QUESTION 1

A)

General controls- are those which establish an overall framework of control for a computerised
environment at large. These are controls which should be in place before any initiating recording,
processing or reporting of transactions takes place.

Application controls- an application control is therefore any control within an application that helps
to the exact and full recording and processing of actual and authorised transactions (valid, accurate,
and complete information).

B)

Perform frequent checks of the computer room to ensure that all equipment is operational and that
no possible risks, such as open windows, exist.

Strengthen the rules for computer club members the entity must guarantee that computer club
members use the computer room only for viable operations and within the entity's operational
hours.

Establish a procedure for reporting and fixing any damage or malfunction of computer equipment
immediately to the people that can remedy the malfunction or damage, so as to ascertain that issues
are dealt with as swiftly as possible in order to curb down time and the loss of data.

Improve physical security measures, like in this example, laptops being destroyed due to heavy rain
flowing through an open window may have been avoided if window window locks and sensors
alerted individuals that they hadn't been locked.

Limit entree to the computer room to authorised personnel only the company may implement
security measure to allow entry exclusively to relevant personnel by making use of key cards and
finger print or retinal scans for said personnel.
 QUESTION 2
A)

1. Examine the whole file for missing fields or duplicated item numbers, such as missing item
number, description, location, and selling price.

2. Sort the file by category and sum up the value fields by category to see if a specific category
accounts for the majority of the inventory value. This will give the auditor a better notion of where to
focus the inventory audit.

3. Sort the file by location, then add up the value and quantity fields to help with inventory count
attendance planning.

4. Retrieve a list of products that have negative quantities, values, or unit charges (NB a negative x a
negative equal a positive - as shown in INV007).

5. Get a list of inventory items when the quantity field is zero (0) but the last buy date is after the
final selling date.

6. Recalculate the amount x unit cost and compare the result to the field to discover any
discrepancies with the client's file.

7. Contrast the unit cost field to the selling price field to discover situations when the cost exceeds
the selling price, as in INV002, where the cost is N$1 300 and the selling price is N$1 150.

8. Obtain a list of things where the date of last sale is more than 9 months ago but the date of last
buy is less than 3 months ago, and investigate why the order was placed, for example, was it because
goods in inventory are damaged?

9. To aid in identifying non-saleable inventory/inventory that should be written down, extract a

listing of products where the date of last sale is (say) more than 9 months (and the purchase date is
likewise more than 9 months) previous to the masterfile date.

10. Extract a list of products whose last sale or last purchase date is after the inventory masterfile
date.

11. Take a random sample of objects to be tallied during the inventory count (after summarising by
location, amount, and value).

12. Cast the value field to get the entire value of inventory to compare to the amount in the trial
balance.
B)

Auditing around the computer- this method considers the computer system and software to be a
black box and relies on a study and comparison of input and output documents. The logic behind this
method is that if the source documents are valid, accurate, and complete, and the output produced
by the computer system as a result of processing these source documents is right, then the computer
system's processing functions are correct. The way in which these processing operations are carried
out is seen to be unimportant. This method is based on the assumption that the computer-generated
output can be traced back and compared to the input.

Auditing through the computer- This method focuses on evaluating the computer system and the
controls that are incorporated into it. Simply put, this is accomplished by the auditor passing
transactions (test data) through the system, some of which will contain mistakes that the system's
programme controls should identify. In this manner, the auditor verifies whether controls are
functioning as intended; for example, if a transaction that the auditor knows is erroneous is picked
up by the system, the auditor has some proof that the system is functioning (and vice versa). Thus,
computer auditing is largely a "test of controls" method.

Auditing with the computer- There are two elements to computer-assisted auditing. The first is
utilising the computer to aid in the conduct of audit processes (mostly substantive testing). Second,
the computer is used to generate electronic/automated workpapers, audit programmes, and
financial statements. utilising this technique for substantive testing entails acquiring access to a
client's files and utilising audit software (programmes that assist the auditor in doing his job) to
rapidly and thoroughly read, sort, compare, and evaluate data on the file. The goal behind utilising a
computer to automate the audit is to make it more effective and efficient by utilising the computer's
capability.

C)

Separation of Duties:

Control: The division of tasks ensures that different persons are in charge of creating, updating, and
deleting employee master file data.

Testing: To put this control to the test, examine the access logs and documentation to check that the
payroll supervisor is in charge of creating and maintaining employee master files, while the payroll
manager authorises and monitors changes.

Approval procedure for Masterfile changes:

Control: The payroll manager must authorise any modifications made to the employee master files.

Testing: To put this control to the test, look at a sample of employee master file changes and make
sure that each one has valid permission papers or an electronic approval trail from the payroll
manager.

Payroll calculation exactness and completeness:

Control: Gross wages, deductions, and net wages are computed by the automated payroll processing
system.
Testing: To put this to the test, select a random sample of payroll employees and manually compute
their gross earnings, deductions, and net wages. Compare your calculations to the system-generated
results to identify any discrepancies.

Payroll manager access control

Control: view restrictions ensure that only authorised personnel, in this case, the payroll manager,
may view and assess the list of wages.

Testing: to test this control, examine the system's access logs to check that the salary list was only
accessed using the Payroll manager's unique login and password.

Procedure for termination:

Control: To prevent unauthorised access to essential information, employee master files are deleted
upon termination.

Testing: To put this control to the test, browse through a sample of employee terminations and make
sure that their master files were correctly destroyed or archived to restrict access.

Payroll reconciliation:

Control: Regular reconciliations between payroll records and accounting records are performed to
ensure accuracy.

Testing: Examine payroll reconciliations from the preceding few months to ensure that they were
performed appropriately and that any anomalies were addressed and managed.

Payroll validation:

Control: The payroll manager reviews the payroll list for reasonableness before authorising
payments.

Testing: To put this control to the test, choose a sample of employees and review the payroll
computations for accuracy. Ensure that compensation and deductions are consistent with
employment contracts and rules.

Payment timeliness:

Control: Payroll is handled at the end of each month, and employees are paid on time.

Testing: To ensure that employees are paid on time, compare payroll processing dates to actual
employee payment dates.

Payments are made on time:

Control: Each month, payroll is done and employees are paid on schedule.

Testing: Compare payroll processing dates to actual employee payment dates to ensure that
employees are paid on time.

Review of output for completeness this can be tested by

• Reconciliation of input to output this tested when the payroll manager signs off on the list of
salaries which shows how much money is paid to each employee
 • Review of output for reasonableness e.g. financial manager reviews period-to-period wage
reconciliations (payroll manager will conduct detailed tests on the period-to-period wage
reconciliation produced by the system)
• Review and follow up of any exception reports produced during processing e.g. individual
wage payments which failed “reasonableness test” during processing.

D)

• Passwords should consist of at least six characters, be random not obvious, and a mix of
letters, numbers, upper/lower case and symbols.
• Passwords should be changed regularly and users should be forced by the system, to change
their password (system sends the user a screen message to change his password and allows
a limited number of attempts to enter his existing password. After this, access will not be
granted until a new password has been registered).
• Passwords should not be displayed on PCs at any time, be printed on any reports or logged
in transaction logs.
• Password files should be subject to strict access controls to protect them from unauthorised
read and write access. Encryption of password files is essential.
 QUESTION 3
A)

• Electronic Data Interchange and

• Electronic Funds Transfer

B)

• Complex legal accountability difficulties, for example, who is accountable if sensitive

information about a supplier is gained unlawfully from the system at large, business A or
company B? the VAN or the supplier of the communication channel?
• A breach in the confidentiality of the data being exchanged.
• The ability to implement human controls, such as preventing an incorrect payment that has
passed through the system, may be limited. By calling the bank, an invalid check payment
can be "stopped" from being processed. An electronic transmission cannot be readily
stopped.
• System failure might result in the firm coming to a halt, losing consumer trust, failing to fulfil
supplier deadlines, and so on.
• Audit trail is lost - no paper!
• Enhanced dependence on networks and data communications
QUESTION 4
A)

Time savings- Using CAATs, potentially time-consuming tasks like checking ledger records may be
completed considerably more quickly.

Reduction in risk- The ability to test bigger samples increases confidence that major errors have not
been overlooked.

Testing programmed controls- Many computerised system controls cannot be tested without CAATs
because they might not yield any documentary evidence. Greater approach flexibility is provided by
this.

Cost effective- Many CAATs require little initial setup, like when data is transferred from the client's
system to the auditor's duplicate of the same system. The ongoing costs will be negligible even in
cases where CAATs had to be specifically built for a given audit because they can be reused until the
client changes its systems.

B)

Test data Reason

An order for oddly high quantities, e.g. This would reveal the effectiveness of any reject rules that ca
45 racquets ll for specific authorization for large orders.
If a consumer mistakenly typed in the incorrect quantity, this
control would also prompt them to double-check it.
orders with missing fields This would demonstrate whether orders that proved
impossible to deliver, such as when the delivery address
didn't include the town's name, might be accepted.
Orders with faulty credit card This will show whether or not the ordering system's
information safeguards will shield the business from losses brought on by
credit card fraud.
Orders including information about This will show whether the business has sound policies in
clients who are on shops' "blacklists" place to guarantee that their system receives frequent
or whose cards have been reported security updates. Bad debt risk should be decreased as a
stolen result.
Inaccurate inventory code in the order This will demonstrate whether the system will notify the user
of the error code and ask them to check it. This should
guarantee that the right goods are shipped.
Order with accurate and complete This order should be processed by the system, enabling the
information auditor to examine the order confirmation and check that
the order information was correctly entered into the
dispatch system.
C)

i)

• A significant amount of planning time will be required to get a thorough understanding of

the client's systems in order to create the necessary software, hence the expenses of
creating tests utilising audit software can be high.
• The need for skilled and particularly qualified employees to create the software, conduct the
testing, and analyse the findings of the testing could result in a rise in audit costs overall.
• If there are design problems in the audit software, audit time and resources may be wasted
looking into anomalies that resulted from these flaws rather than from processing failures on
the part of the client.
• There is a chance that the client's systems will be disrupted if audit software is built to
perform tasks when the client's system is running live. Performing processes to ensure that
the version of the system being tested is the same as the one used by the client in real-world
scenarios will cost more if the procedures have to be done when the system is not in use.
• Training: Instructions on using the software are needed for the audit team.
• High client cooperation is necessary, which could compromise the independence of the
audit.

ii)

Test Reason
Test casts and extensions of inventory listing To ensure that the final inventory quantity
was calculated correctly.
Inventory ageing reperformance in the Before utilising an aged listing to find items
inventory listing that may be outdated and hence require
writing down, confirm that the ageing is
accurate.
Choosing a subset of inventory lines to count Rather than doing this manually, this will be a
during the year-end inventory count faster and more objective approach of picking
a sample.
Checking the order of the sales invoice This will provide confidence regarding the
numbers issued throughout the year. accuracy of sales records.
Choose a sample of credit notes, maybe This will be an efficient method of picking a
including all those worth more than a specific sample so that the auditor can track
amount. supporting documents to ensure that credit
notes were only provided for legitimate
reasons, such as racquet refunds, and with
sufficient authorization.
Cast the year's sales day books This will demonstrate that the selling figure
was computed correctly.
Dates of sales invoices/dates posted to This will provide evidence that the sales cut-
ledgers should be reconciled with dates on off was executed correctly.
associated dispatch data.