Auditing Study Notes Chapter 11 Understanding of Controls and Control

Risk Assessment

CHAPTER ELEVEN
UNDERSTANDING OF INTERNAL
CONTORL AND CONTROL
RISK ASSESSMENT
ICAP'S STUDY TEXT
LO # LEARNING OBJCTIVE
REFERENCE*
UNDERSTANDING AND TESTING OF INTERNAL
PART A CONTROLS
LO 1 DEFINITION AND LIMITATIONS OF INTERNAL
CONTROL 5.1.2, 5.3.1
5.2.1, 5.2.3,
LO 2 OBTAINING UNDERSTANDING OF INTERNAL 5.2.4,
CONTROL 5.2.5, 5.2.6, 5.2.9
LO 3 7.2.1, 7.2.2, 7.2.3,
CONTROLS OVER THE SALES SYSTEM 7.2.4
LO 4 7.3.1, 7.3.2, 7.3.3,
CONTROLS OVER THE PURCHASES SYSTEM 7.3.4
LO 5 7.4.1, 7.4.2, 7.4.3,
CONTROLS OVER THE PAYROLL SYSTEM 7.4.4, 7.4.5, 7.4.6
LO 6
CONTROLS OVER BANK AND CASH SYSTEM 7.5.1, 7.5.2, 7.5.3
CONTROLS OVER INVENTORY AND NON-
LO 7 CURRENT
7.6.1, 7.6.2
ASSETS SYSTEM
PART B DOCUMENTATION OF UNDERSTANDING OF ENTITY AND INTERNAL
CONTROL
LO 8
METHODS OF DOCUMENTATION OF A SYSTEM 6.1.1, 6.1.2, 6.1.3
LO 9
DIFFERENCE BETWEEN ICQ AND ICEQ 6.1.3
LO 10 CHECKING THE ACCURACY OF PREVIOUS
YEARS ICQ 6.1.3
PART C ADDITIONAL CONCEPTS
LO 11
MANAGEMENT LETTER AND ITS CONTENTS 5.4.3
LO 12
AUDIT CORRESPONDENCE N/A
*Explan
at on of Ref rence:
First digit in Study Texts Reference represents chapter number, second and third
digits represents
section and sub- section number. Contents in brackets (if any) represent part of the
sub-section

which is covered by the learning objective.

1
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

Coverage fromQuestion Bank:

After completion ofthischapter, you will be able

to attempt following questions in ICAP's Question Bank:

Question # in ICAPs Question Bank

Type of Question
Question # in ICAPs
Question Type of
Bank Question

2
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

PART A UNDERSTANDING OF INTERNAL CONTROL

LO 1: DEFINITION AND LIMITATIONS OF INTERNAL CONTROL:

Definition f I ternal Control:
Internal Control means policies and procedures designed, implemented and
operated by
management and TCWG to provide reasonable assurance about achievement of
entitys objectives
with regard to:
Effectiveness and efficiency of its operations
Compliance with applicable laws and regulations
Reliability of the entitys financial reporting
Limittio sf Intrnal Control:
Internal Control system isnever perfect. It cannot provide absolute
assurance about achievement of objectives because of Inherent Limitations of Internal Control i.e.
i. Breakdowns caused by human
errors ii. Management override of
controls.
iii. Segregation of duties in smaller entities not possible.
iv. Collusion i.e. internal control is circumvented intentionally through collusion
among more than one person.
v. Cost-benefit trade off may not justify a control
vi. Often non-routine transactions are not subject to internal control.
vii. Often Judgments are involved in risk assessment, and implementation of

control which can be faulty

State the responsibilities of external

(04
CONCEPT REVIEW marks) (CA Inter
auditors anddirectors inrel -Spring 2001)
QUESTION
ation tothe design and operation
of internal control systems. (06 marks)
(ICAEW - 2006 December)

Describe some inherent limitations of Internal Controls.

LO2:OBTAINING UNDERSTANDING OFINTERNAL CONTROL

Auditor isrequired toobtainunderstanding ofinternal co

:
ntrolof entity. This understanding shall cover following elements:

Control Environment:
Auditor shall
evaluate whether entity has a strong control environment.
Control environment includes attitude, awareness and actions of TCWG and
management regarding
entitys internal control and its importance in the entity.
Inevaluating the control environment, auditor considers the following matters:
Audit committee and board of directors have significant influence in the
organization and
actively participate in business.
Management actions and attitudes show character, integrity, and ethics.

Management is committed towards Competence.

3
 Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment


No tolerance over code of conduct (e.g. petty theft)
Management's operating style and philosophy is not aggressive towards
financial reporting.
Organizational structure is appropriate according to business.
Management assigns authority and responsibility appropriately.
Human resource policies emphasize on strong control environment.
Information SystemRelevant
Relevant Information system

toFinancial Statements:
means processes bywhich entity obtains, process and records transactions

to prepare financial statements e.g. Sales System, Purchases System.

Auditor should consider following aspects of information system:

Entitys principal business transactions.

How information system captures and records these transactions (including
process to
prepare financial statements).
Related accounting records in support of transactions.

Whether IT system is implemented.

Enti ys Risk
Assess ent Process:
Auditor shall evaluate whether entity has a good Risk Assessment Process. It means
process to
identify, assess manage business risks. Identifying risk means recognizing
and existence of risk.
Assessing risk means deciding whether risk is significant or not. Managing risk means
designing
and operating internal controls to minimize the risk.

Riskcan arise or change due to following circumstances:

changes in the entitys operating environment
new personnel
new or revamped information systems
rapid
growth
new technology
new business models, products or activities
corporate restructurings
expanded foreign operations

new accounting pronouncements.

Activities Relevant to
Audit:
Controlactivities are the policies and procedures (other than control environment) to
ensure that
entitys objectives are achieved. Their objective is to stop errors from occurring in the
first place
(called Preventive Controls), identify errors which have occurred (called Detective
Controls) and
correct errors which have been detected (called Corrective Controls). Control activities
could be
Manual or IT/Automated/Programmed.
In
evaluating
the control activates in an area, auditor considers the following
categories:
Authorization Controls (All significant transactions should be
authorised/approved by an
appropriate level of management.)
Physical Controls (These are controls to prevent unauthorized access to tangible
assets and
computer programs/data files)
Segregation of duties (It means assigning responsibilities of authorising
transactions,
recording transactions and custody of assets to different people. Thereby,
error/fraud by a

single person is detected by other persons).

4
 Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment
Controls over Information Processing (These are used to check accuracy,
completeness and
authorization of transactions.)
Reconciliations (These include comparing data from one source with data
from other
source to confirm accuracy and completeness of data e.g. bank reconciliation,
inventory
reconciliation, debtors reconciliation etc.)
Performance Reviews/ Management Controls (These are reviews/analysis
of actual
performance against budget, forecasts and prior period. These are usually
performed by
management to supervise subordinates.)
Monitoringof control is a process to evaluate the internal control. It includes evaluation of whether of
Consystrols:
internal control em is operating effectively and, if necessary, taking necessary
remedial actions.

CONCEPT REVIEW QUESTION

International Standards on Auditing require anauditor toevaluate thecontrol
environment and assess its effectiveness. State the factors that the auditor should consider in evaluating the
control environment. (04 marks)
(CA Inter - Autumn 2015)

Briefly explain the components of internal control as referred to in the International Standards on
Auditing. (09 marks)

(CA Inter - Spring

2010)

LO3: THE SALES SYSTEM

There should besegregation

OBJECTIVES, ACTIVITIES
ofdutiesbetween Sales

AND TESTS OFCONTROLS :

Order (toprepare salesorder), Despatch Department (to despatch goods and

prepare GRN), Invoicing Department (to prepare invoice) and Accounts Department (to post invoices
into Sales Journal & Ledgers).
Order Department

Control
Objectives Control Activities Tests of Controls

Orders are approved only when customer has

authorized credit limit and order is within credit limit

between person who processes the duties exist between person who
sale processes the
order and person who approves sales order and person who approves
credit credit
limit. limit.
signature/initial of appropriate authority
authorized credit limit for every as
customer. evidence of approval of credit limits.
Order department should check credit outstanding balance with their credit
limit limits.
before approving order and order -Use "Test Data" to check that an order
should over
authorized limit is rejected (if IT system is
be rejected if it exceeds credit limit. used).
limit before approving order and Auditor should observe whether
order inventory
only when inventory should be rejected if inventory is balance is checked before approving sales
is not order.
available available.

set rate list and discount policy for authorized rate list approved by
every appropriate
Orders are approved product. authority (e.g. CFO/BOD).
on the basis of Order department should approve
authorized Rates and sales with authorized rate list and discounts.
Discounts. order only at authorized rates and -Use "Test Data" to check that an order at
unauthorized rate or discount is rejected
discounts. (if IT
system is used).

5
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

recorde Auditor should observe whether oral

d (regarding sales
quantit orders are
y, item and Sales orders should be in writing. accepted.
customer
details)

customer Sales orders should be sequentially

s are pre- sales orders.
processed. No order numbered -Use test data to check that a sales order
is . is
processed allocated next number in the
twice. sequence.

Despatch
Department

Control
Control Objectives Activities Tests of Controls

sale Sequential GDNs

for all s orders. ly prenumbered are
ar GDNs. If there is any non-sequential
-Goods e not prepared and are matched with numbering
despatch twice sequentially prenumbered Sales of GDN, it should be investigated to
ed , for Orders. explain
the same sales
order. reason.

Goods are orders before despatch . A GDN should process to assess

despatched be -Observe the whether
with right good despatched as per sales order
specification accordingly prepared and signed by s are and
authorize
to right customer d member of despatch GDN is prepared as per goods despatched.
departme
nt.

acknowledge receipt return it as acknowledgement signature of customer as

of should of acknowledgement of
receip
goods. t. receipt.

Invoicing/Billing Department

Control
Control Objectives Activities Tests of Controls

-inspect numerical sequence of sales

Invoice is prepared are prepared and are matched with invoices.
for sequentially prenumbered GDN.
all goods between person who despatches goods between person despatching goods and
despatched and person
person who prepares sales invoices. preparing sales invoices.

and authorized Sales Order (to be used whether it includes reference to relevant
in GDN
Invoice preparing sales
s are correctly invoices) and authorized Sales Order.
prepare
d (using
correct quantity,
price independent person.
and -Alternatively, there should be strong and inspect evidence for rechecking of
discount) IT accuracy.
-Auditor should test controls over IT
controls over accuracy of invoices, if IT system to
ensure accuracy of invoices, if IT system is
system is used. used.

authorize Selec sample of credit notes and inspect

d staff member. t for
customers, there -Credit note should be numeric sequenc authorization and
must sequentially al e, cross
be an authorized prenumbered and should contain reference to relevant sales
credit reference invoice.
of relevant sales
note. invoice.

6
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

Accounting Department

Control Objectives Control Activities Tests of Controls

credit-Sales
of source documents should be and inspect whether Transaction Counts
invoicesnotes) (andare compared and
correctl Control Totals of source documents have
y and with recorded transactions. been
completely recorded
in performed on recorded transactions.
Sales Journal. monthly and exceptions are followed customers and inspect evidence of
-Sales invoices (and up. its
credit notes) are preparation, review and follow-up of exceptions.

correctl poste -Debtors' Control Account and Sales between Debtors' Control Account and
y d in Ledger Sales
relevan Ledger; and inspect evidence of its
t customers' are reconciled monthly. preparation,
account
. review and follow-up of exceptions.

inspect evidence of its preparation, review

Bad debts are written and followed up. and
off only
when follow-up.
inspect approval for write-off by
authorized. appropriate
approval for write-off of receivables. authority.

promptl in books of and posted in accounts daily. Daybook and compare date of recording
y
State internal control procedures in respect of the following with
account date of GDN.
s.
functions: - Dispatches and invoice preparation for sales

Being the auditor of M/s. XYZ Limited,

CONCEPT
describe tothe

REVIEW QUESTION
management about the necessary internal control that should be in place to strengthen the sales

system of the company over the receipt, processing and recording of orders. (07 marks)

(ICMAP - 2015
August)

(05
marks) (CA Inter
-Autumn 2004)

LO4: THE PURCHASES SYSTEM

There should besegregation ofduties

OBJECTIVES, ACTIVITIES AND TESTSOF CONTROLS :

betweenPurchase Order Department, Despatch Department, Invoicing Department and

Accounts Department.

Order Department

Control Control Activities Tests of Controls

 Objectives

All Purchase Orders must be properly authorized

 Purchase Orders should be -Use test data to check that a purchase
sequentially order is
prenumbered. allocated next number in the sequence.

between individuals who make

requisition and individuals who duties exist between the person who
place made
order with supplier. requisition and person placing the order.

by head of purchase inspect for approval by appropriate

7department. authority.
Auditing Study Chapter 11 Understanding of Controls and Control Risk
Notes Assessment

ensure that
-Company should have standard inspect documentation standard
operating procedures to approve operating procedures
a to approve a supplier
supplier and should maintain a list
of operate as intended.
ar approved suppliers. Access rights to controls over master file of
Orders e given to this -Test approved
list should be restricted (in IT suppliers
approved suppliers system). .
-Select a sample of purchase orders,
only. -Purchase Orders should include inspect
"approved supplier reference approved reference number and compare
number" to with
ensure that orders are given only
to list of approved suppliers.
suppliers on approved -Use test data to check orders to
list. unauthorized
suppliers are rejected (in IT
system)

ar -Quotations/Bids should be obtained documentary evidence to

Orders e made at for ensure were
competitive called and order is given to
rates. all purchase orders. lowestquotations.

Receiving Department

Control
Objectives Control Activities Tests of Controls

prepared for every receipt of goods; GRNs. Any break (identified by auditor
and or
matche sequentiall produced by system) should be
against all purchase are d with y investigated to
orders prenumbered Purchase Orders. explain reason.

received should be physically

inspected
Goods receive and checked with purchase ordergoods are cross-checked with purchase
are d in before order
accordan before
ce with valid acceptance. acceptance.
purchase
orders goods by an authorized officer of
receiving department. receiving staff.

Invoicing/Billing
Department

Control
Objectives Control Activities Tests of Controls

processed only if with sequentially prenumbered GRN for evidence that they are matched with
goods and relevant
are received from purchase GRN and Purchase
them. orders. Orders.

checked for accuracy by invoicing department to

(of ensure
quantit correct quantity, rate and invoices and inspect evidence for
y, price and applicable rechecking of
 invoice for
discount) discounts are used by supplier. accuracy.

For purchases returns, which should Sele sample of credit notes and inspect
goods returned to be ct for
sequentially prenumbered and numeric sequence, and cross reference
suppliers, credit must matched al to
be suppliers' credit
taken. with suppliers' credit note when it is note.
received.

8
Auditing Study Chapter 11 Understanding of Controls and Control Risk
Notes Assessment

Accounts Department

Control
Objectives Control Activities Tests of Controls

-Purchase invoices (and debit notes) are correctly

and completely recorded in Purchase Journal.
-Purchase invoices (and debit notes) are correctly
posted in relevant suppliers' account.
 for relevant purchase order # on invoice,
invoices must be checked against and
purchase order, and purchase order signature of individual who checked
# with
should be printed on purchase
invoice . purchase order.
inspect whether Transaction Counts and
Control
Totals" of source documents should Totals of source documents have been
be performed
compared with recorded
transactions. on recorded transactions.
suppliers monthly and exceptions suppliers and inspect evidence of its
are preparation,
followed up. review and follow-up of exceptions.
-Creditors' Control Account and between Creditors' Control Account and
Purchase Purchase
Ledger; and inspect evidence of its
Ledger are reconciled monthly. preparation,

review and follow-up of exceptions.

promptl Purchases Daybook and compare date
y in books of of
account processed and posted in accounts
s. daily. recording with date of GRN.
Sup State t:
A suppliers statement is a printed statement, received at regular
intervals from a supplier (usually each month), showing details of transactions
between the supplier and its customer (purchases, purchase returns and payments)
since the previous statement, and the amount owing as at the date of the
statement.
CONCEPT REVIEW QUESTION
You have been assigned to plan the test of controls in respect of receiving of goods and invoices from
suppliers of
Bhurban Limited.
In this regard, you are required to identify the following:
(a) The related risks

(b) Controls that you expect to see to address the above risks (10 marks)
(c) Audit procedures that you need to perform to test the controls (CA Inter -Spring 2015)
Your senior has asked you to carry out an internal control review of the purchasing department of a
manufacturing
company. What control procedures would you expect in the following functions of the
department: (05 marks)
a) Ordering of goods (05 marks)
b) Receipts of goods (05 marks)

c) Payment for goods (CA Inter -Autumn 2000) (0 4 mar ks)

State FOUR objectives of the internal controls that should be exercised over the purchases and trade
payables system of

Country Co. (CAT - December 2009)

9
 Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

LO 5: THE PAYROLL SYSTEM OBJECTIVES, ACTIVITIES AND TESTS OF

CONTROLS:

Calculation of Gross Wages and Salaries

Control
Objectives Control Activities Tests of Controls
-New resigned should check
Payroll is calculated only for real employees. (i.e. no employeesdocum

employe be promptly entation. for

payment to former or phantom employee) authorization of new
es in communicated to
-Select a sample of
payroll Payroll leavers during the

should Department. year and check that

they do not exist on
be
payroll after the
authoriz month they left.
ed by -Select a sample of
workers from
HRD.
payroll sheet and
-Employe
check whether they
es who are physically
present.
 prenumbered "Time Sheets" for signature/initial of supervisor as evidence
each of
Wages are employee working on hourly based;
calculated and approval of hours worked.
only for work done by should authorize all time sheets.

employees. (i.e. no
overtime if monitored so that a worker cannot clock-in
employees maintained and monitored. for
did not work) multiple workers.
and inspect that they are properly
calculated and
approved by appropriate authority. authorized.

use Authorized Time Sheet and inspect that hours worked and rates of
Approved pay are in
accordance with Time-sheet and approved
Rates of Pay. rates.
payroll expense is not excessive, and signature/initial of appropriate authority
Payroll should be should as
calculated correctly. approve payroll sheet. evidence of approval of payroll.
generated for wages beyond pre-set
limits.
should be produced for wages beyond -Inspect exception reports (of salaries &
pre- wages
set limits, and it should be followed up beyond pre-set limits) as evidence
by of
an independent person. preparation and follow-up.
be ed -Voluntary (e.g. pension contributions)
-Statutoryfrompay
calc Calculation
correctly of tax and
deduction other
should deductions
be authorized by
ulat . s from pay employee.
deductions (e.g.Tax) should
Control Objectives Control Activities Tests of Controls
 ensure that tax deduction is correctly
-Payroll procedures should provide made.
deduction of tax using up-to-date -Use Test- data for calculation of tax and
rates of compare
results with independently calculated
tax. amount (if
IT system is used).
authorized by employee in writing; written consent of employee
and this regarding
consent should be kept in file of
employee. voluntary deductions and their amounts.
of total deductions is reasonable, signature/initial of authority
and appropriate as

evidence of approval of
should approve it. deductions.
10
 Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

Payment of wages and salaries

Control Tests of
Objectives Control Activities Controls

prepare and authorized by -Inspect cheque and bank transfer list

d appropriate for
The correct amounts authority authorization
of . evidence of .
net pay should be -Cheque and bank transfer list should -Inspect documentary evidence for
paid be comparison
compared with payroll to ensure of list with
to employees. correct payroll.
amount is paid.

deductio Auditor should inspect whether

ns is paid to formal
appropriat There should be formal procedures procedures and timetable for payment
the e and of
authority (for deductions are being
example, timetable for payment of deductions. followed.
the tax authority).

between person who prepares payroll duties exist between the person who
Wages are paid only and prepares
to person who distributes payroll. payroll and person who distributes payroll.
whether identification of employee if
genuine employee. confirmed
of employee before making payment. before making payment.

Recording wages and salaries payable in the accounts

Control Objectives Control Activities Tests of Controls

accountsPayroll fileingeneralshouldledgerbe. reconciled ledger. Confirm whether discrepancies

Gross pay, deductions with are
and net pay should be followed-up and resolved.

properly and
accurately recorded in
strict deadline. timescale.
payroll has been used to record wages
the accounts. in
record wages in accounts. accounts.
(07
marks) (CA Inter -
Autumn 2015)
CONCEPT
You have been assigned to plan the test of controls in (05
REVIEW QUESTION marks) (CAT -
respect of salariesand wages. In this regard you are required to June 2008)
identify the following:
(04 marks)
(a) Possible control weaknesses in overtime payments (ICMAP - 2014
(b) Principal controls over payment of overtime May )

State FIVE objectives of the internal controls that should be exercised over a wages
system.

Discuss any four (04) audit procedures for M/s. Farooq Enterprise for the test of
control of Payroll.
11
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

LO 6: BANK AND CASH SYSTEM OBJECTIVES, ACTIVITIES AND TESTS OF

CONTROLS:

Cash Receiving

Control
Control Objectives Activities Tests of Controls

Controls over cash received -Observe whether mail-opening process is

through being
Post:
-Process of opening the mail should be monitored.
monitore -Check amount received from
d. customers (as
appearing in listed) with remittance
-A listing should be prepared by advices sent
independent person for all cash by customers (confirming amount
and paid).
cheques received through
Cont rols ov er Cash rec ived a t coun e r:

mail.
-There should be segregation of
duties
Receiving Recordin
between , g and
Reconciliatio
n functions.
-Only a restricted number of -Observe whether segregation of duties
employees exist
should be receiv between receiving, recording and
authorised to e cash. reconciliation.
-Cash should be kept in locked-boxes -Observe whether authority to receive
and in cash is
are
secured a until it is deposited. limited.
sequential prenumbere -Check whether cash is kept in locked
All money received is -Till- Roll (or ly d boxes in
cash- should be used to
recorded. receipts) record secured area.
cash sales; and a copy should be -Check for evidence that till roll totals (or
retained. cash-
-At day end, till roll totals (or cash- receipts totals) are checked against
receipts cash
totals) should be balanced with received by an independent
cash person.
received an independent
, by person.
-Surprise cash counts are conducted
by
persons independent of custodian of cash.
Cont rols ov er Cash r eceived through

donation
(e .g. in ):
-Boxes should be numerically
sequenced.
-Boxes should be appropriately sealed -Inspect a sample of boxes for
so numerical
that opening prior to recording is
apparent. sequence and appropriate sealing.
-There should be process for -Observe the process of collection,
regular opening box
collectio an recording boxe and
n d of cash s. recording.
-Process of opening boxes should
 be
monitore
d.

-Cash should be immediately recorded -Compare amounts and dates of cash

and received
All money received is promptly banked. and cash deposited into bank.
deposit slip, entry in cash book and in
banked. with cash book and deposit bank
slip. statement.

12
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

Cash Payments

Control
Objectives Control Activities Tests of Controls
for
ures
should
-Select a sample of
be paid cheques and
All payments should be properly authorised, made to
required
cheque inspect:
the correct person and are properly recorded bemade (a) supporting
documents are
available and
backedt signing
forcheques
(usu
(b) supporting
hrough documents are duly
cancelled.
ally two
crossby above a certain (c) signatories
are
cheques amount) authorized.
(d) entry into
upportin

gand accounting record,

documen
ts.

oncepaym
bank statements
ent)cheque
. is
prepared
(to avoid and creditors'
duplicate

levels
signat
account.

Cash Control Objectives

Balance
amount of cash are When petty cash is
withdrawn should be equal
Control To avoid or reduce the risk of into Petty
from bank to go to total of petty ca
Control Objectives Activities
petty cash Cash.
being vouchers.
All money held as
Contro ove stolen. book should includ
ls r cheques, notes and of all
petty cash is accounted for. recorded.
To ensure that spending
-New bank accounts should
coins be opened
is properly
only safeguarded
of petty cash is properly
13
in accordance with established
procedures. authorized
 Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

CONCEPT REVIEW QUESTION

(06 marks)

List six key controls over cash sales and cash handling. (CA Inter - Spring 2016) (1 0 mar ks)

Describe and explain the purpose of the internal controls you might expect to see in the sales system at
audit client over
the collection of cash. F8 (ACCA - December 2002)
Discuss any four (04) audit procedures for M/s. Farooq Enterprise for the test of control of Cash
payment.

(04
marks)
(ICMAP - 2014
May)

LO 7: INVENTORY AND NON-CURRENT ASSETS SYSTEM OBJECTIVES,

ACTIVITIES AND TESTS OF CONTROLS:

INVENTORY

Control Objectives Control Activities Tests of Controls

between Ordering, Recording and

-Inventory records Custody
should be accurate
and of inventory. duties exists.

complete. properly maintained. inventory.

recorded in Inventory ledger should inspect correct quantity is entered

All inventory Card and in
should be supported by approved
movements should be GRN. Inventory Ledger Card.
recorded in Inventory ledger Card issues from Inventory Ledger Card and
recorded and and should
should be supported by approved inspect relevant GDN or authorized
authorized. GDN or Inventory
Inventory Requisition. Requisition as supporting evidence.

Inventory is protected against theft and damage.

 restricted (e.g. through locked ware-
house,
CCTV Camera). restrictions.
should be performed using
appropriate
procedures; and physical balance inventory counts are performed, and
should be any
reconciled with book balance, difference between physical balance and
differences book

should be followed up. balance is identified.

Inventory should be correctly

valued at lower of Cost and NRV in

accordance with IAS - 2.

management which should be
compared
with actual cost and variances should determination of standard cost and disposal
be of
appropriately adjusted. variance.
identification of obsolete and slow -Auditor should check that procedures are
moving in
items e.g. aging report of inventory place for identification of obsolete items.
items, Auditor
or separation of damaged inventory
during should monitor these procedures.

stock count.
14
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment
m inventory
balancesmaximu

There
Appropriate levels of inventory should be held at
levels for all mare below
minimum level or
all times.
should

inventory items. abovelevel. -Use

test data to check
be whether exception
report is generated
if inventory balance
maximu is above maximum
level or below
minimum level.
m and -Auditor should
check frequency of
out of stock
minimu
situations.
CONTROLS OVER
INVENTORY COUNT
 Control Objectives Control Activities
2. 3. Count-nt employees of si rmine
Invent teams company. gn accountability.
ory should 4. Count-teams should ed 7. Counted
counti be consist of two members. by inventory
ng independ One should count items, ea should be
Closing balance of sheets ent ofother should record item ch marked/tagged
should warehou quantity. st to indicate that
be pre- se aff it has been
printed departm
5.Clear instructions
m
should be given to all e counted.
with a ent and
inventory must be
descrip should
teams as to which area of m 8. All
tion of be warehouse is to be be inventory
sufficient counted by which team to r sheets
the
ly avoid omission or to should be
goods,
experien duplication of counting of de prenumb
counted correctly. but
ced anditems. ered.
te
permane 6. Count-sheets are 9. Damaged invento ry should be separa tely id enti
fi ed. thequa ntiti esasperthe reco rdsshould not be pre- reco rded.

recorded properl
disposalin accounting y
NON-CURRENT
current system. capitalexpenditures
or 15
ASSETS
properl revenue.
should
y expenditure be properly
and correctly All s are recorded.
Control ObjectivesAll
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment

CONCEPT REVIEW QUESTION

(06 marks)
List six key controls to reduce possibility of misappropriation of (CA Inter - Spring
inventory. 2016)

(04 marks)
State FOUR objectives of the internal controls that should be exercised over non-
current assets. (CAT - June 2005) (1 0 mar ks)

List and explain the reason for the audit procedures used in obtaining evidence in relation to the
inventory count of

inventory held in the shops. F8 (ACCA - December 2005) (1 0 mar ks)

List the internal controls that a small printing company with office equipment, motor vehicles and plant
and machinery
F8 (ACCA - June
should have in place to achieve the objectives described above. 2003)
In
Exam Tips
exam1.Stateifconceptcontrolreviewobjectivesquestionforwholeisset systemfrom Controls,orforaspecificyoumaydepartmentberequire
d. to:

2. State control activities for a specific department (sometimes, you may

also be required to state reason of each control activity. If so, control
objective is reason).
3. State tests of controls for a specific department (sometimes, you may
also be required to state reason of each test of control. If so, control
objective is reason).
4. State risks in each department. If so, not meeting objective is risk.

Remember that Control Activities are performed by management; and Tests of

Controls are performed by auditor. State them accordingly.

PART B DOCUMENTATION OF UNDERSTANDING OF ENTITY

AND
INTERNAL CONTROL

LO8: METHODS OFDOCUMENTATION OF A

There are threemethods
: ofdocumentation of a
SYSTEM
system/internal control system i.e. 1. Narrative Notes
2. Questionnaires
3. Flowcharts

Definition written description of the system;

Narra ive Notes list of questions used to
Questionnaires showing how a system (e.g. sales system)
Flowcharts

they would detail what occurs asses existenc is processed in different steps.
in s about e Lines
the system at each stage effectivenes usually demonstrate the sequence
and and s of of
 would include any controls control events and standard symbols are
which s. used to
operate at each stage. signify controls or documents.
discussions with client are quick to
easily prepare. presented together in one diagram.
Due to the use of standard
Advantages written up as notes.
easily understandab le for al l
As they emphasize on symbols for
contro ls; hence missing contro ls, they are easy to spot as a re any

team members specially for control

junior s or deficiencies missing controls.
team members who find are easily highlighted
other by
the
methods too complex. team.

16
Auditing Study Chapter 11 Understanding of Controls and Control Risk
Notes Assessment

too lengthy and time to overstate the level amend, as any amendments may
consuming. of require
This method can make it
more the controls. the whole flowchart to be redrawn.

Disadvantages difficult
interna l cont rols as the notes
to
identify missing A standard list of questions may miss out
There is still the need for narrative
notes to accompany the flowchart and

unusual controls of hence it can be a time

record the detail but do not client. consuming
identify control weaknesses method.
It can be complex for junior
clearly. team
members.

Auditors are required to document their

CONCEPTREVIEW QUESTION
understanding ofthe clientsinternal controls. There are various
options available for recording the internal control system. Two of these options are narrative notes
and internal control questionnaires.
Required:
Describe the advantages and disadvantages to the auditor of narrative notes and internal control

questionnaires as methods for documenting the system. (06 marks)

F8 (ACCA - June 2011)

LO 9: DIFFERENCE BETWEEN ICQ AND ICEQ:

Internal Control Evaluation

Internal Control Questionnaires Questionnaires
(ICQs) (ICEQs)
existing control is operating effectively
control exists or not. or not.

effectiveness of controls.
assessment procedures (after of controls (after obtaining
obtaining understanding of
understanding of entity). entity and its Internal Control)
CONCEPT REVIEW QUESTION
(1) State THREE methods by which your firm mayrecord theinternal control
system of Palm Co.
(2)Explain how an Internal Control Questionnaire (ICQ) differs in nature and design from an Internal
 (03 marks)
Control Evaluation Questionnaire (ICEQ). (06 marks)
(CAT - June 2007)

LO10:CHECKING THEACCURACY OF PREVIOUS

Following arethenecessary stepsto check theaccurac
YEARS ICQ :
y of the previous years internal control questionnaires.
Review the last years audit file for indications of weaknesses in the system (e.g.
sales
1. Insp ct last years udit
workinginvestigationpapers: system) and
note these for this year.
2.

Inspect current yearssystem documentation of

Obtainsystem documentation from theclient.Review

client:
this to identify any changes since last year.

3. quire :
Interview client staff to ascertain whether systems have changed this

year and to ensure that the internal control questionnaires produced last year
are correct and relevant.
17
Auditing Study Notes Chapter 11 Understanding of Controls and Control
Risk Assessment
Peform walk -through tests.
4.
During walk -through checks, ensure that the controls
documented in the system notes are actually working, for example, verifying that documents
are signed as indicated in the notes.
Explain the steps necessary to check the accuracy of the previous years internal control
questionnaires.
CONCEPT REVIEW QUESTION
(04
marks)
F8 (ACCA - June
2008)

PART C ADDITIONAL CONCEPTS

LO 11: AUDITORS COURSE OF ACTION IF HE IDENTIFIES A WEAKNESS

IN INTERNAL
CONTROL:

Auditors1.Auditorcouseshallof Actionincreaseif riskheidentifiesofmaterial misstatementweakn/deficiency. in

internal control:
2. Auditor may decide not to rely on internal controls, if weaknesses in internal
control are unacceptably high.
3. Auditor should communicate deficiency in internal control to management on
timely basis. 4. If deficiency is significant, auditor shall also communicate it to
those charged with
governance in writing.

and its Contents:

ManagementLetteris a document prepared by auditor to communicate
deficiencies in internal

control to management and those charged with governance.

Management Letter contains following elements:

Description of internal control weakness
Explanation of potential affect of control weakness
Suggestions by auditor on how to remove control weaknesses
Requirement ofListing Regulat ons:
In caseofalisted company, auditors are required to submit

Management Letter to its board of directors within 45 days of the da te of audit report. However,

significant matters shall be

CONCEPT REVIEW QUESTION

communicated to board of directors before approval of audited accounts by directors.
After performing tests of controls, the auditor is of the opinion that audit evidence is not sufficient to
support the audit
(03
opinion; in other words many control errors were found. marks)
Required: Explain THREE actions that the auditor may now take in response to this problem. F8 (ACCA - June 2008)

What is a Management Letter? What is the most appropriate time for issuing a Management Letter?

(05
marks)
(CA Inter -Autumn
2000)
18
 Auditing Study Notes Chapter 11 Understanding of Controls and Control Risk
Assessment

LO 12: AUDIT CORRESPONDENCE:

Type of Letter By To Timing Brief Description

reason because of which engagement
Auditor Acceptance of should
Clearance Letter Auditor audit client not be accepted.

engagement appointment of auditor

Parties outside parties.

responsibility for preparation of
Representation Near the end financial
Managemen statements and for completeness
Letter t Auditor of the audit of
information provided to
auditor.
financial
(or TCWG) the audit statements.

identified weaknesses in internal

control,
risks because
Management After the of weakness in internal
Letter/ Letter of Auditor Management
Audit Report control, and
recommendatio
weakness ns to improve internal
control.

CONCEPT REVIEW
QUESTION (03
(ICAP CA Inte r, Autumn 20 02 )
marks)
State the difference between an Engagement Letter and a Professional
Clearance Letter.
19