SUGGESTED SOLUTIONS

Question 20

(a) Describe, with reference to the information provided in work paper C01 under
Mark
the headings: background, registering a profile, shopping, checkout and s
payment, the tests of controls you would perform to test the occurrence of E-buy’s
sales for FY2017.

Ignore cost of sales.

Note to markers: The test of control should be described, namely how to test the control to earn the mark,
versus merely repeating of the control procedures.
1. Background
1.1 Firewalls: Attempt to override/pass the firewalls for both the SmartCount system, and the
WAN server connection. This can be done by IT audit experts, test data or reprocessing 1
(how).
1.2 Access: Enquire from management and staff what controls are in place to prevent 1
unauthorised access to the E-buy server and SmartCount system.
Attempt to access the E-buy server and the SmartCount System by means of test
1
data/reprocessing
1.3 Data protection policy: Read and discuss with management/staff to determine adequacy
thereof (This is to ensure that people cannot access the system to initiate an invalid sale.) 1
1.4 Inspect the user access profiles/tables to ensure that only authorised users have access on
1
a least privilege basis to the server and systems.
1.5 Password control: Inspect, a copy of the password policy of E-buy to ensure it is in place 1
By making use of test data/reprocessing test that the password criteria are being met in 1
accordance with the password policy,
 Use of upper case, lower case, numeric and alpha digits, not too long, short, etc; (control over 1
passwords);
 Passwords are changed after a certain period of time. 1
 Create low level security password as see if system rejects it 1
2. Registering a profile
2.1 By making use of test data/reprocessing, attempt to create a customer profile without
1
completing all the required fields and confirm that it does not succeed/pass.
2.2 By making use of test data/reprocessing attempt to create a customer profile without accepting
the terms and conditions and confirms that it does not succeed/pass. (alternatively use
1
CAATS ensure no profiles exist where the customer did not accept T&C)
2.3 Create a fictitious profile to verify whether confirmation is received by customer. 1
3. Shopping, checkout and payment
(Note that mandatory fields etc can be tested via test data or reprocessing, or data analytics)
3.1 Attempt to finalise a sale transaction by leaving the mandatory address field blank and
confirm that it does not succeed/pass. 1
3.2 Attempt to finalise a sale transaction by not providing credit card details and confirm that it
does not succeed/pass. 1
3.3 Attempt to complete the payment details field by using an invalid/expired credit card and
1
confirm that it does not succeed/pass.
3.4 Using CAATs/reprocessing inspect the sales invoice and dispatch note ledgers/files to ensure
1
transaction is not processed.
3.5 For approved credit card purchase, using CAATS/inspection agree the payments to the
1
invoice that is emailed and dispatch note sent to the warehouse manager.
3.6 Select invoices from the sales ledger and follow through to (the direction to test occurrence):
 Invoice; 1
 Credit card payment; 1
 Despatch note; 1
 Valid customer profile (registration document/number) 1
3.7 Verify that a sale that is not matched to a despatch note is reflected on the exception
1
report.
3.8 Enquire from Stephan of the effective operation on the control for listing and follow up on
1
unmatched invoices on the exception report.
3.9 Inspect the exception report for the electronic signature of Stephan as approval of the report 1
3.10 Enquire from Stephan who approves the report when he is on leave/absent 1
3.11 Review the transaction/exception report log for approvals not done by Stephan. 1
3.11 Attempt to gain access to the approval function without Stephan’s password 1
3.12 Enquire from the accounting department what the process is when Stephan sends them
1
exception reports to investigate and correct
3.13 Inspect a sample of exception reports where a customer invoice was issued without an
corresponding dispatch note and verify that an appropriate staff member followed up the 1
discrepancy and noted the reasons for it.
Available 30
Communication skills – clarity of expression 1
Maximum Total for part (d) 16

(b) Describe, with reference to the information provided in workpaper C01 under the headings: dispatch of
sales and changes to the sale prices of E-buy’s products, the Marks tests of controls you
would perform to test the accuracy and completeness for E-buy’s
sales for FY2017
Ignore cost of sales.
Note to markers:
The required asked test of controls for accuracy and completeness. As different controls are required for
these assertions, to achieve these assertions, candidates could be expected to list the test of controls per
assertion, and accordingly should be rewarded therefore. However, as certain controls relates to both
assertions, the controls should be marked whether listed under the relevant assertion or not.

Controls listed per assertion:

1
- Completeness
1
- Accuracy
1. Dispatch of sales (completeness)
1.1 Discuss/enquire form the dispatch clerks and dispatch controllers the controls in place 1
and the effective working thereof.
1.2 Inspect a sample of mobile dispatch devices and confirm that in good working condition to
ensure all goods despatched are accounted for. 1
1.3 Observe where the mobile devices are kept and ensure it is secure to prevent unauthorized 1
use.
1.4 Observe the dispatch controller checking the goods against the request. 1
1.5 Observe whether the controller seals the box and electronically marking it as being ready 1
for collection, only if the order is complete.
1.6 Do test counts of the goods in sealed boxes and compare to despatch note detail. 1
1.7 Observe a collection of the sealed boxes by a Fast Delivery driver and whether that the driver 1
electronically signs the dispatch request on the dispatch controller’s mobile device as
evidence of receipt.
1.8 Inspect exception reports for unmatched dispatch notes and:
 determine how the issue were resolved by inspecting the note relating to the resolution 1
 Confirm that these were unmatched for longer than 24 hours by checking the time
reflected on the report 1
 Confirm that no completed orders are included on the exception report. 1
1.9 Discuss the process of resolving unmatched despatch notes with the warehouse manager. 1
1.10 Select dispatch notes from the system (using CAATS) and follow it through to:
 despatch note signed by the driver; 1
 invoice on the system; 1
 recording of sale in the sales journal 1
2. Dispatch of sales (accuracy)
2.1 Using test data test the processing of entries in the sales ledger for the:
 the accuracy of the prices used from the master file; 1
 the calculation the invoice total (number of goods x price)/using CAATs test calculations
on invoice. 1
2.2 Recalculate the invoice total by multiplying the number of goods by the sales price per the 1
master file.
3. Changes to the sales prices of E-buy’s products (Accuracy)
3.1 Attempt to make changes to product prices on SmartCount system by means of a password 1
from a person who is not a staff member of the marketing department.
3.2 Attempt to approve the product item price changes by using other than Sophia’s password. 1
3.3 Inspect the log for product item price changes and confirm that these have been reviewed 1
by Sophia Malala (electronic signature).
3.4 Inspect the log for product item price changes and follow it through to the SmartCount 1
system and confirm that it agrees to the amount per the log.
3.5 Access E-buy’s server and attempt to open the log that deals with prices changes. (test 1
access control to SmartCount system).
Available 24
Communication skills – clarity of expression 1
Maximum Total for part (e) 11
Source: ITC JANUARY 2018

Question 21 – ULB

a) Internal control objectives of the ULB’s purchases and payments cycle M

1. Valid
- ULB has an approved listing of suppliers with whom prices/discounts have 1
been negotiated and inventory can be procured from.
- There is an independent check that orders reflect prices as set out on 1
listing above.
- All requisitions and orders for purchases are approved by the appropriate 1
authority before execution. (Also accuracy)

3
 - For purchases, good received are physically checked so as to assess their 1
condition and quantity to the order. (Also accuracy)
- There are approved re-order quantity levels that are monitored and orders 1
are subject to these levels.
2. Accurate
- Assuming there are international publications sold by the bookshop, 1
independent checks of currency translation.
- Prices charged are agreed to prices reflected on supplier price lists and 1
orders and the clerical accuracy of invoices checked (including VAT and 1
discounts)
- There should be an independent check of the recording of the correct 1
amount and to the correct account.
3. Completeness
- Pre-numbered goods received notes are prepared, sequence checks 1
performed and matched to invoices.
- All goods received notes and invoices are recorded 1
Other valid points (each) 1

Total available 12

Maximum 8

4
b) Identification and explanation of the weaknesses in the purchases cycle of ULB based on the information given.
WEAKNESS M EXPLANATION M
1. There is an absence of a formal method for determining 1 1. The bookshop may be ordering goods in excess of demand, 1
quantities ordered. or may have insufficient inventories to meet demand.

A sales representatives at the bookshop realises that a stock 1 This weakness could result in missed sales if the sales 1
item is out of stock, then they ask the procurement clerk representatives wait until there is no stock for the order to be 1
Mamello to contact the supplier to place an order. placed.
a. This will be caused by the lack of a more automated or 1
systematic way of determining a re-order point.
b. Customers could become unhappy and start buying their
books from other suppliers if stock is only ordered once
completely out.

2. Suppliers that Mamello places orders from are based on 1 2. There could be fraudulent or inappropriate practices in the 1
her own experiences with the suppliers. ordering function. Mamello could place orders with
friends/relatives or could set up their own business to
Mamello blacklists supplier for future business and they are 1 supply the bookshop at inflated prices.
unlikely to be used again without supervision or approval 1
from seniors. Inadequate books or stationery of inferior quality or inflated prices
1 may be acquired posing a threat to the reputation of the ULB.
There is no adequately compiled and approved supplier list
or adequately set performance standard for suppliers or
supervision of the decisions by Mamello that could result in
suppliers being blacklisted.

3. There is an absence of formal approval of prices 1 3. The ULB is not necessarily obtaining the best prices or the 1
charged by suppliers. 1 best discounts available.
There does not appear to be competitive quotes obtained.
4. Mamello is able to place orders without any form of 1 4. This weakness:
authorizing document (e.g. approved requisition).

5
 a. Enables Mamello to purchase whatever she likes for her 1
own purposes (and have the company pay)
1
b. Can easily result in overstocking, tying up capital in
inventory unnecessarily and greater losses from books and
stationery that is not needed by students, lecturers and
other customers.

5. Mamello does not establish whether any of the items to 1 5. Again this weakness can easily result in orders that are 1
be ordered as identified by the sales representatives are unnecessary, and overstocking.
already in stock (perhaps in the store room).

6. Orders are not reviewed or independently checked by a 2 6. Orders which are inaccurate (quantity, price, description) or 2
senior official to confirm they are at the correct price, incomplete (items) could be placed resulting in delays.
that they are placed timeously and that items are
available from the supplier. Mamello can order whatever she likes from any of the suppliers, 1
1
even for her own personal use (and have the company pay) by
No check to confirm if the order is correct and in terms of the simply adding items onto the order.
needs of the bookshop.
7. Orders are not sequentially accounted for and nobody 1 7. If orders are not delivered timeously, the bookshop may 1
checks the order includes all inventory that is out of stock. have insufficient inventories to meet demand.
There is also no check to ensure that inventory items that are
As nobody checks orders placed against the anticipated out of 1
anticipated to be out of stock are included in orders. 1
stock items or coming busy periods (January/ February and
No check for orders to anticipate busy periods for the bookshop
1 July/ August), student publications and numbers may be
and include anticipated student numbers for each class.
ordered late or not at all, resulting in, lost sales etc.
8. The quality and quantity of goods received is not 1 8. Sub-standard goods could be received and, once accepted, 1
adequately checked and documented. it may not be possible to return these to suppliers.
a. A goods received note is made out late after goods are
have been packed 1 Disputes with suppliers:
b. Goods received are not physically checked and a. Zola not making notes on the delivery note and Mmeli 1
compared to the external supplier delivery note as well 1 following up may cause problems for the bookshop in trying
as the purchase order to recover any shortages or other credits.
c. When receiving the goods Zola does not record any 1
2

6
 short deliveries/over deliveries, damaged goods on the b. By signing the supplier delivery note without identifying
suppliers delivery note (but signs is anyway); Defects problems with the delivery, the supplier is entitled to
and other discrepancies are not immediately identified by 1
assume that all goods were correctly delivered and
Zola and noted on the supplier delivery note (followed up 1 accepted.
by Mmeli). c. the suppliers delivery personnel do not sign anything to
d. Mmeli does not perform a reconciliation between acknowledge delivery problems. In effect ULB has no proof
inventory ordered, received (delivery note less defects
of short deliveries etc.
and discrepancies) when preparing the goods received
note.
9. There is inadequate documentation in the ordering and 9. Because:
receiving functions.
1 a. the ordering function has no sequenced permanent record 1
a. there are insufficient copies of the purchase order
1 of orders placed.
b. The purchase order is not sequentially numbered 1
1 b. the receiving function has no sequenced permanent record
of goods received.
c. the goods received note is not sequentially numbered 1
c. there is no evidence of isolation or responsibility and any
queries pertaining to an order or a receipt of goods cannot
be resolved within the function.
1
1
There is no way to prevent or detect the acceptance of damaged
goods, and incorrect deliveries and the company's accounting
records for purchases, accounts payable and inventories may
be incomplete.
10. Prices charged per suppliers' invoices are not checked. 1 10. The bookshop could be overcharged for items of inventory 1
ordered from suppliers. .
11. Calculations per suppliers' invoices and requests for 1 11. The bookshop could be overcharged for goods. Recorded 1
credit (from Mmeli) are not checked. purchases and inventories could be inaccurate.
12. Supplier’s invoices are not checked to ensure that they 1 12. The company may not be able to claim all input tax for VAT 1
are valid tax invoices. purposes.
13. Requests for credit are not sequentially numbered, 1 13. Not all credits for shortages and discrepancies may be 1
checked/ adequately followed up. claimed from suppliers

7
 14. There is a poor control environment. There is a general 1 14. The accounting records may be inaccurate. Payment could 1
absence of management supervision in the form of spot be made in respect of amounts for which no goods (or
checks over controls and review of accounting data. goods with discrepancies) were received.
It is obvious from the above that management do not understand 1
the importance of internal control in the cycle and do not make
their presence felt by supervisory checking, authorising
transactions etc. This will give rise to an environment in which
employees can do as they please.

Other valid points 1 Other valid points 1

Presentation (Tabular format) 1
Available (62)
Max (35)

8
c) A brief outline of the most important risks to which ULB would expose itself Marks
by using the UniBooks software.
1. Business continuity 0.5
ULB may not be able to maintain adequate backups of the information (orders and 1
invoices) from the UniBooks systems which could affect business continuity.
Insufficient backups could be maintained by the system owners.
1
2. Loss of confidentiality 0.5
Sensitive pricing information may be acquired by other parties if controls over the 1
UniBooks software are not effective.

3. Loss of visibility of supporting documents 0.5

The non-reliance on the traditional paper-based records and may lead to 1
inadequate reasonability and assurance reviews.

4. Reliance on third party controls 1

There will be increased reliance on controls implemented by an external software 1
supplier.

5. Reliance on UniBooks software controls 0.5

Concentration of control - The level of human intervention in identifying unusual or 1
inconsistent transactions before processing is limited.

Errors in the information system (software) - Errors in processing and 1

communications may result in the transmission of incorrect information resulting in
inappropriate decisions or actions.

6. Possible lack of transaction trail 0.5

Without proper planning, a proper audit trail may not be produced to reflect all 1
transactions on the UniBooks software.

7. Legal liability 0.5

Commitments between UniBooks and ULB will need to be clearly described and 1
an agreement will need to be reached regarding the acceptability of computer
records as evidence of transaction details.

8. Increased order frequency 0.5

The students (and customers) are likely to move to the new UniBooks platform 2
due to the general trend to move to e-transacting. The current ordering system will
put the bookshop at a disadvantage as they will not be able to honour orders.

9. Integration with ULB 0.5

UniBooks may not be completely adequately integrated with the bookshop 1
system. The software may also not meet the requirements of the ULB
requirements exactly.

10. Changes to UniBooks 0.5

ULB will not be able to make changes to UniBooks even when there is a need for 1
them to.

11. Related cyber-crime (including receipts) 1

9
 There are unique risks that are applicable to trading that is done online. There is a 1
specific risk when it comes to the payments from customers being made online
and the possibility of these being intercepted.

Entering online platforms could make the bank account (through the bank’s or own 1
systems) of ULB susceptible to new types of risks and unauthorised access
through e.g. hackers.

Other valid risk (each) 0.5

Other valid explanation (each) 1

Total available 23

Maximum 14

Source: University of Zululand – adapted

Question 22 – Builders

SOLUTIONS: PAYROLL CYCLE

QUESTION 1 SUGGESTED SOLUTION

a) General Controls

1. Segregation of duties between the following functions:

a. appointments,
b. dismissal,
c. timekeeping,
d. preparation of payroll,
e. wage pay-outs,
f. safekeeping of unclaimed wages,
g. safekeeping of permanent files. Max (3)

2. Access to time worked must be limited to authorised staff. (1)

3. Personnel involved with preparing wages i.e. the project engineer and the administrative clerk
should:
a. Take leave regularly
b. Be competent and have the required integrity. Max (1)

4. Strict stationary control over:

a. clock cards,
b. payroll
c. cheques,
d. Wage packets,
e. Unclaimed wages Max (2)

5. Periodic independent reconciliations to bring about supervision. (1)

10
b) Appointments and dismissals
a. Interviews has to be conducted with employees in the presence of the head of the
department in which the employees is to be employed. (1)
b. All appointments and dismissals/resignations should be authorised and approved by a
senior official on supportive documentation. (1)
c. Upon appointment a permanent file is to be created with the following information:
i. Unique personnel number
ii. An appointment letter authorised by two senior staff members detailing the following
1. Gross salary
2. Working hours
3. Leave days
4. Sick leave days
5. Employment conditions
6. Personal information
iii. Leave forms for leave taken authorised by the line manager
iv. Authorised salary increase letters Max (3)

11
c) Time keeping

a. Invest in a clock machine and use clock cards to record time worked. (1)
b. Clock cards should be:
i. numerically accounted for; (1)
ii. issued by the personnel department (prepared from personnel records) (1)
iii. kept at clock machine (1)

d) Clock procedures

a) Clock should be situated at entrance - personnel may not leave premises without clocking
in/out; (1)
b) The clocking procedure should be observed by the foreman in order to prevent employees to
clock in for absentees. (1)

e) A foreman should be employed to perform the following functions:

a) keep record of personnel present and time worked; (1)

b) approve clock cards i.r.o. time worked and sign off on these times worked; (1)
c) the foreman’s clock card should be approved by a senior official (e.g. Project engineer). (1)

f) Overtime

a) should be authorised according to company policy - for example the foreman signs clock
cards; (1)
b) the foreman’s overtime is authorised by the project engineer. (1)

g) Preparation of pay roll

a. The time on the pay-roll is obtained from the clock card; (1)
b. The wage rates, deductions is obtained from personnel records; (1)
c. The calculations should be reviewed by an independent person other than the administrative
clerk (e.g. appoint another clerk to assist the admin clerk and to check her calculations); (1)
d. A cheque requisition should be prepared i.r.o. wages and deductions; (1)
e. All personnel (admin clerk and project engineer) should sign pay-roll as proof of functions
performed. (1)

h) Wages cheque and make-up of pay packets

a) The wages cheque together with the current and previous pay-roll and supportive
documentation i.r.o. appointments, dismissals and increases should be presented to the
cheque’s signatories for authorisation. (1)
b) Wage cheque should be signed by two signatories, one of whom must be senior management:
i. compare pay-roll with wages cheque; (1)
ii. compare current pay-roll with previous pay-roll and check the validity of all changes to
supportive documentation; (1)
iii. sign/stamp pay-roll and documentation (cancel after approval). (1)
c) Wages cheque cashed at bank
i. by two or more persons; (1)
ii. not at regular times/routes; (1)
12
 d) preferably make use of security company to do wage pay-outs; (1)
e) Pay-outs
i. preferably done by independent persons not involved with the preparation of the pay-roll;
(1)
ii. the wage details should appear on the wage-packet (gross wage, deductions); (1)
iii. the money in the wage-packet should be independently reviewed. (1)

i) Pay-out

a) Should be done by personnel not involved with make-up of wages; (1)

b) Foreman identifies employees (pay out not done by himself):
i. the employees sign pay-roll as proof of receipt; (1)
ii. the foreman signs pay-roll after pay out as proof of supervision and identification of
employees. (1)

j) Unclaimed wages

a) Should be noted on the pay-roll; (1)

b) Should be paid over to the cashier:
i. who signs the payroll as proof of receipt; (1)
ii. recorded in the register; (1)
iii. bank it as soon as possible; (1)
iv. who locks unclaimed wages in safe. (1)
c) On pay-out employee should:
i. identify himself (ID, etc.); (1)
ii. sign register as proof of receipt. (1)

Maximum: 35
Presentation: (2)
(Handwriting = 1)
(Language, layout, logic = 1)

Question 23 – Suggested solution 30 Marks

The Managing Director
Motor Spares Limited

REPORT ON WEAKNESSES IN THE INTERNAL CONTROLS AND RECOMMENDATIONS

TO IMPROVE ON THESE WEAKNESSES

In the performance of our audit of Motor Spares Limited for the year ended 28 February 2014
certain matters, which we regard as material weaknesses in internal controls, come to our
attention.

Our audit procedures are designed to express an opinion on the financial statements and not
to determine the adequacy of internal controls for management purposes. As a result the
material weaknesses on which we report do not include all weaknesses which may exit.

13
SHORTCOMINGS IN THE RECOMMENDATIONS
SYSTEM
1. Cheques are made  Cheque should be issued in
payable to the bank. (1) the name of the supplier (1).
 The bank can then request
the supplier to endorse the
cheque if payment has to
take place into another
account (1).
2. Cheques and the bank’s  The bank should be
standard form are only requested to only accept
signed by one person. (1) cheques and other
documentation if they have
been signed by at least two.
(1)
3. The company does not  Pre-numbered goods
use pre-numbered goods received notes should be
received notes. (1) completed for all receipts. (1)
 The person who receives the
goods, should sign for them.
(1)
 Goods received notes should
be compared with invoices in
respect of quantities
received. (1)
 The numerical order of goods
received notes should be
reviewed regularly and
followed up on missing
numbers. (1)
4. The company does not  Pre-numbered orders should
use pre-numbered order be used for all purchases. (1)
forms. (1)  Only authorized persons who
are not responsible for the
receipt of goods should place
orders with approved
suppliers. (1)
 Orders should be compared
with invoices and documents
for proof of delivery. (1)
 The numerical order of
orders should be checked
regularly. (1)
5. Invoices from suppliers are  Invoices should be
not properly authorized for authorized for payment
payment. (1) independently before they
are presented for payment.
(1)
 Invoices should be matched
with orders and goods
received notes before the

14
 documents are presented to
the managing director or the
financial director. (1)
6. The cheque signatories do  At least one of the
not check the signatories should check and
accompanying supporting sign the supporting
documents before they documents. (1)
sign the cheque. (1)  The cheque number can also
be recorded on the invoice,
as well as the date on which
payment has been
authorized. (1)
7. Signed cheques are  There should be a division of
returned to the person duties between the recording
who requests the cheque of transactions and the
(accountant). (1) handling of cheques. (1)
 Signed cheques should be
sent directly to the post room
for immediate posting. (1)
 A person who did not request
the initial payment should
arrange bank transfers. (1)
8. Journal entries are not  All journal entries should be
authorized. (1) authorized together with the
supporting documents. (1)
 We would like to suggest that
journal entries are authorized
by the accountant or, if the
accountant passed the
journal, that it be authorized
by the financial director. (1)
9. There is no authorization  A declaration by the foreman
for the writing off of should verify the writing off of
inventory shortages. (1) inventory. (1)
 Inventory shortages may only
be written off with the
permission of a senior
employee. (1)
10. There is no internal audit  A responsible person should
function. (1) perform pre-planned tests on
a continuous basis. (1)
11. The monthly financial  Financial statements should
statements are not be discussed monthly by the
checked properly. (1) board of directors. (1)
 A report of deviations and
unusual items should be
presented to the board of
directors. (1)

15
 We also wish to point out that the weak internal controls at the bank facilitate fraud. We would
like to suggest that you write to the bank and point out to them that only instructions issued by
a cheque signatory may be accepted by the bank.

AUDITOR

Question 24 Dynamic Clothes 50 Marks (75 Minutes)

WEAKNESS RECOMMENDED IMPROVEMENTS

1. Foremen have  New workers should be
incompatible duties employed by the production
since they: manager, after consultation with
 Employ new workers the relevant foreman. (1)
 Control blank clock  Blank clock cards should be
cards controlled and prepared by a
 Pay wages out on time clerk (one of the current
their own (2) wage clerk) before being used
by the employees. (1)
 Worker’s names and employee
numbers should be pre
recorded by a clerk. (1)
 Wages should be paid out by
the distributing clerks (one of
the current wage clerks).
 Payout should be done in the
presence of the relevant
foreman who should identify the
workers. (1)
2. Clocking in and out is  The time clerk should observe
not controlled at the workers clocking in and out to
entrance. (1) control that only one clock card
is franked by each worker. (1)
3. The foreman hands the  The foreman should hand the
week’s clock cards to week’s cards to a specific wage
an unspecified wage clerk. (1)
clerk. (1)
4. Each wage clerk is  Each wage clerk should only be
solely responsible for responsible for certain specific
one section of the tasks in the wage system. (1)
alphabet’s wages. This segregation between:
constitutes undesirable  The maintenance of a
segregation of duties permanent record for each
and no rotations. (2) worker (example production
manager’s secretary). (1)
o All the entries in the
permanent records should
be initialed by a responsible
official. (1)

16
 o Wage expenses should be
reconciled to predetermined
totals periodically. (1)
Fluctuations should be
confirmed with authorized
changes in the personnel
records. (1)
o The preparation of clock
cards and observation of
clocking in and out (wage
clerk one). (1)
o The calculation of total
hours worked, recording of
the total on the relevant
clock cards and entering this
into the computer (wage
clerk two). (1)
o Wage clerk four should
check the calculations and
compare input to output. (1)
o Filing of pay envelopes and
payout to employees (clerk
three). (1)
o Wage clerk two should
check the filled packets. (1)
o Postings to the general
ledger and overall control
should be performed by
wage clerk four. (1)
5. The calculation of the  An independent person should
total number of hours check the calculation and initial
worked appearing on each clock card as evidence
each clock card is not thereof. (1)
checked by an
independent person. (1)
6. Overtime hours are not  Overtime hours should be
authorized. (1) approved by the relevant
foreman by initially the clock
cards. (1)
7. The hours worked  An employee other than the
entered into the wage clerk entering hours
computer are not worked into the computer
compared to the should compare input to output
computer output. (1) for correctness and initial the
wages report as evidence
thereof. (1)
8. The amount of net  A responsible official should
wages per the wages review the weekly wages report
report is not approved for reasonableness and sign it
by a responsible official. as evidence thereof. (1)
(1)

17
9. The wage clerk verbally  The accountant should only
informs the accountant prepare and sign a wage
of the amount needed cheque after he has reviewed
for the week’s net the approved wages report. (1)
wages. (1)  He should sign the wages
report as evidence of this
review. (1)
10. The wages cheque is  The wages cheque should be
signed only one person. countersigned to improve
(1) control over wages. (1)
11. Workers do no  Each worker should sign the
acknowledge receipt of wages report on receipt of
their pay packets. (1) his/her pay envelope. (1)
12. Unclaimed wages report  Unclaimed wages should be
is not clearly marked as marked as such on the wages
such on the wages report by the distributing clerk.
report. (1) (1)
13. The wages report is not  At the end of each department’s
signed off by the payout, the distributing clerk
distributing clerk and and the foreman should
the relevant foreman at account for the envelope in
the end of the pay out. respect of unclaimed wages
(1) and should sign the wages
report as evidence that:
o Envelopes relating to the
items marked “paid” have
been properly distributed;
(1)
o The envelopes for items
marked “unclaimed” were in
the hands of the distributing
clerk at the end of the pay
out. (1)
14. The week’s total wages  A responsible official should
expenses are not reconcile the week’s total
reconciled to a wages to that of the previous
predetermined total. (1) week, adjusted for wages
increases, overtime,
absenteeism, new
appointments and resignations.
(1)
15. Changes to the  The accuracy of changes to the
permanent records of permanent records of workers
employees are not should be checked by the
checked by the production manager who should
production manager. (1) sign the printout listing changes
to these permanent records as
evidence thereof. (1)
16. It appears that no  Access to the permanent
controls exist to ensure records in the data base should
that only authorized be restricted by passwords.
18
 changes are made to Only the production manager’s
the data base. (1) secretary should be able to
record such changes. (1)
17. Management does not  The accountant/production
examine the pay manager should examine the
packets on a test basis pay packets, prior to the pay
prior to the pay out. (1) out. (1)
18. Management does not  The accountant/production
attend the wage pay manager should attend wage
outs on a surprise pay outs on a surprise basis. (1)
basis. (1)
19. Workers do not identify  Workers should identify
themselves when they themselves before their pay
are paid. (1) packets are handed to them,
e.g. by ID card.
20. No measures exist to  A security firm be appointed to
ensure the physical draw cash, fill pay packets and
security of the cash. (1) perform the pay out. (1)
 Alternatively, two persons
should draw the cash, pay
packets should be filled in a
secured room, filled pay
packets should be stored in a
safe and a security guard
should be present at the pay
out. (1)
21. No control measures  Unclaimed wages should be
exist over unclaimed controlled by way of a register
wages. and such wage packets must
be kept in a safe in the
accountant’s office. (1)

Question 25 Suggested Solution 20 Marks (30 Minutes)

Control Control identified Audit procedure
objective
All purchases  Authorization of the Select a sample of the
are properly daily order listing listings and confirm that
authorized. by Thokozani. (1) they are all authorized
by Thokozani, through
inspection of signature.
(1)
 Warehouse Select a sample of order
manager review listings and verify the
listing and signature of the
authorize orders. warehouse manager. (1)
(1)

19
 All purchase  GRN’s are pre- Select a sample of
transactions are numbered and GRN’s perform
recorded. sequence is sequential testing on
checked by the GRN’s issued during the
stores supervisor. year under review. (1)
(1) Follow up on all missing
numbers. (1)
Trace GRN’s to
processed invoices and
agree details
[quantities]. (1)
All purchases  Comparison of Select a sample of
are properly quantity and price purchase invoices
valued. per the order to the compare the unit per the
invoice received. invoice to the relevant
(1) orders. (1)
 Authorization of Follow the differences to
price amendments the price amendment
by Thokozani. (1) forms and verify that the
difference was
authorized by
Thokozani. (2)
All purchase  Invoice details Select a sample of
invoices have (price, quantity) are purchase invoices
been properly agreed to orders  Agree the
processed, and GRN’s. (1) quantity invoiced
allocated, to the quantity
summarized received per the
and posted in GRN. (1)
the correct  Agree the price
accounting per the invoice to
period. the price per the
order. (1)
 Agree invoiced
amount to the
creditor’s
account. (1)
 Verify that the
invoice was
accounted for in
the correct
accounting period
(inspect date of
invoice same as
date of GRN). (1)
Presentation (Table): 3

Suggested solution Question 26 15 Marks (22.5 Minutes)

1. A register must be maintained detailing the number and location of slot machines
around the East London area. (1)
20
2. Slot machines must be pre-numbered and assigned to the register of slot machines. (1)
3. There must be adequate supervision and review over these slot machines by senior
management. (1)
4. A signed agreement must be in place between Entertainment (Pty) Ltd and the owners
of the premises stating the agreement of the 25%/ 75% split of the takings. (1)
5. The company’s representatives must be allocated to certain slot machines. (1)
6. The slot machines must keep an internal record of all takings of the slot machines. (1)
7. The company’s representatives must be trustworthy and competent to perform the
counting function. (1)
8. The company representatives must sign for the keys of the slot machines (take
responsibility). (1)
9. Keys should not be available to open all the slot machines – keys should only open
machines that have been allocated to specific company representatives. (1)
10. Counting of the cash from machines must be done in the presence of the owner of the
premises. (1)
11. The company representative and the owner must sign both as proof of the cash count
being performed correctly. (1)
12. Cash counted must be agreed to the machine records. (1)
13. Proper security to be implemented over transportation of cash. (1)
14. When cash is handed to Sally Smith, she must sign as proof of receiving cash. (1)
15. Cash received by Sally must be entered into a register signed by both Sally and
company Representative. (1)
16. Cash should be counted again in the presence of Piet Coetzee who then agrees the
amount counted to the deposit slip. (1)
17. Cash must be banked as soon as possible. (1)
18. There should be regular rotation of duties from the company representatives. (1)
19. Piet Coetzee must keep the key to the safe where the money is kept. (1)

MAX 15
Suggested solution Question 27 41 Marks (61.5 Minutes)
A. WEAKNESSES B. RECOMMENDATIONS
Control Environment
1. The informal 1. I need to raise the awareness of
beginnings of Picture Cindy to the importance of
Perfect (Pty) Ltd, internal controls so that she
Cindy’s obvious lack of supports, promotes and
financial systems and a enforces the implementation of
number of the problems a sound system of internal
she is experiencing controls through the activities of
with debtors all pin the company. (1)
point to an inadequate
control environment. (1)
Creditworthiness Check
2. It is apparent that  Cindy or a suitable employee,
pictures are being sold should carry out checks prior to
on credit to customers
21
 without doing any selling on credit to customers to
background checks on ensure that: (1)
their creditworthiness. The customers have not
(1) supplied fictitious details. (1)
The customers have
satisfactory credit status. (1)
 This can be achieved by
obtaining references from
bankers and other credit
providers. (1)
 Cindy should also establish a
credit limit for each new
customer. (1)
Before authorizing a sale,
the balance on the
customer’s account should
be checked and assessed to
establish whether the current
sale will cause the customer
to exceed their credit limit.
(1)
If so the sale should be
declined and the customer
requested to make a
payment before further sales
will be permitted. (1)
Dispatch
3. No written proof of  Existing source documentation
delivery is obtained relating to sales should be
when pictures are adapted such that two copies of
delivered to customers, a delivery note accompany each
which means that they delivery. (1)
may deny receiving One such copy should be
goods, which were in given to each customer. (1)
fact delivered. (1) The second copy should be
retained after obtaining the
customer’s signature,
acknowledging receipt of
goods delivered. (1)
Segregation of duties/Accountability
4. There is no isolation of  Cindy should prepare an
responsibility or clear organization chart and assign
assignment of tasks to isolate responsibility for
duties/responsibilities. deliveries and all other
(1) important functions. (1)
Consequently Cindy  Duties such as deliveries,
has been unable to invoicing and follow-up of
establish with certainty, debtors’ queries, should be
which employee were segregated so as to minimize
the possibility of fraud and error
responsible for making
going undetected. (1)
22
 a number of deliveries, Employees must sign the
which customers have source documentation as
denied receiving. (1) evidence of the performance of
their duties. (1)
Inadequate Documentation – Orders/Invoices
5. Inconsistencies and  Cindy should compile an official
uncertainties relating to price list, which sets out unit
prices and discount are prices and standard discount
leading to disputes with terms for all pictures. Any
customers and loss of alterations to this price or
goodwill. (1) deviations from it when
invoicing goods should be
authorized. (1)
 Alternatively, the customer
should be requested to sign the
invoice or sales order to
indicate that he is satisfied with
the negotiated price. (1)
 A second person should
perform an independent check
on the arithmetic accuracy of
the invoice. (1)
Credit Management
6. Cindy’s current system  Procedures to be performed to
for dealing with debtors ensure debtors are properly
who are slow to pay is monitored to ensure prompt
inefficient, prone to error payment and follow-up where
and inconclusive: payment is not timeously
 Problem debtors received:
may be overlooked A debtors’ ledger should be
in error, when Cindy maintained, with separate
is identifying account for each debtor. (1)
invoices which are to All customers should be
be copied and sent sent monthly statements
to debtors (i.e. her (prepared from the debtors
existing method ledger) to inform them
does not provide precisely as to the amounts
comprehensive owing by them. (1)
assurance that all A monthly age analysis of
long outstanding the debtors’ ledger should
debtors have been be performed and reviewed
identified and to identify any debtors who
prompted to pay). (1) have long outstanding
 Debtors appear to debts. (1)
be able to employ Long outstanding debtors
tactic to delay should be:
payment of their o Warned that legal action
debts indefinitely will be taken, unless
(the five debtors their debts are promptly
referred to in point 2 paid. (1)

23
 of the question o Handed over to
scenario). (1) attorneys for collection, if
they do not pay within a
reasonable period after
MAXIMUM (6) their warning. (1)
Queries from debtors
should be handled by
someone independent of
the recording function. (1)
The debtors’ ledger should
be reconciled on a monthly
basis to the control
account in the general
ledger. (1)
o The reconciliation
should be reviewed by
Cindy for any unusual
items and then signed
as evidence of review.
(1)

MAXIMUM (20)

PRESENTATION (3)

C. Positive debtors’ circularization procedures:-

 Obtain permission from Cindy to perform a debtors’ circularization. (1)
 Prepare a listing of debtors and their outstanding balances using the outstanding
invoices files. (1)
 Agree the total of this debtors listing to the debtors’ control account in the general
ledger. (1)

 Select a sample of debtors from the debtors listing created:

The sample should include those debtors whose accounts are long overdue or whose
outstanding balance is significant. (1)
The sample should also include any unusual accounts. (1)

 Arrange control of all copies of invoices to be sent to debtors. (1)

 Draft a letter (on client letterhead) requesting the debtor to confirm directly with the
auditors whether or not the enclosed invoices correctly represent amounts owed by
them. (1)
 Enclose the letter, a stamped envelope addressed to the auditor and the invoice copies
in an envelope for mailing to the debtor. (1)
 Confirm that the debtors with a Post Office Box address are not fictitious by looking up
the address in the telephone directory or confirming the address telephonically. (1)
 Personally mail or supervise the mailing of all the envelopes. (1)
24
  Prepare a working paper detailing all accounts circularized, for monitoring of replies. (1)
 Follow up disagreements by inspecting the relevant source documents and making
enquiries of the parties concerned. (1)
 Send out second confirmation requests to all those debtors who have failed to reply or
whose envelopes were returned “addressee unknown” (after correcting the address). (1)
 If debtor’ fail to respond to the second request perform the following alternative
procedures: (1)
Telephone or fax the debtor (and then follow up with written confirmation later) – with
permission from the client. (1)
Inspect subsequent receipts from debtors in cash books. (1)

MAX (15)

Suggested solution question 28 8 Marks (9.5 Minutes)

Recommendations for controls around additions to fixed assets:
 Additions supported by formal written proposal by capex committee/senior personnel. (1)
 Supported by quotes and source of finance. (1)
 Presented to board of directors/top management for authorization. (1)
 Authorized decision must be recorded in the minutes. (1)
 Directors’ interest in contracts must be disclosed. (1)
 Supported fixed asset requisition and capital budgets. (1)
 Fixed asset requisitions must be pre-numbered. (1)
 Management must regular follow up on missing numbers of requisitions. (1)
 In some cases a formal contract is required for additions. (1)


Suggested solution question 29 30 Marks (45 Minutes)

Weaknesses in the inventory count:
1. Preparation and planning of the count was inadequate. (1)
 Holding the count over two afternoons so as to allow normal delivery and dispatch was not
sensible. (1)
 Non-trading days or overtime count would have resulted in a more efficient count. (1)
 Total count time only 8 Hours – insufficient time. (1)
 No count controller appointed to direct count. (1)
 The method of counting was inadequate, no tag system or double count. (1)
 Composition of the counters totally inadequate: (1)
Counting should be done in teams (2 persons). (1)
One of whom should be independent of the warehouse function. (1)
 If pickers have been involved in misappropriating inventory, they are now in a perfect position
to hide any shortages by having the perpetual inventory records amended. (1)
 Amendments were done without authority or investigation. (1)

25
  There is no evidence that the warehouse was prepared for the count, although it is “tidy”, a
number of procedures should have taken place. (1)
Marking damaged, slow moving obsolete goods. (1)
Identifying expired (nearly expired chemicals). (1)
Preparing a secure area for deliveries to be received during the count/making sure goods
received up to the 30th, have been unpacked. (1)
Identifying the location of Buchblaze Inc inventory (consignment stock). (1)
2. Count stationery was inadequately designed and controlled. (1)
 Count sheets not pre-numbered. (1)
 Staff not signed for count sheets received. (1)
 Count sheets not accounted for in count sheet register. (1)
 No mentioning that counts must be documented in ink. (1)
 There are no inventory adjustment forms on which count differences/adjustments/results of
investigation can be entered for authorization before the inventory records are adjusted. (1)
3. No written instructions were prepared for the count which again will result in a
substandard count. (1)
 No identification of who should count what – pickers decided themselves. (1)
 No method of counting conveyed to counters and count controller and auditors. (1)
4. The count itself was inadequately conducted. (1)
 Inventory only counted once. (1)
 No recount by another counter when discrepancy identified. (1)
 No random counts by supervisor. (1)
 No identification and recording of slow moving; expired or damaged stock. (1)
 No identification of consignment stock. (1)
 No count controller, so no walk through of the warehouse once the count is complete, and no
method of determining whether all stock has been counted. (1)
 No procedure conducted to ensure that goods received or dispatched during the count were
properly accounted for. (1)

Suggested solution question 30 28 Marks

a)
1. Access to the sales application should be restricted to the terminals of only those who
need access to the application to perform their functions, e.g. sales personnel, financial
accountant and credit controller by the use of terminal identification controls.

2. Access to the sales application should be restricted at systems level to only those users who
need access to the application to perform their function by the use of user identification and
password controls.
2.1 There should be sound controls over passwords e.g. unique to users, minimum six
characters, not obvious, kept confidential.

26
3.At application level users should be restricted to only those programme functions which they
require to perform their functions on a “least privilege” basis. For example
3.1 Sales personnel do not require any access to the masterfile amendment module of the
application.
3.2 Sales personnel may be given “read only” access to the debtors masterfile (customers
may enquire about their account balance before making a purchase) but will definitely not be given
“write access” to the masterfile.
Note: sales personnel will have “read access” only to the inventory masterfile.
These controls will depend on properly compiled access tables.
4. There should be a “time out” facility on the sales personnel computers, which is activated after
a set period of inactivity.
5. There should also be automatic shutdown in the event of access violation.
b)
1. The ability to override the “credit exceeded” control should be restricted to the credit controller
(only her user profile will be allocated the privilege).
2.All overrides should be logged automatically by the computer.
2.1 Logs should be access controlled and access should be limited to “read only” and
restricted to the credit controller and say, the financial accountant.
2.2Logs should be numerically sequenced.
3.On a frequent and regular basis the log should be reviewed and sequence checked by the
financial accountant and any unusual overrides followed up, e.g. overrides for large amounts,
frequent overrides to the same account holder, and the subsequent performance of the debtor
whose limits were overridden, monitored.
4.Normal password controls must be strictly applied to the credit controller and her password.
5.The above controls are primarily detective in nature; as a preventive measure the application
could include a control which prevents the override from being effected if, say, the amount by
which the proposed sale will exceed the credit limit is greater than 10% of the balance owing.

6.A less effective but nevertheless important preventive control would be the stipulation of the
conditions which must be present before the credit controller can override.
c)(i)
1. Minimum keying in of information allows the salesperson to key in a single piece of information
about the customer to bring up all the customer’s details instead of keying in all the customer’s
details.
2. In the case of creating the invoice, this means that the salesperson need only key in the
customer’s account number. The computer will validate the account number and the screen will
display the customer’s name, address, contact details, etc.
3. The same will apply to the parts being sold. As each part has a unique part number, the
salesperson need only enter the part number to bring up the detail of the part, e.g. description and
price. The salesperson need only enter the quantity required.
27
 4. The idea behind minimum entry is that the less keying in that has to be done, the fewer the
errors which will occur.
(ii)
1. A mandatory field is one which must have data entered into it to create the invoice. In other
words the process will not continue until the field has been filled.
2. In the context of creating the sales invoice, there will be two particularly important mandatory
fields
2.1 The quantity field for parts being sold and
2.2 The customer’s order reference field.
3. If data is not entered in a mandatory field, a “screen prompt” will appear requesting the
salesperson to enter the field. This ensures the completeness of the information required to
produce the invoice (note: that with “minimum entry” the vast majority of information required will
be automatically brought up as explained in (i) above).

d)
1. As the warehouse clerk picks the parts listed on the invoice, he or she should initial or tick off
against each item on the invoice.
2. Once all the parts have been picked, the clerk and the customer should check against the
invoice that the correct parts and the correct quantities have been picked.
2.1 Any problems, e.g. required quantity of parts not available, should be noted on both copies
of the invoice and cross-referenced to a “dispatch problem report”
2.2 The “dispatch problem report” should be completed by the warehouse clerk and should
 detail the problem
 indicate what the customer requires, e.g. pass credit note, place on back order
 be cross referenced to the sales invoice
 signed by the customer and clerk
 be appropriately designed, sequenced and preprinted.
Note: remember that the invoice has already been processed but has not been paid for.
3. Parts which cannot be picked as listed on the invoice should not be substituted by other parts
(see note above).
4. Both copies of the invoice should be signed by the customer and the clerk, and both copies
should be stamped “order filled”.
4.1 One copy of the invoice should be retained by “warehouse dispatch”.
4.2 When the customer passes through the security gate, the goods being taken by the
customer should be checked against the sales invoice and the invoice stamped “checked” if all
is in order (further security checks may be appropriate).
Note: All dispatch problem reports should be followed up promptly and as necessary e.g. credit
note should be generated, order placed with supplier, adjustment made to inventory masterfile.
Students should be awarded bonus marks for including this point in the solutions.

Suggested solution question 31 25 Marks

28
Continuity of operations – risk assessment
1. It appears that the company has no formal risk assessment component as part of its
internal control process.

2. IT risk is a recognised risk faced by all businesses which rely on IT to function effectively
and it is essential that
 IT risk is continually assessed by
 individuals who have an appropriate level of experience and understanding of the IT
risks faced by a company such as Pumpflow (Pty) Ltd.

3. The directors have no interest in this important control requirement and Jill Clinton, to
whom the technicians report, is by her own admission “not strong on computer technology”
and therefore is hardly likely to understand IT risk.

4. This lack of formal risk assessment results in inadequate response to IT risk, leaving
Pumpflow (Pty) Ltd open to
 fraud and theft perpetrated through the IT system
 physical and infrastructural damage
 confidentiality issues/abuse
 data loss or destruction
 non-compliance with IT laws, rules and standards
all of which singularly or collectively can threaten the
company’s continuity of operations.

Continuity of operations – physical security

1. It appears that there is inadequate security surrounding the system equipment (servers etc.).
These are located in a general office in the accounting section.

2. Whilst the company is probably not large enough to warrant sophisticated physical security
measures, the equipment (obviously other than user terminals) should be housed in its own
secure room which is access controlled by say, keypad and code with access restricted to IT
personnel. Leaving this integral part of the system in a general office lays the system open
to abuse.

Control environment – organisational structure

1. Essentially there is no organisational structure either within the “IT section” itself, or as
regards the IT section and the company itself.

2. There is no assignment of authority and responsibility within the section, as the three
technicians “run the entire show” as they deem fit.

3. Nominally they report to Jill Clinton but this is meaningless as she provides no leadership
and does not interact much with them.

4. There is no segregation of duties within the IT section with the result that the three technicians
perform incompatible functions. They are all on the same level so again lines of reporting
and delegation of authority are not functional.

29
Control environment – commitment to competence, participation by those charged with
governance and management’s philosophy and operating style

1. As it stands, there is nobody in the company to which the “IT section” can report for guidance
and leadership. The directors do not have the knowledge or the interest and the financial
manager (who should be extremely concerned) simply chooses not to interact with the three
technicians.

2. This shows a distinct lack of commitment to competence and a management style which
could lead to a total lack of control consciousness. The three technicians will be fully aware
that there is no control over them and that they can do whatever they like!

3. This complete lack of understanding of the risks associated with IT, implies that it is very
unlikely that there will be any ethical guidance/code of conduct given to the “IT section”, or
that proper human resource policies and practices as they relate to IT personnel, are in place.

4. The IT section will have to be restructured and a suitable IT manager appointed if these risks
are going to be addressed.

Systems development and programme change controls

1. Programme changes should not be made by the technicians “as they see fit” but rather as
a result of properly motivated requests from users.

2. As the organisational structures and reporting lines relating to the interface between the
“IT section” and the users is blurred, it seems very unlikely that proper programme controls
can be implemented, e.g. there is no IT manager or steering committee to evaluate and
approve the change.

3. There is also no way of preventing the three technicians from making programme changes
if they want to. These changes may be detrimental to the company.

4. The same argument applies to the decision of one of the technicians (obviously supported
by the other two) to write and implement application software for the issuing of passwords.
Clearly this software is poorly designed (see access control) so could not have been
subjected to the very important control procedures to which any new application software
should be subjected. The company simply does not have the necessary structures or
competencies to write and implement such applications.

Access controls
1. Besides the lack of physical access controls to the IT equipment mentioned earlier, the
logical access controls at Pumpflow (Pty) Ltd are very poor.

2. Only those employees who need access to the computer to fulfil their functions, should be
given access – to give factory personnel access privileges so that they can send emails
and browse the internet during their breaks, is an extremely unwise and unnecessary policy
which can lead to serious abuse of the system. Access should be given on a “least
privilege/need to know” basis.

30
 3. The application software written for the allocation of passwords is unnecessary as the
systems software would include programmes for “registering”, changing, storing and
deleting passwords. Again the total lack of management of the company’s IT employees
has facilitated this situation.

4. In terms of this application

 passwords do not conform to the recommended format for passwords (six characters
with a mix of numerical, alphabetic and symbol digits)

 passwords are not unique to the user and are not confidential (they will be known or
obtainable by at least the three technicians)

 passwords of employees who have left the company are only invalidated every six
months, not immediately the employee resigns or is dismissed.

5. The fact that the three technicians all have access/super user access, combined with the
fact that they are totally unsupervised, is a tremendous risk to the company.

Suggested solution Question 32

a)

Key internal control Control Test of control(s)

objective(s)

1.3 Before the material is Accuracy. () Observe the weighing process. ()
weighed, the scale operator Scrutinise the scale for the three buttons to
(Thabo) has to press one of ensure that paper is indeed classified
three buttons: “Mix colour separately. ()
paper”, “White Paper (no book
form or in files)” or “Magazines”.
()

1.4 The scale generates a pre- Validity. () Observe the scale operator press the button
numbered report in triplicate Accuracy. () and immediately inspect the report generated
which contains details of the by the scale () and confirm that:
items being weighed. (i.e. Type Completeness.
()  the date and time is correct (),
of paper, Scale operator, Date,
 the type of paper agrees to what was
Time, Weight etc.). ()
pressed by the operator (),
 the weight on the report agrees to the
reading on the scale (),
 the report identifies the person
operating the scale. ()
Perform a sequence check on the reports and
ensure that there are no missing numbers.
()

31
1.5 The electronic scale also Validity. () Select and inspect a sample of scale reports
generates on the above Accuracy. () and compare the rate on the report against
report, the amount to be the authorised price list. ()
paid to the individual or
representative by
multiplying the weight of the Recalculate the amount on the scale report
paper by the rate as per the by multiplying the weight by the price per
authorised price list. () price list. ()

1.6 Thabo signs and retains Validity. () Select and inspect a copy of the report
one copy of the report and retained by Thabo for his signature. ()
gives the individual or
representative two copies to
take to the payment of
suppliers section for payment.
()

2.2 Upon receipt of the two Validity. () Select and inspect the copy retained Neo for
reports from the individual or Accuracy. () her signature () and signature of the scale
representative, Neo agrees the operator (Thabo). ()
rate indicated on the scale
report to the authorised price
list pasted on her wall and
signs both reports as proof that
she has done so. She retains
one copy of the report. ()

2.5 Yvonne generates a pre- Completeness. Perform a sequence check on the slips and
numbered slip (in duplicate) for () ensure that there are no missing numbers.
the individual or representative ()
after payment of the amount
reflected on the scale report.
()

2.6 She then stamps the scale Validity. () Inspect the scale report and ensure it was
report with the words “Paid” stamped “Paid” () as well as the signatures
and attaches a copy of the of Thabo () and Neo. ()
slip to the report to prevent
double payment. ()

2.8 The supervisor (Joseph) Validity. () Inspect filed documents for signature of the
matches and signs the Accuracy. () supervisor (Joseph) for proof that he matched
documents from Neo, against the different documents. ()
the documents retained by
32
 Yvonne against the documents Completeness.
retained by Thabo and follows () Select and inspect filed documents and
up on any discrepancies. () reperform the matching. i.e. Match
documents from Yvonne against the
documents retained by Neo and documents
retained by the Thabo and follow up on any
discrepancies. ()

2.9 Joseph also performs Completeness. Addressed by tests of control on 1.4 and 2.5
regular checks on missing () above.
numbered scale reports and
receipts and follows up. ()

MAXIMUM: (7) & AVAILABLE: MAXIMUM: (7) & MAXIMUM: (7) & AVAILABLE: (19)
(10) AVAILABLE: (15)

MAXIMUM: (21) & AVAILABLE: (42)

COMMUNICATION SKILLS, STRUCTURE AND LAYOUT AND CLARITY OF EXPRESSION: (1)
Suggested solution Question 33

YOU ARE REQUIRED TO:

Identify and explain the weakness in the internal controls 40 Marks
over those functions of the acquisitions cycle at Toy-Toy
(Pty) Ltd described above.

Weakness 1
There is a lack of division of duties between the initiation of the order and its execution. (1)
Explanation 1
1.1 The buying officers decide what to order without the authority of a signed requisition from the
warehouse and they place the order. (1)
1.2 This means that a buying officer can place an order fraudulently (e.g. order goods for himself).
(1)

Weakness 2
There is no sound basis for the placing of orders e.g. no reorder level or quantity, no sales projection
data etc. (1)
Explanation 2
2.1 When deciding what inventory to purchase, the buyers simply look at the quantity on hand on
the perpetual inventory. There is no guidance on which to base the quantity of toys to be ordered
or whether a particular toy should be ordered at all. (1)
2.2 This is inefficient management of the company’s resources i.e. tying up funds in excess inventory
and potential loss from redundant/obsolete inventory. (1)
33
2.3 It may also lead to the failure to order enough inventory resulting in lost sales. (1)
2.4 As there is no reconciliation between physical inventories on hand and the Masterfile, there may
be no physical inventory and a quantity reflected in the masterfile. Hence no order may be
placed when an order is necessary. (1)

Weakness 3
Orders placed are not authorised by the senior buyer Goliath Booysen. (1)
Additions to the preferred supplier Masterfile are not authorised by Goliath Booysen. (1)
Explanation 3
As Goliath Booysen does not see the orders before they are sent, there is no check that they are for
goods for the company, from an approved supplier. This combined with weakness 2 makes it even
easier for an employee to place an invalid order. (1)

Weakness 4
Access to the local area network at systems level is inadequate. (1)
Explanation 4
The use of a general password to get onto the network amounts (almost) to uncontrolled access. This
weakness at systems level weakens access to applications on the network, in this case acquisitions
and payments. (1)

Weakness 5
Access at application level is inadequate which severely weakens (failure to apply need to
know/minimum entry principle) (1)
 division of duties (.5)
 Isolation of responsibility. (.5)

Explanation 5
5.1 All employees in the “ordering” and “receiving” functions of the acquisition cycle have access to
all the modules in the application by virtue of a common password. (1)
5.2 In effect, this means that at least nine employees are able to
 initiate an order (1)
 place an order (1)
 effect a Masterfile amendment e.g. add a supplier and in the case of the receiving clerks (1)
 Gain easy access to the goods ordered and amend the records. (1)
5.3 The above substantially increases the risk of invalid purchase transactions occurring. For
example, a receiving clerk could easily place an order for goods for himself, receive the goods,
steal them, amend the inventory records if necessary, and have the company pay for the goods.
(1)
Weakness 6
Poor programming/application design results in the need for employees to enter extensive information
which is already in the database (failure to apply minimum entry principle). (1)
Explanation 6
When creating a purchase order, although the format comes up on the screen, the buyer must still enter
all the details pertaining to the supplier and the goods to be ordered. In principal the minimum amount
34
of information e.g. quantity and product number should have to be entered. Information already on the
database should automatically be included. This enhances the accuracy and completeness of the
order being placed as fewer keying in errors will be made e.g. incorrect descriptions, product numbers
etc. (1)

Weakness 7
The receiving clerk checks what has been delivered against the suppliers’ delivery note only, not
against the purchase order. (1)

Explanation 7
7.1 Adjusting the supplier delivery note for discrepancies between the goods delivered and the
supplier delivery note but not for discrepancies with the purchase order will result in the
company accepting (and ultimately paying for) goods in excess of what they ordered or which
they did not order at all. (1)
7.2 As the inventory Masterfile is updated by what was actually received and the “pending order
field” is cleared, the buyer will not know if there has been an over or under supply of what he
actually ordered. (1)
7.3 Short deliveries will not be addressed as no comparison is made between what was actually
ordered and received. (1)

Weakness 8
There is no checking or acknowledgement of receipt of the goods when they are moved from the
“receiving department” to the warehouse (poor isolation of responsibilities). (1)
Explanation 8
As the boxes are placed in the cage to be dealt with by warehouse staff when they have time, there is
a period when nobody has responsibility for the goods; if discrepancies are discovered the goods
receiving clerks can simply say they put the goods in the cage and the warehouse staff can say the
goods were not put in the cage, i.e. were not in their custody. (1)

Weakness 9
Nobody counts/checks the contents of boxes for quantities and goods actually delivered and nobody
checks for damaged goods. (1)
 The receiving clerk checks only to the details on the side of the box. (1)
 When the toys are unpacked from the boxes in which they are delivered, the warehouse
packers do not check what has actually been received against any documentation before the
goods are packed away on the shelves. (1)

Explanation 9
As Toy-Toy (Pty) Ltd does not know exactly what toys they actually received they will in all likelihood
 be paying for goods they never received/are damaged. (1)
 have very poor inventory records which will result in losses through inefficient inventory
management. (1)

Weakness 10
35
10.1 As in weakness 6, poor application/programme design results in the receiving clerk having to
enter data that is already on the system when they create the goods received note. (1)

10.2 The receiving clerk has complete control over the information that is entered onto the system as
 he does not simply update authorised information already on the system and (1)
 Nobody checks that the details on the GRN agree with the supplier delivery note. (1)

Explanation 10
10.1 Again the less information that has to be entered, the less errors of accuracy and completeness
will arise. This will result in fewer problems in the functions which flow from the GRN e.g.
inventory record maintenance and payment to creditors. (1)
10.2 In respect of weakness 9, significant fraud is possible by the simple entry of fictitious (invalid)
information, e.g. the receiving clerk can make out a completely (or partially) fictitious GRN,
arrange for a fictitious invoice/statement to be sent to Toy-Toy (Pty) Ltd by a fictitious supplier
and share the ensuing payment to the supplier. (1)
 making this type of fraud even easier, is the lack of access controls and division of duties as
explained in weakness 5. (1)

Weakness 11
Controls of Masterfile amendments are inadequate. (1)
Explanation 11
As
 at least nine employees have access to the Masterfile amendment module of this application
and as (1)
 Goliath Booysen does not authorise additions of suppliers and (1)
 there does not appear to be any documentation (MAF) to support amendments and (1)
 there is no review of logs of Masterfile amendments for accuracy, completeness and validity
by an independent manager, (1)
any number of employees could make invalid amendments to facilitate fraud.
Weakness 12
The lack of supervisory and managerial controls results in a poor control environment. (1)
Explanation 12
As neither Goliath Booysen nor any other members of the management get involved in the activities
described, employees will before long realize that they can do precisely as they please, including
engage in fraudulent activities for their own benefit. (1)
Available: 47 Marks
Maximum: 40 Marks

Suggested solution Question 34

f) Identify and discuss the weaknesses and the potential 38 Marks

consequences of the weaknesses with regards to the
system of control over the sales and receipt cycle of
Campers World (Pty) Ltd

Present your answer in tabular form as follows:

36
 Weakness Potential consequence

Commination skills: Clarity of expression (1) Structure & 2 Marks

Layout (1)

WEAKNESS POTENTIAL CONSEQUENCE

Only one person opens Possible manipulation of documentation received in
the post. (1) the post. (1)
Customer orders received There is a possibility that the orders will not be
in the post is not recorded executed and may result in dissatisfied customers.
in register. (1) (1)
Cheques received via the Possible fraudulent manipulation of the cheques (1)
post do not get recorded
in a remittance register.
(1)
There is no control to Cheques can be stolen/manipulated. (1)
ensure that the cheques
are actually banked. (1) It may result in rolling of cash. (1)
Cheques received from
debtors are sent to the Mr Masia may fraudulently manipulate the debtors
debtors clerk (Mr Masia). records. (Egg theft of cheques). (1)
(1)
Only written customer Customers may find the process time consuming
orders are accepted. (1) and may find alternative suppliers. (1)
The customer order is This may lead to dissatisfied customers and may
accepted and a sales result in orders not being finalised/executed (1)
order is prepared before
the availability of the
goods is confirmed. (1)
Only copy one of the Goods can be delivered to debtors who have
sales order are approved exceeded their credit limit or is not creditworthy as
by the credit controller (1) copy one is not sent to the warehouse. (1)

This will result in orders still being executed although

credit limits are exceeded which may result in a high
provision of bad debts. (1)

Copy 2 and 3 of the sales This may result in inaccurate accounting records
order may differ due to and disputes with customers. (1)
changes made on copy 3
by the warehouse
manager. (1)
There is no document Customers may deny that goods were delivered that
(egg delivery note) that may result in financial losses. (1)
the customer signs and
returns as proof of
delivery. (1)
The customers are A customer may be invoiced for goods not
invoiced before it is received/returned which will result in constant

37
confirmed that goods changes to accounting records that will increase the
were delivered and risks of inaccurate accounting records. (1)
accepted. (1)
Cut off errors may exist especially at month/year
end. (1)
There is no gate controls This may result in theft of goods/invalid orders that
regarding the goods that will result in a financial loss. (1)
is leaving the company’s
premises. (1)
The despatch department Enquiries from customers and/or outstanding orders
do not keep records of will be difficult to follow up with no documentation.(1)
orders despatch. (1)
Invoices are not Invalid invoices may be used to execute invalid
sequentially filed, orders. (1)
matched with the sales
order and regularly Outstanding invoices may not be finalised (1)
followed up by a senior
official. (1)
Debtor statements are not The debtor statement may differ significantly from
independently prepared the debtor ledger. (1)
and reviewed by a senior
official. (1) Errors and fraudulent activities may be hidden and
not identified. (1)

Mr Masia is responsible Due to a lack of review by a senior official (1) and

for the debtors ledger and segregation of duties (1), Mr Masia may manipulate
reconciliation of the the ledger and account to hide fraudulent
debtors control account transactions and errors.
(no segregation of duties).
(1)
Mr Masia is responsible Debtors disputes may intentionally not be followed
for customers enquiries up. (1)
and makes adjustments
without approval from a Bad debts may result due to the weakness. (1)
senior official. (1)
Adjustments may be made to debtors account to
hide fraudulent transactions and errors. (1)
Mrs Grobbelaar is Mrs Grobbelaar may intentionally not follow up long
responsible for the outstanding debtors to hide fraudulent transactions
debtors ledger and is (1) and/or bad debts (1).
following up long
outstanding debtors
without
review/supervision thereof
by the accountant. (1)
GENERAL CONTROLS Errors and Fraud may not be detected which will
result in inaccurate accounting records (1) and
There is no independent possible bad debt.(1)
review/segregation of

38
duties of accounting
work. (1)
The despatch This may result in theft of goods by the storeroom or
department do not sign despatch employees. (1)
as acknowledgement of
custody of goods
received. (1)
If goods are not in stock This may result in the loss of customers and sales.
the customer is not (1)
notified. (1)
The invoice is prepared This may result in incorrect invoicing and accounting
without making reference records. (1)
to the approved price list
(1) This may also lead to dissatisfied customers (1)
AVAILABLE MARKS: 48 MAXIMUM MARKS: 38 COMMINATION MARKS: 2

PART B
YOU ARE REQUIRED TO:
b) For each of the question with a YES answer, identify the 19 Marks
control objective(s) that will be achieved AND design
appropriate Test of Controls.

For each of the questions with a NO answer, discuss the

possible risks (consequences) of the ineffective/weak
controls.

Commination skills: Clarity of expression (.5) Structure & 1 Marks

Layout (.5)

Question Answer
Are wage payments, presented to the No
cheque signatories, supported by the
current and previous pay-roll and RISK
supportive documentation iro time  Payments may be made iro
worked, appointments, dismissals and Fictitious employees (1)
increases? For time not worked (1)
At faulty wage rates (1)

Are clock card pre-numbered and Yes

recorded in numerical order?
CONTROL OBJECTIVE:
Completeness (1)

TEST OF CONTROL
 Select a number of clock cards and
inspect that the clock cards are pre-
numbered (1) and verify/inspect

39
 that the clock cards is recorded in
numerical order (1)
Is the pay-out done by 2 persons? No

RISKS
 Wages can be taken/stolen by the
person responsible for pay-out. (1)

Is access to time, personnel and Yes

wages records controlled and limited to
authorised persons? CONTROL OBJECTIVE
Authorization (1)

TEST OF CONTROL
 Enquire from management (1) and
observe that access is restricted to
authorised persons only. (1)
Is there proper supervision over the Yes
clock in and out procedures?
CONTROL OBJECTIVE:
Validity (1) and Completeness (1)

TEST OF CONTROL
 Enquire about the process and
supervision during clock in and out
(1) and observe the process and
confirm that the control is working
effective (1)

Are all clock cards approved by a Yes

senior official and thereafter used to
record the wages in the accounting CONTROL OBJECTIVE:
records? Authorisation (1) Completeness (1)
Recording (1)

TEST OF CONTROL:
 Select a number of clock cards and
inspect the clock card for approval
(signature of a senior official) (1)
and follow the clock card through
the payroll, verify details (1)
Are all liabilities iro of wages and Yes
salaries raised appropriately at year
end? CONTROL OBJECTIVE
Cut- off (1)

TEST OF CONTROL
 Identify the liabilities that should be
raised/paid at year end and (1):

40
 Inspect payments made to the
external parties (egg SARS) and
verify that the transactions/liability
was correctly accounted for (1)

Are the payroll reviewed by a senior Yes

official and thereafter used to record
the payroll CONTROL OBJECTIVE
Validity (1)
amount in the general ledger? Accuracy (1)

TEST OF CONTROL

 Select a number of payroll entries

in the general ledger and
Trace the entries through to the
payroll, verify details (1);
Inspect the payroll for approval
(signature of senior official) (1) and
Recalculate the payroll (1)

AVAILABLE MARKS: 27 MAXIMUM MARKS:19 COMMUNICATION:1

Suggested solution Question 35

Part A
1.1 Receiving and authorisation of orders
Key internal Controls Control Objective Test Of Controls
No orders to be accepted if the Validity () Select a sample of approved
customer is not an approved internal sales order and
customer or does not have an  Inspect the approved
account number () i.e. customer list to confirm
customer does not appear on
the approved customer list. () that the customer name
and account number
appear on the list. ()

41
Key internal Controls Control Objective Test Of Controls
Customer order is matched to Accuracy () Obtain a sample of internal
internal sales order reviewed sales orders and
second order clerk for accuracy  Inspect for the signature
of detail. () of the second order
Prices on the Internals Sales clerk as evidence of
order are matched to the official
performing the checks.
price list. ()
()
Reconcile the customer order
and internal sales order to
confirm that the control was
satisfactorily carried out. ()
 Obtain the official price
list and compare with
the amounts on the
internal sales order to
confirm that they agree
and are accurate. ()

To confirm that customer are not Validity () Observe the order clerk taking
fictitious, they are required to an order over the phone and
provide pertinent details such as, confirm that customer details
() are requested. ()
 Identity number () Select a sample of customer
orders;
 Address () Inspect the orders for ID,
Thabeth signs the customer addresses to confirm that this
to acknowledge proof of was provided for by the
responsibility. () customer. ()
Enquire with the sale clerk
about procedures undertaken
when taking order from clients.
()
Inspect the signature of
Thabeth on a sample of
customer orders as evidence
of acknowledgement of
performing checks and
receiving the order. ()

42
Key internal Controls Control Objective Test Of Controls
Approval by the credit controller Validity () Select a sample of orders who
() is required for new customers have reached their
customers, customer who have credit limit, exceeded their
been flagged, reached their credit limit or have been
credit limit or exceeded their flagged and confirm that the
credit limit before an order is orders where approved by the
placed. () credit controller. ()
Credit controller provides Inspect the approval document
reasons with regards to the and confirm that reasons
approval of the above. () where furnished for each
approval and that the reasons
are valid. ()
Pre-printed sequentially Accuracy () Inspect the customer and
numbered customers order and internal sales order forms and
Internal order forms are used to confirm that they are pre-
record the customers’ orders. printed. to minimise the errors
() ()


Regular checks are performed Validity () and Completeness Inspect for the signature of the
by Veronica the order supervisor () supervisor on the report as
on: evidence of checks being
 Long outstanding orders carried out. ()
() Perform sequence test on the
ISO and customer order forms
 Missing numbers or on and investigate the missing
cancelled ISO () numbers to confirm if the
control is properly carried out.
Pre-printed sequentially ()
numbered customers order and
Internal order forms are used to
record the customers’ orders ()

The order clerk reads back the Accuracy () Observe the sales clerk taking
details to the customer to an order from a customer and
confirm that he has recorded confirm that
correct details. ()  He reads back the
details recorded for the
customer to confirm. ()

Available (38): Maximum (20)

43
1.2. Credit Management
KEY CONTROL CONTROL OBJECTIVE TEST OF CONTROL
The credit controller is the only Validity () Request any staff member to
one who has access to the open the credit masterfile
credit masterfile module. () module and confirm that they
do not have the function on
their laptops. ()
Request the access tables
from the IT department and
confirm that only the credit
controller has access rights to
the credit masterfile. ()
The masterfile module request Validity () Attempt to open the masterfile
the credit controller to enter a module on the credit
username and a password. () controllers computer to confirm
that it request for the username
and password. ()
The masterfile module is Validity () Attempt to log onto the
accessed by a password which masterfile module using
is at least 10 characters  Password with
containing letters and characters less than 10
numericals. () ()
The system freezes after 3
 Password which contain
unsuccessful attempts. ()
letters or numeric only
and ()

Confirm that the system do not

allow access.
Attempt to enter an incorrect
password three times and
confirm that the system freezes
to prevent unauthorised
access. ()

44
The following programmed Completeness () Select a sample of debtors
checks are performed Validity () from the debtors ledger and
 Sequent test () Accuracy()  Inspect the logs to
confirm that missing
 Limit Checks ()
numbers are recorded
 Dependency check () on the logs. ()

All overrides and approvals of  Attempt to place an

the new debtors are logged by order that is above the
the system. () approved credit limit of
the customer and
confirm if this is rejected
by the system. ()

Select a list of new customers

and overrides that were
approved and inspect the log to
confirm that they have been
recorded. ()
Inspect the log of overrides and
confirm that reasons were
provided by the credit
controller for approving the
customer. ()
Background checks are carried Validity () Enquire with the credit
out on the new customers controller with regard to the
together with following up on procedures undertaken when
their trade references. () carrying out background
checks. ()
Select a sample of new
customers and request
evidence of background check
from the credit controller to
confirm that the procedures
were carried out. ()

45
Logs of new customer Accuracy () Inspect the log for the
approvals and overrides are signature of the financial
reviewed by the financial director as proof of review. ()
director. ()
Debtors added on the debtor’s Validity () Select debtors from the
ledger are reconciled to with debtor’s ledger and confirm
the application form to identify that they are supported by an
fictitious debtors. () approved application form. ()
Available (34): Maximum (15)
Other valid points 1 mark each
Communication skills, Structure and layout and Clarity of expression (2)

46
 b. Describe the weakness in the data conversion procedures carried out by the data clerk.
Problems found in the data were not resolved prior to conversion. Had this been solved the ()
problems identified during post implementation review would have been solved.
The user departments did not sign off on the data converted as this was done by William. ()
He is likely not have the adequate knowledge on the data.
No direct confirmation was done with the customers of the balances reflected in the system. ()
No follow up of exceptions was undertaken by a senior personnel, instead William just noted ()
them down.
The system was not tested on an output level by users, auditors e.g. tests were not carried ()
out if invoices and debtors statements were correctly produced.
The process of conversion was not properly supervised by a competent senior personnel ()
or IT manger
They is lack of segregation of duties as Williams performs many tasks by himself. ()
William is inexperience to carry out the data conversion. ()
The information on the old system was not backed up prior to the conversion ()
No proper planning of the conversions was undertaken e.g. date of conversion or data ()
preparation
File comparisons between old and new files, and resolving of discrepancies was not ()
undertaken
Data to be converted was not thoroughly checked and discrepancies resolved prior to ()
conversion.
Available(12): Maximum(5)

Suggested solution Question 36

Number Risks Recommendations

1 – Unnecessary employees could be Requests for appointment or dismissal
recruited. () of employees should originate from the
– section making the request. ()
2 Incompetent / unsatisfactory employees Specifications of the position and the
could be appointed. () skills required must be agreed to by
Employees without skills and proper the requesting section and the HR
specifications can be hired. () Department to ensure that a suitable
candidate is employed. ()

3 Incompetent / unsatisfactory employees Sound personnel practices should be

could be appointed. () followed to obtain honest, competent
personnel. ()
Interviews must be carried out by a
properly constituted interview panel.
()
Background checks must be carried
out before an employee receives
confirmation of employment letter. ()

47
4 Fictitious employees could be added on An employee file should be opened
the employee master file. () and maintained for each employee and
Inaccurate or incomplete records can be all personal information, employee
kept. () number, appointment date,
compensation, benefits, copies of
deduction authorization forms, tariff
amendment forms etc. should be kept
in the file at the HR department. ()
5 – Not all amendments to the employee – All amendments should be
master file might be recorded. () documented on the sequenced
– Unauthorised amendments to the master file amendment forms
master file might occur. () before they can be processed on
the computerised employee master
file. ()
– Master file amendments should be
cross-referenced to the supporting
documentation and authorized by a
senior member of the personnel
section. ()
The file of master file amendment
forms should be reviewed for validity
and gaps in sequence from time to
time. ()
6 Unauthorised changes to the employee – Restrict write access to the
master file can be made e.g. fictitious employee master file to a specific
additions. () member of the personnel section
by the use of user ID and
password. ()
– The data capturer must be required
to log in using his username ID and
password to gain access to the
employees’ master file. ()
– Password controls should be
enforced e.g. passwords must be
unique, consist of at least six
characters, random (not obvious),
mix of letters, numbers upper /
lower case and symbols etc. ()
7 Fictitious / invalid hours worked will be Entry and exit points to work area to
recorded. () be:
– Limited (preferably one). ()
– Protected by a “turn style” type
mechanism. ()
– Supervised during clocking periods.
()
8 Hours on clock card incorrectly calculated The administrative clerk should
for normal and / or overtime. () calculate the normal and overtime
hours worked. The totals should be
documented on the clock card. ()

48
9 Hours on clock card incorrectly calculated The Section Head should before the
for normal and / or overtime. () batch of clock cards are transferred to
payroll preparation:
– Review calculations of normal and
overtime hours worked ()
– Authorise the overtime ()
– Check and sign the batch control
sheet, ()
10 Incorrect or unauthorized pay rates, hours A supervisor should:
or deduction tables could be used. () – Verify hours and rates used in
compiling the payroll against the
clock cards and the employee list.
()
– Verify deductions against relevant
tables. ()
– Verify amendments to the payroll
against supporting documentation.
()
– Re-perform calculations and the
wage reconciliation. ()
– Sign the payroll. ()
The HR Director should carefully
review and sign the payroll and wage
reconciliation. ()
11 Pay packets could be stolen. () The Section Head should lock away
the pay packets in a safe until pay out.
()
12 Employees could be given incorrect pay A wage payout should be conducted
packets. () by at least two employees e.g. an
independent paymaster and the
Pay packets could be stolen. () section foreman. ()
13 Employees could be given incorrect pay All employees should produce
packets. () identification before they can receive
Pay packets could be stolen. () their pay packets. ()
14 Employees’ pay packets can be stolen. () Employees should not be allowed to
There’s a risk that fictitious employees are collect pay packets on behalf of other
being paid. () employees. ()
15 There’s a risk that fictitious employees are – Regular reconciliations of the
being paid. () unclaimed pay packets and the
unclaimed wage register should be
performed. ()
– The unclaimed wage register
should be reviewed for unusual
occurrences. ()
Available(23):Maximum: (15) Available(31):Maximum: (15)

49