lOMoARcPSD|31485122 Graded Questions Solutions 2023 Auditing II (University of the Witwatersrand, Johannesburg) Studocu is not sponsored or endorsed by any college or university Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Graded Questions Solutions 2023 Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 CHAPTER 2 Corporate governance, internal auditing and audit committees SUGGESTED SOLUTION TO EXERCISE 2.1 1. 1.1 True This is the committee’s major function (Companies Act). 1.2 False Opinion shopping is to be discouraged by the audit committee, it is not an acceptable practice and has negative connotations. 1.3 False The opposite is true. The audit committee chairman can bring valuable insights into reporting issues and provide transparency and an independent perspective for shareholders. This does not undermine the financial director. 1.4 True If the audit committee is to ensure the integrity of the financial reports, it will have to review this important aspect of the report. 1.5 True This is a board responsibility, but it can justifiably be delegated to the audit committee (who in turn will report to the board on this matter). 2. False This is in fact the task of the audit committee. 3. False Not all capitals are applicable to all companies. Large companies may interact with all capitals. However, not all interactions may be of such a significant nature as to require their inclusion in the integrated report. It is not required that all capitals be adopted in the integrated report, but they should rather be used as a guideline to ensure that no relevant capitals are overlooked. 4. False Reporting in the triple context requires that companies report on the environmental, economic and social aspects of a company’s activities, not simply on profits (financial). 5. False The audit committee should be responsible for recommending the appointment of the CAE to the board. The board should approve the appointment (including the employment contract and the remuneration of the CAE). 6. True The audit committee is responsible for ensuring this cooperation. 7. False The Companies Act requires all public companies and state-owned entities to appoint an audit committee. (King IV, however, recommends that all companies who require an audit appoint an audit committee.) 8. False While it is certainly a function of internal audit to ‘provide a source of information regarding instances of fraud, corruption, unethical behaviour and irregularities’ it is not the primary function. Internal audit evaluates governance processes, risk management, internal control as well as business processes and its associated controls; it does not restrict itself to fraud investigation. 9. False It is true that the board must ensure that the internal audit function is subject to an independent quality review at least once every five years. However, it does not stipulate that the external auditors must conduct the review. Such a review is not a function of the external auditors and would not be an independent review, as internal and external audits frequently work together. 10. False The CEO should not be a member of the remuneration, audit or nomination committee nor, by implication, can he be the chair. 11. True The chairperson should be an independent non-executive director. In this case although the senior partner would be non-executive he/she would not be independent (principle 7). 12. False While financial literacy is an advantage, it is not a requirement to be a director. Many different skills are required to make up an effective Board, e.g. the production director may not be financially literate but would probably be very strong technically. In terms of the recommended practices relevant to principle 7, the board should have a suitable diversity of academic qualifications, technical expertise etc. to make it effective. 13. False All members should be non-executive directors of which the majority should be independent. 14. True This function is specifically mentioned in the Companies Act section 88. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 15. False The CAE should not be a member of executive management and should function independently from management. SUGGESTED SOLUTION TO EXERCISE 2.2 1. 2. 3. 4. 1.1 The size, turnover and workforce should be considered, as well as 1.2 the resources that the organisation has at its disposal in order to apply the practices. 1.3 The organisation should also consider the complexity of its strategic objectives and operations. 2.1 Integrity 2.2 Competence 2.3 Responsibility 2.4 Accountability 2.5 Fairness 2.6 Transparency 3.1 Being a responsible corporate citizen includes obeying the law and paying taxes, but it is far more extensive than that. 3.2 Overall it requires that a company acknowledges that it is part of society and that it has obligations and responsibilities to society. 3.3 Corporate citizenship involves how a company uses its resources, and how it balances its needs with those of society, to achieve positive, lasting outcomes for the company itself, society and the environment. 3.4 So, being a responsible corporate citizen requires that companies give due consideration to the consequences of their decisions and actions on a range of workplace, societal, economic and environmental factors, e.g. is the outcome of the decision likely to be positive with regard to: • the sustainable development of the company • human rights • the impact on the community in which the company operates • fair labour practice • prevention of fraud • economic transformation. Introduction To understand the impact of these global realities, it is necessary to realise that singularly and collectively they present companies with significant risks to their sustainability. Businesses are an integral part of society and they must be governed in the context of economic, societal and environmental sustainability. To counter/respond to/address these global realities companies must be governed by competent, ethical individuals operating within appropriate structures. Global realities as identified by the King IV Report 1. Inequality within society: The growing divide between the ‘haves’ and the ‘have nots’ with regard to resources, access to education, healthcare and living conditions contributes to growing social tension. Business leaders need to understand that companies are an integral part of society and that to be sustainable they should lead their companies in a way which can improve the lot of the ‘have nots’ by adopting fair trade practices and investing in social development programmes which directly address the needs of the ‘have nots’, e.g. running clinics, providing bursaries for education, building schools. 2. Climate change: Floods, global warming and other worsening climatic conditions worldwide are causing major disruption to industry, e.g. placing food security at risk and agriculture. Leaders in industries such as agriculture and fishing must fully recognise this risk and respond accordingly by securing infrastructure and having disaster recovery protocols in place. Leaders should also ensure that they run their companies/industries in a manner which does the least damage to the environment and which does not contribute to climate change, e.g. controlling CO² emissions. 3. Overconsumption of natural resources: To meet growing populations, natural assets are being consumed at a greater rate than nature can reproduce them. Industry leaders must respond to this in innovative ways as overconsumption is simply not sustainable. Leaders must take decisions which may be unpopular with persons who seek short-term profits. Leaders will need to address the problem by investing in research, finding alternatives to their products and balancing the supply and demand of the natural resources their Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 industries consume. Conducting business in a manner that gobbles up natural resources is no longer an option. 5. 6. 4. Geographical tensions: Wars, terrorism and civil unrest contribute to global tension. As business is now global, these tensions will spill over into business. Companies who operate in regions of tension must find ways of continuing their operations while at the same time protecting their employees and physical infrastructure. 5. Stakeholder expectations and transparency: The ever present social-media platforms and the rise of investigative journalism mean that companies can no longer conceal their actions and secrets. Stakeholders (customers, employees and society in general) express their frustrations instantly and widely and a company’s reputation can be significantly damaged in a very short period of time, e.g. a recent racial incident at a chain of steakhouses that was all over Facebook caused much embarrassment and reputational damage to the company involved. Similarly, an advertisement in poor taste (racial) aired by an international retailer was also splashed all over social media and resulted in picketing of and physical destruction of some of the company’s retail outlets. Leadership needs to recognise this reality and, by ethical and effective leadership, ensure that the company is not placed in the firing line. 6. Rapid advancement in technology: Advances in robotics, artificial intelligence nanotechnology, the proliferation of smart phones and ‘apps’ have placed traditional business models and ways of doing business under serious pressure. It is essential that business leaders embrace the explosion in technology and adopt it in the businesses they operate. Keeping up with advancements and innovation will be key to sustainability. 7. Less stable financial systems: The interlinking and interdependence of the world’s financial markets mean that financial crises arising within a single large economy will have far reaching negative effects on numerous other economies and the global economy. As stated previously, business is global and business leaders no longer operate in the confines of their own restricted location. They must identify and respond to the risks of being part of an international financial system, many aspects of which are out of their control. 8. Increased corruption: Corruption and other unethical practices undermine confidence in the business world and discourage investment in companies that engage in such practices. On the local front think about Eskom, Prasa, Steinhoff etc. Perceived to be corrupt or engaged in unethical practices, these companies have destroyed their reputations and have been brought to their knees. This should be a clear message to leadership that corruption and unethical practices must be recognised as a major risk and must be suitably responded to. 5.1 Conscience: A director should act with intellectual honesty in the best interests of the company. Conflict of interest should be avoided, and independence should prevail. 5.2 Care: A director should devote serious attention to the affairs of the company (duty of care). 5.3 Competence: A director should have and should maintain and develop the knowledge and skills to govern the company. 5.4 Commitment: A director should be diligent in his duties and committed to the company and to ensuring it performs as it should. 5.5 Courage: A director should have the courage to act with integrity, even if it means ‘going against the flow’ and should have the courage necessary to take the risks associated with running the company. Any 8 of the following major stakeholders: • Suppliers • Creditors • Employees • Government • External auditors • Consumers/customers • Industry • Local communities • Media • Regulators • Potential investors. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 SUGGESTED SOLUTION TO EXERCISE 2.3 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. (b) and (d) (c) (d) (c) (a), (b), (c) and (d) (a), (b) and (c) (a) (b) (c) (a) and (d) – Note: For (a) consent is not required; for (d) members of board committees should be disclosed in the integrated report. (b) (c) 11. 12. SUGGESTED SOLUTION TO EXERCISE 2.7 1. Because companies are part of society, they are obliged to be (and should want to be) ‘responsible corporate citizens’. Thus, like any other citizen, the company has rights but also obligations and responsibilities to society. • 2. Principle 1 of the King IV Code sets out that ‘the governing body should lead ethically and effectively’. • 3. Exploiting the public through false marketing and selling stock at inflated prices after a global pandemic is not something a good corporate citizen would do. The CEO and CFO of the company are not acting ethically and they are not cultivating and exhibiting characteristics of integrity, responsibility, accountability, fairness and transparency, through their actions of inflating prices of vitamins and falsely marketing them as 100% effective against monkey-pox, and hoping that it would remain hidden from their auditors. Furthermore, this happened after a pandemic, when vulnerable members of the public were wary of being exposed to further illnesses. • Thus, the company did not act as a responsible corporate citizen, as per principle 3 of the Code. 4. As part of the board, the CEO and CFO are not acting as custodians of the corporate governance in the organisation, as per principle 6 of the Code, as they seem to have no regard for good corporate governance. 5. By boasting about the fact that MedSupplies (Pty) Ltd has an all-male board, the CEO is not promoting diversity in its membership (principle 7). • 6. 7. Principle 8 of the Code states, inter alia, that the governing body should promote and assist with balance of power. • Having the CEO as part of every committee does not achieve the goal of this principle. • The governing body should ensure that that there is no undue reliance or dominance by any individual member, in this case, the CEO. King IV (in contrast to King III) does not prescribe the minimum number of committee meetings to be held. • 8. However, the CEO cannot simply decide that one meeting is sufficient, as this may prevent the committees from properly performing their functions. (The Audit committee e.g. has many prescribed duties in terms of King IV and the Companies Act.) King IV further requires that the audit committee should meet annually with the internal and external auditors respectively, without the presence of management (see King IV part 5.3 recommended practice 58). • 9. The CEO seems quite satisfied with the under-representation of women in the board composition (see King IV part 5.3 recommended practice 10). Therefore, having only one meeting, with the CEO present, is not practical. King IV (part 5.3 recommended practice 79) stipulates specifically that the CEO may not form part of the remuneration, nomination or audit committee and, as such, his being part of all committees is not good corporate governance. 10. Furthermore, the audit committee and nomination committee should, in accordance with King IV, comprise of all nonexecutive directors. • The CEO is not a non-executive director and as such he may not be a member of these committees. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 11. Section 94(4) of the Companies Act also requires members of the audit committee to be independent in that a member may not be involved in the day-to-day management of the company or be a full-time executive employee of the company, such as the CEO. 12. Section 76 of the Companies Act requires a director, such as the CEO and CFO, to exercise powers and functions in good faith and in the best interest of the company, and must act with a certain degree of care, diligence and skill. • Inflating prices and partaking in false marketing are not seen as actions in the best interests of the company’s reputation. 13. The company may also be trading recklessly in terms of section 22 of the Companies Act, which states that a company may not carry on its business recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose. • The actions of the company may be seen as negligent and fraudulent – false advertising and exploiting the public. 14. The directors could also be held liable for any losses suffered by the company as a result of their actions in terms of section 77 of the Companies Act. SUGGESTED SOLUTION EXERCISE 2.9 (a) The board should consider: (b) 1. The collective skills, knowledge and experience needed for the board to meet its responsibilities. 2. The appropriate mix of executive, non-executive and independent non-executive directors. 3. The need to have sufficient qualified members to serve on board committees. 4. The need to secure a quorum at meetings. 5. Regulatory requirements, e.g. JSE regulations state that a listed company must appoint a financial director. 6. Diversity targets (experience, age, race and gender). 1. Integrity 2. Competence 3. Responsibility 4. Accountability 5. Fairness 6. Transparency (c) 1. Ethical practice for directors should be non-negotiable; they should adopt and display the highest ethical standards in their actions and behaviour. 2. Sound moral values and ethics should be propagated by the conduct of individuals throughout the company (regardless of their position/role). 3. Business activity should be directed by people with integrity, fairness, responsibility, accountability and vision. 4. Laws and regulations should be obeyed, unfair practices should be avoided. 5. ‘Having to be ethical’ cannot be used as an excuse for poor business performance. (d) 1. The code itself should be: 1.1 practical 1.2 fair to all 1.3 continuously reviewed 1.4 available to all, and understandable 1.5 sufficiently detailed as to guide the behaviour of all concerned 1.6 address all the key ethical risks. 2. Compliance with the code should be overseen by high level (senior) individuals within the organisation. 3. When new staff (of any level) are engaged, the ethical standards of the appointees should be explored in interviews and referees reports. 4. When promotions take place, the ethical behaviour of the employee being promoted should have been investigated and found to be beyond reproach. 5. All employees, both on joining the organisation and on a continuing basis, should be communicated with and trained, regarding the values of the company and how those values are achieved. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 6. The board should introduce a mechanism which provides a safe, confidential means for employees to report unethical behaviour, e.g. ‘whistle-blowing’ phone lines. 7. The board should delegate authority for the monitoring of, and ‘punishment’ for, breaches of ethical behaviour to fairminded, knowledgeable and respected individuals. 8. The enforcement of discipline should be consistent and appropriate in severity. 9. All levels of management, including the board, should demonstrate their commitment to the Code by their own behaviour, i.e. they should not simply pay lip service to the Code. This is an important part of ethical leadership. 10. Where an entity or an individual with whom the company has a relationship, does not demonstrate adequate ethical standards, the company should, and should be seen, to end the relationship. 11. Instances where strong ethical behaviour has been demonstrated in difficult circumstances should be recognised and ‘publicised’. (e) Personal conduct of employees 1. how to deal with bribery, commissions or favours 2. the use of confidential information 3. how conflicts of interest in the workplace, should be handled 4. the use (or misuse) of company resources 5. personal conduct outside hours of work 6. HIV/aids policy The local community 1. the environmental policy 2. the company’s involvement in community/social activities 3. the policy on donations to the community, e.g. cash or kind 4. policy on community upliftment, e.g. clinics, education Employment practices 1. equality of employment 2. occupational health and safety 3. education and training 4. policy regarding sexual harassment. SUGGESTED SOLUTION TO EXERCISE 2.12 (a) Company activity Justification 1. 1.1 Farming 1.1 Changes in climate affect rainfall and temperature; drought and heat can destroy crops and make animal farming unsustainable. Commercial fishing 1.2 Rising sea temperatures change fish populations and locations making it more difficult to harvest the quantities of fish necessary to sustain the business. Mining – labour 2.1 Large workforce often made up of migrant labour leading to social and health problems, e.g. prevalence of HIV/Aids. Trucking (road haulage) 2.2 Truck crews are away from own communities for extended periods, particularly on long-distance haulage into Africa and prostitution at truck stops and border posts introduces serious health risks coupled with the fact that good heavy vehicle long-haulage drivers are a scarce resource. 1.2 2. 2.1 2.2 3. 3.1 Clothing and footwear 3.2 Personal luxury goods 3.1 and 3.2 It is a reasonably simple matter for the branded products in these sectors, e.g. Nike clothing, Gucci shoes, Rolex watches to be manufactured locally or imported from Asia at prices (and quality) far below the cost of the genuine article. The effect of this is felt more by companies selling ‘low’ cost consumer items than by companies selling, say, motor cars, e.g. fake clothing compared to fake Toyotas or BMWs. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 4. 4.1 Refineries 4.1 Refining process pumps pollutants into the air. 4.2 Mining and industrial manufacturers 4.2 Effluent from operations must be disposed of and can find its way into water systems. 4.3 Waste management 4.3 Waste of all kinds, including toxic waste, must be disposed of. Landfill sites must be carefully monitored and designed to prevent environmental damage particularly around sites. 4.4 Forestry 4.4 Uncontrolled harvesting and logging and a failure to properly restore areas denuded of trees causes environmental damage. Mining 5.1 Mining companies must obtain licences to mine in a particular region or country, e.g. the sudden withdrawal of a licence to mine in Angola or the DRC could seriously threaten sustainability. Public transport/road transportation 5.2 It is a serious offence to transport members of the public without a licence; to retain the licence the company must (should) maintain their vehicles and an acceptable safety record or be taken off the road. Music 6.1 The conventional forms of music (e.g. CD, DVD etc.) sales are under threat by internet sites which allow consumers to purchase individual songs at reasonable prices, quickly and efficiently. Printing/publishing 6.2 More and more documents which used to be available only in hardcopy, are now available as a download off the internet e.g. Acts of Parliament, government gazettes, company financial statements, application forms. The list is endless and represents work which has been taken away from printing companies. 7.1 Obviously if fire spreads through forests, mass destruction of timber can take place (and does). This has a direct effect on the pulp and paper industry as timber is an important raw material for them. 5. 5.1 5.2 6. 6.1 6.2 7. 7.1 Forestry, pulp and paper 7.2 Timber product manufacturers 7.2 Same would apply to saw mills, chipboard manufacturers, etc. 7.3 Many of these companies use and store combustible and flammable products in their manufacturing or operational process, e.g. an exploding storage tank at a fuel depot could cause damage from which the company may not recover. Civil engineering contractors 8.1 The majority of government infrastructure contracts go to large civil engineering contractors. Private-sector projects are unlikely to make up the shortfall. Cement and steel merchants 8.2 These are the major raw materials for infrastructure projects so a decline in government spending will affect these industries. Medical service companies e.g. private hospitals 9.1 If private medical service costs escalate beyond the reach of average consumers, there will be a shift to government-provided services (probably encouraged by medical aids). Pharmaceuticals 9.2 Pharmaceutical companies, particularly those who do not produce generics, are likely to suffer declines in turnover/profits. 7.3 Chemical, petroleum and gas 8. 8.1 8.2 9. 9.1 9.2 (b) 1. The high level information security principles are ensuring: 1.1 the confidentiality of information 1.2 the integrity of information 1.3 the availability of information when required (on a timely basis). 2. For a listed company operating private hospitals the ISMS is particularly important for the following reasons: 2.1 The company’s databases are going to contain medical information about patients which both morally and legally in some cases is highly confidential. Should the information become available to unauthorised individuals (e.g. as a result of poor access controls) there could be serious legal implications and reputational damage. Both of these could threaten sustainability. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 2.2 Ensuring the integrity of the system means ensuring the accuracy and completeness of information and processing of information. A patient’s medical records that are inaccurate or incomplete places that patient at risk should treatment/operations be required, e.g. a diabetic patient may be administered a drug which is harmful to his/her condition. This may result in death, reputational damage and liability particularly if the patient’s records were inaccurate or incomplete as a result of a lack of controls exercised by the hospital, e.g. poor access controls, poor data-capture controls. 2.3 In the case of a medical emergency, access to a patient’s records or to other database or web-based information may be critical for the survival of the patient. If the system is ‘down’ or does not make the required information available when needed, the consequences for the patient and subsequently the hospital may be dire. 2.4 It must also be remembered that the hospitals are profit making businesses in themselves and like all large businesses there will be numerous ‘transactions’ being entered every day, some seven days a week. A hospital, particularly a private hospital, cannot be let down by its systems. Thus the security of all its systems and databases is very important, e.g. drug inventories, debtors, salaries and wages, assets and asset maintenance. If the hospital does not function properly it will go out of business. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 CHAPTER 4 Basics: Evidence, assertions, internal control – general computerised environments: Introduction, general controls SUGGESTED SOLUTION TO EXERCISE 4.5 (a) The control environment The entity’s risk assessment process The entity’s process for monitoring the system of internal control The information system and communication Control activities (b) 1. Control environment Participation by those charged with governance and communication and enforcement of ethical values: The board (including the chairman) is actively involved in developing a strong sense of ethics in the company. The board 2. • sets the conditions of the ethical code • communicates to employees the contents of the code and the consequences of breaking the code (full attendance of the board demonstrates the importance of ethical behaviour) • investigates all alleged violations of the code. Control activity Custody control: This control is designed to protect the company’s assets (intellectual property) – e.g. research data, formulae for medications, etc. – from theft/misuse by research personnel. 3. The information system and communication The cost accountant and his specialised software are part of the information system designed to produce valid (occurred and authorised), accurate and complete information pertaining to expenditure on research. 4. Control activities 4.1 Comparison and reconciliation: This activity amounts to comparing actual research costs incurred against budgeted research costs to identify any overspending, investigate the causes and resolve any weaknesses that gave rise to the overspending (to prevent any similar overspending from occurring). Underspending will also be followed up when it has occurred unexpectedly. 4.2 Performance review: A review by the directors of the performance of the research department in controlling costs. Note: The direct involvement of two important directors is also part of creating a sound control environment. 5. Control activities 5.1 Authorisation/approval: The meeting of the two directors is an authorisation process at which the financial director approves the write-off of a debtor(s) where necessary. 5.2 Isolation of responsibility: Requiring the directors to sign the journal entry supporting documentation isolates the responsibility of the two directors applying the company’s bad-debt policy and shows that they acknowledge that they have done so. 5.3 Performance review: In effect, this meeting is also a review of the credit management function. Note: Again, the direct involvement of two important directors is also part of creating a sound control environment. 6. The entity’s risk assessment process This meeting of a committee of the board will be part of the identification and evaluation of, and response to, the strategic risks (new trends and potential market developments) and compliance risks (regulatory environment) facing the company. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 7. Control activity Custody control – physical: This is a control designed to prevent the physical deterioration of one of the company’s assets – e.g. inventory. 8. The entity’s process for monitoring the system of internal control A customer phone-in service is a means of monitoring how certain aspects of the internal control process are doing over time. Analysis of calls from customers will help the company determine whether it is adequately addressing operational risks such as distribution of products as well as market-related risks (pricing and product demand). Obviously, some of the information provided by customers will not relate specifically to the internal control process. 9. Control activity Segregation of duties and custody control: This ‘segregates’ the custody of the inventory from the record-keeping related to that inventory, which in turn contributes to the protection (custody) of the inventory. Neither the custodians of the inventory (the warehouse manager) nor the pickers can amend the records to cover up shortage of inventory due to theft, etc. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 CHAPTER 8 The revenue and receipts cycle: Sales, debtors, cash and cash at bank SUGGESTED SOLUTION TO EXERCISE 8.1 (a) Having cash in a business is a security risk. There is a potential for theft and physical harm to employees who deal with cash. (b) False. Revenue and receipts systems can vary considerably. A number of different products and services can be provided by businesses, which means that there will be plenty of variation in the systems that you will encounter in practice. Goods can be sold over the counter, internet, phone etc. Some businesses sell physical goods, while others provide services which may take a long time to complete (e.g. a membership contract or construction contract). (c) (d) (e) There is a risk that the customer will not pay and the business may suffer a loss as a result. (i) Customer order: external document sent by the customer which details the goods the customer wishes to purchase. (ii) Delivery note: records date, description and quantity of goods despatched to the customer and is signed by the customer to acknowledge the receipt of the goods. (iii) Back-order note: contains details of goods that could not be supplied when ordered by a customer as there was no invertor available; reviewed to establish whether an order has been placed with a supplier for the outstanding goods. (iv) Credit note: an internal document sent to the customer to acknowledge that the customer’s account has been reduced (credited) for some reason other than for a payment received, e.g. goods have been returned by the customer. (v) Goods-returned voucher: document made out by the company itself that is used to record the details of goods that have been returned by a customer. 1. To ensure that completeness testing can take place to identify missing documents; 2. To provide each document within a document type e.g. each invoice, with a unique identity; and 3. To facilitate cross-referencing. SUGGESTED SOLUTION TO EXERCISE 8.5 (a) There is a risk • • • • • • • • (b) of the company’s not complying with the Electronic Communications and Transactions Act which may result in the company facing liability; in connecting to the internet, of unauthorised access to the company’s computer system, which could lead to service disruption, virus contamination, data destruction or corruption and the loss of confidential information; that information keyed in by customers may be inaccurate or incomplete, resulting in orders that cannot be filled, leading to customer dissatisfaction and loss of sales; of unauthorised disclosure of confidential customer information (by hacking/eavesdropping or loss of data integrity) once the transmission of the transaction is underway; of potential customer loss or reputational damage if customers are not satisfied with the website security; of loss of customers or reputational damage due to any lack of availability or functioning of the online site, resulting in loss of sales; of incorrect online pricing; and that an inadequate audit trail may hinder the company’s ability to defend itself against legitimate or fictitious claims or queries pertaining to a transaction (e.g. customers who deny placing orders or customers that claim they have placed orders that were not filled). These products can • • log the sites on the WWW that have been accessed by employees (which will dissuade staff form accessing illegal or unacceptable sites from the office); prevent users form accessing certain websites; Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 • • • • control the addresses, length and content of emails, by monitoring the email protocol (thus, emails to or from certain specified addresses or over a certain length or containing attachments may not be allowed to pass); pass all incoming files through a virus scanner; encrypt emails that are sent to specific sites; and control the delivery of messages to specific PCs. (c) • • • • • • • • • • • • • Orders may be accepted for which payment has not been received. Orders may not be acted on timeously or at all, resulting in a loss of sales and customer goodwill. Inaccurate or incomplete order details may be recorded, that will result in incorrect deliveries, returns and customer dissatisfaction. ‘Out of stock’ items may not be identified resulting in the loss of the sale and customer goodwill. Valid picking slips may not be acted on. Goods may be removed for inventory for fictitious/unauthorised sales. Incorrect items and quantities may be picked. Inaccurate and incomplete delivery notes may be made out, resulting in a loss of revenue. Theft may be facilitated by uncontrolled despatch. Incorrect goods or quantities may be despatched. Goods may be delivered to the wrong customer. Customers may deny receiving goods. Goods released from the warehouse may never be despatched or not despatched timeously. (d) • • • • • • • • • • • • • • • • • • • • • Access to the order file should be restricted (specific terminals, password controls and least privileged access). The order selected should automatically be transferred from the order file to the picking slip file (in effect the sales order should ‘become’ the picking slip). A code should be allocated to the order indicating the status of the order and preventing the order from being selected again for picking. The screen should be formatted as a picking slip. The goods picked should be ticked off by the picker against the quantity field on the picking slip, or a number should be entered into a designated field. Should the quantity not be available, the actual quantity picked should be entered. The picker should electronically sign the picking slip. Different persons should be responsible for picking of the goods (picker) and doing the final checking of the quantity picked against the picking slip (picking control clerk) (segregation of duties). The picking control clerk should check the physical goods picked against the picking slip to ensure that there are no differences between the quantity picked and the quantity indicated as picked on the picking slip. The picking control clerk should be able to select the number of the picking slip from a drop-down menu. The picking control clerk must electronically sign the picking slip. Access to the picking slip should be restricted (restricting the fields which can be changed, password controls and least privileged access). All quantity adjustments should be logged. There should be control over the use of the barcode scanners (physical control over its use and password authorisation on the system when scanned.) The warehouse should have suitable physical protection controls over the goods. (e.g. physical access control, fire extinguishers etc.). The despatch controller should have read-only access. The despatch controller should match the physical goods with the onscreen picking slip. If any errors exist, the despatch controller should not be able to alter the quantity. He should separately log the difference and resolve the matter with the picking control clerk. The despatch controller should confirm that the picker has electronically signed off on the document. The despatch controller should electronically sign the document off. Activities and access should be logged and logs should be inspected for exceptions. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 SUGGESTED SOLUTION TO EXERCISE 8.7 Weakness Explanation 1. There are insufficient physical access controls 1.1 between the finished goods store and the outlet – inventory is ‘conveniently transferred’ from finished goods stores to the outlet, and employees can ‘come and go as they wish’; 1.2 between the outlet and the street – customers (i.e. anyone) have ‘easy access’ to the outlet. 1. As an additional uncontrolled ‘entry/exit’ point has been created to the finished goods store, the increase in the risk of theft (unauthorised despatches) from the factory (and the outlet itself) has been increased significantly. 2. The physical layout and lack of security checks increase the risk of theft by the general public. 2. ‘Customers’ can walk in off the street, steal goods and exit the outlet without having to pass through any security. 3. There is no check (division of duties) in respect of the effecting and recording of a sale by Greta Garbo, i.e. no security or ‘gate control’ on whether goods leaving the outlet are supported by a receipt. 3. Because Greta Garbo is (normally) the only person involved in a sale, she is able to 4. Finished goods stores clerks assists on an ‘ad hoc’ basis. 4. 5. The receipt made out to record a sale is inadequate as it is not 5.1 a standardised pre-printed multicopy document; 5.2 not pre-sequenced; 5.3 not checked for correctness of prices, extensions casts and VAT. 5.1 A standardised pre-printed document would enhance the accuracy and completeness of recording the sale. Note: there is also no signage telling customers to obtain a receipt. This makes it even easier for Greta Garbo or anyone else working in the shop to steal the proceeds of a sale. 6. There is inadequate physical protection over cash on hand at the outlet. 3.1 undercharge on a particular item; or 3.2 not charge at all (friends etc.), thereby allowing goods (in effect) to be stolen. This reduces the isolation of responsibilities and gives the clerks the opportunity to sell goods (fraudulently) from the finished goods store. 5.2 Because the receipts are not sequenced, there is no possibility of properly reconciling receipts with cash sales made. Although an ‘official’ receipt has been made out and signed by the customer Greta Garbo can simply destroy her copy of the ‘receipt’ and steal the equivalent amount of cash. (If a sequenced receipt is made out a completeness of cash on hand can be carried out.) 6.1 To keep the day’s sales in a moveable cashbox under the counter in an area which has direct uncontrolled entry/exit to the street significantly increases the risk of theft of the box/injury to employees (armed robbery). 6.2 A second key to the cashbox is available, which provides the opportunity for cash to be stolen when Greta Garbo is not present. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 7. 7 & 8 Because of these weaknesses 8. 9. No independent reconciliation of the sales recorded for the day to the cash on hand takes place. 7.1 there is no source total for cash sales to which subsequent reconciliations can be made, e.g. postings to the cash sales account in the ledger, cash banked; and When the cash is transferred between different parties (e.g. Greta Garbo and Vish Naidoo there is no acknowledgement of transfer isolation of responsibility). There appears to be no reconciliation of cash sales to inventory movements including frequent counting (even daily) of inventory on hand. This combined with the other weaknesses means that inventory can be stolen (by a number of people, internal and external) and it will not be detected. 7.2 cash can be stolen by a number of parties e.g. Vish Naidoo, the store's clerk who sometimes drops off the cash (would need the key – easily obtained), Joe Phule, or anyone who has access to the company safe. Any amount stolen cannot be quantified (no source total) or pinpointed (isolated) to a particular individual. 9. If proper records were kept of the movement of inventory, Greta Garbo could be held accountable by the reconciliation of the movement of inventory (say daily) with her cash on hand, e.g. for every item sold there should be the relevant amount of cash. 10. Excessive amounts of cash are held at the company and allowed to accumulate (not banked timeously). Inadequate risk assessment on the part of management. 10. This increases the risk of armed robbery and endangers staff. 11. Cash from cash sales is used to pay wages (company should also insist that all employees are paid by EFT). 11. This weakens the control over misappropriation of cash by unnecessarily complicating the reconciliation and audit trail of cash receipts and wages, by combining a cash-generating system and a cash expense system. 12. There appears to be no independent supervision or checking on what Joe Phule does and there is an inadequate division of duties relative to his function. 12. He has access to the cash from the outlet. He uses some of it for a legitimate expense (wages) and banks the excess cash every month. As there is no independent reconciliation of what cash he received, how much he paid in wages and how much he banked, he could easily misappropriate some of the excess cash (see point 13 below). 13. There is inadequate control over the authorisation and accuracy of the journal entry passed by Otis Redding. He does not independently verify or reconcile the figures presented to him. 13.1 Greta Garbo can report any figure she likes for cash sales, and hence could easily cover up any misappropriations (she could also easily collude with Joe Phule to perpetrate larger fraud). 14. Management does not appear to have created a strong control environment. 14. 13.2 Because there is no reconciliation of actual cash on hand to theoretical cash on hand before the entry is passed, theft of cash by Joe Phule will not be detected. The failure to implement suitable controls, e.g. division of duties, isolation of responsibilities, lack of supervision, particularly in respect of cash and the physical control of inventory and cash will result in misappropriation of company assets. Management appears not to be particularly control orientated. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 SUGGESTED SOLUTION TO EXERCISE 8.12 Weakness Explanation 1. There is a lack of basic division of duties as there is no separate order department to receive and authorise customer orders. 1.1 As the receptionist is not required to record all incoming orders in a register, the risk that orders are lost (and therefore never filled) is increased. 1.1 There is inadequate control over the receipt of customer orders: 1.2 As the senior warehouse clerk does not acknowledge receipt of the orders from the receptionist (e.g. by signing for it) he cannot be held responsible if orders are lost/not filled, e.g. he can simply deny having received the order in the first place. • A register is not kept of all orders received. • There is no acknowledgement of receipt of orders from the receptionist by the senior warehouse clerk. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 2. 2.1 If customers’ orders are not recorded on a sequenced internal document, the risk of orders not being filled/lost is significantly increased, as there is no method of sequence testing orders to determine whether they have all been executed or accounted for. 2.2 The lack of a properly designed ISO/picking slip, e.g. with specific blocks for the picker to sign and enter details of ‘out of stock’ or short picked items will increase the occurrence of incorrectly picked items (quantity or description). 2.3 The lack of audit trail makes it more difficult to follow up on customer queries. 3.1 All orders that are received are filled before checking whether the order is from an existing customer; if the customer does not have an account, Carmen Chetty simply opens one without any evaluation of the client’s creditworthiness. 3.2 This significantly increases the risk of losses from bad debts as the company will inevitably make sales to companies that cannot pay. 3.3 The failure to ‘authenticate’ its customers before providing them with goods also facilitates fraud being perpetrated, e.g. anybody (including an employee) could send through an order from a fictitious company to obtain goods with no intention of paying for them. This will result in losses for the company. The internal documentation initiating sales transactions is inadequate: 2.1 No pre-printed, properly designed sequenced internal sales order/picking slip is used to record customer orders and initiate picking of goods ordered. 2.2 There is a lack of audit trail. 3. No (initial) credit management controls are in place. 3.1 Credit is extended to new customers without a credit application being completed by the customer and evaluated by Cold Front (Pty) Ltd’s management. 3.2 no credit terms and limits are set or authorised by management. 4. Sales authorisation procedures are inadequate in that no check is carried out on the credit standing of existing debtors before their orders are filled, e.g. longoutstanding balance or balance too high. 4. The failure to carry out checks on existing customers credit standing, considerably increases the risk of losses from bad debts (this problem is compounded by the fact that no credit terms/limits are set). 5. There appears to be no method of identifying orders which have been faxed and emailed and sent through the post (duplicated). 5. If orders that have been faxed or emailed and sent through the post are not identified, the same order will be filled twice, resulting in problems later on in the cycle, e.g. goods being returned, customer dissatisfaction. 6. Controls over the picking of goods are inadequate as 6.1 6.2 pickers do not sign the photocopy order they have picked (or initial changes they make to the quantities); and Customers’ orders are not suitably designed for use as picking slips; this increases the risk of producing inaccurate ‘picking slips’ which in turn will result in the generation of incorrect delivery notes and invoices. 6.2 6.3 there is no supervisory checks carried out by the senior warehouse clerk on the picking of the junior warehouse clerks. As pickers do not sign the picking slip it is more difficult to isolate responsibility for errors in picking and recording. 6.3 This lack of accountability, combined with the fact that the senior warehouse clerk does not check what has been picked, will result in a failure to identify 6.1 photocopies of customers’ orders are not suitable for picking items; • quantities or items which have been incorrectly picked (by mistake or as theft); and • orders that have not been picked at all. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 7. 7.1 Customers will only be aware that they are not receiving the goods they ordered once the delivery is made (or, where their entire order cannot be filled, when they phone to enquire). This may cause serious disruption in their business and lead to Coldfront (Pty) Ltd losing future sales. 7.2 no comparison between what the customer ordered (per the customer order) and what was despatched (per the delivery note) is made. 7.2 Customers may receive goods they have not ordered resulting in customer dissatisfaction. 8. There appears to be no back order system in place whereby the buying department is notified about inventory shortages. 8. Although the pickers (partially) identify ‘out of stock’ items on the photocopy order, nothing is done about it; this means that items will remain ‘out of stock’ until normal re-ordering takes place. Customers will be dissatisfied, and further sales will be lost. 9. The despatch section 9.1 9.1 does not acknowledge the transfer of the picking baskets from the warehouse to despatch (checking contents before signing for the baskets); and Items can go missing or be stolen and the point at which they went missing cannot be isolated to a specific section, e.g. a picker may claim to have sent an item to despatch when in fact he has stolen it. 9.2 Despatch does not ensure that the delivery note is made out correctly in respect of the description and quantity of goods actually despatched therefore Customers are not promptly informed of orders that cannot be filled at all or can only be partially filled, because 7.1 no inventory availability check is carried out when the order is received (no order department!); and 9.2 does not check the items for which it is making out the delivery note (details are taken from the photocopy order). • mistakes in picking will not be identified; and • discrepancies between what is on the delivery note and what is delivered will occur. 10. There is a serious lack of division of duties with regard to the functions performed by Carmen Chetty. She • opens new debtors accounts; • deals with EFT payments/raises invoices; and • passes credit notes etc. 11. There is a poor control environment. Management do not appear to be control conscious or to lead by example in that • junior staff are not supervised and checked; and 10. Carmen Chetty carries out incompatible functions. E.g. she could easily defraud the company by • writing off amounts owed by friends or family; • manipulate payments from debtors and pass a fictitious credit note to cover the loss; and • arranging with certain customers (other than Cold Front (Pty) Ltd) to make EFT payments into an additional bank account over which she has control, withdraw the payment for herself and then write off the debt in Cold Front (Pty) Ltd’s records. 11. The lack of supervisory controls will result in all staff cutting corners, making errors (and possibly defrauding the company) which will ultimately cause losses to the company. • Carmen Chetty is left to her own devises. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 CHAPTER 10 The acquisition and payments cycle: Purchases, creditors and accruals SUGGESTED SOLUTION TO EXERCISE 10.5 1. Manual review of the automated application control. 2. General control. 3. Automated application control. 4. General control. 5. IT general control – logical access restricting user access to only authorised users. 6. IT general control. 7. IT general control. 8. Automated application control. 9. IT general control. 10. Automated application control. 11. IT general control – logical access restricting user access to only authorised users. 12. Manual review of the automated application control. SUGGESTED SOLUTION TO EXERCISE 10.6 PART A Weakness Explanation 1. 1. Suppliers with whom orders are placed by Shamus Rennie and Lukas Radebbe, are selected based on their ‘personal preference’. This weakness could easily lead to fraudulent practices in the ordering function. Shamus Rennie and Lukas Radebbe could place orders with friends/relatives or could set up their own business to supply C-Saw (Pty) Ltd at inflated prices. 1.1 Goods of inferior quality may be acquired posing a threat that finished goods may not meet safety standards for children’s play equipment. 2. Before placing the orders Rennie and Radebbe do not contact the supplier to confirm/specify 2. 2.1 C-Saw (Pty) Ltd paying more than they should for raw materials/parts; and 2.1 price; and 2.2 availability. 3. 4. Failure to carry out this procedure could easily result in 2.2 production delays (production is carefully scheduled). There is no independent check that 3. As there is no independent check on the order, 3.1 what has been included on the purchase order is correct in terms of the documentation provided by the factory manager; and 3.1 orders which are inaccurate (quantity, description) or incomplete (items) could be placed resulting in production delays; and 3.2 only items on the documentation are ordered. 3.2 the administration clerks can order whatever they like for their own personal use (and have the company pay) by simply adding items onto the order. There is no check by anyone that orders have been placed 4.1 timeously; or 4. As nobody checks orders placed against the (sequenced) production schedules from the factory manager, inventory (which is required in 15 days) may be ordered late or not at all, resulting in production delays, lost sales etc. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 4.2 for all ‘requisitions’ (production schedules) from the factory manager. 5. Rennie and Radebbe are able to place orders without any form of authorising document (e.g. requisition). 5. This weakness 5.1 enables the administration clerks (again) to purchase whatever they like for their own purposes (and have the company pay); and 5.2 can easily result in overstocking, tying up capital in inventory unnecessarily and greater losses from obsolescence. 6. Rennie and Radebbe do not establish whether any of the items to be ordered per the list supplied by the factory manager are already in stock (or whether items which they buy on ‘special’ are actually required). 6. Again, this weakness can easily result in overstocking (see point 5.2 above). Inventory should be purchased based on the company’s needs not on the basis of its suppliers marketing strategies! 7. There is inadequate documentation in the ordering and receiving functions. 7. In the existing system 7.1 the ordering function and receiving functions have no permanent record of orders placed or goods received; 7.1 There are insufficient copies of the purchase order. 7.2 There is no separate document to record the receipt of goods ordered (goods-received note). 7.2 there is no evidence of isolation or responsibility and any queries pertaining to an order or a receipt of goods cannot be resolved within the function. 7.3 See point 9.2 8. There is a totally inadequate division of duties between the ordering function and the receiving function; Shamus Rennie and Lukas Radebbe are responsible for both functions. 8. This is a major weakness in the cycle as it enables Shamus Rennie and Lukas Radebbe to order whatever goods they like for their own purposes and take possession of the goods. It facilitates theft from the company. 9. Receiving controls are inadequate: 9. This lack of control will result in 9.1 No GRN is prepared (goods are simply ticked off on the pink copy of the order). 9.2 No quality checks at all (and limited quantity checks) appear to be carried out. goods are simply ticked off as they are off loaded. 9.3 Whoever is receiving the goods does not record any short deliveries/over deliveries, damaged goods on the supplier’s delivery note (but signs it anyway); delivery problems are only identified at a later stage. 9.4 Whoever receives the goods does not sign anything to indicate that they have carried out the function. 9.1 an increase in the risk of invalid, inaccurate or incomplete receipt of goods. Making out a sequenced, properly designed document (as opposed to simply ticking items off on a document designed for another function) provides for a basis for proper recording of the receipt of goods, supervisory checking (against orders, suppliers delivery notes) acknowledgement of transfer of goods to stores, subsequent validation of invoices from suppliers and follow up of unrecorded liabilities; 9.2 the acceptance of damaged goods and incorrect deliveries; 9.3 disputes with suppliers: • by signing the supplier delivery note without identifying problems with the delivery, the supplier is entitled to assume that all goods were correctly delivered and accepted; and • the suppliers delivery personnel do not sign anything to acknowledge delivery problems. In effect C-Saw (Pty) Ltd has no proof of short deliveries etc.; and 9.4 any subsequent problems/queries with a delivery cannot be pinpointed to the administration clerk who received the goods (isolation of responsibility). Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 10. Short deliveries are not followed up with the supplier but are immediately re-ordered; and there is no indication that orders not executed are followed up with the supplier. 10. These weaknesses may result in 10.1 C-Saw (Pty) Ltd being charged twice for the same goods (see point 9.3; the supplier has a signed delivery note against which it will invoice C-Saw (Pty) Ltd and another order against which it will supply goods and invoice accordingly); and 10.2 production delays, especially where the supplier cannot supply (Rennie or Radebbe should establish reason for short or nonsupply). 11. No document is signed (by Rennie/Radebbe and warehousing personnel) to acknowledge the transfer of the goods from receiving into warehousing. 11. Problems with physical inventory (e.g. inventory shortages) cannot be isolated to their origin, e.g. inventory could be stolen from the warehouse, but warehousing could claim they never received it. 12. There is inadequate control over the pink purchase order. 12. This is the originating document for purchases and the only copy thereof: • • Copies of the document move between numerous functions (ordering, receiving, warehouse and accounting) in an uncontrolled manner, e.g. ‘left on Clint Castro’s desk’, and could easily be lost, altered, destroyed. There is no evidence of frequent sequence testing and no other internal documents to check the purchase order against. 13. There is inadequate division of duties between the keeping of the inventory records and the custody of inventory; Clint Castro is responsible for both. 13. This fundamental weakness facilitates the covering up of inventory shortages in the records. As Clint Castro is responsible for both custody and recording, he is able to ensure that theoretical inventory and physical inventory always agree, thus hiding theft etc. 14. There is a very poor control environment. 14. It is obvious from the above that members of management do not understand the importance of internal control in the cycle and do not make their presence felt by supervisory checking, authorising transactions etc. This will give rise to an environment in which employees can do as they please. 15. Multiple staff members have access to the inventory and creditors’ master data file. 15. Although the company saves a significant amount of time, the decision to grant all staff members in the purchase order process access to the master data file, brings control risk to the process. Changes don’t seem to be reviewed or authorised ‘as everyone can now go about completing their own responsibilities’. May result in human error, and exceptions not being remediated. Could provide the opportunity for fraud as bank details etc. can easily be changed for creditors. Lack of segregation of duties PART B a) b) auditor In transaction, termscan of ISA thus account 330, notthe decide balance auditor that andmust there disclosure, design is no need and regardless perform for substantive ofsome the assessed substantive testing.risk Theof procedures reason material formisstatement. for thiseach is that material Theclass of • risk assessment is judgemental and the auditor may not have identified all risks; and • Internal control has inherent limitations, including management override. Substantive tests consist of: Substantive tests of details. This type of procedure has the purpose of auditing the detail of a transaction, account balance or disclosure, e.g. ‘Obtain the invoice and recalculate the amounts and VAT calculations’. c) Substantive analytical procedures. This type of procedure provides overall evidence, e.g. ‘Compare the purchases for different types raw materials from period toauditor period and investigate any unusual when observing number, Observation being ora apurchase watched is negative not of a very by order quantity, the convincing being auditor. toprocessed, ensure audit It should that procedure the always the system as be employees combined may willask reject the with are it. clerk likely other toto insert audit perform procedures, anfluctuations’. invalid their tasks purchase e.g.properly when order Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 SUGGESTED SOLUTION TO EXERCISE 10.7 Weakness Explanation 1. 1. The method used for determining inventory items and quantities to be ordered is unsatisfactory, i.e. there are The failure to implement a more ‘scientific’ method of determining what items should be ordered will result in 1.1 lost sales due to items being ‘out of stock’; and 1.1 no re-order levels/re-order quantities are set; and Note: Percy Garmin sometimes ends up placing orders for items which are already out of stock. 1.2 no indications from the sales department as to what items are selling. 1.2 the ordering of items which are not required resulting in money being unnecessarily tied up in inventory, liquidity problems and potential losses from obsolete inventory. 2. The initiation of orders appears to be solely dependent on Percy Garmin, (and his knowledge of the business). He is not supervised or assisted. 2. Should Percy Garmin be sick, leave the company or simply fail to carry out his weekly ordering exercise, the company is likely to suffer inventory availability/loss of sales problems. 3. Percy Garmin does not retain a copy of the warehouse requisition. 3. As Percy Garmin has no record of what he requisitioned, he has no way of determining whether what he requisitioned has been ordered or received. This may result in items being requisitioned a second time and orders being duplicated. 4. No copy of the purchase order is sent to the receiving department. 4. As the receiving department has no record of what has been ordered, it will have no means of checking whether goods delivered by the supplier are 4.1 in response to a valid (authorised) order; and 4.2 correctly delivered in terms of description and quantity. The company may well end up taking into inventory, and paying for, goods that were never ordered, or are incorrect resulting in losses, inventory obsolescence etc. 5. There is no follow up to determine whether purchase orders placed have been filled. 5. As this follow up is not carried out, goods ordered may never be received resulting in more ‘out of stock’ situations, lost sales and dissatisfied customers. 5.1 Arnold Image has no means of following up as he does not know what has been received. 5.2 The receiving department has no (pending) copy of the purchase order to identify ‘long outstanding orders’. 5.3 There is no check in the warehouse of goods received against the original requisition. 6. There is no approved supplier list, i.e. no independently authorised list of suppliers who have been evaluated for reliability, pricing and quality, from which Arnold Image can make purchases. 6. As Arnold Image has total control over which suppliers the company purchases from, he is in a position to use suppliers that provide him (personally) with benefits to the detriment of the company, by e.g. paying high prices to a supplier who is a family member, taking bribes or kickbacks for placing orders etc. 7. Arnold Image does not contact suppliers prior to placing the order to confirm availability, pricing and delivery time. 7. This may result in the company paying higher prices than they should, delivery problems etc. resulting in lost sales. 8. There is a lack of supervisory control over the ordering function, i.e. nobody checks the orders placed by Arnold Image for 8. As there is no supervisory check, Arnold Image could quite easily be placing orders 8.1 accuracy and authority; 8.2 suitability of the supplier, reasonableness of price and correctness of detail; and 8.1 which do not appear on the warehouse requisition and are for his own personal use, and for which the company will pay; and 8.3 the nature of the goods being ordered. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 Weakness Explanation 8.2 which are inaccurate (quantity, description) incorrectly priced or from inappropriate, unreliable suppliers. 9. There is a serious breach of division of duties where Arnold Image is allowed to assist in ‘receiving’ and the warehouse. 10. The goods received clerk conducts his checks against the suppliers delivery note, not the order placed by Streetwheels (Pty) Ltd. 9. Allowing Arnold Image access to ‘receiving’ and the warehouse gives him access to any goods he may have (fraudulently) ordered for his own personal use. (As he is unsupervised, he can go into receiving ‘to help’ whenever he needs to). 10. The receiving clerk has no copy of the order and hence can only check deliveries against the supplier delivery note. This may result in 11. No properly designed document (usually a goods received note) is made out to record deliveries. 10.1 goods that were never ordered at all, being accepted; 10.2 incorrect quantities being accepted (over or under); and 10.3 items not delivered never being identified. 11. A properly designed and sequenced GRN facilitates 11.1 the recording of every delivery on an internal document, a copy of which can be retained in the warehouse for reference purposes; 11.2 easy follow up of queries (by GRN reference), sequence testing for identification of missing GRNs, and cross-referencing to orders both at the receiving bay and subsequently; and 11.3 a reduction in the risk of invalid payments to creditors, i.e. the GRN is good evidence, when matched to orders and supplier documents, that the goods to be paid for have been received. 12. There is a lack of division of duties/isolation of responsibility in respect of the transfer of goods between the receiving bay and the warehouse. 12. The goods receiving clerk is responsible for receiving goods but also for placing them in the warehouse. This means that the personnel who have custody of the inventory (e.g. Percy Garmin) do not acknowledge receipt of what they are required to control. Any inventory shortages cannot be ‘isolated’ to where they occurred. 13. The control environment is weak. The inadequate supervision and poor system and document design suggest a poor attitude to control by management. 13. A poor control environment gives rise to an increased risk of fraud and theft in a cycle which is by its nature, susceptible to fraud and theft. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 CHAPTER 11 Inventory and production cycle SUGGESTED SOLUTION TO EXERCISE 11.5 (a) 1. General control 2. IT General control – – 3. 4. 5. 6. – – – – General control IT General control IT General control General control Continuity of reconciliation. Could be regarded as part of the company’s ‘general’ access policy, i.e. needto-know basis. Systems development (program maintenance) and control environment. Access control (physical). Logical access control (custody). Control environment (human resource policies and practices). (b) It is important to remember that control activities in a computerised system will be a combination of manual and automated (programmed) controls. As the auditor, you may determine which automated application controls are present at Santacruz (Pty) Ltd, and then test the IT general controls that support those automated application controls. There are a number of automated application controls at Santacruz (Pty) Ltd that, as a result, will require IT general controls tests. As a minimum, the auditor should test the access controls and the change management controls. (c) Test logical access control • Select a sample of users who have access to inventory and determine whether they have been granted access in accordance with their job profiles. • Enquire whether any changes have been made to the user profiles during the financial year and review the modifications. • Select a sample of terminated employees and determine whether their access was revoked timeously when they left Santacruz (Pty) Ltd. • Select a sample of new users and determine whether they have been granted the appropriate access. • Review segregation of duties reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any users where two or more parts of a transaction can be completed by a user. • Review toxic combination reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any toxic combinations. • Review the super users within Santacruz and determine whether the superuser/superusers are appropriate. • Password controls: Review the password settings for the inventory application which includes the following: – Systems configuration settings to retain the history of passwords, i.e. 12 months’ worth of passwords. – Password settings enforce new passwords on a monthly basis. – Password settings enforce incorrect password access attempts up to three times and then lock the accounts. – Passwords are a combination of letters, numbers, special characters etc. and in line with the password policy. – Review the password policy to confirm that users may not share their passwords. SUGGESTED SOLUTION TO EXERCISE 11.8 1. Despatch from warehouse to stores 1.1 Branch managers should anticipate inventory needs timeously (Cardex see point 3.1) and should place an order with the central warehouse on preprinted order forms which • are sequentially numbered; • indicate the branch; • are signed by the branch manager; and • describe the required shoes accurately e.g. quantity required, code, size etc. 1.2 No despatches from the warehouse should take place without such an order. 1.3 On the strength of the order a three-part despatch note should be prepared by the warehouse administration clerk and checked and signed by the store’s controller and • two copies must accompany the delivery (to the branch); Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 2. 3. one (signed) copy must remain at the branch for its records; • the second copy must be signed and returned to head office as proof of delivery; and • the third copy must remain ‘in the book’ as a permanent record. 1.4 On despatch, a gate controller at the warehouse should check the goods to the despatch note and should not allow any goods to leave without a correct despatch note (two copies). 1.5 On a daily basis the stores controller at the central warehouse must confirm that all despatch notes (permanent copy) are cross-referenced to and supported by an order by inspection thereof. 1.6 Branch managers should monitor that all orders are filled timeously, by retaining a duplicate copy of the order and cross-referencing to despatch notes daily. 1.7 A sequence control over orders and despatch notes should be carried out to ensure that they are all accounted for on a regular and frequent basis. 1.8 All despatches should take place at selling price (to facilitate ease of inventory and cash reconciliation). Receiving of goods by stores 2.1 The branch manager should be responsible for receiving deliveries from the central warehouse. 2.2 On receipt, a careful check must be made on quality and quantity against the order and the despatch note. Any discrepancies must be noted on both copies of the despatch document and signed by the manager and delivery person (driver). 2.3 The manager must sign the despatch note and retain and file the top copy with the corresponding order number. Physical controls 3.1 4. • The branch manager, should maintain a simple cardex (system where each item has its own card that lists current quantity and is manually updated for purchases and sales) of all inventory on hand. The cardex should be written up from • despatch notes (see point 1.3); and • cash sales invoices. 3.2 The manager and a salesperson/cashier should perform frequent inventory counts (on a test basis) and the count quantities should be reconciled to the cardex quantities. 3.3 The internal auditor should conduct surprise inventory counts frequently and should agree the inventory on hand to the inventory cardex. Managers are responsible for all shortages. 3.4 The storeroom should only be accessible through the shop itself, i.e. any outside doors and windows should be barred off. • Staff must have free access to the storeroom, but no other persons should be allowed in the storeroom e.g. customers or delivery people. The manager and staff must enforce this control by being vigilant as physical controls are inappropriate. • The storeroom and shop must be protected against fire etc. 3.5 Inventory in the store itself should also be controlled by displaying only one of the pair of shoes. 3.6 The store should be laid out in such a way as to make it very difficult for someone to leave without passing a till. A security guard or electronic detectors should be used to reduce shoplifting. 3.7 Staff should be checked at the end of the day to ensure that they are not removing inventory (feet as well). 3.8 Security guards should be on duty at night. Down payments Note: There is a danger that ‘down payment’ monies could be used to hide an inventory shortfall. 4.1 The following (full) details of customers placing down payment should be kept in a ledger by the branch manager: 4.2 • name; • address; • contact number; • dates; • code, description, size etc. of shoes; • receipt numbers; and • amounts. A simple down payment contract should be drawn up (name of customer, price, date, shoe description Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 etc.) and signed by customer and authorised by the store manager. 4.3 4.4 A sequentially numbered down payment receipt must be completed in duplicate. • The receipts must be signed by the customer and the manager. • The customer must retain a copy and be advised not to lose it. ‘Down payment’ shoes should not be released until the full purchase price has been received. • The manager must authorise release of shoes after reconciling customer copy of down payment receipts with the outlet’s copy and with the ledger. • Customer copies of receipt must be cancelled (or retained) so that they cannot be used again. • Down payment contract must be ‘cancelled’ or signed off by both parties. 4.5 The shoes being purchased must be put aside in a separately demarcated area in the storeroom for the customer. 4.6 Cash received on down payment should be separately identified in the daily cash receipts reconciliation and this figure should be reconciled to the day’s down-payment receipts. 4.7 Internal audit should reconcile down payment records with ‘down payment’ shoes set aside, at the same time as conducting their surprise counts (see point 3.3 above) to ensure there is no manipulation of down payments. SUGGESTED SOLUTION TO EXERCISE 11.9 (a) 1. Preparation and planning of the count was inadequate which could contribute to an inaccurate and incomplete count. 1.1 Holding the count over two afternoons so as to allow normal delivery and dispatch was not sensible; a non-trading day or overtime count would have resulted in a more efficient count (total count time only eight hours). 1.2 The method of counting was inadequate; no tag system or double count. 1.3 No count controller was appointed to direct count. 1.4 Composition of the counters was totally inadequate. While knowledge of the product is important, counting should be done in teams, one of whom should be independent of the warehouse function. 2. 3. 4. 1.5 If pickers have been involved in misappropriating inventory, they are now in a perfect position to hide any shortages by having the perpetual inventory records amended (amendments were done without authority or investigation). 1.6 There is no evidence that the warehouse was prepared for the count. Although it is ‘tidy’, a number of procedures should have taken place: • marking damaged, slow-moving obsolete goods; • identifying expired (nearly expired chemicals); • preparing a secure area for deliveries to be received during the count/making sure goods received up to the 30th have been unpacked; and • identifying the location of Bushblaze Inc inventory (consignment inventory). Count stationery was inadequately designed and incomplete 2.1 In this situation (single counter) it would have been better to have excluded the quantities from the inventory sheets, to force the counters to count the inventory, not just tick it off. 2.2 The inventory sheets should also have columns for second count and discrepancies. 2.3 There is no document (tag or similar) to identify the count details per item, e.g. quantity. 2.4 There are no inventory adjustment forms on which count differences/adjustments/results of investigation can be entered for authorisation before the inventory records are adjusted. No written instructions were prepared for the count, which again will result in a substandard count. 3.1 No identification of who should count what – pickers decided themselves. 3.2 No method of counting conveyed to counters and count controller and auditors. 3.3 No instructions relating to matters raised in point 1.6 or how problems on the count are to be resolved. The count itself was inadequately conducted 4.1 Inventory only counted once; there was no recount by another counter when a discrepancy was identified. Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com) lOMoARcPSD|31485122 (b) 4.2 No identification and recording of slow-moving, expired, damaged or consignment inventory. 4.3 No count controller, so no walk-through of the warehouse once the count was complete, and no method of determining whether all inventory has been counted. 4.4 No procedures conducted to ensure that goods received or dispatched during the count were properly accounted for, e.g. quantity reduced when the dispatch of an item (say on 31 July) which had already been counted on 30 July took place. No, I would not be satisfied. Justification 1. Prior to the inventory count 1.1 Ted Mitton did not determine/confirm the locations at which inventory to be counted, was stored. 1.2 He did not request a copy of the count instructions. Had he done so, he would have identified that there were no written instructions and in doing so, preempted the poor inventory account. 1.3 2. 3. He did not enquire as to whether Firezone Ltd had any inventory which should not have been included in the count and how this would be identified. During the inventory count 2.1 Although the trainees observed the pickers counting, it was for short periods only, which in the light of the poor count planning, was insufficient, e.g. counters could easily have just ticked off items without counting them. 2.2 The trainees did not test count in both directions; as a result no items of physical inventory were randomly selected from the warehouse, counted and quantities compared to the perpetual inventory records (completeness). 2.3 The trainees made no effort to identify obsolete, slow-moving, damaged inventory. 2.4 They also failed to inspect the expiry dates on chemicals with limited shelf lives. 2.5 The trainees did not resolve count discrepancies, either from their own test counts or the pickers’ counts, by recounting with the Firezone Ltd count staff. 2.6 The trainees did not compile a workpaper which recorded the movement of inventory during the count, particularly deliveries and dispatches on the morning of the 31 July, affecting items already counted. 2.7 The trainees did not confirm (and record) with the counters which items of inventory at the year end belonged to Bushblaze Inc, to ensure that they had not been included in the inventory sheets. 2.8 Ted Mitton did not test the numerical sequence of the inventory sheets, before or after the inventory count, to confirm that the sheets were all accounted for. At the conclusion of the count 3.1 Ted Mitton did not take precautions to ensure that the inventory sheets could not be amended after the count, e.g. by taking photocopies and ensuring that all alterations were signed (by himself or Zane); initialling each sheet does not prove anything. 3.2 He also did not retain sufficient evidence, e.g. get a copy of the inventory sheets printed/photocopied after adjustments had been made. Inventory sheets were left with the factory administration clerk. 3.3 Ted Mitton did not record the ‘cut-off’ numbers of documents used in the inventory and production cycle or compile a list of goods received notes (number etc.) which had not been matched to supplier invoices (particularly important in view of the movement of inventory during the count). Downloaded by Nompumezo Monica Maliyakhe (mbasamaliyakhe@gmail.com)