Week 11

1
Week 10 Internal control

• Week 10 Internal control I (syllabus ref 12)
• Describe the objectives of internal control
  systems and the responsibility for internal
  control systems in the context of organisational
  objectives.
• Describe the importance of internal control to
  auditors.
• Describe and illustrate the limitations of
  internal control systems in the context of fraud
  and error.
• Explain the need to modify the audit plan in the
  light of the results of tests of control.
• Distinguish between tests of control and
  substantive tests.

2
Week 10

• Internal Control and Audit Risk Evaluation
• Features of accounting and control systems.
• Internal controls and their inherent limitations.
• Assessment of accounting and control systems.

3
Internal Control Definition

• Internal control is the process designed and
  effected by those charged with governance,
  management and other personnel to provide
  reasonable assurance about the achievement of the
  entitys objectives with regard to reliability of
  financial reporting, effectiveness and efficiency
  of operations and compliance with applicable laws
  and regulations.
• Internal control consists of the following
  components
• The control environment
• The entitys risk assessment process
• The information system, including the related
  business processes, relevant to financial
  reporting, and communication
• Control activities and
• Monitoring of controls." ISA 315 para 42-43

4
Features of Control Systems

• Internal control - the environment installed by
  directors and management within an organisation
  to ensure the following
• Orderly conduct of the business
• Safeguarding of assets
• Prevention of fraud
• Accuracy/completeness of financial records
• Timely presentation of financial information

5
Control Environment

• Relevant factors
• Integrity and ethical values.
• Commitment to competence.
• Managements philosophy operating style.
• Organisational structure.
• Assignment of authority and responsibility.
• Internal audit.
• Use of information technology.
• Human resource policies and practice.
• Board of directors and audit committee.

6
Control Systems

• Mechanisms put in place by the directors/managemen
  t of the organisation.
• To ensure the ultimate aims of the organisation
  are achieved in a manner that meets the confines
  of both legal and social requirements.

7
Internal control evaluation

• System evaluation - an important source of
  evidence for auditors in forming an opinion on
  the probability, possibility and incidence of
• error,
• irregularity,
• dishonesty and
• fraud.
• Also on the creditability and verifiability of
  data and information produced by the system.

8
Limitations

• The internal control system will only provide
  reasonable assurance because of
• Costs versus benefits.
• Management override.
• Human error.
• Mistakes in judgment.
• Collusion.
• Breakdowns e.g. system not being able to cope
  with a non-routine transaction.

9
Assessing the risk of material misstatement

• The auditor must assess the adequacy of the
  systems as a basis for the financial statements
  and must identify the risks of material
  misstatements.
• Assess the adequacy of the accounting system.
• Identify the potential misstatements.
• Consider the factors that may affect the risk of
  misstatements.
• Design appropriate audit procedures.

10
Assessment of the accounting control systems

• It is part of the role of the auditor to assess
  the accounting control systems.
• Allowing them to vouch the adequacy of the
  accounting system.
• From which the financial statements are derived.

11
ISA 315

• ISA 315 Obtaining an Understanding of the Entity
  and its environment and assessing the risks of
  material misstatement.
• Requires auditors to
• Obtain an understanding of the control
  environment.
• Sufficient to determine their audit approach.
• Whether systems-based or substantive.

12
Walk Through Test

• Normally done annually.
• To confirm their understanding and documentation
  of the system.
• Involves taking a transaction and walking it
  through the system from the source to its
  destination.(cradle to the grave)
• Sales
• Purchases
• Payroll

13
Section. 221 1985 Act

• The auditor must bear in mind that
• The company being audited has a legal requirement
  under s 221 of the 1985 Act.
• To maintain sufficient accounting records.
• Plc companies are required to maintain accounting
  records for 6 years and in the case of a private
  company 3 years (section 222 85 Act).

14
Testing controls

• The auditor believes the system is strong and can
  be relied upon.
• Consider how, consistency and by whom?
• Examples of tests of control
• Inspection of documents supporting controls.
• Inquiries about internal controls .
• Reperformance of control procedures.
• Examination of evidence of management reviews.
• Testing controls over computer systems.
• Observation of controls.

15
Internal Control

• Application to smaller entities needs further
  consideration.
• Control in computer information systems.
• General IT controls.
• Application controls.
• Potential to both increase and decrease risk of
  errors.
• NOTE Important area see pages 167 to 170 of BPP.

16
Types of internal controls

• 3 key types
• Preventive.
• Detective.
• Corrective.

17
Preventive

• Prevents risks occurring from fraudulent or
  erroneous transactions by
• Authorisation controls.
• Segregation of duties.
• Recruitment of trained staff.
• Ensuring staff have an effective control culture.

18
Detective

• These are controls that detect if problems have
  occurred picking up errors not prevented e.gs
• Exception reports.
• Reconciliations.
• Supervisory checks.

19
Corrective

• Address problems that have occurred, these
  controls ensure errors are properly rectified.
• Follow up reports.
• Management action.

20
Specific Control Procedures

• Set in place to ensure prevention of errors these
  can be as follows
• Approval of documents.
• Control over computer environment.
• Arithmetical accuracy.
• Reconciliation of control accounts.
• Comparing external internal sources of
  information.
• Limited access to physical assets and records.

21
Overall control

• No one person should be in a position
• To misappropriate an asset.
• To conceal the act by falsifying the records.
• For example
• Duties of receiving money from debtors and
  maintaining the sales ledger should be separated.
  
• If not money could be mis appropriated and the
  debtors ledger falsified to cover this!

22
Recording of Accounting Control Systems

• In order to test the system of accounting the
  auditor must first record and understand it.
• There are a number of ways of doing this
• Narrative notes
• Flowcharts
• Questionnaires

23
Narrative notes

• Simply record the system.
• Difficult to change.
• The advent of PCs now less difficult.
• This method basically describes and explains in
  notes the accounting system for the period under
  review.

24
Flowcharts

• Document flowcharts show the flow of documents
  from the cradle to the grave in the accounting
  system.
• Information charts show the entries in the
  nominal/general ledger and trace back to the
  original transaction.

25
Questionnaires

• Two types each have a different purpose
• ICQ Internal Control Questionnaire
• ICEQ - Internal Control Evaluation
  Questionnaire

26
ICQ Internal control questionnaire

• Used to ask whether controls exist which meet
  specific control objectives. E.g.
• Are purchases invoices checked to goods received
  notes before being passed for payment
  Yes/No/Comment
• A No answer clearly indicates a weakness in the
  organisations accounts payable system!

27
Advantages/disadvantages

• Advantages
• All controls are considered
• Quickly prepared
• Easy to use
• Disadvantages
• Overstatement of controls
• May contain irrelevant controls
• No impression of all controls of equal weight

28
Internal Control Evaluation Questionnaire

• Concerned with assessing if specific errors or
  frauds are possible rather than determining if
  certain controls are present.
• By reducing the control criteria for each
  transaction to a limited number of questions.
• Therefore concentrating on the significant errors
  or omissions that could occur.

29
Advantages/disadvantages

• Advantages
• Drafted with objective in mind
• Identifies key controls
• Highlights areas of weakness
• Disadvantages
• If drafted vaguely can be misunderstood by audit
  staff.

30
Developing the audit programme

• Usually prepared in two stages
• Planning
• Performance

31
Planning

• The auditor plans work to allow for evaluation.
• Thereby determining if they can rely on the
  system or not!
• Using the sales system for example.

32
Planning sales cycle

• Is there reasonable assurance?
• That sales are properly authorised
• That sales are made to reliable customers
• That all goods despatched are invoiced
• That all invoices are properly prepared
• That all invoices are recorded
• That all credits to customers accounts are valid
• That cash cheques received are recorded and
  banked
• That slow payers are chased and bad debts are
  provided for
• That all transactions are properly accounted for.

33
Performance

• The document that states
• The audit objective to be met.
• The procedures to be performed .
• The timing of the procedures.

34
Reporting weaknesses

• Once having identified areas of weakness in the
  system.
• The auditor drafts a letter known as the
• Management letter
• To the client detailing the deficiencies in the
  system of controls found during the compliance
  testing/TOCs.

35
Amount of Detail in a Management Letter

• Recipient not an accountant may not readily
  appreciate points made.
• Client is new and this is the first management
  letter.
• Weakness raised before in brief terms and not
  been corrected.
• The letter is dealing with a weakness as opposed
  to a breakdown in control.
• The client is generally hostile or unsympathetic
  to a management letter.

36
Overview of the Audit Process
Last day of audit filed work
Beginning of the year
Balance sheet date
Interim period
Consideration of design of internal control
Interim substantive tests
Final substantive tests
Tests of controls
Planning