of the following staff within an internal audit department:
i. Audit Supervisor
The Audit Supervisor is responsible for ensuring that designated audit teams
conduct audits as per planned schedules and man-hours. Duties involve
reviewing working papers, co-ordination and preparing reports. The Audit
Supervisor may come from diverse backgrounds, such as accounting, systems
and information technology, valuation, engineering and others; they can be
assigned to various financial and operational activities.
c. Discuss any five (5) recommended practices that could help internal auditors to reduce
the likelihood of conflicts.
1. Internal auditors need to develop trust. This can be done by showing a genuine
intention in assisting to improve the organisation, thus ensuring co-operation.
2. Internal auditors have to be salespersons. This is true when they want to sell their
“product”, that is, recommendations for audit findings. They cannot assume that
everyone will immediately react positively to the submission of their
recommendations. Internal auditors should be able to explain the problems or issues
to auditees, instead of identifying problem and telling the auditees how to fix them.
3. Help the auditees to understand the audit objectives. When the auditees know the
objectives and the information needed, conflict can be avoided.
4. Internal auditors should be objective and factual about their findings. Different words
or phrases can affect the auditees’ value judgment. Hence, allowing the auditees to
review the findings and suggesting changes, before submission to the Board of
Directors or management, can reduce the possibility of conflicts.
5. Consider the positive aspects of the conflict because some of these conflicts may
help an organisation move towards its objectives. Some negative conflicts could
have positive effects on the audit process, for example, conducting a formal interview
with top management might be resented but could be considered a valuable
gathering technique for internal auditor.
7. Internal auditors should try to appreciate and anticipate all potential sources of
conflict and consider all possible solutions to the conflicts prior to any negotiation
3
AUD679 – JUL 2023
with auditees. Listening to what the auditees have to say is a crucial part of the whole
process of negotiations.
8. Seek support from high-level management especially the Audit Committee. Internal
auditors should be able to segregate personal differences in opinion from critical
control issues or ethical questions that the Audit Committee should be informed
about. This is to ensure effective operation of the audit function.
9. Internal auditors should not feel guilty or be made responsible for situations having
negative consequences as a result of the audit findings, such as auditees’
termination, relocation or mental ailments or conditions.
QUESTION 3
A.
1. Understand the relevant industry and the organization’s objectives
2. Consider the international professional practices framework (IPPF)
3. Understand Stakeholders expectations
4. Update the Internal Audit Vision & Mission
5. Define the critical success factors
(any 3 answers with explanations x 2= 6 marks)
Reliability: refers to the accuracy and objectivity of the information and depends on the
information provider. Information from third party (confirmation) is more reliable than
the one provided by the auditee.
(2 marks each x 2= 6 marks)
ii. Propose the activities of the Information Gathering Process based on the audit
procedures on Sales & Account Receivable Cycle
4
AUD679 – JUL 2023
(8 / X 1 mark = 8 marks)
(Total : 20 marks)
QUESTION 4
Criteria
The description of the processes should identify who is responsible for each of the
tasks from receiving goods/items for the store and the task in issuing the store items.
Hence, assist to identify the person who’s responsible for any irregularities.
Conditions
In identifying the slackness during observation, it is good to have a specific amount of
percentage of deviation from the established norms. For example, in the above
observation, instead of mentioning….” most of the figures on the receipts…It should be
reported as…. 30 or 20% items receipts…
Cause
No Flaw
Effect
The inaccuracy of the Store Ledger should be stated and compared with another
acceptable standard such as the Store management provision or the standard used by
the industry.
Recommendations
The comment on the job and staff is too general. The more appropriate recommendation
should be… A specific qualified person/staff to be assigned to each of the processes.
[(Marking: ½ mark for the heading points + 1 ½ mark for explanation) x3 =6 marks.]
• To discuss matters on weaknesses of the system and the risk areas discovered.
• The representative from the Auditee to state their view of Internal Audit concern
on Observations and to provide answer to further questions
5
AUD679 – JUL 2023
• The need to discuss and ask management for significant and material issues.
- Assign the person (1/2 marks) to verify the goods received received by a person to
avoid missing stock (1 1/2 marks).
- Specify the job description of the staff (1/2 marks) to identify the staff handling the
inventory store ledger to avoid any mistakes (1 1/2 marks).
- Regular monitoring of the store ledger card (1/2 marks) to ensure the information is
up to date in order to reflect the stock movement (1 1/2 marks)
- Giving regular training to the staff handling the warehouse (1/2 marks) in order to
ensure all the standard and management provisions fulfilled (1 1/2 marks)
- Assign the supervisor for each process (1/2 marks) to monitor the movement of the
stock and track the availability of stock (1 1/2 marks)
- Frequent revise on the store management provision (1/2 marks) with the update
standard or policies to ensure all the provisions are followed by the company (1 1/2
marks)
- (any possible answer related to the Q4(a))
[Markings ( ½ Mark-Main Points +1 ½ Explanation) x3 = 6 marks]
(Total : 20 marks)
QUESTION 5
a.
i. Theft of raw material (√1 mark). The stocks are missing from the warehouse after the
process of authorization took place (√1 mark).
ii. Breach of confidential information (√1 mark). The part time staff leak the information to
the competitors (√1 mark).
iii. False claims (√1 mark). The evidence is that the manager submits the false claims (√1
mark).
iv. Stock theft (√1 mark). The staff took the goods unrecorded from the shop (√1 mark).
b.
- There is no verification on the stock received (√1 mark) because their manager
can easily signed the documents without checking (√1 mark)
- The confidential documents are not properly kept (√1 mark) because part time
worker must know the secrecy of the document (√1 mark)
- There is no verification on claim form (√1 mark) because the research lab
manager can submit claim with the approval from the upper management (√1
mark)
- There is continuous check on the products (√1 mark) to avoid any stolen
inventory (√1 mark)
- There is no monitoring of the stock received from the suppliers (√1 mark), the
managers signed the paper (√1 mark)
6
AUD679 – JUL 2023
- there is lacking monitoring on the safety of confidential files (√1 mark). There is
tendency of the part time to duplicate the file (√1 mark)
- the supporting documents did not attach with the claim form (√1 mark), there is
possibility false claim (√1 mark)
- absent monitoring on the movement of the products (√1 mark), it may affect the
sales of the company (√1 mark).
(any acceptable answer with explanation)
(award 1 mark if there is no explanation)
(Any 3-point X 2 mark = 6 marks)
c.
- stringent standard operating procedures to handle the stock (√1 mark) to avoid
missing inventory (√1 mark)
- establish whistle blower programs (√1 mark) to report any wrongdoing of the
staff (√1 mark)
- regular rotation of the staff (√1 mark) to avoid any staff take for granted their
duty (√1 mark)
- details verification by the staff (√1 mark) to avoid any false claim (√1 mark)
- install cctv for the movement of the products (√1 mark) to verify the existing of
the products (√1 mark)
- provide clear restriction for the part time staff (√1 mark) to avoid the confidential
of the information leak to competitors (√1 mark)
- imposed the letter of confidentiality on any information deal within the
organisation (√1 mark) to take action over the staff who violate the principles
(√1 mark).