Audit & Internal Review

Auditing 1Lecture 13Internal ControlsIntroduction The auditors must understand the accounting system and control environment in order to determine their audit approach.An understanding of internal control assists the auditor in identifying types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing and extent of further audit procedures.Definitions Internal control is defined as the whole system of control, financial and otherwise, established by the management in other to carry on the business of the enterprise in an orderly and manner efficient, ensure adherence to management policies, safeguard the assets and secure as far as possible the completeness and accuracy of records. APC of UKThe individual components of an internal control system are known as controls or internal controls.

Internal control is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entitys objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. ISA 315Definitions Internal controls includes all policies and procedures adopted by the directors and management of an entity to assist in their objective of achieving as far as possible the orderly and efficient conduct of the business including adherence to internal policies, safeguard of assets, the prevention and detection of fraud and error, the accuracy and completeness of accounting record and timely preparation of reliable financial statement.

Definitions Objectives of Internal ControlsInternal Controls are instituted in an organization in order to ensure:The reliability and integrity of informationCompliance with policiesThe safeguarding of assetsThe economical and efficient use of resourcesThe accomplishment of established objectives and goals for operations and programmes

Elements of internal controlsInternal control has five elements;The control environmentThe entitys risk assessment processThe information system relevant to financial reportingControl activitiesMonitoring of controls

Control environmentThe control environment is the framework within which controls operate. It is very much determined by the management of a business.It includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entitys internal control and its importance in the entity.A strong control environment does not by itself, ensure the effectiveness of the overall internal control system, but can be a positive factor when assessing the risks of material misstatement. A weak control environment can undermine the effectiveness of controlsElements of control environmentCommunication and enforcement of integrity and ethical values.Commitment to competenceParticipation by those charged with governanceManagements philosophy and operating styleOrganizational structure.Assignment of authority and responsibility Human resource policies and practices

Entitys risk assessment processISA 315 says the auditor shall obtain an understanding of whether the entity has a process for;Identifying business risks relevant to financial reporting objectives.Estimating the significance of the risksAssessing the likelihood of their occurrenceDeciding upon actions to address those risksInformation system relevant to financial reportingThis is a component of internal control that includes the financial reporting system, and consists of the procedures and records established to initiate, record, process and report entity transactions and to maintain accountability for the related assets, liabilities and equity. The areas include;Classes of transactions in the entitys transactionsProcedures within both IT and manual systems are initiatedRelated accounting recordsControls surrounding journal entrriesControl activitiesThese are those policies and procedures that help ensure that management directives are carried out.Control activities include those activities designed to prevent or detect and correct errors. They include activities relating to authorisation, performance reviews, information processing, physical controls and segregation of duties.Examples are approval and control of documents, controls over computerised application, checking arithmetical accuracy of records, etc

Monitoring of controlsThis is a process to assess the effectiveness of internal control performance over time. It includes assessing the design and operation of controls on a timely basis and taking necessary corrective actions modified for changes in conditions.

Limitations of accounting and control systemsAny internal control system can only provide the directors with reasonable assurance that their objectives are reached, because of inherent limitations. These include;The costs of control not outweighing their benefitsThe potential for human error (key)Collusion between employeesThe possibility of controls being by-passed or overridden by managementControls being designed to cope with routine and not non-routine transactionsRecording accounting and control systemsThe auditor must keep a record of the clients systems which must be updated each year. This can be done through the use of narrative notes, flowcharts, questionnaires or checklists.Narrative notesThe purpose of narrative notes is to describe and explain the system, at the same time as making any comments or criticism which will help to demonstrate an intelligent understanding of the system.Advantages Simple to record and understandFlexible method and can be used for any systemEditing is easy when computerisedDisadvantages Time consuming compared to flowchartsAwkward to update if kept manuallyDifficult to identify missing controls

Flowcharts This can take many forms but generally are graphic illustrations of the physical flow of information through the accounting system. Flowlines represent the sequence of processes, and other symbols represent the inputs and outputs to a process. Visit http//www.rff.com/flowcharts_samples.htmAdvantages Can be prepared easily after a little experienceFairly easy to follow and reviewSystem is recorded in its entirety from start to endEliminate the need for extensive narrativeDisadvantages Suitable for standard systemsAmendment is difficult without withdrawingTime consuming to areas that are of no audit significanceICQsThe major question which internal control questionnaires are designed to answer is How good is the system of controls?Although many different forms of ICQs exist in practice, they all conform to the following basic principles.They comprise a list of questions designed to determine whether desirable controls are present.Formulated to cover each of the major transaction cycle.ICQ is to evaluate the system as well as record it.Example; Are purchase invoices checked with GRN before being passed for payment? YES/NO/Comments

ICQ example on Goods inwardAre suppliers examined on arrival as to quantity and quality?Is such an examination evidenced in some way?Is receipt of suppliers recorded, perhaps by means of goods inwards notes?Are receipt records prepared by a person independent of those responsible for;Ordering function?The processing and recording of invoicesICEQsICEQs are concerned with assessing whether specific errors (or frauds) are possible.They concentrate on significant errors or omissions that could occur at each phase of the appropriate cycle if controls are weak. Examples on purchases include;Is there reasonable assurance that;Goods or services could not be received without a liability being recorded?Receipt of goods or services is required in order to establish a liability?A liability will be recorded:Only for authorised itemsAt the proper amount?Advantages and disadvantages of ICEQsAdvantages Can ensure all controls are consideredQuick to prepareEasy to use and controlEasier to apply to a variety of systems than ICQsIdentify key controlsHighlight deficienciesDisadvantages Can be drafted vaguely, hence misunderstoodMay contain irrelevant controlsMay not include unusual controlsMay overstate controlsChecklists Checklists may be used instead of questionnaires to document and evaluate the internal control system.The difference is that instead of asking questions, statements are made to mark off and tick boxes are used to indicate where the statement holds true.Example Suppliers are examined on arrival as to quantity and quality.TickCross outChecklists share many advantages and disadvantages of ICQs and ICEQsTYPES OF INTERNAL CONTROLSPreventive Controls: that is, to deter undesirable event from occurring.Detective Controls: This is aimed at detecting undesirable event which have occurred.Corrective Controls: To remedy any undesirable event that has occurred.INTERNAL CONTROL MEASURES/ PROCEDURESS Segregation of DutiesO Organisation A Authorisation P Physical S Supervisory P Personal A Arithmetical and accountingM Management

SEGREGATION OF DUTIES:These should be a division of responsibilities for authorizing or initiating transactions physical custody and control of assets recording the transaction. Segregation of duties reduces the risk of intentional manipulations or error and increase the element of checking

ORGANISATION:Enterprises should have a plan of their organization, defining and allocating responsibilities and identifying lines of reporting for all aspects of the enterprises operations, including the controls. The delegation of authority and responsibility should be clearly specified

AUTHORISATION OR APPROVALAll transactions should require authorization or approval by an appropriate responsible person. The limits for these authorizations should be specified

PHYSICAL: These are concerned mainly with the custody of assets and involve procedures and security measures designed to ensure that access to assets is limited to authorized personnel. For example, the custody of the keys to the safe should be limited to only the cashier and possibly a highly placed responsible official.

SUPERVISORYAny system of internal control should include the supervision of responsible officials of day to day transactions and recording thereof.

PERSONNEL:There should be procedures to ensure be procedures to ensure that personnel have capabilities commensurate with their responsibilities. Inevitably, the proper functioning of any system depends on the competence and integrity of those operating it. The qualification, selection and trainings well as the innate personal characteristics of the personnel involved are important features to be considered in setting up any control system.

ARITHMETIC OR ACCOUNTING:These are the controls within the recording functions which check that the transactions to be recorded and processed have been authorized, that they are all included and that they are correctly recorded and accurately processed. Such controls include checking the arithmetical accuracy of the records, the maintenance and checking of totals, reconciliations, control accounts and trial balance and accounting for documents.

MANAGEMENT:These are the controls exercised by management outside the day to day routine of the system. They include the overall supervisory controls exercised by management, the review of management accounts, and comparisons thereof with budget, the internal audit function and any other special review procedures.

Limitations on the effectiveness of internal controlsNo internal control system however elaborate, can by itself guarantee efficient administration and the completeness and accuracy of the records, nor can it be proof against fraudulent collusions, especially on the part of those holding positions of authority or trust. Internal controls depending on separation of duties can be avoided (side stepped) by collusion.

Authorization controls can be abused by the persons in whom the authority is vested, whilst the competence and integrity of the personnel operating the controls may be ensured by selection and training, these qualities may alter due to pressure exerted both within and outside the enterprise.Human error due to errors of judgment or interpretation, or misunderstanding, carelessness, fatigue or distraction may undermine the effective operation of internal controls.

Limitations on the effectiveness of internal controlsWhy internal controls should interest the auditorIf the auditor wishes to place reliance on any internal controls, he should ascertain and evaluate these controls and perform compliance tests on their operation.The Auditors objective in evaluating and testing internal controls is to determine the degree of reliance which he may place on the information contained in the accounting records. If he obtains reasonable assurance by means of compliance test that the internal controls are effective in ensuring the completeness and accuracy of the accounting records and the validity of entries therein, he may limit the extent of his substantive testing Lecture 14Test of controlsIn specific areas of businessFinancial statement assertionsAudit tests are designed to obtain evidence about the financial statement assertions.Assertions relate to classes of transactions and events, account balances at the period-end, and presentation and disclosure.Financial statement assertions are the representations by management, explicit or otherwise, that are embodied in the financial statements as used by the auditor to consider the different types of potential misstatements that may occur.ISA 315 states that the auditor must use assertions for classes of transactions (ie income statement), account balances (ie SOFP), and presentation and disclosures in sufficient detail to form the basis for the assessment of risks of material misstatement and the design and performance of further audit procedures.Financial statement assertionsAssertions about classes of transactions and eventsOccurrence; transactions and events that have been recorded have occurred and pertain to the entity.Completeness; all transactions have been recorded.Accuracy; amounts and other data have been recorded appropriatelyCut-off; transactions have been recorded in the correct accounting periodClassification; recorded in the proper accounts

Existence; assets, liabilities and equity interests exist.Rights and obligations; entity holds or controls the rights to assets and liabilities are the obligations of the entity.Completeness; all assets, liabilities and equity (ALE) that should have been recorded have been recorded.Valuation and allocation; all ALE are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.Assertions about account balancesOccurrence and rights and obligation; disclosed events, transactions and other matters have occurred and pertain to the entity.Completeness; all disclosures that should have been included in the financial statements have been included.Classification and understandability; financial information is appropriately presented and described, and disclosures are clearly expressed.Accuracy and valuation; information are disclosed fairly and at appropriate amounts.Assertions about presentation and disclosureOBJECTIVESTo ensure that all cash to which the enterprise is entitled is receivedTo ensure that all such cash is properly accounted for and entered in the recordsTo ensure that all cash is deposited promptly and intact.

Cash sales and collectionsMEASURES:Clearly defining and limiting the number of persons who are authorized to receive cash. Sales assistants, cashiers etc. must be clearly identified.Establishing a means of evidencing cash receipts. E.g. receipt books should be numbered serially and should be in triplicates, a responsible official other than the cashiers should keep control of the cash receipt books and the issues as well.Ensure that whoever pays cash, must receive a receipt. And if a cash register is used, the amount rung up should be visible to the customer.

Cash sales and collectionsMEASURESAppointment of officials with responsibility for employing cash register at prescribed intervals, and agreeing the amount present with till roll totals. Such collections should be evidenced in writing and be initialed by the assistant and the supervisor.All cash and cheque must be banked intact and promptly.All cash shortages and excesses should be promptly investigated.The cashier should not have access to other cash funds or sales ledgers or even the purchases ledger.There should be occasional rotation of jobs.

Cash sales and collectionsTest of controls (compliance testing)As part of his overall plan the auditor must ascertain the adequacy of the accounting system and the internal controls system. He will decide which controls if any he wishes to rely on and plan compliance tests to determine whether such reliance can be warranted. The auditor will almost certainly use the Internal Control Evaluation Questionnaire (ICEQ) completed for each component part of the system to draw up the compliance controls to be tested and provide information as to their strength and importance.Test of Controls are designed to check that the control procedures are being applied and that control objectives are being achieved.Sales SystemThe three separate elements into which accounting controls may be divided clearly appear in the consideration of sales procedures. They are selling (authorisation), goods outwards (custody) and accounting (recording).

The control objectives include the following:Sales are made in accordance with the company objectives, with agreement in place with all customers.Customers orders are authorised, controlled and recorded in order to execute them promptly and determine any provision required for losses arising from unfulfilled commitments.Goods shipped and work completed is controlled to ensure that invoices are issued and revenue recorded for all salesGoods returned and claims by customers is controlled in order to determine the liability for goods ordered and claims received but not entered or recorded in the debtors records.Invoices and credit notes are appropriately checked as being accurate and authorised before being entered in the debtors records.Sales System- Control objectivesSales System-Control considerationsSelling: Considerations include the following:What arrangements are to be made to ensure that goods are sold at their correct price and to deal with cheque receipts, discounts and special reduction including those in connection with cash sales?Who is responsible for and how control is to be maintained over the granting of credit terms to customers.Who is responsible for accepting customers orders and what procedures are to be adopted for issuing production orders and dispatch notes?Selling: Who is to be responsible for the preparation of invoice and credit notes and what controls are to be instituted to prevent errors and irregularities. For example, how selling prices are to be ascertained and authorised, how the issue of credit note is to be controlled and checked, what checks should be on prices, quantities, extensions and totals shown on invoices and credit notes and how such documents in blank or completed form are to be protected against loss or misuse.What special controls are to be exercised over the dispatch of goods free of charge or on special terms?

Sales System-Control considerationsGoods Outwards: Factors to be considered include the following:Who may authorize the dispatch of goods and how such authority is evidenced.What arrangements are to be made to examine and record goods outwards (preferably this should be done by a person who has no access to stocks and has no accounting or invoicing duties)The procedures to be instituted for agreeing goods outwards records with customers orders, dispatch notes and invoices.

Sales System-Control considerationsAccounting: As far as possible sales ledger staff should have no access to cash, cash books or stocks and should not be responsible for invoicing and other duties normally assigned to sales staff. The following are amongst matters which should be considered:The appointment of persons as far as possible separately responsible for:Recording sales and sales returnsMaintaining customers accountsPreparing debtors statementsSales System-Control considerationsArrangements to ensure that goods dispatched but not invoiced (or vice versa) during an accounting period are properly dealt with in the accounts of the periods concerned.What procedures are to be adopted for the preparation, checking and dispatch of debtors statements and for ensuring that they are not subject to interference before dispatch.How discounts granted and special terms are to be authorised and evidenced.What procedures is to be adopted for reviewing and following up overdue accounts.Who is to authorize the writing off of bad debts and how such authority is to be evidenced.Sales System-Control considerationsSUBSTANTIVE TESTS (Sales)Accounting Records:Check additions and cross-casts of the sales daybook and sales returns day book.Check the posting of individual invoices to the nominal ledger and the control accountsCheck entries in the sales day book and sales returns day book back to original invoices, credit notes and dispatch notes and vice versa.

Invoices and Credit Notes:Check the numerical sequence of invoices, enquiring into missing numbers and inspecting all copies of cancelled invoices.Check copy sales invoices and credit notes with sales day books and debtors ledger accounts, checking analysis of sales day books where appropriate and authorisation of credit notes.Compare invoice prices with authorised, up to date price lists, quotations and correspondence.Check calculations and additions of invoices and credit notesScrutinize credit notes for large or unusual items.SUBSTANTIVE TESTS (Sales)Stock Records:Check goods dispatched notes or goods outwards records to copy sales invoices.Trace good outwards from invoice or dispatch note to stock recordTrace goods returned from return documentation to stock records and credit notes.

SUBSTANTIVE TESTS (Sales)General: Where returns or allowances affect the calculation of commissions, ensure that adjustments have been made properly.Control Accounts: Test the year-end control account reconciliation, checking back to source documentation such as sales invoices, cash and returns records. Ensure that any reconciling items are dealt with properly.

SUBSTANTIVE TESTS (Sales)Analytical Procedures:Fluctuations in sales levels. Compare levels of sales throughout the year on a month-by-month basis and also sales in the last month of the year to sales in the first month of the next year.Investigate any large fluctuations. Consider vouching larger individual sales.Compare current gross profit percentage to previous yearCompare stock turnover rate to previous year.

SUBSTANTIVE TESTS (Sales)Cut Off Tests:Select items on both sides of the end date and ensure that they have been properly treated in the correct accounting period.Examine the file of unprocessed invoices and dispatch notes and ensure that none belongs to the period under review but has not been treated.Check that dispatch notes issued before the end of the year but not matched by any invoices are accrued and reported in the accounts under review.

SUBSTANTIVE TESTS (Sales)DisclosureCheck the classification, description and presented of sales and sales return in the financial statements.Check that amounts stated are in agreement with the accounting records.

SUBSTANTIVE TESTS (Sales)Note You may have noticed that the tests of controls and substantive procedures noted above sometimes appear very similar. One test can serve both as a test of control and as substantive procedure. Where for example, an invoice is checked for authorisation (test of control) it can also be checked for accuracy and pricing (substantive procedure). This does not mean that tests of controls and substantive procedures are interchangeable. It is vital that you understand the conceptual difference between the two types of test.