Uploaded by mbasamaliyakhe

graded-questions-solutions-2023

advertisement
lOMoARcPSD|31485122
Graded Questions Solutions 2023
Auditing II (University of the Witwatersrand, Johannesburg)
Studocu is not sponsored or endorsed by any college or university
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Graded Questions Solutions 2023
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
CHAPTER
2
Corporate governance, internal auditing and audit committees
SUGGESTED SOLUTION TO EXERCISE 2.1
1.
1.1
True
This is the committee’s major function (Companies Act).
1.2
False
Opinion shopping is to be discouraged by the audit committee, it is not an acceptable practice and has
negative connotations.
1.3
False
The opposite is true. The audit committee chairman can bring valuable insights into reporting issues and
provide transparency and an independent perspective for shareholders. This does not undermine the
financial director.
1.4
True
If the audit committee is to ensure the integrity of the financial reports, it will have to review this
important aspect of the report.
1.5
True
This is a board responsibility, but it can justifiably be delegated to the audit committee (who in turn will
report to the board on this matter).
2.
False
This is in fact the task of the audit committee.
3.
False
Not all capitals are applicable to all companies. Large companies may interact with all capitals. However,
not all interactions may be of such a significant nature as to require their inclusion in the integrated report.
It is not required that all capitals be adopted in the integrated report, but they should rather be used as a
guideline to ensure that no relevant capitals are overlooked.
4.
False
Reporting in the triple context requires that companies report on the environmental, economic and social
aspects of a company’s activities, not simply on profits (financial).
5.
False
The audit committee should be responsible for recommending the appointment of the CAE to the board.
The board should approve the appointment (including the employment contract and the remuneration of
the CAE).
6.
True
The audit committee is responsible for ensuring this cooperation.
7.
False
The Companies Act requires all public companies and state-owned entities to appoint an audit committee.
(King IV, however, recommends that all companies who require an audit appoint an audit committee.)
8.
False
While it is certainly a function of internal audit to ‘provide a source of information regarding instances of
fraud, corruption, unethical behaviour and irregularities’ it is not the primary function. Internal audit
evaluates governance processes, risk management, internal control as well as business processes and its
associated controls; it does not restrict itself to fraud investigation.
9.
False
It is true that the board must ensure that the internal audit function is subject to an independent quality
review at least once every five years.
However, it does not stipulate that the external auditors must conduct the review. Such a review is not a
function of the external auditors and would not be an independent review, as internal and external audits
frequently work together.
10.
False
The CEO should not be a member of the remuneration, audit or nomination committee nor, by
implication, can he be the chair.
11.
True
The chairperson should be an independent non-executive director. In this case although the senior partner
would be non-executive he/she would not be independent (principle 7).
12.
False
While financial literacy is an advantage, it is not a requirement to be a director. Many different skills are
required to make up an effective Board, e.g. the production director may not be financially literate but
would probably be very strong technically. In terms of the recommended practices relevant to principle
7, the board should have a suitable diversity of academic qualifications, technical expertise etc. to make
it effective.
13.
False
All members should be non-executive directors of which the majority should be independent.
14.
True
This function is specifically mentioned in the Companies Act section 88.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
15.
False
The CAE should not be a member of executive management and should function independently from
management.
SUGGESTED SOLUTION TO EXERCISE 2.2
1.
2.
3.
4.
1.1
The size, turnover and workforce should be considered, as well as
1.2
the resources that the organisation has at its disposal in order to apply the practices.
1.3
The organisation should also consider the complexity of its strategic objectives and operations.
2.1
Integrity
2.2
Competence
2.3
Responsibility
2.4
Accountability
2.5
Fairness
2.6
Transparency
3.1
Being a responsible corporate citizen includes obeying the law and paying taxes, but it is far more extensive
than that.
3.2
Overall it requires that a company acknowledges that it is part of society and that it has obligations and
responsibilities to society.
3.3
Corporate citizenship involves how a company uses its resources, and how it balances its needs with those of
society, to achieve positive, lasting outcomes for the company itself, society and the environment.
3.4
So, being a responsible corporate citizen requires that companies give due consideration to the consequences
of their decisions and actions on a range of workplace, societal, economic and environmental factors, e.g. is
the outcome of the decision likely to be positive with regard to:
•
the sustainable development of the company
•
human rights
•
the impact on the community in which the company operates
•
fair labour practice
•
prevention of fraud
•
economic transformation.
Introduction
To understand the impact of these global realities, it is necessary to realise that singularly and collectively they present
companies with significant risks to their sustainability. Businesses are an integral part of society and they must be
governed in the context of economic, societal and environmental sustainability. To counter/respond to/address these
global realities companies must be governed by competent, ethical individuals operating within appropriate structures.
Global realities as identified by the King IV Report
1.
Inequality within society: The growing divide between the ‘haves’ and the ‘have nots’ with regard to
resources, access to education, healthcare and living conditions contributes to growing social tension.
Business leaders need to understand that companies are an integral part of society and that to be sustainable
they should lead their companies in a way which can improve the lot of the ‘have nots’ by adopting fair trade
practices and investing in social development programmes which directly address the needs of the ‘have
nots’, e.g. running clinics, providing bursaries for education, building schools.
2.
Climate change: Floods, global warming and other worsening climatic conditions worldwide are causing major
disruption to industry, e.g. placing food security at risk and agriculture. Leaders in industries such as
agriculture and fishing must fully recognise this risk and respond accordingly by securing infrastructure and
having disaster recovery protocols in place. Leaders should also ensure that they run their
companies/industries in a manner which does the least damage to the environment and which does not
contribute to climate change, e.g. controlling CO² emissions.
3.
Overconsumption of natural resources: To meet growing populations, natural assets are being consumed at
a greater rate than nature can reproduce them. Industry leaders must respond to this in innovative ways as
overconsumption is simply not sustainable. Leaders must take decisions which may be unpopular with
persons who seek short-term profits. Leaders will need to address the problem by investing in research,
finding alternatives to their products and balancing the supply and demand of the natural resources their
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
industries consume. Conducting business in a manner that gobbles up natural resources is no longer an
option.
5.
6.
4.
Geographical tensions: Wars, terrorism and civil unrest contribute to global tension. As business is now
global, these tensions will spill over into business. Companies who operate in regions of tension must find
ways of continuing their operations while at the same time protecting their employees and physical
infrastructure.
5.
Stakeholder expectations and transparency: The ever present social-media platforms and the rise of
investigative journalism mean that companies can no longer conceal their actions and secrets. Stakeholders
(customers, employees and society in general) express their frustrations instantly and widely and a company’s
reputation can be significantly damaged in a very short period of time, e.g. a recent racial incident at a chain
of steakhouses that was all over Facebook caused much embarrassment and reputational damage to the
company involved. Similarly, an advertisement in poor taste (racial) aired by an international retailer was also
splashed all over social media and resulted in picketing of and physical destruction of some of the company’s
retail outlets. Leadership needs to recognise this reality and, by ethical and effective leadership, ensure that
the company is not placed in the firing line.
6.
Rapid advancement in technology: Advances in robotics, artificial intelligence nanotechnology, the
proliferation of smart phones and ‘apps’ have placed traditional business models and ways of doing business
under serious pressure. It is essential that business leaders embrace the explosion in technology and adopt it
in the businesses they operate. Keeping up with advancements and innovation will be key to sustainability.
7.
Less stable financial systems: The interlinking and interdependence of the world’s financial markets mean
that financial crises arising within a single large economy will have far reaching negative effects on numerous
other economies and the global economy. As stated previously, business is global and business leaders no
longer operate in the confines of their own restricted location. They must identify and respond to the risks of
being part of an international financial system, many aspects of which are out of their control.
8.
Increased corruption: Corruption and other unethical practices undermine confidence in the business world
and discourage investment in companies that engage in such practices. On the local front think about Eskom,
Prasa, Steinhoff etc. Perceived to be corrupt or engaged in unethical practices, these companies have
destroyed their reputations and have been brought to their knees. This should be a clear message to
leadership that corruption and unethical practices must be recognised as a major risk and must be suitably
responded to.
5.1
Conscience: A director should act with intellectual honesty in the best interests of the company. Conflict of
interest should be avoided, and independence should prevail.
5.2
Care: A director should devote serious attention to the affairs of the company (duty of care).
5.3
Competence: A director should have and should maintain and develop the knowledge and skills to govern the
company.
5.4
Commitment: A director should be diligent in his duties and committed to the company and to ensuring it
performs as it should.
5.5
Courage: A director should have the courage to act with integrity, even if it means ‘going against the flow’
and should have the courage necessary to take the risks associated with running the company.
Any 8 of the following major stakeholders:
•
Suppliers
•
Creditors
•
Employees
•
Government
•
External auditors
•
Consumers/customers
•
Industry
•
Local communities
•
Media
•
Regulators
•
Potential investors.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
SUGGESTED SOLUTION TO EXERCISE 2.3
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
(b) and (d)
(c)
(d)
(c)
(a), (b), (c) and (d)
(a), (b) and (c)
(a)
(b)
(c)
(a) and (d) – Note: For (a) consent is not required; for (d) members of board committees should be disclosed in the
integrated report.
(b)
(c)
11.
12.
SUGGESTED SOLUTION TO EXERCISE 2.7
1.
Because companies are part of society, they are obliged to be (and should want to be) ‘responsible corporate citizens’. Thus,
like any other citizen, the company has rights but also obligations and responsibilities to society.
•
2.
Principle 1 of the King IV Code sets out that ‘the governing body should lead ethically and effectively’.
•
3.
Exploiting the public through false marketing and selling stock at inflated prices after a global pandemic is not something
a good corporate citizen would do.
The CEO and CFO of the company are not acting ethically and they are not cultivating and exhibiting characteristics of
integrity, responsibility, accountability, fairness and transparency, through their actions of inflating prices of vitamins
and falsely marketing them as 100% effective against monkey-pox, and hoping that it would remain hidden from their
auditors.
Furthermore, this happened after a pandemic, when vulnerable members of the public were wary of being exposed to
further illnesses.
•
Thus, the company did not act as a responsible corporate citizen, as per principle 3 of the Code.
4.
As part of the board, the CEO and CFO are not acting as custodians of the corporate governance in the organisation, as per
principle 6 of the Code, as they seem to have no regard for good corporate governance.
5.
By boasting about the fact that MedSupplies (Pty) Ltd has an all-male board, the CEO is not promoting diversity in its
membership (principle 7).
•
6.
7.
Principle 8 of the Code states, inter alia, that the governing body should promote and assist with balance of power.
•
Having the CEO as part of every committee does not achieve the goal of this principle.
•
The governing body should ensure that that there is no undue reliance or dominance by any individual member, in this
case, the CEO.
King IV (in contrast to King III) does not prescribe the minimum number of committee meetings to be held.
•
8.
However, the CEO cannot simply decide that one meeting is sufficient, as this may prevent the committees from
properly performing their functions. (The Audit committee e.g. has many prescribed duties in terms of King IV and the
Companies Act.)
King IV further requires that the audit committee should meet annually with the internal and external auditors respectively,
without the presence of management (see King IV part 5.3 recommended practice 58).
•
9.
The CEO seems quite satisfied with the under-representation of women in the board composition (see King IV part 5.3
recommended practice 10).
Therefore, having only one meeting, with the CEO present, is not practical.
King IV (part 5.3 recommended practice 79) stipulates specifically that the CEO may not form part of the remuneration,
nomination or audit committee and, as such, his being part of all committees is not good corporate governance.
10. Furthermore, the audit committee and nomination committee should, in accordance with King IV, comprise of all nonexecutive directors.
•
The CEO is not a non-executive director and as such he may not be a member of these committees.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
11. Section 94(4) of the Companies Act also requires members of the audit committee to be independent in that a member may
not be involved in the day-to-day management of the company or be a full-time executive employee of the company, such
as the CEO.
12. Section 76 of the Companies Act requires a director, such as the CEO and CFO, to exercise powers and functions in good
faith and in the best interest of the company, and must act with a certain degree of care, diligence and skill.
•
Inflating prices and partaking in false marketing are not seen as actions in the best interests of the company’s
reputation.
13. The company may also be trading recklessly in terms of section 22 of the Companies Act, which states that a company may
not carry on its business recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose.
•
The actions of the company may be seen as negligent and fraudulent – false advertising and exploiting the public.
14. The directors could also be held liable for any losses suffered by the company as a result of their actions in terms of section
77 of the Companies Act.
SUGGESTED SOLUTION EXERCISE 2.9
(a) The board should consider:
(b)
1.
The collective skills, knowledge and experience needed for the board to meet its responsibilities.
2.
The appropriate mix of executive, non-executive and independent non-executive directors.
3.
The need to have sufficient qualified members to serve on board committees.
4.
The need to secure a quorum at meetings.
5.
Regulatory requirements, e.g. JSE regulations state that a listed company must appoint a financial director.
6.
Diversity targets (experience, age, race and gender).
1. Integrity
2. Competence
3. Responsibility
4. Accountability
5. Fairness
6. Transparency
(c)
1. Ethical practice for directors should be non-negotiable; they should adopt and display the highest ethical standards in
their actions and behaviour.
2. Sound moral values and ethics should be propagated by the conduct of individuals throughout the company (regardless
of their position/role).
3. Business activity should be directed by people with integrity, fairness, responsibility, accountability and vision.
4. Laws and regulations should be obeyed, unfair practices should be avoided.
5. ‘Having to be ethical’ cannot be used as an excuse for poor business performance.
(d)
1. The code itself should be:
1.1
practical
1.2
fair to all
1.3
continuously reviewed
1.4
available to all, and understandable
1.5
sufficiently detailed as to guide the behaviour of all concerned
1.6
address all the key ethical risks.
2. Compliance with the code should be overseen by high level (senior) individuals within the organisation.
3. When new staff (of any level) are engaged, the ethical standards of the appointees should be explored in interviews
and referees reports.
4. When promotions take place, the ethical behaviour of the employee being promoted should have been investigated
and found to be beyond reproach.
5. All employees, both on joining the organisation and on a continuing basis, should be communicated with and trained,
regarding the values of the company and how those values are achieved.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
6. The board should introduce a mechanism which provides a safe, confidential means for employees to report unethical
behaviour, e.g. ‘whistle-blowing’ phone lines.
7. The board should delegate authority for the monitoring of, and ‘punishment’ for, breaches of ethical behaviour to fairminded, knowledgeable and respected individuals.
8. The enforcement of discipline should be consistent and appropriate in severity.
9. All levels of management, including the board, should demonstrate their commitment to the Code by their own
behaviour, i.e. they should not simply pay lip service to the Code. This is an important part of ethical leadership.
10. Where an entity or an individual with whom the company has a relationship, does not demonstrate adequate ethical
standards, the company should, and should be seen, to end the relationship.
11. Instances where strong ethical behaviour has been demonstrated in difficult circumstances should be recognised and
‘publicised’.
(e)
Personal conduct of employees
1.
how to deal with bribery, commissions or favours
2.
the use of confidential information
3.
how conflicts of interest in the workplace, should be handled
4.
the use (or misuse) of company resources
5.
personal conduct outside hours of work
6.
HIV/aids policy
The local community
1.
the environmental policy
2.
the company’s involvement in community/social activities
3.
the policy on donations to the community, e.g. cash or kind
4.
policy on community upliftment, e.g. clinics, education
Employment practices
1.
equality of employment
2.
occupational health and safety
3.
education and training
4.
policy regarding sexual harassment.
SUGGESTED SOLUTION TO EXERCISE 2.12
(a)
Company activity
Justification
1. 1.1
Farming
1.1
Changes in climate affect rainfall and temperature; drought and heat can
destroy crops and make animal farming unsustainable.
Commercial fishing
1.2
Rising sea temperatures change fish populations and locations making it more
difficult to harvest the quantities of fish necessary to sustain the business.
Mining – labour
2.1
Large workforce often made up of migrant labour leading to social and health
problems, e.g. prevalence of HIV/Aids.
Trucking (road haulage)
2.2
Truck crews are away from own communities for extended periods,
particularly on long-distance haulage into Africa and prostitution at truck
stops and border posts introduces serious health risks coupled with the fact
that good heavy vehicle long-haulage drivers are a scarce resource.
1.2
2. 2.1
2.2
3. 3.1 Clothing and footwear
3.2 Personal luxury goods
3.1 and 3.2 It is a reasonably simple matter for the branded products in these
sectors, e.g. Nike clothing, Gucci shoes, Rolex watches to be manufactured
locally or imported from Asia at prices (and quality) far below the cost of the
genuine article. The effect of this is felt more by companies selling ‘low’ cost
consumer items than by companies selling, say, motor cars, e.g. fake clothing
compared to fake Toyotas or BMWs.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
4. 4.1
Refineries
4.1
Refining process pumps pollutants into the air.
4.2
Mining and industrial
manufacturers
4.2
Effluent from operations must be disposed of and can find its way into water
systems.
4.3
Waste management
4.3
Waste of all kinds, including toxic waste, must be disposed of. Landfill sites
must be carefully monitored and designed to prevent environmental damage
particularly around sites.
4.4
Forestry
4.4
Uncontrolled harvesting and logging and a failure to properly restore areas
denuded of trees causes environmental damage.
Mining
5.1
Mining companies must obtain licences to mine in a particular region or
country, e.g. the sudden withdrawal of a licence to mine in Angola or the DRC
could seriously threaten sustainability.
Public transport/road
transportation
5.2
It is a serious offence to transport members of the public without a licence; to
retain the licence the company must (should) maintain their vehicles and an
acceptable safety record or be taken off the road.
Music
6.1
The conventional forms of music (e.g. CD, DVD etc.) sales are under threat by
internet sites which allow consumers to purchase individual songs at
reasonable prices, quickly and efficiently.
Printing/publishing
6.2
More and more documents which used to be available only in hardcopy, are
now available as a download off the internet e.g. Acts of Parliament,
government gazettes, company financial statements, application forms. The
list is endless and represents work which has been taken away from printing
companies.
7.1
Obviously if fire spreads through forests, mass destruction of timber can take
place (and does). This has a direct effect on the pulp and paper industry as
timber is an important raw material for them.
5. 5.1
5.2
6. 6.1
6.2
7. 7.1 Forestry, pulp and paper
7.2 Timber product
manufacturers
7.2
Same would apply to saw mills, chipboard manufacturers, etc.
7.3
Many of these companies use and store combustible and flammable products
in their manufacturing or operational process, e.g. an exploding storage tank
at a fuel depot could cause damage from which the company may not
recover.
Civil engineering
contractors
8.1
The majority of government infrastructure contracts go to large civil
engineering contractors. Private-sector projects are unlikely to make up the
shortfall.
Cement and steel
merchants
8.2
These are the major raw materials for infrastructure projects so a decline in
government spending will affect these industries.
Medical service companies
e.g. private hospitals
9.1
If private medical service costs escalate beyond the reach of average
consumers, there will be a shift to government-provided services (probably
encouraged by medical aids).
Pharmaceuticals
9.2
Pharmaceutical companies, particularly those who do not produce generics,
are likely to suffer declines in turnover/profits.
7.3 Chemical, petroleum and
gas
8. 8.1
8.2
9. 9.1
9.2
(b)
1. The high level information security principles are ensuring:
1.1
the confidentiality of information
1.2
the integrity of information
1.3
the availability of information when required (on a timely basis).
2. For a listed company operating private hospitals the ISMS is particularly important for the following reasons:
2.1
The company’s databases are going to contain medical information about patients which both morally and
legally in some cases is highly confidential. Should the information become available to unauthorised individuals
(e.g. as a result of poor access controls) there could be serious legal implications and reputational damage. Both
of these could threaten sustainability.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
2.2
Ensuring the integrity of the system means ensuring the accuracy and completeness of information and
processing of information. A patient’s medical records that are inaccurate or incomplete places that patient at
risk should treatment/operations be required, e.g. a diabetic patient may be administered a drug which is
harmful to his/her condition. This may result in death, reputational damage and liability particularly if the
patient’s records were inaccurate or incomplete as a result of a lack of controls exercised by the hospital, e.g.
poor access controls, poor data-capture controls.
2.3
In the case of a medical emergency, access to a patient’s records or to other database or web-based information
may be critical for the survival of the patient. If the system is ‘down’ or does not make the required information
available when needed, the consequences for the patient and subsequently the hospital may be dire.
2.4
It must also be remembered that the hospitals are profit making businesses in themselves and like all large
businesses there will be numerous ‘transactions’ being entered every day, some seven days a week. A hospital,
particularly a private hospital, cannot be let down by its systems. Thus the security of all its systems and
databases is very important, e.g. drug inventories, debtors, salaries and wages, assets and asset maintenance.
If the hospital does not function properly it will go out of business.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
CHAPTER
4
Basics: Evidence, assertions, internal control
– general computerised environments:
Introduction, general controls
SUGGESTED SOLUTION TO EXERCISE 4.5
(a)
The control environment
The entity’s risk assessment process
The entity’s process for monitoring the system of internal control
The information system and communication
Control activities
(b)
1.
Control environment
Participation by those charged with governance and communication and enforcement of ethical values: The board
(including the chairman) is actively involved in developing a strong sense of ethics in the company. The board
2.
•
sets the conditions of the ethical code
•
communicates to employees the contents of the code and the consequences of breaking the code (full attendance
of the board demonstrates the importance of ethical behaviour)
•
investigates all alleged violations of the code.
Control activity
Custody control: This control is designed to protect the company’s assets (intellectual property) – e.g. research data, formulae
for medications, etc. – from theft/misuse by research personnel.
3.
The information system and communication
The cost accountant and his specialised software are part of the information system designed to produce valid (occurred and
authorised), accurate and complete information pertaining to expenditure on research.
4.
Control activities
4.1
Comparison and reconciliation: This activity amounts to comparing actual research costs incurred against budgeted
research costs to identify any overspending, investigate the causes and resolve any weaknesses that gave rise to the
overspending (to prevent any similar overspending from occurring). Underspending will also be followed up when it has
occurred unexpectedly.
4.2
Performance review: A review by the directors of the performance of the research department in controlling costs.
Note: The direct involvement of two important directors is also part of creating a sound control environment.
5.
Control activities
5.1
Authorisation/approval: The meeting of the two directors is an authorisation process at which the financial director
approves the write-off of a debtor(s) where necessary.
5.2
Isolation of responsibility: Requiring the directors to sign the journal entry supporting documentation isolates the
responsibility of the two directors applying the company’s bad-debt policy and shows that they acknowledge that they have
done so.
5.3
Performance review: In effect, this meeting is also a review of the credit management function.
Note: Again, the direct involvement of two important directors is also part of creating a sound control environment.
6.
The entity’s risk assessment process
This meeting of a committee of the board will be part of the identification and evaluation of, and response to, the strategic risks
(new trends and potential market developments) and compliance risks (regulatory environment) facing the company.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
7.
Control activity
Custody control – physical: This is a control designed to prevent the physical deterioration of one of the company’s assets – e.g.
inventory.
8.
The entity’s process for monitoring the system of internal control
A customer phone-in service is a means of monitoring how certain aspects of the internal control process are doing over time.
Analysis of calls from customers will help the company determine whether it is adequately addressing operational risks
such as distribution of products as well as market-related risks (pricing and product demand). Obviously, some of the
information provided by customers will not relate specifically to the internal control process.
9.
Control activity
Segregation of duties and custody control: This ‘segregates’ the custody of the inventory from the record-keeping related to that
inventory, which in turn contributes to the protection (custody) of the inventory. Neither the custodians of the inventory
(the warehouse manager) nor the pickers can amend the records to cover up shortage of inventory due to theft, etc.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
CHAPTER
8
The revenue and receipts cycle:
Sales, debtors, cash and cash at bank
SUGGESTED SOLUTION TO EXERCISE 8.1
(a)
Having cash in a business is a security risk. There is a potential for theft and physical harm to employees who deal with cash.
(b)
False. Revenue and receipts systems can vary considerably. A number of different products and services can be provided
by businesses, which means that there will be plenty of variation in the systems that you will encounter in practice. Goods
can be sold over the counter, internet, phone etc. Some businesses sell physical goods, while others provide services which
may take a long time to complete (e.g. a membership contract or construction contract).
(c)
(d)
(e)
There is a risk that the customer will not pay and the business may suffer a loss as a result.
(i)
Customer order: external document sent by the customer which details the goods the customer wishes to purchase.
(ii)
Delivery note: records date, description and quantity of goods despatched to the customer and is signed by the
customer to acknowledge the receipt of the goods.
(iii)
Back-order note: contains details of goods that could not be supplied when ordered by a customer as there was no
invertor available; reviewed to establish whether an order has been placed with a supplier for the outstanding
goods.
(iv)
Credit note: an internal document sent to the customer to acknowledge that the customer’s account has been
reduced (credited) for some reason other than for a payment received, e.g. goods have been returned by the
customer.
(v)
Goods-returned voucher: document made out by the company itself that is used to record the details of goods that
have been returned by a customer.
1.
To ensure that completeness testing can take place to identify missing documents;
2.
To provide each document within a document type e.g. each invoice, with a unique identity; and
3.
To facilitate cross-referencing.
SUGGESTED SOLUTION TO EXERCISE 8.5
(a)
There is a risk
•
•
•
•
•
•
•
•
(b)
of the company’s not complying with the Electronic Communications and Transactions Act which may result in the
company facing liability;
in connecting to the internet, of unauthorised access to the company’s computer system, which could lead to service
disruption, virus contamination, data destruction or corruption and the loss of confidential information;
that information keyed in by customers may be inaccurate or incomplete, resulting in orders that cannot be filled,
leading to customer dissatisfaction and loss of sales;
of unauthorised disclosure of confidential customer information (by hacking/eavesdropping or loss of data integrity)
once the transmission of the transaction is underway;
of potential customer loss or reputational damage if customers are not satisfied with the website security;
of loss of customers or reputational damage due to any lack of availability or functioning of the online site, resulting
in loss of sales;
of incorrect online pricing; and
that an inadequate audit trail may hinder the company’s ability to defend itself against legitimate or fictitious claims
or queries pertaining to a transaction (e.g. customers who deny placing orders or customers that claim they have
placed orders that were not filled).
These products can
•
•
log the sites on the WWW that have been accessed by employees (which will dissuade staff form accessing illegal or
unacceptable sites from the office);
prevent users form accessing certain websites;
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
•
•
•
•
control the addresses, length and content of emails, by monitoring the email protocol (thus, emails to or from certain
specified addresses or over a certain length or containing attachments may not be allowed to pass);
pass all incoming files through a virus scanner;
encrypt emails that are sent to specific sites; and
control the delivery of messages to specific PCs.
(c)
•
•
•
•
•
•
•
•
•
•
•
•
•
Orders may be accepted for which payment has not been received.
Orders may not be acted on timeously or at all, resulting in a loss of sales and customer goodwill.
Inaccurate or incomplete order details may be recorded, that will result in incorrect deliveries, returns and customer
dissatisfaction.
‘Out of stock’ items may not be identified resulting in the loss of the sale and customer goodwill.
Valid picking slips may not be acted on.
Goods may be removed for inventory for fictitious/unauthorised sales.
Incorrect items and quantities may be picked.
Inaccurate and incomplete delivery notes may be made out, resulting in a loss of revenue.
Theft may be facilitated by uncontrolled despatch.
Incorrect goods or quantities may be despatched.
Goods may be delivered to the wrong customer.
Customers may deny receiving goods.
Goods released from the warehouse may never be despatched or not despatched timeously.
(d)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Access to the order file should be restricted (specific terminals, password controls and least privileged access).
The order selected should automatically be transferred from the order file to the picking slip file (in effect the sales
order should ‘become’ the picking slip).
A code should be allocated to the order indicating the status of the order and preventing the order from being selected
again for picking.
The screen should be formatted as a picking slip.
The goods picked should be ticked off by the picker against the quantity field on the picking slip, or a number should
be entered into a designated field.
Should the quantity not be available, the actual quantity picked should be entered.
The picker should electronically sign the picking slip.
Different persons should be responsible for picking of the goods (picker) and doing the final checking of the quantity
picked against the picking slip (picking control clerk) (segregation of duties).
The picking control clerk should check the physical goods picked against the picking slip to ensure that there are no
differences between the quantity picked and the quantity indicated as picked on the picking slip.
The picking control clerk should be able to select the number of the picking slip from a drop-down menu.
The picking control clerk must electronically sign the picking slip.
Access to the picking slip should be restricted (restricting the fields which can be changed, password controls and least
privileged access).
All quantity adjustments should be logged.
There should be control over the use of the barcode scanners (physical control over its use and password authorisation
on the system when scanned.)
The warehouse should have suitable physical protection controls over the goods. (e.g. physical access control, fire
extinguishers etc.).
The despatch controller should have read-only access.
The despatch controller should match the physical goods with the onscreen picking slip.
If any errors exist, the despatch controller should not be able to alter the quantity. He should separately log the
difference and resolve the matter with the picking control clerk.
The despatch controller should confirm that the picker has electronically signed off on the document.
The despatch controller should electronically sign the document off.
Activities and access should be logged and logs should be inspected for exceptions.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
SUGGESTED SOLUTION TO EXERCISE 8.7
Weakness
Explanation
1.
There are insufficient physical access controls
1.1 between the finished goods store and the outlet –
inventory is ‘conveniently transferred’ from
finished goods stores to the outlet, and employees
can ‘come and go as they wish’;
1.2 between the outlet and the street – customers (i.e.
anyone) have ‘easy access’ to the outlet.
1.
As an additional uncontrolled ‘entry/exit’ point has been
created to the finished goods store, the increase in the
risk of theft (unauthorised despatches) from the factory
(and the outlet itself) has been increased significantly.
2. The physical layout and lack of security checks increase
the risk of theft by the general public.
2.
‘Customers’ can walk in off the street, steal goods and
exit the outlet without having to pass through any
security.
3. There is no check (division of duties) in respect of the
effecting and recording of a sale by Greta Garbo, i.e. no
security or ‘gate control’ on whether goods leaving the
outlet are supported by a receipt.
3.
Because Greta Garbo is (normally) the only person
involved in a sale, she is able to
4. Finished goods stores clerks assists on an ‘ad hoc’ basis.
4.
5. The receipt made out to record a sale is inadequate as it
is not
5.1 a standardised pre-printed multicopy document;
5.2 not pre-sequenced;
5.3 not checked for correctness of prices, extensions
casts and VAT.
5.1 A standardised pre-printed document would enhance
the accuracy and completeness of recording the sale.
Note: there is also no signage telling customers to obtain
a receipt. This makes it even easier for Greta Garbo or
anyone else working in the shop to steal the proceeds of
a sale.
6. There is inadequate physical protection over cash on
hand at the outlet.
3.1 undercharge on a particular item; or
3.2 not charge at all (friends etc.), thereby allowing
goods (in effect) to be stolen.
This reduces the isolation of responsibilities and gives
the clerks the opportunity to sell goods (fraudulently)
from the finished goods store.
5.2 Because the receipts are not sequenced, there is no
possibility of properly reconciling receipts with cash
sales made. Although an ‘official’ receipt has been made
out and signed by the customer Greta Garbo can simply
destroy her copy of the ‘receipt’ and steal the equivalent
amount of cash. (If a sequenced receipt is made out a
completeness of cash on hand can be carried out.)
6.1 To keep the day’s sales in a moveable cashbox under the
counter in an area which has direct uncontrolled
entry/exit to the street significantly increases the risk of
theft of the box/injury to employees (armed robbery).
6.2 A second key to the cashbox is available, which provides
the opportunity for cash to be stolen when Greta Garbo
is not present.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
7.
7 & 8 Because of these weaknesses
8.
9.
No independent reconciliation of the sales
recorded for the day to the cash on hand takes
place.
7.1 there is no source total for cash sales to which
subsequent reconciliations can be made, e.g.
postings to the cash sales account in the ledger,
cash banked; and
When the cash is transferred between different
parties (e.g. Greta Garbo and Vish Naidoo there
is no acknowledgement of transfer isolation of
responsibility).
There appears to be no reconciliation of cash
sales to inventory movements including
frequent counting (even daily) of inventory on
hand. This combined with the other weaknesses
means that inventory can be stolen (by a number
of people, internal and external) and it will not
be detected.
7.2 cash can be stolen by a number of parties e.g.
Vish Naidoo, the store's clerk who sometimes
drops off the cash (would need the key – easily
obtained), Joe Phule, or anyone who has access
to the company safe. Any amount stolen
cannot be quantified (no source total) or
pinpointed (isolated) to a particular individual.
9.
If proper records were kept of the movement of
inventory, Greta Garbo could be held accountable by
the reconciliation of the movement of inventory (say
daily) with her cash on hand, e.g. for every item sold
there should be the relevant amount of cash.
10. Excessive amounts of cash are held at the
company and allowed to accumulate (not
banked timeously). Inadequate risk assessment
on the part of management.
10.
This increases the risk of armed robbery and
endangers staff.
11. Cash from cash sales is used to pay wages
(company should also insist that all employees
are paid by EFT).
11.
This weakens the control over misappropriation of
cash by unnecessarily complicating the reconciliation
and audit trail of cash receipts and wages, by
combining a cash-generating system and a cash
expense system.
12. There appears to be no independent supervision
or checking on what Joe Phule does and there is
an inadequate division of duties relative to his
function.
12.
He has access to the cash from the outlet. He uses
some of it for a legitimate expense (wages) and banks
the excess cash every month. As there is no
independent reconciliation of what cash he received,
how much he paid in wages and how much he
banked, he could easily misappropriate some of the
excess cash (see point 13 below).
13. There is inadequate control over the
authorisation and accuracy of the journal entry
passed by Otis Redding. He does not
independently verify or reconcile the figures
presented to him.
13.1 Greta Garbo can report any figure she likes for cash
sales, and hence could easily cover up any
misappropriations (she could also easily collude with
Joe Phule to perpetrate larger fraud).
14. Management does not appear to have created a
strong control environment.
14.
13.2 Because there is no reconciliation of actual cash on
hand to theoretical cash on hand before the entry is
passed, theft of cash by Joe Phule will not be
detected.
The failure to implement suitable controls, e.g.
division of duties, isolation of responsibilities, lack of
supervision, particularly in respect of cash and the
physical control of inventory and cash will result in
misappropriation of company assets. Management
appears not to be particularly control orientated.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
SUGGESTED SOLUTION TO EXERCISE 8.12
Weakness
Explanation
1.
There is a lack of basic division of duties as there is no
separate order department to receive and authorise
customer orders.
1.1
As the receptionist is not required to record all
incoming orders in a register, the risk that orders are
lost (and therefore never filled) is increased.
1.1 There is inadequate control over the receipt of
customer orders:
1.2
As the senior warehouse clerk does not acknowledge
receipt of the orders from the receptionist (e.g. by
signing for it) he cannot be held responsible if orders
are lost/not filled, e.g. he can simply deny having
received the order in the first place.
•
A register is not kept of all orders received.
•
There is no acknowledgement of receipt of
orders from the receptionist by the senior
warehouse clerk.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
2.
2.1
If customers’ orders are not recorded on a sequenced
internal document, the risk of orders not being
filled/lost is significantly increased, as there is no
method of sequence testing orders to determine
whether they have all been executed or accounted
for.
2.2
The lack of a properly designed ISO/picking slip, e.g.
with specific blocks for the picker to sign and enter
details of ‘out of stock’ or short picked items will
increase the occurrence of incorrectly picked items
(quantity or description).
2.3
The lack of audit trail makes it more difficult to follow
up on customer queries.
3.1
All orders that are received are filled before checking
whether the order is from an existing customer; if the
customer does not have an account, Carmen Chetty
simply opens one without any evaluation of the
client’s creditworthiness.
3.2
This significantly increases the risk of losses from bad
debts as the company will inevitably make sales to
companies that cannot pay.
3.3
The failure to ‘authenticate’ its customers before
providing them with goods also facilitates fraud being
perpetrated, e.g. anybody (including an employee)
could send through an order from a fictitious
company to obtain goods with no intention of paying
for them. This will result in losses for the company.
The internal documentation initiating sales transactions
is inadequate:
2.1 No pre-printed, properly designed sequenced
internal sales order/picking slip is used to record
customer orders and initiate picking of goods
ordered.
2.2 There is a lack of audit trail.
3.
No (initial) credit management controls are in place.
3.1 Credit is extended to new customers without a
credit application being completed by the
customer and evaluated by Cold Front (Pty) Ltd’s
management.
3.2 no credit terms and limits are set or authorised by
management.
4.
Sales authorisation procedures are inadequate in that
no check is carried out on the credit standing of existing
debtors before their orders are filled, e.g. longoutstanding balance or balance too high.
4.
The failure to carry out checks on existing customers
credit standing, considerably increases the risk of
losses from bad debts (this problem is compounded
by the fact that no credit terms/limits are set).
5.
There appears to be no method of identifying orders
which have been faxed and emailed and sent through
the post (duplicated).
5.
If orders that have been faxed or emailed and sent
through the post are not identified, the same order
will be filled twice, resulting in problems later on in
the cycle, e.g. goods being returned, customer
dissatisfaction.
6.
Controls over the picking of goods are inadequate as
6.1
6.2 pickers do not sign the photocopy order they have
picked (or initial changes they make to the
quantities); and
Customers’ orders are not suitably designed for use as
picking slips; this increases the risk of producing
inaccurate ‘picking slips’ which in turn will result in
the generation of incorrect delivery notes and
invoices.
6.2
6.3 there is no supervisory checks carried out by the
senior warehouse clerk on the picking of the
junior warehouse clerks.
As pickers do not sign the picking slip it is more
difficult to isolate responsibility for errors in picking
and recording.
6.3
This lack of accountability, combined with the fact
that the senior warehouse clerk does not check what
has been picked, will result in a failure to identify
6.1 photocopies of customers’ orders are not suitable
for picking items;
• quantities or items which have been incorrectly
picked (by mistake or as theft); and
• orders that have not been picked at all.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
7.
7.1
Customers will only be aware that they are not
receiving the goods they ordered once the delivery
is made (or, where their entire order cannot be
filled, when they phone to enquire). This may cause
serious disruption in their business and lead to
Coldfront (Pty) Ltd losing future sales.
7.2 no comparison between what the customer
ordered (per the customer order) and what was
despatched (per the delivery note) is made.
7.2
Customers may receive goods they have not
ordered resulting in customer dissatisfaction.
8.
There appears to be no back order system in place
whereby the buying department is notified about
inventory shortages.
8.
Although the pickers (partially) identify ‘out of
stock’ items on the photocopy order, nothing is
done about it; this means that items will remain
‘out of stock’ until normal re-ordering takes place.
Customers will be dissatisfied, and further sales will
be lost.
9.
The despatch section
9.1
9.1 does not acknowledge the transfer of the
picking baskets from the warehouse to
despatch (checking contents before signing for
the baskets); and
Items can go missing or be stolen and the point at
which they went missing cannot be isolated to a
specific section, e.g. a picker may claim to have sent
an item to despatch when in fact he has stolen it.
9.2
Despatch does not ensure that the delivery note is
made out correctly in respect of the description and
quantity of goods actually despatched therefore
Customers are not promptly informed of orders that
cannot be filled at all or can only be partially filled,
because
7.1 no inventory availability check is carried out
when the order is received (no order
department!); and
9.2 does not check the items for which it is making
out the delivery note (details are taken from
the photocopy order).
• mistakes in picking will not be identified; and
• discrepancies between what is on the delivery
note and what is delivered will occur.
10. There is a serious lack of division of duties with
regard to the functions performed by Carmen Chetty.
She
• opens new debtors accounts;
• deals with EFT payments/raises invoices; and
• passes credit notes etc.
11. There is a poor control environment. Management
do not appear to be control conscious or to lead by
example in that
• junior staff are not supervised and checked; and
10. Carmen Chetty carries out incompatible functions.
E.g. she could easily defraud the company by
• writing off amounts owed by friends or family;
• manipulate payments from debtors and pass a
fictitious credit note to cover the loss; and
• arranging with certain customers (other than Cold
Front (Pty) Ltd) to make EFT payments into an
additional bank account over which she has
control, withdraw the payment for herself and
then write off the debt in Cold Front (Pty) Ltd’s
records.
11. The lack of supervisory controls will result in all staff
cutting corners, making errors (and possibly
defrauding the company) which will ultimately cause
losses to the company.
• Carmen Chetty is left to her own devises.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
CHAPTER
10
The acquisition and payments cycle:
Purchases, creditors and accruals
SUGGESTED SOLUTION TO EXERCISE 10.5
1.
Manual review of the automated application control.
2.
General control.
3.
Automated application control.
4.
General control.
5.
IT general control – logical access restricting user access to only authorised users.
6.
IT general control.
7.
IT general control.
8.
Automated application control.
9.
IT general control.
10.
Automated application control.
11.
IT general control – logical access restricting user access to only authorised users.
12.
Manual review of the automated application control.
SUGGESTED SOLUTION TO EXERCISE 10.6
PART A
Weakness
Explanation
1.
1.
Suppliers with whom orders are placed by Shamus
Rennie and Lukas Radebbe, are selected based on
their ‘personal preference’.
This weakness could easily lead to fraudulent practices
in the ordering function. Shamus Rennie and Lukas
Radebbe could place orders with friends/relatives or
could set up their own business to supply C-Saw (Pty)
Ltd at inflated prices.
1.1 Goods of inferior quality may be acquired posing a
threat that finished goods may not meet safety
standards for children’s play equipment.
2.
Before placing the orders Rennie and Radebbe do
not contact the supplier to confirm/specify
2.
2.1 C-Saw (Pty) Ltd paying more than they should for
raw materials/parts; and
2.1 price; and
2.2 availability.
3.
4.
Failure to carry out this procedure could easily result in
2.2 production delays (production is carefully
scheduled).
There is no independent check that
3.
As there is no independent check on the order,
3.1 what has been included on the purchase order
is correct in terms of the documentation
provided by the factory manager; and
3.1 orders which are inaccurate (quantity,
description) or incomplete (items) could be placed
resulting in production delays; and
3.2 only items on the documentation are ordered.
3.2 the administration clerks can order whatever they
like for their own personal use (and have the
company pay) by simply adding items onto the
order.
There is no check by anyone that orders have been
placed
4.1 timeously; or
4.
As nobody checks orders placed against the
(sequenced) production schedules from the factory
manager, inventory (which is required in 15 days) may
be ordered late or not at all, resulting in production
delays, lost sales etc.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
4.2 for all ‘requisitions’ (production schedules)
from the factory manager.
5.
Rennie and Radebbe are able to place orders
without any form of authorising document (e.g.
requisition).
5.
This weakness
5.1 enables the administration clerks (again) to
purchase whatever they like for their own
purposes (and have the company pay); and
5.2 can easily result in overstocking, tying up capital
in inventory unnecessarily and greater losses from
obsolescence.
6.
Rennie and Radebbe do not establish whether any
of the items to be ordered per the list supplied by
the factory manager are already in stock (or
whether items which they buy on ‘special’ are
actually required).
6.
Again, this weakness can easily result in overstocking
(see point 5.2 above). Inventory should be purchased
based on the company’s needs not on the basis of its
suppliers marketing strategies!
7.
There is inadequate documentation in the ordering
and receiving functions.
7.
In the existing system
7.1 the ordering function and receiving functions
have no permanent record of orders placed or
goods received;
7.1 There are insufficient copies of the purchase
order.
7.2 There is no separate document to record the
receipt of goods ordered (goods-received
note).
7.2 there is no evidence of isolation or responsibility
and any queries pertaining to an order or a
receipt of goods cannot be resolved within the
function.
7.3 See point 9.2
8.
There is a totally inadequate division of duties
between the ordering function and the receiving
function; Shamus Rennie and Lukas Radebbe are
responsible for both functions.
8.
This is a major weakness in the cycle as it enables
Shamus Rennie and Lukas Radebbe to order whatever
goods they like for their own purposes and take
possession of the goods. It facilitates theft from the
company.
9.
Receiving controls are inadequate:
9.
This lack of control will result in
9.1 No GRN is prepared (goods are simply ticked
off on the pink copy of the order).
9.2 No quality checks at all (and limited quantity
checks) appear to be carried out. goods are
simply ticked off as they are off loaded.
9.3 Whoever is receiving the goods does not
record any short deliveries/over deliveries,
damaged goods on the supplier’s delivery note
(but signs it anyway); delivery problems are
only identified at a later stage.
9.4 Whoever receives the goods does not sign
anything to indicate that they have carried out
the function.
9.1 an increase in the risk of invalid, inaccurate or
incomplete receipt of goods. Making out a
sequenced, properly designed document (as
opposed to simply ticking items off on a
document designed for another function)
provides for a basis for proper recording of the
receipt of goods, supervisory checking (against
orders, suppliers delivery notes)
acknowledgement of transfer of goods to stores,
subsequent validation of invoices from suppliers
and follow up of unrecorded liabilities;
9.2 the acceptance of damaged goods and incorrect
deliveries;
9.3 disputes with suppliers:
•
by signing the supplier delivery note without
identifying problems with the delivery, the
supplier is entitled to assume that all goods
were correctly delivered and accepted; and
•
the suppliers delivery personnel do not sign
anything to acknowledge delivery problems.
In effect C-Saw (Pty) Ltd has no proof of short
deliveries etc.; and
9.4 any subsequent problems/queries with a delivery
cannot be pinpointed to the administration clerk
who received the goods (isolation of
responsibility).
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
10. Short deliveries are not followed up with the
supplier but are immediately re-ordered; and there
is no indication that orders not executed are
followed up with the supplier.
10. These weaknesses may result in
10.1
C-Saw (Pty) Ltd being charged twice for the
same goods (see point 9.3; the supplier has a
signed delivery note against which it will
invoice C-Saw (Pty) Ltd and another order
against which it will supply goods and invoice
accordingly); and
10.2
production delays, especially where the
supplier cannot supply (Rennie or Radebbe
should establish reason for short or nonsupply).
11. No document is signed (by Rennie/Radebbe and
warehousing personnel) to acknowledge the
transfer of the goods from receiving into
warehousing.
11. Problems with physical inventory (e.g. inventory
shortages) cannot be isolated to their origin, e.g.
inventory could be stolen from the warehouse, but
warehousing could claim they never received it.
12. There is inadequate control over the pink purchase
order.
12. This is the originating document for purchases and the
only copy thereof:
•
•
Copies of the document move between numerous
functions (ordering, receiving, warehouse and
accounting) in an uncontrolled manner, e.g. ‘left on
Clint Castro’s desk’, and could easily be lost,
altered, destroyed.
There is no evidence of frequent sequence testing
and no other internal documents to check the
purchase order against.
13. There is inadequate division of duties between the
keeping of the inventory records and the custody of
inventory; Clint Castro is responsible for both.
13. This fundamental weakness facilitates the covering up
of inventory shortages in the records. As Clint Castro is
responsible for both custody and recording, he is able
to ensure that theoretical inventory and physical
inventory always agree, thus hiding theft etc.
14. There is a very poor control environment.
14. It is obvious from the above that members of
management do not understand the importance of
internal control in the cycle and do not make their
presence felt by supervisory checking, authorising
transactions etc. This will give rise to an environment
in which employees can do as they please.
15. Multiple staff members have access to the
inventory and creditors’ master data file.
15. Although the company saves a significant amount of
time, the decision to grant all staff members in the
purchase order process access to the master data file,
brings control risk to the process.
Changes don’t seem to be reviewed or authorised ‘as
everyone can now go about completing their own
responsibilities’.
May result in human error, and exceptions not being
remediated. Could provide the opportunity for fraud
as bank details etc. can easily be changed for creditors.
Lack of segregation of duties
PART B
a)
b)
auditor
In
transaction,
termscan
of ISA
thus
account
330,
notthe
decide
balance
auditor
that
andmust
there
disclosure,
design
is no need
and
regardless
perform
for substantive
ofsome
the assessed
substantive
testing.risk
Theof
procedures
reason
material
formisstatement.
for
thiseach
is that
material
Theclass of
• risk assessment is judgemental and the auditor may not have identified all risks; and
• Internal control has inherent limitations, including management override.
Substantive tests consist of:
Substantive tests of details. This type of procedure has the purpose of auditing the detail of a transaction, account
balance or disclosure, e.g. ‘Obtain the invoice and recalculate the amounts and VAT calculations’.
c)
Substantive analytical procedures. This type of procedure provides overall evidence, e.g. ‘Compare the purchases
for
different
types
raw
materials
from
period
toauditor
period
and
investigate
any
unusual
when
observing
number,
Observation
being
ora apurchase
watched
is
negative
not of
a very
by
order
quantity,
the
convincing
being
auditor.
toprocessed,
ensure
audit
It should
that
procedure
the
always
the
system
as
be employees
combined
may
willask
reject
the
with
are
it.
clerk
likely
other
toto
insert
audit
perform
procedures,
anfluctuations’.
invalid
their tasks
purchase
e.g.properly
when
order
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
SUGGESTED SOLUTION TO EXERCISE 10.7
Weakness
Explanation
1.
1.
The method used for determining inventory items
and quantities to be ordered is unsatisfactory, i.e.
there are
The failure to implement a more ‘scientific’ method of
determining what items should be ordered will result in
1.1 lost sales due to items being ‘out of stock’; and
1.1 no re-order levels/re-order quantities are set;
and
Note: Percy Garmin sometimes ends up placing orders
for items which are already out of stock.
1.2 no indications from the sales department as to
what items are selling.
1.2 the ordering of items which are not required
resulting in money being unnecessarily tied up in
inventory, liquidity problems and potential losses
from obsolete inventory.
2.
The initiation of orders appears to be solely
dependent on Percy Garmin, (and his knowledge of
the business). He is not supervised or assisted.
2.
Should Percy Garmin be sick, leave the company or
simply fail to carry out his weekly ordering exercise, the
company is likely to suffer inventory availability/loss of
sales problems.
3.
Percy Garmin does not retain a copy of the
warehouse requisition.
3.
As Percy Garmin has no record of what he
requisitioned, he has no way of determining whether
what he requisitioned has been ordered or received.
This may result in items being requisitioned a second
time and orders being duplicated.
4.
No copy of the purchase order is sent to the
receiving department.
4.
As the receiving department has no record of what has
been ordered, it will have no means of checking
whether goods delivered by the supplier are
4.1 in response to a valid (authorised) order; and
4.2 correctly delivered in terms of description and
quantity.
The company may well end up taking into inventory,
and paying for, goods that were never ordered, or are
incorrect resulting in losses, inventory obsolescence
etc.
5.
There is no follow up to determine whether
purchase orders placed have been filled.
5.
As this follow up is not carried out, goods ordered may
never be received resulting in more ‘out of stock’
situations, lost sales and dissatisfied customers.
5.1 Arnold Image has no means of following up as
he does not know what has been received.
5.2 The receiving department has no (pending)
copy of the purchase order to identify ‘long
outstanding orders’.
5.3 There is no check in the warehouse of goods
received against the original requisition.
6.
There is no approved supplier list, i.e. no
independently authorised list of suppliers who have
been evaluated for reliability, pricing and quality,
from which Arnold Image can make purchases.
6.
As Arnold Image has total control over which suppliers
the company purchases from, he is in a position to use
suppliers that provide him (personally) with benefits to
the detriment of the company, by e.g. paying high
prices to a supplier who is a family member, taking
bribes or kickbacks for placing orders etc.
7.
Arnold Image does not contact suppliers prior to
placing the order to confirm availability, pricing and
delivery time.
7.
This may result in the company paying higher prices
than they should, delivery problems etc. resulting in
lost sales.
8.
There is a lack of supervisory control over the
ordering function, i.e. nobody checks the orders
placed by Arnold Image for
8.
As there is no supervisory check, Arnold Image could
quite easily be placing orders
8.1 accuracy and authority;
8.2 suitability of the supplier, reasonableness of
price and correctness of detail; and
8.1 which do not appear on the warehouse requisition
and are for his own personal use, and for which
the company will pay; and
8.3 the nature of the goods being ordered.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
Weakness
Explanation
8.2 which are inaccurate (quantity, description)
incorrectly priced or from inappropriate,
unreliable suppliers.
9.
There is a serious breach of division of duties where
Arnold Image is allowed to assist in ‘receiving’ and
the warehouse.
10. The goods received clerk conducts his checks
against the suppliers delivery note, not the order
placed by Streetwheels (Pty) Ltd.
9.
Allowing Arnold Image access to ‘receiving’ and the
warehouse gives him access to any goods he may have
(fraudulently) ordered for his own personal use. (As he
is unsupervised, he can go into receiving ‘to help’
whenever he needs to).
10. The receiving clerk has no copy of the order and hence
can only check deliveries against the supplier delivery
note.
This may result in
11. No properly designed document (usually a goods
received note) is made out to record deliveries.
10.1
goods that were never ordered at all, being
accepted;
10.2
incorrect quantities being accepted (over or
under); and
10.3
items not delivered never being identified.
11. A properly designed and sequenced GRN facilitates
11.1
the recording of every delivery on an internal
document, a copy of which can be retained in
the warehouse for reference purposes;
11.2
easy follow up of queries (by GRN reference),
sequence testing for identification of missing
GRNs, and cross-referencing to orders both at
the receiving bay and subsequently; and
11.3
a reduction in the risk of invalid payments to
creditors, i.e. the GRN is good evidence, when
matched to orders and supplier documents,
that the goods to be paid for have been
received.
12. There is a lack of division of duties/isolation of
responsibility in respect of the transfer of goods
between the receiving bay and the warehouse.
12. The goods receiving clerk is responsible for receiving
goods but also for placing them in the warehouse. This
means that the personnel who have custody of the
inventory (e.g. Percy Garmin) do not acknowledge
receipt of what they are required to control. Any
inventory shortages cannot be ‘isolated’ to where they
occurred.
13. The control environment is weak. The inadequate
supervision and poor system and document design
suggest a poor attitude to control by management.
13. A poor control environment gives rise to an increased
risk of fraud and theft in a cycle which is by its nature,
susceptible to fraud and theft.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
CHAPTER
11
Inventory and production cycle
SUGGESTED SOLUTION TO EXERCISE 11.5
(a)
1. General control
2. IT General control
–
–
3.
4.
5.
6.
–
–
–
–
General control
IT General control
IT General control
General control
Continuity of reconciliation.
Could be regarded as part of the company’s ‘general’ access policy, i.e. needto-know basis.
Systems development (program maintenance) and control environment.
Access control (physical).
Logical access control (custody).
Control environment (human resource policies and practices).
(b)
It is important to remember that control activities in a computerised system will be a combination of manual and
automated (programmed) controls. As the auditor, you may determine which automated application controls are
present at Santacruz (Pty) Ltd, and then test the IT general controls that support those automated application
controls. There are a number of automated application controls at Santacruz (Pty) Ltd that, as a result, will require IT
general controls tests. As a minimum, the auditor should test the access controls and the change management
controls.
(c)
Test logical access control
•
Select a sample of users who have access to inventory and determine whether they have been granted access in
accordance with their job profiles.
•
Enquire whether any changes have been made to the user profiles during the financial year and review the modifications.
•
Select a sample of terminated employees and determine whether their access was revoked timeously when they
left Santacruz (Pty) Ltd.
•
Select a sample of new users and determine whether they have been granted the appropriate access.
•
Review segregation of duties reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any
users where two or more parts of a transaction can be completed by a user.
•
Review toxic combination reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any toxic
combinations.
•
Review the super users within Santacruz and determine whether the superuser/superusers are appropriate.
•
Password controls: Review the password settings for the inventory application which includes the following:
–
Systems configuration settings to retain the history of passwords, i.e. 12 months’ worth of passwords.
–
Password settings enforce new passwords on a monthly basis.
–
Password settings enforce incorrect password access attempts up to three times and then lock the accounts.
–
Passwords are a combination of letters, numbers, special characters etc. and in line with the password policy.
–
Review the password policy to confirm that users may not share their passwords.
SUGGESTED SOLUTION TO EXERCISE 11.8
1.
Despatch from warehouse to stores
1.1
Branch managers should anticipate inventory needs timeously (Cardex see point 3.1) and should place
an order with the central warehouse on preprinted order forms which
•
are sequentially numbered;
•
indicate the branch;
•
are signed by the branch manager; and
•
describe the required shoes accurately e.g. quantity required, code, size etc.
1.2
No despatches from the warehouse should take place without such an order.
1.3
On the strength of the order a three-part despatch note should be prepared by the warehouse
administration clerk and checked and signed by the store’s controller and
•
two copies must accompany the delivery (to the branch);
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
2.
3.
one (signed) copy must remain at the branch for its records;
•
the second copy must be signed and returned to head office as proof of delivery; and
•
the third copy must remain ‘in the book’ as a permanent record.
1.4
On despatch, a gate controller at the warehouse should check the goods to the despatch note and should
not allow any goods to leave without a correct despatch note (two copies).
1.5
On a daily basis the stores controller at the central warehouse must confirm that all despatch notes
(permanent copy) are cross-referenced to and supported by an order by inspection thereof.
1.6
Branch managers should monitor that all orders are filled timeously, by retaining a duplicate copy of the
order and cross-referencing to despatch notes daily.
1.7
A sequence control over orders and despatch notes should be carried out to ensure that they are all
accounted for on a regular and frequent basis.
1.8
All despatches should take place at selling price (to facilitate ease of inventory and cash reconciliation).
Receiving of goods by stores
2.1
The branch manager should be responsible for receiving deliveries from the central warehouse.
2.2
On receipt, a careful check must be made on quality and quantity against the order and the despatch
note. Any discrepancies must be noted on both copies of the despatch document and signed by the
manager and delivery person (driver).
2.3
The manager must sign the despatch note and retain and file the top copy with the corresponding order
number.
Physical controls
3.1
4.
•
The branch manager, should maintain a simple cardex (system where each item has its own card that
lists current quantity and is manually updated for purchases and sales) of all inventory on hand. The
cardex should be written up from
•
despatch notes (see point 1.3); and
•
cash sales invoices.
3.2
The manager and a salesperson/cashier should perform frequent inventory counts (on a test basis) and
the count quantities should be reconciled to the cardex quantities.
3.3
The internal auditor should conduct surprise inventory counts frequently and should agree the inventory
on hand to the inventory cardex. Managers are responsible for all shortages.
3.4
The storeroom should only be accessible through the shop itself, i.e. any outside doors and windows
should be barred off.
•
Staff must have free access to the storeroom, but no other persons should be allowed in the
storeroom e.g. customers or delivery people. The manager and staff must enforce this control by
being vigilant as physical controls are inappropriate.
•
The storeroom and shop must be protected against fire etc.
3.5
Inventory in the store itself should also be controlled by displaying only one of the pair of shoes.
3.6
The store should be laid out in such a way as to make it very difficult for someone to leave without passing
a till. A security guard or electronic detectors should be used to reduce shoplifting.
3.7
Staff should be checked at the end of the day to ensure that they are not removing inventory (feet as
well).
3.8
Security guards should be on duty at night.
Down payments
Note:
There is a danger that ‘down payment’ monies could be used to hide an inventory shortfall.
4.1
The following (full) details of customers placing down payment should be kept in a ledger by the branch
manager:
4.2
•
name;
•
address;
•
contact number;
•
dates;
•
code, description, size etc. of shoes;
•
receipt numbers; and
•
amounts.
A simple down payment contract should be drawn up (name of customer, price, date, shoe description
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
etc.) and signed by customer and authorised by the store manager.
4.3
4.4
A sequentially numbered down payment receipt must be completed in duplicate.
•
The receipts must be signed by the customer and the manager.
•
The customer must retain a copy and be advised not to lose it.
‘Down payment’ shoes should not be released until the full purchase price has been received.
•
The manager must authorise release of shoes after reconciling customer copy of down payment
receipts with the outlet’s copy and with the ledger.
•
Customer copies of receipt must be cancelled (or retained) so that they cannot be used again.
•
Down payment contract must be ‘cancelled’ or signed off by both parties.
4.5
The shoes being purchased must be put aside in a separately demarcated area in the storeroom for the
customer.
4.6
Cash received on down payment should be separately identified in the daily cash receipts reconciliation
and this figure should be reconciled to the day’s down-payment receipts.
4.7
Internal audit should reconcile down payment records with ‘down payment’ shoes set aside, at the same
time as conducting their surprise counts (see point 3.3 above) to ensure there is no manipulation of down
payments.
SUGGESTED SOLUTION TO EXERCISE 11.9
(a)
1.
Preparation and planning of the count was inadequate which could contribute to an inaccurate and
incomplete count.
1.1
Holding the count over two afternoons so as to allow normal delivery and dispatch was not
sensible; a non-trading day or overtime count would have resulted in a more efficient count
(total count time only eight hours).
1.2
The method of counting was inadequate; no tag system or double count.
1.3
No count controller was appointed to direct count.
1.4
Composition of the counters was totally inadequate.
While knowledge of the product is important, counting should be done in teams, one of whom should be
independent of the warehouse function.
2.
3.
4.
1.5
If pickers have been involved in misappropriating inventory, they are now in a perfect position
to hide any shortages by having the perpetual inventory records amended (amendments were
done without authority or investigation).
1.6
There is no evidence that the warehouse was prepared for the count. Although it is ‘tidy’, a
number of procedures should have taken place:
•
marking damaged, slow-moving obsolete goods;
•
identifying expired (nearly expired chemicals);
•
preparing a secure area for deliveries to be received during the count/making sure goods
received up to the 30th have been unpacked; and
•
identifying the location of Bushblaze Inc inventory (consignment inventory).
Count stationery was inadequately designed and incomplete
2.1
In this situation (single counter) it would have been better to have excluded the quantities from
the inventory sheets, to force the counters to count the inventory, not just tick it off.
2.2
The inventory sheets should also have columns for second count and discrepancies.
2.3
There is no document (tag or similar) to identify the count details per item, e.g. quantity.
2.4
There are no inventory adjustment forms on which count differences/adjustments/results of
investigation can be entered for authorisation before the inventory records are adjusted.
No written instructions were prepared for the count, which again will result in a substandard count.
3.1
No identification of who should count what – pickers decided themselves.
3.2
No method of counting conveyed to counters and count controller and auditors.
3.3
No instructions relating to matters raised in point 1.6 or how problems on the count are to be
resolved.
The count itself was inadequately conducted
4.1
Inventory only counted once; there was no recount by another counter when a discrepancy
was identified.
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
lOMoARcPSD|31485122
(b)
4.2
No identification and recording of slow-moving, expired, damaged or consignment inventory.
4.3
No count controller, so no walk-through of the warehouse once the count was complete, and
no method of determining whether all inventory has been counted.
4.4
No procedures conducted to ensure that goods received or dispatched during the count were
properly accounted for, e.g. quantity reduced when the dispatch of an item (say on 31 July)
which had already been counted on 30 July took place.
No, I would not be satisfied.
Justification
1.
Prior to the inventory count
1.1
Ted Mitton did not determine/confirm the locations at which inventory to be counted, was
stored.
1.2
He did not request a copy of the count instructions.
Had he done so, he would have identified that there were no written instructions and in doing so, preempted the poor inventory account.
1.3
2.
3.
He did not enquire as to whether Firezone Ltd had any inventory which should not have been
included in the count and how this would be identified.
During the inventory count
2.1
Although the trainees observed the pickers counting, it was for short periods only, which in the
light of the poor count planning, was insufficient, e.g. counters could easily have just ticked off
items without counting them.
2.2
The trainees did not test count in both directions; as a result no items of physical inventory
were randomly selected from the warehouse, counted and quantities compared to the
perpetual inventory records (completeness).
2.3
The trainees made no effort to identify obsolete, slow-moving, damaged inventory.
2.4
They also failed to inspect the expiry dates on chemicals with limited shelf lives.
2.5
The trainees did not resolve count discrepancies, either from their own test counts or the
pickers’ counts, by recounting with the Firezone Ltd count staff.
2.6
The trainees did not compile a workpaper which recorded the movement of inventory during
the count, particularly deliveries and dispatches on the morning of the 31 July, affecting items
already counted.
2.7
The trainees did not confirm (and record) with the counters which items of inventory at the
year end belonged to Bushblaze Inc, to ensure that they had not been included in the inventory
sheets.
2.8
Ted Mitton did not test the numerical sequence of the inventory sheets, before or after the
inventory count, to confirm that the sheets were all accounted for.
At the conclusion of the count
3.1
Ted Mitton did not take precautions to ensure that the inventory sheets could not be amended
after the count, e.g. by taking photocopies and ensuring that all alterations were signed (by
himself or Zane); initialling each sheet does not prove anything.
3.2
He also did not retain sufficient evidence, e.g. get a copy of the inventory sheets
printed/photocopied after adjustments had been made. Inventory sheets were left with the
factory administration clerk.
3.3
Ted Mitton did not record the ‘cut-off’ numbers of documents used in the inventory and
production cycle or compile a list of goods received notes (number etc.) which had not been
matched to supplier invoices (particularly important in view of the movement of inventory
during the count).
Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)
Download