Chapter 7
System & Controls
Chapter 7.
System and controls
Introduction
2. How do ICS operates
3. Ascertaining the systems
4. Documenting client systems
5. Testing the system
6. The revenue cycle
7. The purchase cycle
8. The payroll system
9. The inventory system
10. Capital expenditures
11. Bank and cash system
12. Reporting to those charged with governance
1.
Internal Control
The process designed, implemented and
maintained by management to provide
reasonable assurance about the achievement of
an entity’s objectives with regard to
•
Reliability of financial reporting;
• Effectiveness of operations;
• Compliance with laws.
Components of Internal Control
CE - RP - IS - CA – MC
• Control Environment (CE)
• Entity’s Risk Assessment Process (RP)
• Information System relevant to Financial
Reporting (IS)
• Control Activities (CA)
• Monitoring of Controls (MC)
Components of Internal Control
CONTROL ENVIRONMENT
• Governance & management function & management philosophy &
operating style.
RISK ASSESSMENT PROCESS
• It forms the basis for how management manage business risk relevant to
financial reporting.
INFORMATION SYSTEM
• Business process relevant to financial reporting & communication.
CONTROL ACTIVITIES
• Policies & procedures design to perform operation of the business.
MONITORING OF CONTROLS
• The process of assessing the effectiveness of controls.
Use of Internal Control by Auditors
Auditors shall
• assess the adequacy of internal controls used
for the financial reporting &
• identify risks of material misstatements,
which will provide him the basis for designing &
performing audit procedures.
Auditors are only concerned with assessing the
policies & procedures which are relevant to
financial reporting.
Ascertaining Internal Control
•
Enquiries from client’s relevant staff
•
Observing the controls
•
Tracing transaction through the system
•
Inspecting documents
•
Reading procedure manual
•
Examine previous audit file
Documenting Internal Control
•
Narrative Notes (NN)
•
Internal Control Questionnaire (ICQs)
•
Internal Control Evaluation Questionnaire (ICEQs)
•
Flow Charts (FC)
•
Organizational Charts (OC)
Testing Internal Control
Having documented the systems the auditor needs to
assess whether controls are actually implemented and are
effective.
Test of Controls are performed to ensure that the
prescribed controls are implemented and operating
effectively throughout the audit period.
Systems and the Auditor
Types of Auditors’ Testing
Test of Controls (ToCs)
Test of Controls are designed to evaluate the operating
effectiveness of controls in preventing or detecting and
correcting material misstatements.
Substantive Procedures (SPs)
Substantive Procedures are designed to detect material
misstatement at the assertion level.
Transaction Cycles
•
Sales
•
Purchase
•
Inventory
•
Payroll
•
Bank & cash balances
•
Capital & revenue
COs – CAs – ToCs
Control Objectives (COs).
The purpose of internal control.
Control Activities (CAs).
Policy and Procedures included in internal control.
Test of Control (ToCs).
Whether or not control objectives achieved, and controls
are operating effectively.
Sales Cycle
Take Order
Document Order
Raise Dispatch Notes
Make Order
Dispatch Goods
Raise Invoice
Account for Invoice
Dispatch invoice
Chase Payment
Receive Payment
Record Payment
Purchase Cycle
Raise Requisition
Call quotations
Raise Order
Receive Goods
Produce Goods
Raise GRN
Receive Invoice
Match Invoice with GRN
Record Invoice
Send Payment
Record Payment
Inventory Cycle
Goods Received
Receipt Recorded
Inventory Movement
Controlled & Recorded
GDNs
Dispatch Recorded
Goods Dispatched
GRNs
Payroll Cycle
Attendance Recorded & Entered
Gross Pay, Deduction & Net Pay Calculated
Other Adjustment Made
Final Payroll Prepared & Pay slips
Produced & Approved
Payments to Employees
Payment to Tax Authorities
Recording of Payroll
Cash Cycle
Request for Payment
Approval of Payment
Payment Made
Recorded in Cash Book
Acknowledgement
Receipts
Supporting checked
COs for Sales
• Goods are supplied only to customers who pay promptly
and in full.
• Orders are dispatched promptly and in full to the correct
customer.
• Only valid sales are recorded.
• All sales and related receivables are recorded accurately
& at an appropriate value.
• Sales are recorded in the correct accounting period.
Typical ToCs for Sales
Test of Control for Sales

Observe and evaluate whether proper segregation of duties is operating.

Test a sample of sales invoices for authorized sales order form & shipping docs.

Examine application of controls for approval.

Review & test entity’s procedures for numerical sequences of invoices.

Review entity’s procedures for sending out monthly statements and dealing with
customer queries.

Review entity’s procedures for granting credit to customers.

Examine a sample of sales orders for evidence of proper credit approval by the
appropriate senior staff member.

Review all new customer files to ensure satisfactory credit reference have been
obtained.

Compare prices & terms on a sample of sales invoices to the authorized price list.
Occurrence & Existence
Typical ToCs for Sales - continued
Test of Control for sales

Review & test entity’s procedures for accounting for numerical sequences of invoices.

Trace a sample of shipping documents to the sales invoices and ledger.

Review a sample of reconciliations performed.

Inspect the open-order file for unfilled orders.

Vouch recorded sales to supporting documents.

Compare dates on sales invoices with dates of correspondence shipping
documentation.
Completeness
Accuracy

Compare dates on sales invoices with dates recorded in the sales ledger.

Review sales ledger for proper classification.

Examine a sample of sales invoices for proper classification.

Test application controls for proper codes.
Cut Off
Classification
COs for Purchase
• All purchases are properly authorized to ensure only
necessary goods are procured
• All purchases are made from approved suppliers.
• All
purchases and related payables are recorded
accurately and at an appropriate value.
• Purchases are recorded in the correct accounting period..
Typical ToCs for Purchases
Test of Control for Purchases
• Inspect policies & procedures and inquire about them.
• Observe & evaluate segregation of duties.
Occurrence & Existence
• Examine a sample of orders to ensure they are appropriately
authorized.
• Review the delegated list of authority for purchases.
• For a sample of orders, examine the Goods Receipt Notes (GRN) &
match it to the order.
• Observe receipt of goods by staff to confirm whether the check is
done.
• Inspect a sample to confirm whether stores staff undertakes this
check.
• Examine supporting documentation for a sample of invoices.
Typical ToCs for Purchases - continued
• Test of Control for purchases
• Examine supporting documentation for a sample of invoices.
• Review entity’s procedures for accounting for pre-numbered
documents.
Completeness
• Examine application controls.
• Examine documentation for evidence of this check.
Right & Obligation
• Examine supporting documentation for a sample of invoices.
• Examine supporting documentation for a sample of invoices.
• Recalculate the mathematical accuracy of a sample of suppliers’
invoices.
Accuracy Classification & Valuation
• Review reconciliations for evidence of this check.
• Review purchases journal and general ledger for reasonableness.
• Compare dates on reports to dates on relevant vouchers.
Cut Off
• Compare voucher dates with recording dates in purchase journal.
COs for Inventory
• Inventory levels meet the production requirements and
customer demand.
• Inventory
levels are not excessive, preventing
obsolescence and unnecessary storage costs.
• Inventory is safeguarded from theft, loss or damage.
• Inventory movements are recorded on a timely basis.
• All inventory items are recorded.
Typical ToCs for Inventory
Test of Control for Inventory
• Review documentation in use.
Occurrence & Existence
• Review a sample of reconciliations to confirm they are performed and
then reviewed by an independent person.
• Observe and evaluate proper segregation of duties.
• Review security systems in place (e.g. locked warehouse, CCTV etc).
• Review policies and procedures in place; discuss procedures with
relevant staff.
• Review procedures for counting inventory.
• Attend inventory count.
Typical ToCs for Inventory - continued
• Test of Control for Inventory
• Review entity’s procedures relating to consignment inventory.
• Review reconciliations performed and whether reviewed by
independent person.
Completeness
Right & Obligation
• Review entity’s procedures relating to consignment inventory.
• Review and test entity’s procedures for taking physical inventory.
• Review and test entity’s procedures for developing standard costs.
• Inspect variance reports produced.
Accuracy Classification & Valuation
• Discuss with inventory managers how this is done.
• Observe the procedures being performed.
• Inspect documentation to confirm daily processing.
• Review reconciliations performed.
Cut Off
• Review entity’s procedures and documentation used to classify
inventory.
Presentation & Disclosure
• Review entity’s working papers for evidence.
COs for Payroll
• Only genuine employees are paid.
• Employees are only paid for work done.
• Employees are paid at authorized rates of pay.
• Gross pay is calculated and recorded accurately.
• Net pay is calculated and recorded accurately.
• Correct amounts owed are recorded & paid to the tax
authorities.
Typical ToCs for Payroll
• Test of Control for Payroll
• Observe and evaluate proper segregation of duties.
• Review a sample of starters and leavers in the year to ensure correct
documentation is in place.
Occurrence & Existence
• Review and test authorization procedures in place.
• Review policies and procedures in place for charging status and
consider whether adequate.
• Review personnel files for a sample of employees whose status
changed in the year.
• Observe employees’ use of time clock.
• Inspect a sample of clock cards for evidence of approval by
appropriate level managers.
• Review and test procedures for entering and removing employee
numbers from the payroll master file.
• Review budgeting procedures.
Typical ToCs for Payroll - continued
•
Test of Control for Payroll
•
Review numerical sequence of clock cards.
•
Observe and evaluate proper segregation of duties.
•
Recalculate benefits and deductions for a sample of employees.
•
Review budgeting procedures.
•
Inspect documentation for evidence of management’s review.
•
Review reconciliation before and after reports to payroll master file.
•
Review reconciliation payroll master file to general ledger.
•
Confirm whether discrepancies are followed-up promptly and resolved.
•
Review entity’s procedures for reporting changes to the payroll department.
•
Check sample of starters and leavers.
•
Review chart of accounts.
•
Review procedures for classifying payroll costs.
•
Review budgeting procedures.
Completeness
Accuracy Classification & Valuation
Cut Off
Presentation & Disclosure
COs for Cash
• Petty case levels are kept to minimum, preventing theft.
• Payments can only be made for legitimate business
expenses.
• Cash is safeguarded.
• Receipts are banked on a timely basis.
• Cash movements are recorded on a timely basis.
Communicating Deficiencies in Internal control
Auditor’s main responsibility is to report on financial statements however, auditors
are encouraged to report deficiencies, if any, in internal controls relevant to financial
reporting.
Deficiencies shall be reported in a DES-R manner:
Deficiency Effect
Deficiency
Effect
Suggestion
Response
Suggestion Response
= Deficiency found by auditor in internal controls.
= Potential effect of the deficiency.
= Auditor Suggestion to overcome the deficiency.
= Management actual or proposed response for correction.