aue2602-exam-pack-2014-summary-of-entire-course-chapters-covered
advertisement
lOMoARcPSD|7502425 AUE2602 Exam Pack 2014 - Summary of entire course, chapters covered. Auditing Corporate Governance In Accounting (University of South Africa) StuDocu is not sponsored or endorsed by any college or university Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 2014 AUE 2602 EXAM PACK EXAM: 15 MAY 2014 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 1 AUE2602 Page 1 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 1 – Corporate Governance and statutory matters. Study Unit 1.1 – The background to corporate governance in South Africa Define corporate governance and briefly explain why is important to society that companies operate within the frame work of good corporate governance. Corporate governance is a system or process whereby companies are directed or controlled. It is about companies being good corporate citizens and all that this entails. Companies are integral part of the modern society and it therefore follows that healthy, honest, open, competently and responsible controlled companies will improve the quality of modern society. Key aspects of the King III report 1. Leadership 2. Sustainability 3. Corporate citizenship Three important aspects of sustainability 1. Inclusivity of stakeholders 2. Innovation, fairness and collaboration 3. Social transformation Application of the code King III applies to all entities regardless of the manner and form of incorporation. However the size and nature of the company will determine how the entity applies the reccomnadtions. Further it is recommended by King III that an entity discloses the practices/principles they chose not to apply and explain why. Study unit 1.3 – The King report and code on governance in South Africa No ‘one size fits all’ Entities and stakeholders will have to develop a deeper understanding of governance issues. This will enhance their ability to decide how governance principles and practices should be implemented. The ‘one size fits all’ approach will not work. The challenges will be deciding the optimal level of application required, balancing the costs and benefits to all stakeholders and being able to disclose such principles and practices in a fair and clear manner. Ethical leadership and corporate citizenship The board should provide effective leadership based on an ethical foundation Four ethical values underpinning good corporate governance 1. Responsibility – the board should assume responsibility for the assets and actions of the company and should take corrective action to keep the company on its correct path. 2. Accountability – the board should be able to justify its decisions and actions to all stakeholders. AUE2602 Page 2 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 3. Fairness – in its decisions and actions, the board should ensure it gives fair consideration to the interest of all stakeholders. 4. Transparency – the board should disclose information in a manner that enables all stakeholders to make informed analysis of the company’s performance. The board should ensure that the company is and is seen to be a responsible corporate citizen ¾ consider not only on financial performance but also the impact of the company’s operations on society and the environment; ¾ protect, enhance and invest in the wellbeing of the economy, society and the environment; ¾ ensure that the company’s performance and interaction with its stakeholders is guided by the Constitution and the Bill of Rights; ¾ stakeholder interaction is very important and the company reporting on its triple bottom line: o economic aspect relates to financial and non financial information o environment aspect include the effect of the company’s activities, products and services on the environment o the social aspect embraces the values, ethics and relationships with the stakeholders Board of directors The board should act as the focal point for and custodian of corporate governance ¾ have a charter setting out its responsibilities; ¾ meet at least four times per year; ¾ monitor the relationship between management and the stakeholders of the company The board should appreciate that strategy, risk, performance and sustainability are inseparable ¾ inform and approve the strategy; ¾ ensure that the strategy is aligned with the purpose of the company, the value drivers of its business and the legitimate interests and expectations of its stakeholders; The board and its directors should act in the best interests of the company ¾ The board must act in the best interests of the company. ¾ Directors must adhere to the legal standards of conduct. ¾ Directors or the board should be permitted to take independent advice in connection with their duties following an agreed procedure. ¾ Real or perceived conflicts should be disclosed to the board and managed. The board should consider business rescue proceedings or other turnaround mechanisms as soon as the company is financially distressed as defined in the Act ¾ The board should ensure that the solvency and liquidity of the company is continuously monitored; The board should elect a chairman of the board who is an independent non executive director. The CEO of the company should not also fulfil the role of chairman of the board The chairman should be: ¾ Appointed on an annual basis ¾ Independent and not conflicted ¾ The role of the chairman should be formalised. ¾ The chairman’s ability to add value, and his performance against what is expected of his role and function, should be assessed every year. ¾ Focus on social, sustainability and transformation issues AUE2602 Page 3 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ The board should ensure a succession plan for the role of the chairman ¾ The chairman should not be: o Not be a member of the audit committee o Not chair the remuneration committee o Not chair the risk committee o Can be a member of the nomination committee and chair it ¾ A lead independent director should be appointed in the case where an executive chairman is appointed or where the chairman is not independent or conflicted. The board should appoint the chief executive officer and establish a framework for the delegation of authority The board should: ¾ appoint the CEO; ¾ provide input regarding senior management appointments; ¾ ensure that the role and function of the CEO is formalised and the performance of the CEO is evaluated against the criteria specified; and ¾ ensure succession planning for the CEO and other senior executives and officers is in place. ¾ The CEO is central to sustainability of the company and should: o Play a critical and strategic role in the operation of the company o Ensure a long term strategy and vision of the company is developed and implemented o Ensure an ethical and positive work climate is maintained ¾ The CEO should not: o Not be the chairman o not be a member the remuneration, audit or nomination committee o not take on membership of other companies The board should comprise a balance of power, with a majority of non executive directors. The majority of non executive directors should be independent Executive Director ¾ is a director who is involved in the management of the company and/or is a full time salaried employee of the company and/or its subsidiary. ¾ Can be a non executive director of another company, however it should be in accordance with the board policy and approved by the chairman and CEO. Non Executive Director ¾ is a director who is not involved in the management of the company ¾ provide independent judgement on issues facing the copmany An independent, non executive director: A director who: ¾ is not a representative of a shareholder who has the ability to control or significantly influence management ¾ Does not have a direct or indirect interest in the company (including its holding or subsidiary company) which is material to the director or the company. (A holding of 5% or more is considered material) ¾ has not been employed by the company (or group) in any executive capacity for the preceding three financial years AUE2602 Page 4 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ is not a member of the immediate family of an individual who is, or has been during the previous three financial years, employed by the company (or group) in an executive capacity ¾ is not a professional advisor to the company ¾ is free from any business or other relationship which could be seen to interfere materially with the individual’s capacity to act independently ¾ Does not receive remuneration contingent upon the performance of the company. The board should: ¾ Comprise a balance of power, ¾ Consist of individuals with integrity and courage ¾ Have a suitable diversity of academic qualifications, technical knowledge, experience, nationality, race ¾ Has a minimum a CEO and a Financial director ¾ Have in place s structure program to rotate non executive directors ¾ At least one third of non executive directors should rotate every year ¾ Ensure that the independence of any independent non executive director who severed for more than 9 years be reviewed rigorously. Directors should be appointed through a formal process ¾ Procedure should be formal and transparent ¾ The MOI may include any provisions ¾ In the case of a profit company other than a state owned must provide for the election of 50% of directors by the shareholders ¾ A nomination committee should assist with the process of identifying suitable members of the board. ¾ Background and reference checks should be performed before the nomination and appointment of directors. ¾ Ensure that the proposed director is not declared delinquent The induction of and ongoing training and development of directors should be conducted through formal processes ¾ a formal induction programme is established for new directors ¾ inexperienced directors are developed through mentorship programmes; ¾ continuing professional development programmes are implemented; ¾ Appointments should be a matter for the board as a whole, assisted by the nominations committee. minimum of two executive directors of which one should be the CEO and the other the financial director The board should be assisted by a competent, suitably qualified and experienced company secretary ¾ The board should appoint and remove the company secretary (direct channel of communication to the chairman) ¾ The company secretary should: o have an arms length relationship with the board; o not be a director of the company; o assist the nominations committee with the appointment of directors; o assist with the director induction and training programmes; o provide guidance to the board on the duties of the directors and good governance; o ensure board and committee charters are kept up to date; o prepare and circulate board papers; AUE2602 Page 5 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 o o o o elicit responses, input, feedback for board and board committee meetings; assist in drafting yearly work plans; ensure preparation and circulation of minutes of board and committee meetings; assist with the evaluation of the board, committees and individual directors. The evaluation of the board, its committees and the individual directors should be performed every year ¾ The groups or individuals been evaluated should be fully aware of what they will be evaluated against, they must understand their functions and responsibilities. ¾ The board should set benchmarks against which performance appraisal will take place ¾ All directors (executive and non executive) including the CEO as well as company secretary should be evaluated ¾ Yearly evaluations should be performed by the chairman or an independent provider. ¾ The results of performance evaluations should identify training needs for directors. ¾ An overview of the appraisal process, results and action plans should be disclosed in the integrated report. The board should delegate certain functions to well structured committees but without abdicating its own responsibilities ¾ A board may appoint a number of committees and delegate authority ¾ The committee may include persons who are not directors but they must not be ineligible or disqualified and may not vote on any matter ¾ King III states that board committees should have formally established terms of reference covering: o Composition o Objectives, purpose and activities o Delegated authorities to make decisions o Reporting mechanisms ¾ King III recommends four standing committees: Audit committee: ¾ Chairman should be an independent non executive director Remuneration committee: ¾ Chairman should be an independent non executive director ¾ All members should be non executive directors ¾ Majority of which be independent Nomination committee: ¾ Chairman should be chairman of the board ¾ All members should be non executive directors ¾ Majority of which be independent Risk committee: ¾ Chairman should be a non executive director ¾ Members should include executive and non executive directors, senior management and independent risk management experts were necessary. ¾ A social and ethics committee should be appointed by: o State owned company o Listed public company o Company in the two previous years had a public interest score over 500 points. ¾ A director who is not a member of a specific committee may attend meetings but without the consent of the chairman will not have a vote AUE2602 Page 6 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ The committees’ terms of reference should be reviewed yearly and disclosed in the integrated report. A governance framework should be agreed between the group and its subsidiary boards ¾ Listed subsidiaries must comply with the rules of the relevant stock exchange in respect of insider trading. ¾ The holding company must respect the fiduciary duties of the director serving in a representative capacity on the board of the subsidiary. ¾ The implementation and adoption of policies, processes or procedures of the holding company should be considered and approved by the subsidiary company. ¾ Disclosure should be made on the adoption of the holding company’s policies in the integrated report of the subsidiary company. Companies should remunerate directors and executives fairly and responsibly ¾ Companies should adopt remuneration policies aligned with the strategy of the company and linked to individual performance. ¾ The remuneration committee should assist the board in setting and administering remuneration policies. ¾ The remuneration policy should address base pay and bonuses, employee contracts, severance and retirement benefits and share based and other long term incentive schemes. ¾ 2.25.4. Non executive fees should comprise a base fee as well as an attendance fee per meeting. Companies should disclose the remuneration of each individual director and certain senior executives ¾ The remuneration report, included in the integrated report, should include: o all benefits paid to directors; o the salaries of the three most highly paid employees who are not directors; o the policy on base pay; o participation in share incentive schemes; o the use of benchmarks; o incentive schemes to encourage retention; o justification of salaries above the median; o material payments that are ex gratia in nature; o policies regarding executive employment; o the maximum expected potential dilution as a result of incentive awards. Shareholders should approve the company’s remuneration policy ¾ Shareholders should pass a non binding advisory vote on the company’s yearly remuneration policy. ¾ The board should determine the remuneration of executive directors in accordance with the remuneration policy put to shareholder’s vote. Audit Committees The board should ensure that the company has an effective and independent audit committee ¾ Board approve terms of reference for the audit committee ¾ Meetings: o At least twice a year o Audit committee should meet with internal and external audit (without management been present) at least once a year Audit committee members should be suitably skilled and experienced independent non executive directors AUE2602 Page 7 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ All members to be independent non executive directors and at least 3 members ¾ All members collectively have good financial knowledge ¾ At least one third of members must have academic qualifications The audit committee should be chaired by an independent non executive director ¾ The chairman of the board should not be the chairman of the audit committee, the chairman of the audit committee should be elected by the board The audit committee should oversee integrated reporting ¾ The audit committee should have regard to all factors and risks that may impact on the integrity of the integrated report. ¾ The audit committee should review and comment on the financial statements included in the integrated report. ¾ The audit committee should review the disclosure of sustainability issues in the integrated report to ensure that it is reliable and does not conflict with the financial information. ¾ The audit committee should recommend to the board to engage an external assurance provider on material sustainability issues. ¾ The audit committee should consider the need to issue interim results. ¾ The audit committee should review the content of the summarised information. ¾ The audit committee should engage the external auditors to provide assurance on the summarised financial information The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities ¾ The audit committee should ensure that the combined assurance is received is appropriate to address all the significant risks facing the company. The audit committee should satisfy itself of the expertise, resources and experience of the company’s finance function ¾ Every year a review of the finance function should be performed by the audit committee. The audit committee should be responsible for overseeing of internal audit ¾ The audit committee should be responsible for the appointment, performance assessment and/or dismissal of the CAE. ¾ The audit committee should approve the internal audit plan The audit committee should be an integral component of the risk management process The audit committee should have oversight of: ¾ Financial reporting risk/internal financial risk o Audit committee responsible for overseeing risk management controls o Audit committee should be in a position to assess the company’s risk management program o Audit committee should report annually to the board on the effectiveness of the internal financial controls ¾ Fraud risks o Audit committee should consider material misstatements in the AFS which may result in fraud o Audit committee should review the arrangements made to employees and external whistle blowers to report concerns ¾ Information technology risks o The audit committee should play an oversight role regarding IT risk and controls, business continuity and data recovery, data security and privacy AUE2602 Page 8 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 The audit committee is responsible for recommending the appointment of the external auditor and overseeing the external audit process The audit committee should ¾ Recommend the appointment, re appointment and removal of external auditors ¾ Approve the terms of the external auditors engagement and remuneration ¾ Oversee the planning and execution of the annual external audit ¾ Define and implement a policy fir nature and extent were the external auditor may perform non audit services ¾ Review any accounting and auditing concerns from the internal or external audit The audit committee should report to the board and shareholders on how it has discharged its duties The report should provide ¾ Summary of the whole committee ¾ Whether the audit committee has adopted final terms of reference ¾ Names and qualifications of all members of the audit committee ¾ The number of audit committee meetings held and who attended ¾ Information on other roles assigned by the audit committee by the board List functions of the CEO 1) Recommending or appointing the executive team & ensuring proper succession planning & performance appraisals. 2) Developing the company’s for consideration and approval by the board. 3) Developing & recommending to the board yearly business plans and budgets that support the company’s long term strategy. 4) Monitoring and reporting to the board the performance of the company and its conformance with compliance imperatives. 5) Establishing an organisational structure for the company which is necessary to enable execution of its strategic planning. 6) Setting the tone in providing ethical leadership and creating an ethical environment. 7) Ensuring that the company complies with all relevant laws and corporate governance principles, and 8) Ensuring that the company applies all recommended best practices and, if not, that the failure to do so is justifiable explained. Why should the CEO not fulfil the role of the chairman of the board? ¾ Given the strategic and operational role of the CEO, and to prevent too much power vesting in one person, this appointment should be separate from that of the chairman of the board. AUE2602 Page 9 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Summary of the Audit committee Audit committee Chairman x Independent non executive director x The chairman of the chairman of the board should not be chairman or member of the audit committee. Membership x All members should be Independent non executive directors Members x Minimum of three members Meetings x Meet at least twice a year x Should meet with internal and external auditors at least once a year without management being present. Functions x Should oversee integrated reporting x Should ensure that a combined assurance model is applied x Should satisfy itself of the expertise, resources and experience of the company’s finance function. x Should oversee internal audit x Should be an integral component of the risk management process. x Should recommend the appointment of the external auditor and oversee the external audit process. x Should report to the board and shareholders on how it has discharged its duties. The Governance of Risk Aspect a) Overall governance of risk. Who is responsible The board Responsibilities x x x The boards responsibility should be expressed in the board charter The board should be responsible for the development and approval of a risk management policy and plan which should be o widely distributed throughout the company o reviewed once a year, and o its implementation monitored continually. The board should have the responsibility to ensure that the company has an implemented an effective ongoing AUE2602 Page 10 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 b) Designing, implementing and monitoring the risk management plan and policy. The board should delegate to management c) Monitoring risk management process. The board, risk committee, audit committee x x x x x d) Performing an objective assessment of the effectiveness of risk management. Internal audit x process to identify risk, measure its potential outcome and activate what is necessary to manage the risks. Management is accountable to the board for designing, implementing and monitoring the process of managing risk and integrating it into the day to day activities of a company. Risks are very diverse but it remains the responsibility of management lead by the Chief Executive Officer (CEO) to manage them. Larger companies may appoint a Chief Risk Officer (CRO). The board may appoint a risk committee specifically to deal with risk management. The risk committee should: o specifically consider the risks that may affect the sustainability of the company o review the risk management maturity of the company o consider the risk management strategies and policies o monitor the risk management policies The risk committee should: o Be chaired by a non executive director o Min of 3 members o Meet twice a year o Members should include executive and non executive directors, senior management and independent risk management experts were necessary (who will not have a vote). Internal audit’s key responsibility is to the board. It assist the board in discharging its governance responsibilities by: o performing reviews of the companies governance processes including ethics o performing an objective assessment of the adequacy and effectiveness of risk management and internal controls AUE2602 Page 11 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 o o systematically analysing and evaluating business processes and associate controls providing a source of information regarding fraud, corruption, unethical behaviour and irregularities AUE2602 Page 12 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 2 AUE2602 Page 13 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 2 – Internal Control Characteristics of internal controls Internal control is a process: it is a combination of systems, policies and procedures designed, implemented and maintained to address the risks of running a business. Internal control is effected by people: it does not only consist of policies, procedures or manuals it involves people at every level of the organization carrying out an assortment of tasks Internal control is not the sole responsibility of management: there is a shared responsibility for the internal control process, the directors, management and ordinary employees are all in their own ways responsible Internal control is not static: It is essentially a response to the risks of operating a business; risk change, responses must change Internal control is not fool proof: It provides only reasonable assurance that the risk that threaten the objectives of the business will be achieved Internal control is not a case of a single control addressing a single risk: Internal control policies and procedures must work in conjunction with each other and with the books, records and documents used. The control is a risk is best achieved by combination of actions policies and procedures. Internal control can be defined as the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to: ¾ the reliability of the entity’s financial reporting ¾ the effectiveness and efficiency of its operations ¾ its compliance with applicable laws and regulations Definition of assertions of management Assertions are in effect management’s representations about the company’s assets, equity, liabilities, transactions and events in the financial reports. Another word for assertions is representations. The link between internal control objectives and assertions Internal control objectives Assertions Valid (occurred and authorised) Actuate Complete Occurrence Existence Rights and obligations Accuracy Classification Valuation and allocation Completeness Cut off ¾ Completeness – all assets, liabilities, transactions or events, have been recorded have been recorded. AUE2602 Page 14 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ Occurrence A transaction or event which has been recorded, took place and pertains to the entity. ¾ Existence – assets, liabilities and equity interests exist at a given date ¾ Cut off – transactions and events have been recorded in the correct accounting period ¾ Accuracy: Amounts and other data relating to recorded transactions and events have been recorded appropriately. ¾ Classification – transactions and events have been recorded in the proper account ¾ Rights and obligations – the entity holds or controls the rights to assets and liabilities are the obligations of the entity. ¾ Valuation and allocation – assets, liabilities and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments (depreciation) are properly recorded. Limitations of internal controls Read examples from page 5/4 (In the exam you must be able to give a short explanation of the above to show you understand the meaning of the above.) Limitation Explanation Internal controls have to be cost effective. Certain errors or irregularities may go (Cost must be exceeded by expected benefit). undetected because management have decided that the appropriate control is too costly to implement. The emphasis of internal controls on routine Certain unusual transactions may not be transactions (as opposed to non routine). subjected to any "normal" controls and thus could give rise to undetected errors or irregularities. The risk of human error due to carelessness, Most controls require human involvement and distraction, mistakes of judgement, errors or irregularities therefore could go misunderstanding instructions. undetected as "nobody is perfect". The potential for collusion where the control Where one person has to carry out checks on depends on segregation of duties (with another’s work the control becomes non Internal or external parties). existent if the two people conspire to circumvent or “beat” the system. The potential for a member of management to Very often a member of management may override a control for which he or she is abuse the authority he or she has with regard responsible. to the exercising or implementing of an internal control by making a decision or taking action which makes the control ineffective. The possibility that internal control procedures The internal controls no longer suit the become inadequate due to changes in circumstances in which they were initially conditions in the business. established (no longer achieve their objective). Components of internal control 1 Control environment AUE2602 Page 15 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 2 3 4 5 Risk assessment Information system Control activities (read, but NB difference between Segregation of duties and isolation of responsibilities Monitoring of controls (left out) 1. The control environment It sets the “tone” of the entity and creates the atmosphere in which employees go about their duties. “Control consciousness” of entity – all are aware of controls implemented and it is being followed and monitored. 2. The entity’s risk assessment process ¾ Deals with identifying and addressing risks the entity faces ¾ Risk assessment process involves: o assessing likelihood and frequency of risk identified o estimating the potential impact if risk was to occur ¾ companies classify or describe risks: o operations risks: the risks that threaten the entity, its departments and functions from achieving effective and efficient operations, e.g. the risk of inventory theft o financial reporting risk: the risk that the entity does not achieve its objective of having an accounting system which records and process only transactions which have occurred and have been authorised and which are recorded and processed accurately and completely, e.g. the risk that fictitious wages will be paid o Compliance risks: the risk that the entity does not achieve its objectives with complying with laws and regulations applicable to the entity, e.g. taxation 3. The information system ¾ The objective is to produce information which is valid ( all transactions underlying the information actually occurred and were authorised), accurate and completed and timeously produced. ¾ Procedures to deal with(provide guidance) transactions include: o Initiation of the transaction (receipt for customers order) o Recording the transaction (entering details of customer in the internal sales order) o Processing the transaction (picking up the goods from the warehouse and dispatching) o Posting (transferring the transaction to the general ledger) ¾ Properly designed documents can assist in promoting the accuracy and completeness of recording transactions: o Pre printed (minimum amount to be filled in) o Pre numbered (consecutive pre numbering help find missing documents) o Multi copied o Designed in a manner which is logical and simple to complete o Contain blank blocks or grids which can be used for authorising or approving the document AUE2602 Page 16 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 4. Control activities These are actions supported by policies and procedures which are carried out to manage or reduce the risks that the objectives of the organisation will not be met. Control activities are closely linked to the information system and meeting the objectives of processing accurately and completely and only transactions which have been occurred and been authorised. (See Application controls) Controls in a computerized environment General and application controls in a computerised environment are an integral part of the total system of internal control of an entity and touch on all components of internal control. The following diagrammatic representation of general and application controls shows that the general and application controls relate to all the components of internal control General Controls General controls are defined as those controls which establish an overall framework of control for computer activities Categories of general controls: 1. Control environment 2. Systems development and implementation controls 3. Access control 4. Continuity of operations 5. System software and operating controls 6. Documentation 3. Access Control AUE2602 Page 17 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x Physical access Control Logical access control Other access control considerations Supplementary access control Physical access control: x The IT department should be contained in a separate building or wing of a building. x The building should have a dedicated room in which all the equipment which runs the system would be housed, for example the CPU and servers. x Only a limited number of personnel should be allowed access to the data centre. x Visitors from outside the company to the IT building should be controlled, they should: o Be required to have an official appointment to visit IT personnel working in the IT department. o On arrival be cleared at the entrance to the company’s premises, for example by a phone call to the IT department. o Be given an ID tag and escorted to the department. o Not be able to gain access through the locked door. o Wait in reception (or be met at the door) for whoever they have come to see. o Be escorted by a security guard out of the department at the conclusion of their business. x Entry to the data centre by company personnel other than IT personnel should be controlled. x Physical entry to the data centre (dedicated room) should be controlled: o Only individuals who need access to the data centre should be able to gain entry. o Access points should be limited to one. o Access should be through a door which is locked. o The locking device should be de activated only by swipe card, entry of a PIN number or scanning of biometric data. o Entry/exit point should be under closed circuit TV. Remember the data centre is the heart of the company’s information system.) x Remote workstations/terminals should be controlled: o Should be locked and secured to the desk. o Placed where they are visible but not near a window. o Offices should be locked at night and at weekends. o Data cables should be protected to prevent tapping as a means of access to the system. Logical access control x identification of users and computer resources o users – user ID’s, magnetic card or tag, biometric data (thumbprint, facial/voice recognition) o Terminal identification x authentication of users and computer resources o entering a unique password o Unique identification (RAS token) x authorisation of the levels of access to be granted x logging of access and access violations x access tables x password controls: AUE2602 Page 18 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 o o o o o o o o o o o o o Passwords should be unique to each individual. Passwords should consist of at least six characters, be random not obvious, and a mix of letters, numbers, upper/lower case and symbols. Passwords/user ID's for terminated or transferred personnel should be removed/disabled at the time of termination or transfer. Passwords should be changed regularly and users should be forced by the system, to change their password. The first time a new employee accesses the system, he/she should be prompted to change his initial password. Passwords should not be displayed on PCs at any time, be printed on any reports or logged in transaction logs. Password files should be subject to strict access controls to protect them from unauthorised read and write access. Personnel should be prohibited from disclosing their passwords to others and subjected to disciplinary measures should they do so. Passwords should be changed if confidentiality has been violated, or violation is expected. Passwords should not be obvious, e.g. birthdays, names and name backwards. Two passwords from two separate personnel should be required to gain access to the bank account. The passwords should only be valid and accepted by the system during business hours of the company. Failed password login attempts should be logged and investigated. Other access control considerations x Data communication – relates to transmission of information from a sender to a receiver: o Controls include: The implementation of specialised software which is responsible for: Controlling access to the network Network management (controlling traffic flow) Data file transmission (controls the transfer of data and files) Error detection and control Data security (protects data from unauthorised access during data transmission) x Firewalls: combination of hardware and software between the companies’ network and the external network and are access control gateway which restricts what traffic can flow in and out. (prevention of incoming transmissions from undesirable sites x Libraries – can be in electronic or physical and either way the library must be protected. x Root access/system wide access/super user privileges – this allows users unlimited power to access and change without trace Supplementary access controls x Automatic lock out, in the event of an access violation, e.g. incorrect password entered three times. x “Time out” facilities which automatically log out the user from the system, for example: if a period of more than three minutes expires during which there has been no activity. x Automatic logging by the computer, reviews of the logs, and follow up of access and access violations by a senior personnel / management. x Encryption of confidential and critical information. AUE2602 Page 19 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x Sensitive functions and facilities can be afforded extra protection by requiring two or more passwords (from different people) in order to gain access. Use of “once off” passwords to supplement an existing user ID and password to protect sensitive transactions such as a transfer out of a bank account. Combinations of passwords and devices such as “dongles” and random number generators. Application controls Any control within an application which contributes to the accurate and complete recording and processing of transactions which have actually occurred, and have been authorised (valid, accurate and complete information). TYPE Approval, authorisation ¾ Management authorizes employees to perform certain tasks within certain parameters. Things that could go wrong(risks) Credit sales could be made to customers who are not creditworthy and who cannot pay their account, if a credit sale is not approved by the credit controller first. Internal control objective at risk Occurred and authorised are at risk as a sale could take place that was not valid. Segregation (division) of duties ¾ Various actions or procedures that are carried out in respect of a transaction be divided amongst the employees, and the custodian of the entity’s assets should not be responsible for records relating to the asset. ¾ Collision – when management or employees work together intentionally Typical purchase transaction: ¾ Initiating and approving the purchase (from the warehouse) ¾ Executing the order (approved supplier, chief purchases officer) ¾ Custody (warehousing, receiving section) ¾ Recording (accounting function) ¾ Review (independent) Things that could go wrong(risks) Goods purchased could be stolen if no segregation of duties exists between the authorisation, the placing of an order and the issuing of the goods received note, as the purchase clerk could order the goods for himself at the company’s expense. Internal control objective at risk Occurrence is at risk as a purchase transaction that does not pertain to the entity has taken place. Accuracy is also at risk as incorrect amounts and other data may be recorded. The inventory could be overstated by the stolen goods. Isolation of responsibility AUE2602 Page 20 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 For internal controls to work effectively one should be aware of their responsibilities and be accountable for their performance. Once a document was signed it isolates the responsibility of who was responsible for carrying out some control activity. Things that could go wrong(risks) Internal control objective at risk An incorrect number of goods could be Validity, accuracy and completeness are at risk as goods could be over or understated, received if a supplier delivered goods to a depending on whether too many or too few company and the receiving clerk did not count the goods and sign the supplier’s delivery note. items are received. The clerk could not be held responsible and the mistake could be repeated. Access/custody (security) ¾ Policies and procedures which protects the company’s assets (wide context) ¾ Access controls are designed to: o Prevent to damage to physical assets by proper treatment and storage o Prevent deterioration of non physical book assets by ensuring debtors to fall behind to pay o Prevent unauthorised use of physical assets by proper security measures Things that could go wrong(risks) Internal control objective at risk Physical inventory could be stolen if not stored Accuracy is at risk as the inventory figure in the properly, for example if not protected by a financial statements is incorrect and is security guard at the inventory warehouse overstated by the stolen inventory. entrance. Comparison and reconciliation ¾ Is a comparison of two different set of recorded information or of recorded information, e.g. the cash journal to the bank statement. ¾ Identify, investigate and resolve differences were necessary Things that could go wrong(risks) Internal control objective at risk The balance of the cash receipts and payments Validity, accuracy and completeness are at risk journal could be incorrect if it is not regularly if the cash receipts and payments journal compared with and reconciled to the balance balance is incorrect, depending on whether it is on the bank statement. over or understated. Performance reviews Reviews of performance provide a basis for identifying problems When carrying out a review the reviewer is looking for consistency and reasonableness Things that could go wrong(risks) Internal control objective at risk An abnormal increase in transport costs as a Validity (occurred and authorised) is at risk as result of the theft of fuel could go undetected if purchase transactions take place for transport management fails to compare the actual cost costs that do not pertain to the entity. figure with the budgeted transport costs. Preventative, detective, corrective controls Preventative Controls Detective Controls Corrective Controls AUE2602 Page 21 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ¾ Put in place to minimize error or illegal events from occurring. ¾ They include physical controls over assets (custody controls), approval and authorisation and segregation of duties. ¾ Examples are cheques be signed by two employees or valuable inventory are locked ¾ Designed and implemented to identify error, thefts, omissions which get through first line of defence, there it is second line of defence. ¾ Recons and reviews are common examples ¾ Implemented to resolve errors and problems identified by detective controls ¾ A transaction follow 3 stages: x Input – read in sales transaction x Processing – calculation on VAT on sales transaction x Output – printout of invoice on sales transaction AUE2602 Page 22 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 3 AUE2602 Page 23 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 AUE2602 Page 24 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 STUDY UNIT 3.1 8 BUSINESS CYCLES INTRODUCTION In topic 2 we explained that management wants to achieve UHOLDEOH¿QDQFLDO reporting by ensuring that transactions which are initiated, recorded, processed and reported are valid (occurred and have been authorised), accurate and complete. It is the accounting system which provides the foundation for achieving WKHVHREMHFWLYHVRILQWHUQDO¿QDQFLDOFRQWURO,QRWKHUZRUGVLQWHUQDOFRQWUROLV designed and implemented over the accounting system. 3.1.1 THE ACCOUNTING SYSTEM AND BUSINESS CYCLES Your textbook, Jackson & Stent, (2012:5/12) describes an accounting system as a series or collection of tasks and records by which transactions are processed to create ¿nancial records$QDFFRXQWLQJV\VWHPLGHQWL¿HVDVVHPEOHVDQDO\VHVFDOFXODWHVFODVVL¿HVUHFRUGVVXPPDULVHVDQGUHSRUWVWUDQVDFWLRQVDQG other events. The major elements of the accounting system are people who carry out procedures, for example write out a credit sales invoice, calculate a price, enter the invoice in a sales journal; etc, and paper such as order forms, ledgers, lists, invoices etc, which facilitate the initiation, execution and recording of the transaction. The accounting system consists of various business cycles, namely: 1. 2. 3. 4. 5. The revenue and receipts cycle The acquisitions and payments cycle The inventory and production cycle The payroll and personnel cycle 7KH¿QDQFHDQGLQYHVWPHQWF\FOH The functions and actions in the business cycles, as well as the control activities in each cycle, will be explained in detail in the topics to follow. 3.1.2 FINANCIAL STATEMENTS $VPHQWLRQHGDERYH¿QDQFLDOUHFRUGVUHODWHWRWKHEXVLQHVVF\FOHV7KH¿QDQFLDO records are summarised in a company’s ¿nancial statements. In other words, AUE 2602 Page 24 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 WKHEDODQFHVDQGWRWDOVRIWKHWUDQVDFWLRQVLQWKHEXVLQHVVF\FOHVDUHUHÀHFWHG LQWKH¿QDQFLDOVWDWHPHQWV ,Q\RXU¿QDQFLDODFFRXQWLQJFRXUVHV\RXPD\DOUHDG\KDYHVWXGLHGWKHGUDIWLQJ RIFRPSDQ\¿QDQFLDOVWDWHPHQWV7RJLYH\RXDFRPSOHWHSLFWXUHZHKDYHUHSHDWHGDFRQGHQVHGH[DPSOHRIWKH¿QDQFLDOVWDWHPHQWVRIDFRPSDQ\ZKLFKLV trading as a commercial enterprise. 7KHSXUSRVHRIWKHH[DPSOHLVWRLQGLFDWHWKHWUDQVDFWLRQVDQGEDODQFHVLQ¿QDQcial statements for the purpose of illustrating the business cycles. For the detailed ¿QDQFLDOVWDWHPHQWDQGGLVFORVXUHUHTXLUHPHQWVSOHDVHUHIHUWR\RXU¿QDQFLDO accounting study material. XY LTD CONSOLIDATED STATEMENT OF FINANCIAL POSITION AS AT 31 DECEMBER 20X1 Notes 20X1 R’000 20X0 R’000 16 069 16 069 14 696 14 696 192 085 418 465 – 610 550 626 619 149 002 222 833 1 465 373 300 387 996 147 834 8 500 5 000 22 192 183 526 40 125 223 651 147 834 – 2 000 18 375 168 209 32 000 200 209 ASSETS Non-current assets Property, plant and equipment Current assets Inventories Trade receivables Cash and cash equivalents Total assets EQUITY AND LIABILITIES Equity attributable to owners of the parent Share capital Revaluation surplus General reserve Retained earnings Non-controlling interest Total equity Non-current liabilities Long-term borrowings Deferred taxation Current liabilities Trade payables Current portion of long-term borrowings Shareholders for dividends Bank overdraft 236 000 28 875 264 875 108 297 23 100 131 397 Total liabilities 35 990 83 042 17 409 1 652 138 093 402 968 20 145 24 639 11 606 – 56 390 187 787 Total equity and liabilities 626 619 387 996 AUE 2602 Page 25 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 XY LTD CONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME FOR THE YEAR ENDED 31 DECEMBER 20X1 Notes Revenue Cost of sales *URVVSUR¿W Distribution costs Administrative expenses Other expenses Finance costs Pro¿t before ta[ Income tax expense Pro¿t for the year Other comprehensive income for the year after tax Revaluation surplus Other comprehensive income for the year, net of tax Total comprehensive income for the year 3UR¿WDWWULEXWDEOHWR – Owners of the parent – Non-controlling interest (given) Total comprehensive income attributable to: – Owners of the parent – Non-controlling interest 20X1 R’000 20X0 R’000 1 287 052 (1 098 187) 188 865 (25 741) (28 813) (48 881) (39 264) 46 166 (10 927) 35 239 902 052 (819 939) 82 113 (14 010) (10 345) (22 237) (20 862) 14 659 (6 148) 8 511 10 625 10 625 – – 45 864 8 511 28 039 7 200 35 239 1 711 6 800 8 511 36 539 9 325 45 864 1 711 6 800 8 511 7KHIROORZLQJDUHFRPSRQHQWVLQWKH¿QDQFLDOVWDWHPHQWV 6WDWHPHQWRI¿QDQFLDOSRVLWLRQ 6WDWHPHQWRIFRPSUHKHQVLYHLQFRPH property, plant and equipment investments loans granted inventories trade receivables cash and cash equivalents share capital reserves retained earnings long-term borrowings trade payables revenue (credit and cash sales) cost of sales (inventory) purchases distribution costs administrative expenses other expenses ¿QDQFHFRVWV other income AUE 2602 Page 26 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 ACTIVITY 1 1. ,GHQWLI\WKH¿YHEXVLQHVVF\FOHVZKLFKDUHJHQHUDOO\DSSOLFDEOHWRFRPPHUcial enterprises. 2. Based on the business cycles in an accounting system, identify the statePHQWRI¿QDQFLDOSRVLWLRQEDODQFHVDQGVWDWHPHQWRIFRPSUHKHQVLYHLQFRPH classes of transactions that relate to one another. FEEDBACK ON ACTIVITY 1 1. The business cycles which are generally applicable to commercial enterprises are: 1. 2. 3. 4. 5. The revenue and receipts cycle The acquisitions and payments cycle The inventory and production cycle The payroll and personnel cycle 7KH¿QDQFHDQGLQYHVWPHQWF\FOH 2. 7KHEDODQFHVLQWKHVWDWHPHQWRIWKH¿QDQFLDOSRVLWLRQDQGWKHFODVVHVRI transactions in the statement of comprehensive income that relate to the business cycles are: Statement of ¿nancial position (account balances) Business cycle Revenue and receipts cycle Acquisitions and payments cycle Inventory and production cycle Payroll and personnel cycle Accounts receivable Cash and cash equivalents Accounts payable Inventory Bank and cash Accounts payable (Accumulated leave, unclaimed wages, SARS, pension funds, medical aids and other) Statement of comprehensive income (classes of transactions) Credit sales Sales returns Discount allowed Credit losses Interest received Cash sales All receipts (revenue and other) Credit purchases Cash purchases Purchase returns Discount received Interest on late payments Expenses Cost of sales Wages and salaries (net of employee deductions such as PAYE, UIF, SDL, pension fund, medical aid and other) AUE 2602 Page 27 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Statement of ¿nancial position (account balances) Business cycle Finance and investment cycle Share capital Reserves Long-term loans Property, plant and equipment Investments Statement of comprehensive income (classes of transactions) Dividends paid 3UR¿WRUORVV UHVHUYHV Interest paid 3UR¿WRUORVVRQVDOHRI asset 3UR¿WRUORVVRQLQYHVW ment SUMMARY ,QWKLVVWXG\XQLWZHLGHQWL¿HGWKHGLIIHUHQWEXVLQHVVF\FOHVDQGH[SODLQHGWKHDFcounting system over which internal controls are implemented. The transactions DQGEDODQFHVLQWKHVWDWHPHQWRI¿QDQFLDOSRVLWLRQDQGVWDWHPHQWRIFRPSUHKHQsive income were also related to the various business cycles. SELF-ASSESSMENT After having worked through the study unit and the references to the prescribed study material, see whether you are able to do the following: 1. Identify the different business cycles. 2. Explain what an accounting system entails. 3. 5HODWHWKHWUDQVDFWLRQVDQGEDODQFHVLQWKHVWDWHPHQWRI¿QDQFLDOSRVLWLRQ and the statement of comprehensive income to the various business cycles. CONCLUSION In this topic, Business cyclesZHLGHQWL¿HGWKHYDULRXVEXVLQHVVF\FOHVDQG explained what an accounting system entails. The balances in the statement of ¿QDQFLDOSRVLWLRQDQGWKHWUDQVDFWLRQVLQWKHVWDWHPHQWRIFRPSUHKHQVLYHLQFRPH were related to the various business cycles. In the next topic we will explain and apply the revenue and receipts business cycle as well as the applicable internal controls in the cycle. AUE 2602 Page 28 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 4 AUE2602 Page 29 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 4: Revenue and Receipts Cycle 1. Credit Sales 2. Cash Sales AUE2602 Page 30 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 CREDIT SALES Functional areas within credit sales: x Receiving customer orders (ordering function) x Sales Authorization (Order department) x Warehouse function x Dispatch function x Invoicing function x Recording of sales function x Receipts Mail room/cashier function x Recording of receipts function x Goods returned by customer function x Credit management function The table will take you through each function, specifically highlighting the purpose of the function, the documentation involved, how the function is performed, and the related risks and controls. RECEIVING CUSTOMER ORDERS (ORDER DEPARTMENT) Functions x Record orders from customers and fill them in x Orders will be received in document form (customer order) or over the telephone. x Persons receiving the order need to Check: customer is a valid, details of the order are accurate and complete e.g. description, quantity, delivery address. Documents x Customer order x Internal sales order (ISO) x Price Lists Risk Order may be accepted from a non account holder. May result in sales to customer who does not pay his account Orders may not be acted upon timeously or at all, resulting in a loss of sales and customer goodwill. Inaccurate or incomplete order details may be recorded which will result in incorrect deliveries, returns and customer dissatisfaction. x x x x x x x x x Internal Control Order clerk will check approved customer list Request customer's account number (Telephone) Order clerk to sign all ISOs to indicate performance of control activities Record all orders on sequentially numbered internal sales orders. On a regular basis, ISOs to be sequence checked (for completeness), and matched to delivery notes. attach customer order to internal sales order and have second staff member cross check detail request customer's order reference confirm all order details, including delivery address and price of goods, by reading order details recorded back to customer order clerk to sign all ISOs to indicate performance of control activities Note: employees must sign documentation/records to acknowledge the control procedures they have conducted AUE2602 Page 31 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 SALES AUTHORISATION (ORDER DEPARTMENT) Functions x To assess whether orders should be accepted. x The intention is to determine whether the customer is creditworthy and has not exceeded his credit limit. Documents x Credit application x Debtors ledger Risk A sale will be made to a customer who is not creditworthy Internal Control x The credit controller (department) to establish: * that the customer has not supplied fictitious details * customer's credit status is satisfactory by reference to the customer's details, e.g. his account balance and credit terms held on file and/or in the debtors ledger x ISOs (picking slip) to be authorised by signature of the credit controller before being sent to the warehouse x Where the order is from a prospective customer, credit application procedures must be conducted before x the order is filled: * the credit application form must request the customer to provide banking details, trade references, income and expenditure details x the credit controller must follow up by contacting trade references and credit bureaux and assessing customer liquidity x terms and limits must be set by the credit controller and approved by the financial manager Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Warehouse Functions x To fill accepted orders promptly and accurately and to ensure only authorized orders are acted upon. x This is the manual function of picking the goods from the warehouse using a signed copy of the ISO (picking slip), and creating a delivery note. x Goods which cannot be picked because they are out of stock will also be identified and a back order note created. Documents x Picking slip x Delivery note x Back order note AUE2602 Page 32 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x x Risk Valid ISO/picking slips may not be acted upon. Goods may be removed (picked) from inventory for fictitious/unauthorized sales. Incorrect items and quantities may be picked. "Out of stock" items may not be identified on the picking slip. Customer not notified of "out of stock “Items resulting in loss of the sale and customer goodwill. x x x x x Internal Control Picker to initial the picking slip for each item picked and identify on the picking slip, items which cannot be supplied (out of stock) Supervisory checks should be carried out by the warehouse foreman to ensure that all goods picked are supported by signed picking slips. Warehouse clerk to * check goods picked to picking slip * prepare delivery note from picking slip (delivery note cross referenced to picking slip) * prepare back order note from the picking slip and cross reference both documents (see also control * send copy of the back order note to order clerk to enable the order clerk to notify customer * send copy of the back order note to the buying department Order clerk to follow up back orders regularly and frequently. When inventory becomes available, order 'clerk should confirm that the customer still requires the goods and, if so, make out an ISO to initiate the sales process. (The back order note in effect becomes the customer order) Delivery notes and picking slips to be matched and filed numerically. Unmatched picking slips to be followed up to determine whether goods have been picked. Note: employees must sign documentation/records to acknowledge the control procedures they have conducted DISPATCH Functions x To ensure that only goods supported by properly authorised picking slips, and accompanied by accurate and complete delivery notes, are despatched. x To ensure prompt despatch of goods which have been picked, to the correct customer. x Once the goods have been picked and delivery notes made out, they are transferred to despatch to be packed, labelled arid delivered. x Controls must be sound because, by this stage, the goods have left the custody of the warehouse and are thus susceptible to theft. In addition, the goods are moving between a number of parties, e.g. isolation of responsibility is very important. Documents x Delivery Note x List of deliveries AUE2602 Page 33 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x Risk Theft may be facilitated by uncontrolled despatch. despatch errors may occur * incorrect goods or quantities despatched * goods delivered to wrong customer x x x x x Customers may deny having received goods. x x Goods released from the warehouse were never dispatched. x Internal Control On receipt of the goods, picking slip and delivery notes from the warehouse, the dispatch clerk should * check quantities and description of goods against the authorised picking slip and delivery note * sign picking slip and delivery note to acknowledge receipt of goods * retain two copies of the delivery note and return the signed picking slips to the warehouse The goods picked should be checked to the picking slip and delivery note as they are packed into a box for delivery. The address on the box should be checked against the delivery address on the documentation and the box sealed immediately Dispatch clerk should prepare a two part list of deliveries to be made. The list should be matched to the delivery notes and the physical goods loaded onto the vehicle e.g. delivery note P 1234 4 boxes delivery staff should supervise loading the truck and sign a copy of the delivery list to acknowledge receipt of the delivery notes and the corresponding goods * driver to retain one copy of delivery list, and the delivery notes * dispatch clerk to retain signed copy of delivery list on delivery, the customer should sign both copies of the delivery note (having checked the goods), retain one copy and return the other copy with the driver Gate controls e.g. security, should check all goods to be delivered, appear on the delivery list and are supported by delivery notes. Both copies of each delivery note should be date stamped by gate control (gate controls can be impractical if they are, then dispatch controls must be very tight) Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Invoicing Functions x To notify the customer promptly of amounts due for goods supplied. x On return of the signed delivery note from the customer it should be matched with the customer it should be matched with the sales order and an invoice should be generated. Documents x Sales Invoice x Print List AUE2602 Page 34 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x Risk Goods despatched may not be invoiced. x x x x x invoices may be inaccurately prepared/misstated (prices, quantities, descriptions, discounts, VAT) Internal Control copy of the internal sales order should be held in numerical order in a temporary file in the "invoicing section" (accounting department) as signed delivery notes are received they should be matched to their ISO and filed sequentially by delivery note number. on a frequent and regular basis, ISOs remaining on the temporary file should be investigated the file of matched delivery notes should be sequence tested and gaps in sequence investigated x the invoice clerk should: * compare details on the ISO and delivery notes * check prices quoted to the customer, and entered on the ISO, against official price lists and discount Schedules * prepare a numerically sequenced invoice and cross reference it to the delivery note/customer order x second employee (supervisor) to check and sign invoice after checking : * prices, extensions, casts * discount and VAT calculations * customer details Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Recording of sales Functions x The purpose of this function is to record the sales made and to raise the corresponding debtor promptly. x Invoices must be recorded accurately and entered against the correct debtor in the debtor’s ledger. x Total sales for the period must also be posted to the sales and debtors control accounts in the general ledger. Documents x Invoice x Sales Journal x Debtors ledger x General ledger AUE2602 Page 35 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x Risk invoices are omitted from sales journal invoices are duplicated in the sales journal invoices are inaccurately entered in the sales journal e.g. R4325.50 entered as R432.55 x x x x Invoice entered against incorrect debtor when posting (transferring) to the debtors ledger accounts. x Internal Control invoices to be entered in the sales journal in numerical sequence * sequence to be continued period to period * the numbers of any cancelled invoices to be recorded in the sales journal and marked "cancelled" prior to entry in the sales journal, invoices to be added to obtain control total. This control total is then compared to the total in the sales journal after entry of individual invoices (batch control system). independent staff member to: * sequence check sales journal entries and follow up on any missing invoices * compare customer name and amount entered in sales journal to the invoice for accuracy * check postings (transfers) from the sales journal to the debtors ledger (individual debtors) and general ledger Reconciliation of the debtors ledger to debtors control account in the general ledger on a regular basis, to be conducted by an independent employee. Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Receipts Mail room/Cashier Functions x The arrival of a payment from a debtor is recorded and prepared for banking. x Receipts should be made out for all cash received and possibly for cheque payments as well. Documents x Remittance register x Customer remittance advice x Receipts x Bank deposit slip x Risk payments received may not be x banked due to theft or carelessness. x x x x x Internal Control post must be opened by two people all payments received in the post should be recorded in a remittance register by those responsible for opening the post and a receipt should be made out for each payment received prenumbered receipts should be issued for all payments received all amounts received should be banked daily deposit slip to be made out by the cashier, not the employees opening the post cashier to reconcile cheques and cash to remittance register AUE2602 Page 36 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 and receipts before accepting them for banking (remittance register should be signed by the cashier to acknowledge acceptance of the cash and cheques) x the remittance register and receipts issued should be reconciled to bank deposits by an independent supervisory employee x bank deposits should be reviewed regularly and gaps in daily banking, investigated by management Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Recording of receipts Functions x The role of this function is to record the receipts from debtors in the cash receipts journal and credit the debtors' accounts promptly. Receipts must be recorded accurately and entered against the correct debtor. x The total amount received from debtors for the period must also be posted to the debtors control account in the general ledger. Documents x Bank deposit slip x Cash receipts Journal (CRJ) x Debtors ledger x General ledger Risk Deposits may never be recorded/not x recorded timeously. x recorded deposits may be : * inaccurate (errors) * overstated (fictitious deposits) * credited to the wrong debtor x Internal Control the cash receipts journal should be written up on a daily x basis by date and receipt number (if receipts are issued) supervisory staff should review cash receipts journal for x missing dates and gaps in sequence of receipt They should also test postings to the debtors ledger the "cash book" should be reconciled to the bank statement every month by an employee independent of the banking/recording of cash. The bank reconciliation should be reviewed by a senior (financial) employee x queries from debtors should be investigated by an employee independent of debtors and banking x reconciliation of the debtors ledger to the debtors control Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Good returned by customer Functions x The role of this function is to control goods that have been returned by customers. x The goods must be recorded on their return and the debtor's account must be credited. AUE2602 Page 37 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x This requires the creation of two documents, a goods returned voucher, and a credit note. Credit notes will be recorded in a returns and allowances journal. Particular attention must be given to the control of credit notes Documents x Goods returned Vouchers x Credit note return and allowances journal x Debtors ledger x General ledger Risk the description and quantity of goods returned may be incorrect resulting in an incorrect credit note being passed. a credit note may be passed for goods which have not been returned. Internal Conmtrol x all goods returned must be received by the company's goods x receiving department x the goods receiving clerk must: * count and check the description of the goods being x returned (check also for damage) * make out a goods returned voucher, cross referencing it to customer documentation * sign and retain a copy of the customer documentation x and attach it to the goods returned voucher x on transfer of goods from receiving into the warehouse, the stores clerk must: * check description and quantity of physical goods to goods returned documentation * sign to acknowledge the transfer of the goods into his custody x credit notes to be: * made out by accounting department * cross referenced to original invoice voucher and customer * presented to a supervisory employee (with signed goods returned note and customer documentation). This staff member must be satisfied that granting of the credit note is valid and that the company's policies have been adhered to e.g. the goods cannot be returned say, after 30 days from purchase date x credit notes may be inaccurately x credit notes to be entered sequentially in returns and recorded and credited to the allowances journal and normal control procedures over incorrect debtor. recording to be put in place x Senior (financial) manager should review this journal frequently and follow up on suspicious credit notes, e.g. large amounts, credit notes to the same customer on a regular basis Note: care must be taken to identify goods returned which are defective/damaged as these should not be returned to the inventory of saleable items. Defective/damaged goods will be received from the customer in the manner described (this facilitates the credit note) but must be carefully identified as damaged/defective. AUE2602 Page 38 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Note: employees must sign documentation/records to acknowledge the control procedures they have conducted Credit Management Functions x The purpose of this function is to limit the loss from bad debts and to encourage debtors to pay promptly. x The function is closely linked to sales authorisation and as explained under that unction, the process begins with sound controls over the acceptance of new customers and the extent of credit granted to them. x Credit management should also identify debtors to be handed over to lawyers and subsequently written off if necessary. Documents x All records in the cycle are relevant x Monthly statements x Age analysis x Credit bureau information Risk debtors do not pay at all or pay late debtors are prematurely or inappropriately written off debts are written off without authority. Internal Control x x credit application controls as discussed under sales authorisation x x monthly statements should be sent promptly to debtors by the debtors section (accounting dept) x x monthly age analysis of debtors and immediate follow up by phone or letter if credit terms are exceeded x if this is not successful, the credit controller should personally contact the customer to (possibly) renegotiate credit terms or threaten the handing over of the debtor to a lawyer for collection x if still no success, the debtor must be handed over before too long a period has elapsed x if the debt cannot be recovered, the debt write off must be recommended by the credit controller and authorised by an independent senior financial employee after review of the supporting documentation x credit manager should reconcile all bad debt write offs after they have been entered in the journal to supporting documentation x senior (financial) manager should be provided regularly with sufficient information to effectively manage the debtors, inter alia, list of debtors over their limits and how they are Note: employees must sign documentation/records to acknowledge the control procedures they have conducted AUE2602 Page 39 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Computerised Controls in the revenue and receipts cycle Activity Control The Debtors masterfile What is a Masterfile? The masterfile contains the “Permanent” or “Semi permanent” info. e.g. Debtors masterfile would contain inter alia: •The customer’s name •The customer’s account number •The customer’s ID number / Company registration number •The customer’s physical and postal address •The customer’s credit limit as determined by credit controller /manager •The customer’s repayment terms (E.g. 30 days, 60 days etc.) Record all master file amendments in a source x All amendments to be recorded on hardcopy masterfile amendment forms document MAFs Authorise MAF (Masterfile amendment form) x MAFs to be pre printed, sequenced and designed in terms of sound document design principles Enter authorised masterfile amendments on x The MAFs should be the system accurately and completely x signed by two reasonably senior employees in the section (e.g. credit controller and senior assistant) after they have agreed the details of the amendment to the supporting documentation, e.g. the approved credit application document for the addition of a new customer x Cross referenced to the supporting documentation. Review masterfile amendments they x Restrict write access to the debtors masterfile to a specific member of the occurred, were authorised and accurately and section by the use of user ID and passwords completely processed x All masterfile amendments should be automatically logged by the computer on sequenced logs and there should be no write access to the logs x To enhance the accuracy and completeness of the keying in masterfile amendments and to detect invalid conditions, screen aids and programme checks can be implemented. screen aids and related features x Minimum keying in of information AUE2602 Page 40 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x screen formatting, screen looks like MAF, screen dialogue the account number for a new debtor is generated by the system programme checks, x verification/matching checks to validate a debtor account number against the debtors masterfile x alpha numeric checks x range and/or limit/data approval checks on terms and credit limit field x field size check and mandatory/missing data checks, e.g. credit limit and terms must be entered x sequence check on MAFs entered x The logs should be reviewed regularly be a senior staff member and the sequence of logs themselves should be checked against missing logs x Each log amendment should be checked to confirm that it is supported by properly authorised MAF and the details are correct x The MAF themselves should be sequenced checked against the log to confirm that all MAFs was entered Receiving and recording payments from debtors Accessing the bank account The access controls that should be implemented to ensure good control over the bank account are: x The terminal onto which the bank’s software is loaded should be in the debtors’ section, usually the terminal of the senior debtors’ clerk. x Access to the bank’s site should be gained in the normal manner, but to access the company’s bank account, the senior debtors’ clerk should be required to enter a PIN and a password. x If this identification and authentication procedure is successful, a menu of the functions available should be displayed, one AUE2602 Page 41 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 of which will be “download bank statement”. x This function should be linked to the senior debtors’ clerk’s user profile to enable him or her to initiate the download. Unauthorised access to the sale application x x x x x Access to the sales application should be restricted to the terminals of only those who need access to the application to perform their functions, e.g. sales personnel, financial accountant and credit controller by the use of terminal identification controls. Access to the sales application should be restricted at systems level to only those users who need access to the application to perform their function by the use of user identification and password controls. o There should be sound controls over passwords e.g. unique to users, minimum six characters, not obvious, kept confidential. At application level users should be restricted to only those programme functions which they require to perform their functions on a “least privilege” basis. (For example: Sales personnel do not require any access to the masterfile amendment module of the application. o Sales personnel may be given “read only” access to the debtors masterfile (customers may enquire about their account balance before making a purchase) but will definitely not be given “write access” to the masterfile. There should be a “time out” facility on the sales personnel computers, which is activated after a set period of inactivity. There should also be automatic shutdown in the event of access violation. Processing Controls in the revenue and receipts cycle Segregation (division) of duties Separate functions e.g ordering, warehouse, receipts Separate responsibilities within functions receive orders, picking, invoicing AUE2602 Page 42 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Isolation of responsibility x x Granting access privileges – only credit controller can approve credit sales Dispatch clerk controller to sign the picking slip Approval, authorisation Custody x Access to debtor information on the system is restricted x Access to the companies bank account is strictly protected by pins, user ids and passwords x Information/access to the debtors master file is also protected with passwords to restrict unauthorized amendments AUE2602 Page 43 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Access Control x All users must identify must identify an authenticate themselves by id’s and passwords Comparison and reconciliation x System reconcile the receipts to the debtor in the debtors ledger to the amount of deposits in the company’s bank statement x System compares info to corresponding prior period info x The sales order pending file show management how a sale order is progressing The manager can check the sales pending file to check if the credit controller is dealing with sales order speedily Performance reviews x AUE2602 Page 44 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Control techniques and application controls Screen aids and related features: x Min entry (only customer acc no required) x Screen formatting (on the picking slip) x Mandatory fields (customer purchase reference) Program related features: x Validation check on customer number x Alphanumeric on quantity field Logs and reports Output control x Master file amendment logs are checked against sourced documents x Access to debtor information on the system is restricted x Logs of changes made by picking control clerk to picking slips on system x Daily reports of sales order received, debtors exceeding credit limits or terms AUE2602 Page 45 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 5 AUE2602 Page 46 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 5: Acquisitions and payments Functional areas within the acquisitions and payments x Ordering of goods x Receiving of goods x Recording of purchases x Payment preparation x Actual payment and recording The table will take you through each function, specifically highlighting the purpose of the function, the documentation involved, how the function is performed, and the related risks and controls. ORDERING OF GOODS (AND SERVICES) Functions x The purpose of this function is to initiate orders so that items/services required to maintain optimum conditions within the organization, are always available, e.g. manufacturing does not run out of raw materials or parts, or a retailer does not run out of goods to sell. x This functions is also responsible for placing official orders with suppliers having established that delivery, quality, quantity and price requirements have been satisfied. Documents x Requisition x Purchase order form AUE2602 Page 47 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x x x x Risk ordering of incorrect or unnecessary x goods, resulting in liquidity problems and wastage ordering unauthorized goods resulting in losses to the company through fraud requisitions not acted upon or orders not placed timeously or at all orders placed with suppliers not filled/ not timeously filled order forms misused e.g. for placing x orders for private purchases Internal Control order clerks should not place an order without receiving an authorized requisition o the order should be cross referenced to the requisition o Prior to the requisition being made out, stores/production personnel should confirm that the goods are really needed especially where preset re order levels and re order quantities are used as the basis for the requisition. Before the order is placed, a supervisor/senior buyer should: o check the order to the requisition for accuracy and authority o review the order for suitability of supplier, reasonableness of price and quantity, and nature of goods being ordered (are the)' items used or sold by the company). x The ordering department should file requisitions sequentially by department (each department will have own book of requisition forms) and should frequently review the files for requisitions which have not been cross referenced to an order. x A copy of the order should be filed sequentially and the file should be sequenced checked and frequently cross referenced to goods received notes, to confirm that goods ordered have been received. Alternatively the pending file of purchase order forms in the receiving bay can be reviewed for orders which are long outstanding. x Blank order forms should be subject to sound stationery controls. obtaining inferior quality goods x The company should preferably have an approved supplier list to which the buyer should refer when paying unnecessarily high prices for ordering goods o if the company does not have approved suppliers the buyer should seek quotes etc. from a number of suppliers before placing the order o Even when ordering from an approved supplier, the buyer should contact the supplier to confirm availability and delivery dates. Note: Before the supplier is approved, senior personnel should carefully evaluate the company in respect their reliability and the quality and price of their goods. Note: whenever a control procedure is carried out, the employee responsible for the control should sign the relevant document record. RECEIVING OF GOODS Functions AUE2602 Page 48 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x The purpose of this function is to accept and acknowledge deliveries of valid orders from suppliers and to record the delivery (goods received note). Prior to acceptance, physical checks on quantity, quality and description of goods should be carried out. x Documents x Supplier delivery note (DN) x Goods Received Risk x x x x x acceptance of o short deliveries as full deliveries o damaged and broken items o items not ordered x o goods not of the required type or quality goods received notes not made out accurately or completely no goods received note made out theft by employees or outside parties e.g. collusion with supplier delivery personnel x Internal Control the responsibility for receiving goods should be designated to a goods receiving section which should be physically secured and access controlled on arrival of the delivery vehicle, goods should be offloaded in the presence of a goods receiving clerk who should: o obtain the supplier delivery note from the delivery personnel and by referring to the order number thereon, locate the purchase order (which should have been filed numerically) o check the quantity and description of goods delivered against the purchase order and the customer delivery note o perform at least a superficial test of the condition of the goods delivered e.g. broken or wet boxes. o reject all incorrect deliveries and clearly identify rejections on both copies of the delivery note and purchase order o accept goods short delivered but identify such goods clearly on the delivery notes and purchase order (the quantity actually accepted must be clearly identified) o include only those goods which have been accepted on the goods received note o ensure that suppliers personnel sign both copies of the delivery note including all amendments e.g. identification of short deliveries o sign the supplier delivery note on transfer of the goods to stores (custody), the stores clerk should compare the physical goods to the goods received note and acknowledge receipt by signing the GRN. Any discrepancies should be reported to the stores controller immediately Note: Because collusion in this cycle is a major problem for many companies, isolation of responsibilities, sound personnel practices and independent physical controls should be implemented by all companies in the supply chain e.g. surveillance cameras, tracing devices on supplier vehicles, should be implemented. Note: whenever a control procedure is carried out, the employee responsible for the control should sign the relevant document record. AUE2602 Page 49 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 RECORDING OF PURCHASES Functions x The purpose of this function is to raise the purchase and the corresponding liability in the accounting records. The recording of all purchases and trade x Liabilities should be carried out by the (creditors) recording function so that controls are not bypassed e.g. by the raising of liabilities through the general journal by other departments. Documents x Purchase invoice (PI) x Credit Note (CN) x Creditors Statements x Purchases journal x Purchases returns & allowances journal x Creditors ledger x General ledger Internal Control the purchase invoices received from the supplier should be: o matched to the corresponding goods received note, delivery note and purchase order for: quantity and description of goods correct prices and discounts (from order or supplier price lists) o reviewed to confirm that the amounts on the invoice have been allocated to the correct account e.g. inventory, consumables, stationery. x x Were a requisition is made out to initiate an order, the account to which the purchase must be allocated in the purchase journal should be selected from the "official list of accounts" and entered onto the requisition and then transferred to the order. (If this is not done, the clerk responsible for the allocation of the purchase will not know x which account to allocate it to). x all casts, extensions and calculations on the invoice should be reperformed. x a specific employee should be designated the responsibility of ensuring, by scrutiny of dates of goods received notes and invoices in the pending file, that purchases are timeously and accurately recorded in the purchase journal and correctly posted to the creditors ledger. x As the rendering of services by a supplier does not usually result in a GRN, the supplier invoice will normally be signed by the head of the section/department to whom the service was rendered, as proof and approval of the service rendered. Note: whenever a control procedure is carried out, the employee responsible for the control should sign the relevant document record. x Risk the recording of incorrect amounts arising from incorrect purchase invoices: o quantity, quality and type not as ordered or received o prices of goods not as quoted o calculation errors e.g. casts, extensions, VAT The raising of fictitious purchases/creditors by the introduction of invoices which are for goods never ordered or received by the company. (Results in invalid flows if cash leaving the company *delays, misallocation and posting errors when entering details into accounting records resulting in reconciliation problems and failure to make use of favorable settlement terms x PAYMENT PREPARATION (requisitioning) AUE2602 Page 50 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Functions x The role of this function is to ensure that only valid creditors are paid and that they are paid the correct amount, on time. The function will produce a cheque requisition. x The cheque requisition will initiate the preparation of the cheque to be sent to the creditor Documents x Remittance advice (RA) x Cheque requisition Internal Control The monthly creditor’s statement sent by the supplier should be reconciled to the supporting documentation, e.g. invoices, payments etc, and the creditor’s clerk should ensure that the invoices were subjected to accuracy controls before being recorded. x The individual creditor's accounts in the creditor’s ledger should be reconciled with the monthly creditor’s statements sent by the suppliers. x A creditor’s clerk should identify those creditors who must be paid at month end to comply with the suppliers' credit terms and to ensure that discounts available for early settlement, are deducted. x Cheque requisitions should be sequenced and preprinted and unused requisitions subject to sound stationery controls. x Cheque requisitions should include details of the cheque being requested and should be authorized by the preparer of the requisition. (There may also be a review or second authorization procedure by another employee). x The cheque requisitions and supporting documentation should be presented to the cheque signatories (simple batch controls may be put in place if cheque requisitions are numerous). Note: whenever a control procedure is carried out, the employee responsible for the control should sign the relevant document record. x x x x Risk payment to fictitious creditors payment of incorrect amounts unauthorised payments discounts lost due to late payment x ACTUAL PAYMENT (preparing the cheque) AND RECORDING Functions x The purpose of this function is to produce a valid, accurate and authorised cheque and to record all cheque payments accurately and timeously in the accounting records. Documents x Cheque x Returned paid cheque x Bank statement x Cash payments journal (CPJ) x Creditors and general ledger AUE2602 Page 51 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Internal Control There should be two cheque signatories for all cheque payments. x cheque signatories should agree details on the cheque, i.e. date, amount, payee, to the supporting documentation x (invoice, goods received note, remittance advice) x x Cheque signatories should cancel (by stamp or crossing) all documentation so that it cannot be presented again in support of a payment. x All cheques should be made out in a manner which makes subsequent tampering with the cheque very difficult e.g. o use of permanent ink o no gaps into which additional detail can be inserted to change the amount or payee o writing out the payee's name in full o crossing cheques "not transferable" x cheque books and cheques should be issued in strict numerical sequence and if possible, restricted to only one in issue at any time, and should be subject to strict stationery controls. x if a cheque is incorrectly made out, the face of the cheque should be stamped "cancelled" and the signature torn off. The cheque should be retained not thrown away. Note: banks will not accept cheques with alterations due to the high incidence of cheque fraud. x signed cheques should not be returned to the preparer but should be mailed by an independent employee. x all cheques should be recorded in numerica(sequence in the CPJ x the CPJ should be reviewed regularly, by management, for missing cheque numbers and unusual payments x reconciliation of the cash book to the bank statement should be performed and reviewed monthly, by staff who is independent of banking functions, and the creditors department. x returned paid cheques should be o filed in numerical sequence o reviewed for suspicious endorsements, payees, amounts by someone independent of the initial preparation of the cheque. This is an additional and simple detection check on the payment system as a whole. Note: whenever a control procedure is carried out, the employee responsible for the control should sign the relevant document record. x Risk invalid payments may be made (e.g. cheques may be incorrectly made out (e.g. wrong payee, amount) invalid payments may be made (e.g. fictitious creditors, overpayments) payments may be recorded inaccurately (errors) or may be intentionally misstated to hide fraud. x AUE2602 Page 52 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Computerised Controls in the payments and acquisitions cycle Activity Control The Creditors masterfile What is a Masterfile? The masterfile contains the “Permanent” or “Semi permanent” info. e.g. Creditors masterfile would contain inter alia: •The supplier’s name •The supplier’s account number •The supplier’s ID number / Company registration number •The supplier’s physical and postal address •The s supplier’s credit limit as determined by credit controller /manager •The supplier’s repayment terms (E.g. 30 days, 60 days etc.) Record all master file amendments in a source document x All amendments to be recorded on hardcopy masterfile amendment forms MAFs Authorise MAF (Masterfile amendment form) x MAFs to be pre printed, sequenced and designed in terms of sound document design principles Enter authorised masterfile amendments on the system accurately and completely x The MAFs should be Review masterfile amendments they occurred, were authorised and accurately and completely processed x x signed by two reasonably senior employees in the section (e.g. creditors section head and financial accountant after they have agreed the details of the amendment to the supporting documentation > MAF checked against the written notification from the supplier that the company’s bank account details have changed x Cross referenced to the supporting documentation. Restrict write access to the creditors masterfile to a specific member of the section by the use of user ID and passwords AUE2602 Page 53 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x All masterfile amendments should be automatically logged by the computer on sequenced logs and there should be no write access to the logs x To enhance the accuracy and completeness of the keying in masterfile amendments and to detect invalid conditions, screen aids and programme checks can be implemented. screen aids and related features x Minimum keying in of information x screen formatting, screen looks like MAF, screen dialogue x the account number for a new creditor is generated by the system programme checks, x verification/matching checks to validate a creditor account number against the creditors masterfile x alpha numeric checks x range and/or limit/data approval checks on terms and credit limit field x field size check and mandatory/missing data checks, e.g. credit limit and terms must be entered x sequence check on MAFs entered x The logs should be reviewed regularly be a senior staff member and the sequence of logs themselves should be checked against missing logs AUE2602 Page 54 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x Each log amendment should be checked to confirm that it is supported by properly authorised MAF and the details are correct x The MAF themselves should be sequenced checked against the log to confirm that all MAFs was entered Explain in your own words why the creditors’ masterfile is central to the acquisition and payments system. The accurate and complete processing of authorised purchases and payments depends to a great extent on the integrity of the masterfile. The creditors’ masterfile will contain information relating to the suppliers of the company, the terms that affect payments, balances and the banking details required to make EFT payments to creditors. Explain in your own words what the term “preventative” means in this context. This means that application controls are implemented to prevent mistakes from happening in the first place Provide an example of a preventative application control. Restrict write access to the creditors’ masterfile to a specific member of the section by means of a user ID and passwords. This will prevent/deter unauthorised users from gaining access and making amendments to the masterfile. Provide an example of a detective control. Each logged amendment should be checked to confirm that it is supported by a properly authorised masterfile amendment form (MAF). This will enable management to detect any unauthorised amendments to the masterfile. Name a few logs and reports that are used as part of detective controls over masterfile amendments. The masterfile amendment log is the main log used when making amendments to the masterfile. Various other logs and reports issued in the course of the acquisitions and payments cycle could be used to detect errors during masterfile amendments, such as the masterfile access violation reports and creditors’ ledger exception reports, for example invalid account numbers. Describe the application controls that should be implemented to prevent and detect errors during amendments made to the creditors’ masterfile in a computerised environment. REFER TO THE ABOVE Payment of creditors by electronic funds transfer AUE2602 Page 55 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Accessing the bank account x x x x x The bank’s EFT software is loaded only on a limited number of terminals The entry of the employees’ user ID and password will be sufficient to get the employee to the bank’s webpage (but no further). The entry of an additional PIN number provided by the bank) and unique password by the employee will provide access to the company’s bank account. o This additional PIN will only be made available to the employees who need access to the bank account to perform their function. Once access has been gained to the bank account, a menu of the functions available will be displayed and the access which is given to the employee will be linked to the employees’ user profile. For example, at this stage the cashbook clerk, having identified and authenticated herself successfully may be authorised by her user profile to download bank statements but not authorised to do anything else. To make an EFT payment, an additional authentication procedure is required and this procedure is achieved by requiring the employee to insert the “dongle” in the USB port of the employee’s terminal. This is in effect an additional password which works in conjunction with the employees other identification and authentication requirements: o The privilege of being able to gain access to this payment function will again be given to only those employees who need this access. (A limited number of “authorising” senior employees.) o The “dongle” will be registered to the specific employee and will only operate on a terminal which has the bank’s software loaded on it. o All PINs, and passwords must be kept confidential and the dongle must be used solely by the employee to whom it AUE2602 Page 56 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x is given and must be kept safe at all times. There should be automatic shutdown of the site after three unsuccessful attempts to access the bank account. As a detective measure, attempts at unauthorised access to this function (and the bank account itself) should be logged and followed up. Processing Controls in the acquisitions and payments Segregation (division) of duties Isolation of responsibility AUE2602 Page 57 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Approval, authorisation Custody Access Control AUE2602 Page 58 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Comparison and reconciliation Performance reviews Control techniques and application controls AUE2602 Page 59 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Logs and reports AUE2602 Page 60 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 6 AUE2602 Page 61 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 6: Inventory and Production Safe keeping of inventory (Inventory Controls) Recording of cost were a production process occurs (Warehousing Controls) Documents used in the cycle: Warehousing Functions: The purpose of this function is to 1. Control the transfer of goods in and out of all warehousing facilities, e.g. goods received from "receiving" to the warehouse storage or finished goods received from production into the finished goods store. 2. Physically protect inventory in all warehouses. "Inventory" in production will also need protection but this is likely to be the responsibility production personnel (these employees will be part of the cycle). Documents: x x x x x x x x Goods received notes Material (components) requisitions Picking slip Material (components) issue note Delivery note Transfer to finished goods note Perpetual inventory records Inventory count documentation Risks: x Goods received from suppliers are not transferred into the warehouse timeously or at all (stolen) AUE2602 Page 62 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x Inventory (in whatever form) is stolen or lost Inventory deteriorates in value due to o inadequate physical controls, e.g. gets wet o its nature, e.g. foodstuffs, chemicals x No record is created of goods or components physically moved x The goods or components issued are incorrect resulting in lost sales or production delays x Inventory shortages (including theft) are concealed. Controls: Controlling the movement of goods, components and finished goods. x x x x x No movement of inventory should take place without an authorizing document, e.g. picking slip, material requisition. No movement of inventory should take place without the movement being recorded e.g. a delivery note and material issue note. Whenever there is a transfer of inventory between sections, e.g. receiving section to warehouse, production to finished goods, both the deliverer and the receiver should acknowledge the transfer by, for example, signing the transfer document after having checked the description quality and quantity of the items being transferred against the source documents. For example warehouse personnel and production clerks to sign the material issue note after checking the quality and description of goods being transferred (isolation of responsibilities) Documents should be sequenced and filed numerically Documents must be sequenced checked and missing documents investigated, e.g. a missing GRN in the warehouse will probably indicate that the goods have not been transferred to the warehouse. Controlling damage, theft and loss of inventory in all forms, i.e. In warehouses and during production. Physical controls (the nature and value of the company’s inventory will determine the physical controls which are put in place) Entry and exit Controlled entry and exit Minimum entry and exit points Swipe, cards, keypads, turnstiles, gate control, biometric readers, security guards, X ray (e.g. jewellery manufacture e.g. buying clerks not permitted to enter stores unaccompanied, only production employees allowed in production facility minimum number of windows, solid structure Areas to be dry, clean, neatly packed, pest free and temperature controlled where necessary Cameras/video recording over production (items are easily stolen off the production line), receiving and dispatch areas. Restricted entry Secure building’s Environmental surveillance Comparison and reconciliation AUE2602 Page 63 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x Physical inventory (in all its forms) is compared to theoretical inventory per the perpetual inventory (see point 8 below for a discussion of cycle counts and inventory counts). Actual production is compared to the manufacturing or production schedules Actual production is compared to budgets All material variances should be investigated. Production: Planning, controlling and recording costs Functions: The purpose of production is to manufacture the company's products. Production is essentially a production cycle, the production department will be required to: x x x x x Requisition and receive components from the warehouse. Control costs during manufacture. Record actual costs. Account for the items produced and transfer the items to a warehousing facility. Compare actual and budgeted costs. Documents: x x x x x x Materials requisitions Materials issue notes Job cards Production schedules Production reports Transfer to finished goods notes Risks: x x x x x Unauthorized requisitioning of issue of materials (theft) Requisitioning or Issue of incorrect materials resulting in losses from wastage/delays Failure to budget costs properly resulting in selling prices which are too low and subsequent losses Failure to monitor actual expenditures and identify variances between actual and budget Failure to control the transfer of finished goods to the finished goods store (manufactured items stolen, damaged or lost). Controls: x A costing schedule (budget) must be prepared for all products to be manufactured whether on a ''job cost basis" or a "process costing basis". AUE2602 Page 64 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 These schedules should be carefully compiled by costing personnel and should contain detailed listings of all materials to be used, expected labour costs and an allocation of production overheads. o The schedules should be sequenced, dated and approved by production personnel (signature). o The schedules may be used as the source document for purchase requisitions. x For job orders (job costing) the details on the costing schedule o should be transferred to "job cards" (job sheet) which Are sequenced and dated Contain a list of materials to be used Are cross referenced to a customer order/quote Are cross referenced to a materials requisition and materials issue note Are cross referenced to the daily production schedule Are authorized by the production manager. o No materials should be issued from inventory without a materials requisition which has been checked against the authorized job card. o Whilst the job is in production, the job card should be held in a pending file and updated for labour hours as they are incurred. o On completion of the job, a sequenced “transfer to finished goods form" should be made out. This will: accompany the goods to the finished goods store be cross referenced to the job card be used to write up the finished goods perpetual inventory. o the job cards for completed jobs should be removed from the pending file and "costed" e.g. material prices and labour costs allocated and an overhead allocation made o all calculations should be checked by a second clerk o the job card should then be filed numerically o on a frequent and regular basis, supervisory staff or the production manager should sequence test the completed job card file to confirm that: Each card is cross referenced to a "transfer to finished goods note" and to a sales invoice. Missing job cards are for jobs still in the production stage. o Management should compare completed job cards to quotes and costing schedules and investigate variances. x For process costing o all process runs must be recorded on manufacturing or production schedules which are: sequenced and dated cross referenced to production plan cross referenced to material requisitions authorized by the production manager o As items come off the production line, a sequenced "transfer to finished goods form" should be completed for each day's production or for every say 100 items produced. The "transfer to finished goods note" should: accompany the goods to the finished goods store be cross referenced to the production schedule be used to write up the finished goods perpetual inventory. o Performance reports should be used to measure performance by production shift e.g. wastage, quantities produced, damaged items. o Completed production schedules and performance reports should be sent to "costing" for the allocation of labour and overhead costs as well as for pricing of materials. (The normal method for doing this is by the allocation of standard material, labour and overhead costs). o AUE2602 Page 65 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 o o o o o on a frequent and regular basis, management should date and sequence test the cos ted production schedules to confirm that: the full quantity of production has been cross referenced to "transfer to a finished goods form" Missing schedules are for goods still in production. Management should review performance reports to evaluate the production activity and should follow up on inefficiencies, wastage. Actual costs should be compared to standard costs and variances should be evaluated. the following posting should be made from signed, costed production schedules: Raw material costs, direct labour and manufacturing overheads to the debit of work in progress. cost of goods manufactured to the credit of work in progress and the debit of finished goods All casts, extensions and calculations should be checked before posting. Note: again this may be a computerized system but the principles described above remain the same. Fraud in the cycle Fraud in this cycle can occur through: x x Fraudulent financial reporting Misappropriation of assets Inventory Counts The differences between a cycle count and an annual count: Cycle counts More regular – e.g. once every 3 weeks Only some inventory is counted – e.g. high value items Comparisons to perpetual inventory records Annual count Only at financial year end All inventory must be counted Comparison to theoretical inventory records (not necessarily perpetual records) For both counts Sound count controls and method of physical counting is the same Discrepancies must be thoroughly investigated and followed up on It is very NB for you to read the question carefully – answer what was asked!!! AUE2602 Page 66 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Cycle Count x x x x x x x x The timing of each count should be planned at the start of the year, e.g. two days every three weeks, or at the end of every third month. (In very large companies such as motor manufacturers, cycle counting can be almost a daily exercise.) The items to be counted must be identified. There are a number of ways in which this selection can be done: o Random samples can be selected from the perpetual inventory records o Items which are susceptible to theft or have some other identifying characteristic can be chosen o High value items can be selected or o The entire to inventory population can be divided into sections so that all items are counted at regular intervals during the year o A particular section of the warehouse may be chosen Once these matters have been settled, the physical inventory will be counted using an acceptable method of counting and sound count controls. The physical count quantity for each item counted will be compared to the theoretical quantity on the perpetual inventory records and all count discrepancies will be entered into a sequenced inventory adjustment form All discrepancies must be thoroughly investigated preferably by internal audit and the inventory controller. o Results of the investigations should be recorded on the inventory adjustment form o The warehouse manager should review the forms and authorize the adjustments by signing the form o Inventory adjustment forms should be filed numerically and should be sequenced checked regularly The adjustment to the records should be made by a clerk who is independent of the custody, receiving the issue. The perpetual inventory records should be reviewed periodically by senior warehousing personnel and the adjustments to be records traced back to the authorized inventory adjustment form. An overall analysis of the discrepancies over a period should be conducted to identify any trends e.g. frequent discrepancies in a particular section of the warehouse, so that suitable preventive measures can be put in Year end Invenotry Count Planning and preparation this must take place timeously and should cover: x x x date and time of the count method of counting : how the inventory will be counted and recorded e.g. tag system, all Items counted twice. AUE2602 Page 67 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x x x staff requirements : how count teams are made up e.g. one person from the warehouse one person independent of the warehouse (e.g. accounting department), how many teams are necessary Supervision: who will act as count controller. preparation of the warehouse : tidying racks, packing out half empty boxes onto racks, Marking damaged goods, stacking like goods together, etc. drafting of warehouse floor plan to identify count areas for count teams Identifying all locations and categories of inventory. Design of stationery various documents are used and they should be designed along standard stationery design principles x x x x Inventory sheets: printed, numerically sequenced, reflect the inventory item number, category and location of the inventory in the warehouse, and have columns for first count, second count, discrepancies, and columns for prices and extensions. (In many companies, counters may need to insert descriptions etc. particularly where there is no form of perpetual inventory). in theory, quantities per the perpetual inventory should not be entered on the inventory sheet prior to the count (this forces counters to actually count to arrive at a quantity) but it may not be practical due to time constraints. Inventory tags Inventory adjustment forms. Written instructions count information and instructions should be provided (in writing) for all members directly and indirectly involved in the count. The written instructions should cover: x x x x x x the identification of count teams and the responsibilities of each member of the team the method of counting to be used e.g. tags, double counts, marking counted inventory in two colours with chalk (reflecting the double count) identification of slow moving or damaged inventory as well as consignment inventory controls over issues to and returns of inventory sheets to the count controller Procedures to be adopted if problems arise during count e.g. particular inventory items cannot be found, deliveries of inventory during the count. Detailed instructions concerning dates, times, locations. Conducting the count there are a number of variations on how the inventory count should be conducted but the following procedures should be followed: x x x The count staff should be divided into teams of two, with one member of the team being completely independent of all aspects of inventory. All teams should be given a floor plan of the warehouse which should clearly demarcate the inventory locations for which they are to be held accountable. All inventory should be counted twice. One of the following methods can be adopted: One member of a team counts and the other records, swapping roles thereafter and performing a second count in the same section to which they were assigned. AUE2602 Page 68 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x x x x x x x x x Count teams complete their first counts, hand their inventory sheets back to the count controller and sign for the inventory sheets of another section, thereby doing their second counts on a section already counted by another count team. As items are counted they should be neatly marked by the counters. Where count teams identify damaged inventory these inventory items must be marked as such on the inventory sheets. The contents of boxes where the packaging appears to have been tampered with, should be counted and the details noted on the inventory sheet. A few boxes should be selected at random in each section and the contents compared with the description on the label to confirm that the contents have not been changed/removed and the seal replaced. The count controller (and assistants) should: Walk through the warehouse once the count is complete and make sure all items have been marked twice. Examine the inventory sheets to make sure that first and second counts are the same and agree to the quantities recorded on the perpetual inventory system if there is one. Instruct the count teams responsible for sections where discrepancies are identified to recount the inventory items in question. The count controller should obtain the numbers of the last goods received note, invoice, delivery note and goods returned note used up to the date of the inventory count. No dispatches of inventory should take place on the date of the inventory count. Any inventory received after the count has begun should be stored separately in the receiving bay, until the count is complete and must not be put into the stores. This inventory must be counted and added to the inventory sheets after the count is complete. The counters responsible for the count sheets should draw lines through the blank spaces on all inventory sheets, and sign each count sheet and all alterations. The inventory controller should check that this procedure has been carried out and should sequence test the inventory sheets to ensure that all sheets are accounted for. Count teams will only be formally dismissed once the count is complete and all queries have been attended to. Computerized controls for the inventory and production cycle There are no separate section with the computerized controls for this cycle, however, the principles of the manual controls remain the same. Some examples to consider: x x x Re order levels held in inventory masterfile Production in manufacturing co e.g. automatic creation of production schedules, costing schedules, etc Point of Sales systems e.g. perpetual inventory system. AUE2602 Page 69 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 AUE2602 Page 70 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 UNIT 7 AUE2602 Page 71 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 Unit 7 Payroll and Personnel Cycle Functions and documents Functional areas within the payroll and personnel cycle x Personnel (Human resources) x Time Keeping x Payroll Preparation x Payment preparation and payout x Deductions: Payment and Recording The table will take you through each function, specifically highlighting the purpose of the function, the documentation involved, how the function is performed, and the related risks and controls. PERSONNEL (HUMAN RESOURCES) Functions x To assist with all personnel matters so as to ensure optimum efficiency from the work force, by controlling: o recruitments o dismissals o wage negotiations o labour disputes o staff development x To maintain accurate, complete and valid records for all employees and in doing so to provide the information necessary to produce valid clockcards e.g. if an employee is dismissed no clockcard should be available as this increases the risk of creating fictitious employees. x Likewise the list of employees' details must be accurate and valid e.g. correct wage rates. Documents x Payroll amendment form (PAF) x Employee's file AUE2602 Page 72 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x x List of employees Employee register x x x x Risk Recruiting/retaining unsatisfactory or x unnecessary employees. incorrect dismissal procedures unauthorised amendments to employee records x o fictitious additions o Unauthorised changes in wage rates. inaccurate or incomplete records x x x x x x Internal Control all requests for the appointment or dismissal of employees should originate from the section making the request, e.g. factory, stores, administration, etc, and should be in writing and a motivation provided. requests should be signed by the section head and countersigned by the section manager after reference to the budget. Specifications of the position and the skills required will be agreed by the section and personnel. changes to pay rates, promotions to higher employment grades and any other changes in service conditions, should be decided upon by the personnel department/wage committee after : o due consultation with interested parties, e.g. the union representatives o consideration of relevant laws and regulations, e.g. overtime, pay rates, minimum wage regulations Such changes should be documented and authorised by the authorising body (e.g. wage committee) all amendments to employees details arising from 1 to 4 above, should be promptly committed to sequenced payroll amendment forms which should be cross referenced to the supporting documentation and authorised by a senior member of the personnel section o from time to time the file of PAF's should be reviewed for validity and gaps in sequence sound personnel practices should be followed to obtain honest, competent personnel o interviews, background checks, etc. a file should be kept for each employee and should include o copies of relevant PAF's o the employment contract o performance appraisals and disciplinary warnings o personal details including qualifications, background information. Pre printed, properly designed (preferably sequenced) clockcards should be prepared for each employee on the valid employee list. Blank clockcards should be subject to strict stationery controls. AUE2602 Page 73 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 TIMEKEEPING Functions x This function is required to keep an accurate and complete record of valid hours worked for which the company must remunerate employees. x A system which requires the employee to pass a clockcard through a clocking device to record arrival and departure times is commonly used in manual systems. x Daily hours clocked will be calculated and totaled for the period before being sent to payroll preparation. Documents x Clock cards x Batch control sheet x Batch register Risk x invalid hours recorded by e.g. x o clocking a card for a fictitious employee o employees clocking for absent fellow employees x o employees clocking in and leaving the premises x Hours on clockcard incorrectly calculated for normal and/or overtime. x o normal hours countered as overtime hours (which have a higher rate of pay) x Internal Control entry and exit points to work area to be: o limited (preferably one) o protected by a "turnstyle" type mechanism o supervised during clocking periods clockcards to be prepared by the personnel department, strictly in terms of the authorised employee list, and placed on racks at the entry point at the end of a wage period, the section administration clerk should collect all clockcards for the period and: o agree number of cards to list of employees in the section o calculate ordinary time o calculate overtime o divide cards into workable batches (e.g. 25) o complete a batch control sheet by: entering batch identification (section and period) details entering control totals, i.e. record count (number of clockcards ), total hours, normal and overtime signing to acknowledge responsibility o before the batch of clockcards is transferred to payroll preparation, the section head(s) should o check calculations o authorise overtime (the need to work overtime should be confirmed before it is worked) o check, and sign the batch control sheet details of the batch should be entered in a batch register, and securely transferred to payroll preparation. AUE2602 Page 74 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 PAYROLL PREPARATION Functions x The role of this function is to calculate gross wages and make deductions from employees which must be subsequently paid over, to arrive at net wages, and i.e. create a payroll. x The employee's authorized hours must be multiplied by the employee's authorized normal and overtime rates. The appropriate deductions e.g. PAYE, must be extracted from authorized, up to date tables. This is all recorded on the payroll, which is also referred to as the wages journal. Documents x Clock cards x Deduction tables x Payroll x Updated list of employees x x Risk inclusion of fictitious employees o use of incorrect or unauthorised pay Rates, hours or deduction tables. o Cast and calculation errors. x x x x Internal Control on receipt of the batch of wage cards from timekeeping (the section administration clerk), the wage clerk should check details of batches received, e.g. number of batches, number of cards, and sign the register to acknowledge receipt of the batches the wage clerk should prepare: o the payroll o a coinage schedule o a reconciliation of the difference between the prior periods wages and the current periods wages for the number of employees and amounts for net wages and deductions e.g. if the number of employees for period 1 was 250 and for period 2 it was 275, the wage clerk must reconcile the difference of 25. The difference could be 4 dismissals and 29 appointments giving a net change of 25 employees. Obviously there should be authorised payroll amendment forms to support the dismissals and appointments. o a record of control totals including normal hours and overtime hours per section a supervisor or second wage clerk should: o verify hours and rates used in compiling the payroll against the clockcards and the employee list o verify deductions against the relevant tables o verify amendments to the payroll against the PAFs and vice versa o reperform calculations and the wage reconciliation o sign the payroll the head of payroll preparation should carefully review and sign the payroll and period to period reconciliation, e.g. he may verify a sample of amendments to the AUE2602 Page 75 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 x authorised PAFs and vice versa the cheque for wages should be presented with the payroll and period to period reconciliation, to two cheque signatories who should: o review the payroll for unusual items, e.g. large amounts, excessive overtime o inspect for the presence of control signatures and o sign the payroll and reconciliation. PAYMENT PREPARATION AND PAYOUT Functions x The purpose of this function is to prepare paypackets containing cash and details of how cash is made up. The paypackets are then distributed at the respective sections (paypoints) to employees. Unclaimed wages must also be recorded. Wages must also be recorded. Documents x Payroll x Payslips x Paypackets x Unclaimed wages register x x Risk errors or theft of cash during: o drawing of cash, o making up of paypackets, and o at the payout. misappropriation of unclaimed wages. x x x x x x x Internal Control wage packets should be made up by two wage department members (physical security over all aspects of cash handling should be extremely tight) on delivery of the payroll and paypackets to a section; the section head should: o agree the number of paypackets to the payroll o agree control totals e.g. number of cards, total hours, on the payroll to the batch register and o sign the payroll to acknowledge receipt the paypackets and payroll should be locked away until payout the wage payout should be conducted by at least two employees, e.g. an independent paymaster and the section foreman, both to be present at all times employees should: o present identification e.g. official staff card, prior to receiving their paypackets o acknowledge receipt of their wage packet by signing the payroll o count their cash and immediately report any discrepancies to the paymaster. These should be recorded on the payroll in principle, employees should not be allowed to accept a paypacket on behalf of another employee at the conclusion of the payout, the paymaster and foreman who have conducted the payout, should: AUE2602 Page 76 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 agree all unclaimed paypackets to the payroll (employees who have not signed) o identify clearly on the payroll, all employees for whom there is an unclaimed packet o enter the details of unclaimed wages in an unclaimed wage register o sign the payroll to acknowledge this control procedure the unclaimed paypackets and payroll should be retained by the paymaster who should lock them away when employees wish to collect their unclaimed wages, they must identify themselves to the paymaster and acknowledge receipt of their paypackets by signing the unclaimed wage register regular independent reconciliations of unclaimed paypackets on hand and the unclaimed wage register should be performed and the unclaimed wage register reviewed for unusual occurrences, e.g. trend of more unclaimed wages in a section, same employee name appearing frequently any wages remaining unclaimed after two weeks, should be banked and a copy of the deposit slip attached to the unclaimed wage register and cross referenced to the relevant entries. o x x x x DEDUCTIONS: PAYMENT AND RECORDING Functions x The purpose of this function is to record liabilities in respect of deductions from employee remuneration and to pay these over to the relevant authorities timeously. x Deductions are made from employees wages on behalf of outside bodies e.g. PAYE is deducted on behalf of the South African Revenue Services and therefore as the deduction is made the liability should be raised and then settled within the stipulated period. Companies will be required to complete a return to accompany the payment. Documents x General ledger x Payroll (wage journal) x Cash payment journal x Return form x x x x Risk penalties due to non payment, late x payment or underpayment. criminal/civil charges due to x nonpayment (this is theft) incomplete, inaccurate amounts paid over and/or return forms incorrectly completed. Internal Control isolation of responsibility to one employee for raising and paying over deductions. a strict monthly schedule for: o posting the entries to raise the liabilities for the deductions o making the necessary payments on a timeous basis, and conducting AUE2602 Page 77 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 supervisory checks on the above activities should be prepared. the payroll and return forms should be presented to signatories for their scrutiny before the deduction cheques are signed. They should check the return carefully to see that it has been accurately and properly filled in (payments to SARS can be made on their e filing system). Independent timeous scrutiny of the general ledger accounts for deductions to confirm that tbey are being promptly cl eared, should be carried out by the financial accountant. o x x Computerised Controls in the payroll and personnel cycle Controls which should be carried out when new employees are added to the employees’ masterfile. x Record all masterfile amendments on a source document o The details of each employee to be added to the employee masterfile, should be recorded on a hardcopy masterfile amendment form (MAF). o The MAF should be preprinted, sequenced and properly designed. x Authorise the MAF o The MAF should be signed by two senior employees (for example the human resource manager and factory manager) after having agreed the details to the supporting documentation which should include a letter of appointment and engagement contract. x Enter only authorised MAFs onto the system, accurately and completely o Write access to the employee masterfile should be restricted to a specific member of the human resource section by the use of user IDs and passwords. o All masterfile amendments should be automatically logged by the system on sequenced logs, and there should be no write access to the logs. o To enhance the accuracy and completeness of the keying in of the masterfile amendments and to detect invalid conditions, screen aids and programme (automated) checks will be implemented, for example screen formatting … on accessing the masterfile amendment module, the screen will come up formatted as the masterfile amendment form, or as an employment record. The fields to be completed should be clearly identified, for example the employee name, taxation number. the employee number should be generated by the system. where possible, “drop down” lists should be in use, for example the employee grade and cost centre. programme (automated) checks. mandatory fields on employee identity number and income tax number as well as full banking details. alphanumeric checks and field size checks on, for example, identity number field and tax reference field. range check, limit check and dependency check on wage rate field (programme controls which make use of the relationship between grade of employee and the wage rate). AUE2602 Page 78 Downloaded by phathu mokone (phathu1010@gmail.com) lOMoARcPSD|7502425 o x On screen checking/approval of the MAF could be carried out by a second employee in the human resource department (no write access). Review masterfile amendments to ensure that they occurred, were authorised and were accurately and completely processed o The logs of masterfile amendments should be reviewed by someone independent of the employees who authorised the amendment, for example the financial accountant. o The sequence of logs themselves should be checked and any missing logs should be followed up. o Each additional employee amendment on the log should be checked to confirm that it is supported by a properly authorised MAF and that the details entered, are correct. o The MAFs themselves should be checked against the log to confirm that all MAFs were entered. Programme controls which should be carried out to ensure that hours are only entered by the wage clerk for valid employees, and that hours entered are accurate and complete. x Screen formatting: The screen is designed to facilitate accurate and complete entry. x Minimum entry: The wage clerk is only required to enter the employee number to bring up the other details of the employee. x Validation clerk: The system will compare the employee number entered to the employee masterfile. If there is no match, the wage clerk cannot continue. x Alphanumeric check: For example, the entry of an alphanumeric character in the hours worked field (a numeric field) will be rejected. x Limit check: For example, normal hours entered in excess of the accepted 40 hours norm, will be rejected. x Mandatory field: The process will not continue if the mandatory normal hours field is not entered. x Batch control totals: The entry of batch control totals prior to keying in, and the comparison by the system of these control totals after keying in, will identify inaccurate or incomplete entry. x Access control: Restricting access to the “enter hours module” to the wage clerk will contribute in a general sense to control in this function. AUE2602 Page 79 Downloaded by phathu mokone (phathu1010@gmail.com)
