P. 1


|Views: 100|Likes:
Published by Rick Fernandez

More info:

Published by: Rick Fernandez on Dec 15, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Master of Business Administration – MBA Semester 3 MF0013 – Internal Audit and Control – 4 Credits (Book ID: B1211) Assignment Set

– 1 (60 Marks) Q. 1 Critically evaluate the qualities of an Auditor in the wake of recent scams. Ans: - Qualities of an Auditor:An auditor renders a professional service to his client. He should not only possess the prescribed statutory qualifications but also certain personal qualities. Some of those personal qualities are mentioned below: 1. Common sense: According to Spicer and Pegler, ”the auditor should have a full share of that most valuable commodity-commonsense.” This is necessary to distinguish between important and not so important information. 2. Independence: Expression of opinion is a prime duty of an auditor. An influenced and biased person cannot form an independent opinion. Hence, independence in true sense is an utmost quality of an auditor. 3. Honesty and Integrity: Like any other professional viz. Doctors, Lawyers etc. auditor should possess a high moral character. In a way, he is a public servant. He must not knowingly, misinterpret any fact or sign any document under undue pressure. 4. Objectivity: Independence of an auditor depends on his ability to act with objectivity. For example, the auditor of XYZ Company believes that closing stock has not been properly valued but accepts a certificate from the management as to its valuation. In this case, the auditors‟ judgment lacks objectivity. 5. Communication: He should be able to communicate effectively, both orally and in writing. Particularly in the matter of report writing, he should be able to convey his message clearly and unambiguously. 6. Tactfulness: He should be firm, yet diplomatic with his client and staff. He should be tactful enough to obtain necessary written as well as oral evidence from his client, so that he can form a reasonable opinion. 7. Awareness of latest developments: An auditor should keep his knowledge up to date related to his audit work likes changes in laws, changes in professional standards, latest development in technical guidelines etc.

Q.2 What is social audit? Is social audit taken seriously by the corporate world? Give examples of corporate undertaking social audit. Ans:- Social Audit:The social audit is also called social responsibility audit. A business organization exists in society. Hence, it owes certain responsibilities toward society at large. As Lord Denning has observed: The directors of a great company should owe a duty to those who are employed by the company to see that their conditions of service are proper. They should owe a duty to the customers, to the people to whom the goods are supplied, a public duty perhaps, not to expect excessive prices. They should owe a duty also to the community in which they live, not to make the place of production hideous or a nuisance to those who live around.” Social audit is mainly concerned with social accounting. It may be noted that social accounting is still in early stage and so social audit also. Importance of the Social Policy. The phenomenal growth of Socially Responsible Funds (now 20% of funds invested in the US), the growing difficulty to attract qualified employees, and the rise of nongovernmental organizations able to sue or boycott unethical businesses, demonstrate the vital importance for any business of a well designed Social Policy. The Ethics Policies will attract long-term investors, increase market shares for the ethical product, strengthen partnerships, and make the employees proud. The Labor Policies will attract and keep a qualified workforce, and increase productivity, while opening new markets (ethnic minority customers are sensitive to the anti-discrimination policies in the work place). The Environmental Policies will attract customers interested in the protection of the environment, and investors who fear the risks linked to bad environmental practices, while sometimes reducing the costs with cost-effective modifications of production processes. As for most other components of the Social Policy, serious Environmental Policies will attract Socially Responsible Funds and a qualified workforce (nobody likes polluters!). The Human Rights Policies, also, will attract Socially Responsible Funds and a qualified workforce. Its most important role, however, is defensive: to prevent boycotts or campaigns of protest that could seriously tarnish the reputation of the company accused of practicing (or being an accomplice of) human rights abuses, and the resulting falling stock prices, loss of market shares, and low-moral work force. The Community Policies will not only create roots in a local base for the company, it will also increase the productivity of the work force involved in the projects (by developing their leadership and customer service skills, building pride and loyalty with the feeling of being useful).

The Society (or Extra-Community) Policies boost not only the products linked with the policy but also the image of the company. Cause Related Marketing is extremely appreciated by customers because it makes them feel good (allowing them to support charities without spending their time or money), as long as the charities are well chosen and the percentage is not too small (or the ceiling too low). The Compliance Policies are part of the Social Policy for two reasons. First, by complying with the law, the co. demonstrates it is socially responsible. More importantly, Compliances Policies often go beyond the legal requirements, in order to show concerns for social matters (health, labor, environment, etc.). In many cases, companies build their social image by doing only slightly more than what is required by the law. Creation of a Social Policy. Most companies (if not all) already have elements of Social Policy. Often, these are independent pieces of regulation and practices. Most of the time, they are not part of a unique strategy, they are not managed by powerful senior executives, they are not reviewed before any business decisions are made, and they are not used in ways that would produce their full benefits. The first step is to have an Independent Social Audit, either Defensive (to prevent lawsuits and boycotts), or Productive (to increase productivity, market shares and long term investment). The audit will identify the stakeholders; clarify the components of a Social Policy that would address the concerns of these stakeholders at either the Defensive or Productive level, or make recommendations on the necessary measures to build the Social Policy. The company must be totally involved in the Audit. The Independent Social Audit is neither an inspection (for which the company would dissimulate important pieces) nor is it a situation where the Auditor brings his "one size fits all" solutions. The Auditor is only the coach of a team, composed of senior executives of the company who are working at gathering the information and finding solutions. The Auditor provides the directions, merges the information to create a whole picture of the social situation, and gives advice on the method used by the company to build its Social Policy and on its different aspects. Ultimately, it is the leadership of a company who builds its Social Policy, and then decides on the best way to run the policy (for instance, nomination of a person or creation of a department dedicated to Social Policy issues). Scope of a Social Audit The identification of the stakeholders is generally the first task of an audit. However, a Social Auditor does not study each group of stakeholders separately. Stakeholders have to be considered as a whole, because their concerns are not limited to the defense of their immediate interest. As a result, the Social Auditor will work on the components of a company's Social Policy (Ethics, Labor, Environmental,

Policies must deal with changing rules related to its work force (Labor). Compliance: Identification of all legal obligations and of the means to comply. tobacco. remunerations and advantages. food and clothes for the poor). rewards linked to merit. damage to the environment. 3 Explain the Code of Ethics for Internal Auditor.Code of Ethics for Internal Auditor In his book “Practical Guide for Internal Audit” R. as well as mechanisms that ensure non-discrimination and non-harassment. Community: investment in its local community. and for each subject. unethical treatment of animals. its dealings (supplier and customer liability. Explain them in context with blacklisting Price Waterhouse Coopers in Satyam Scam. Labor: creation of a working environment allowing all employees to develop their potential. Intellectual property. policies of reduction of emissions and waste. For instance. Criminal actions). Policies include partnerships with voluntary local organizations. The scope of the audit generally includes the following policies: Ethics: values the company vows to respect. etc. Environment. Society: investment or partnership beyond the community. guns. donations in kind (computers for education. etc. Tax).Community. its administration (Business. Q. Policies include training. For instance. its products (Health. the Social Auditor will analyze the expectations of all stakeholders. and dealings with undemocratic regimes or with "bad guy" industries (fur. Adukia has scholarly explained about the code of ethics for internal auditor which is as follows: . The company may initiate or participate to a major project such as the regeneration of a poor neighborhood plagued with unemployment.S. and employees involvement. Ans:.). low education and racial tensions.). poverty. Environment: monitoring and reduction of the damage caused to the environment. Human Rights: making sure the company does not violate human rights nor appears as supporting human rights violators. Policies include the pledge not to participate in (nor engage in business with people involved in) a series of activities that are deemed offensive. with financial donations. This list of unacceptable activities often includes exploitation of children. Cause Related Marketing (partnership with a charity to market a product while giving a small percentage of the sales to the charity). balance between work and family life. specific regulations). career planning. Human Rights.

c) Avoid any illegal activity and performing any activity discrediting the internal auditor’s profession. diligently and with responsibility. ii) Objectivity: The internal auditor should: . This code applies to all internal auditors but does not supersede or replace the requirement on individual to comply with ethical codes issued by professional institutes of which they are members or student members and any organizational codes of ethics or conduct. Integrity: The internal auditor should demonstrate integrity in all aspects of their work. Internal auditors should display professional objectivity when providing opinions. skills and practical experience necessary for auditor’s activity performance. 2. There must not be any unauthorized disclosure of information unless there is a legal or professional requirement to do so. which provides the basis for reliance on all activities carried out by the internal auditors.“This code of ethics sets the minimum requirements for the performance and conduct of internal auditors. Confidentiality: Internal auditors must safeguard the information they receive in carrying out their duties. Achieving compliance with code of ethics i) Security integrity: The internal auditor should: a) Perform his/her job honestly. Objectivity: Objectivity is a state of mind that has regard to all considerations relevant to the activity or process being examined without being unduly influenced by personal interest or the views of others. They should not accept or perform work that they are not competent to undertake. assessments and recommendations. 3. unless they have received adequate training and support to carry out the work to an appropriate standard. 4. Competency: The internal auditor should make use of his/her knowledge. b) Perform his/her profession in harmony with the acts and other generally binding regulations.” There are four main principles: 1. d) Respect the legal and ethical objectives of the organizations. e) Take care that his/her integrity should not be compromised. Their integrity establishes an environment of trust.

uninfluenced by any favors coercion or undue influence. d) Disclose all substantial facts known to him/her that being undisclosed might misrepresent the conclusions on activities or events assessed. b) Avoid disclosing and making use of the information obtained during the auditor’s activities performance in order to damage the interests of other person or organization. Independence permits internal auditors to render the impartial and unbiased judgments essential to the proper conduct of audits. Internal auditors are considered independent when they can carry out their work freely and objectively. examining and evaluating the information. The purpose. iv) Demonstrating Competence: a) It is a pre-requisite that all internal audit staff is aware of and understand: 1. 4. or might be understood as damaging his/her unbiased assessment including activities or relations which may be in conflict with public interests. risks and governance arrangements. The organization’s aims objectives. 3. . The terms of reference for the audit assignment so that there is a proper appreciation of the parameters within which the review be conducted. Independence stands for an internal auditor being able to take a stand and report on materiality issues. risks and issues affecting the service area to be audited.a) Avoid taking part in activities or relations which may damage. v) Maintaining Audit Independence: Internal auditors should be independent of the activities they audit. 2. c) Avoid making use of the information obtained during the auditor’s activities for personal enrichment or in a way which would be in conflict with the law or which would damage legitimate and ethical interests of the organization. b) The internal auditor should keep educating himself constantly in order to have a good command of internal audit techniques and auditor standards necessary for obtaining. The relevant legislation and other regulatory arrangement that relate to the service area to be audited. iii) Observing Confidentiality: The internal auditor should: a) Be careful when using and protecting information he/she gathered when auditing. b) Avoid accepting anything that may damage or might be understood as damaging his/her objective professional assessment. This is achieved through organizational status and objectivity. c) Protect his/her objectivity against political influence.

There have been many accounting scandals over the years which resulted in more traders showing interest in learning how to analyze a company's financial statements. Economic theory says that the mix of debt and equity in a company’s capital structure is irrelevant. In the real world. even they even signed off on the non-existent interest that accrued on the non-existent bank balance! Auditors do bank reconciliation to check whether the money has indeed come or not.4 As a senior audit assistant of M/s. The company officials said they relied on data from the reputed auditors. Q. So let’s take a look at the importance of corporate debt and go over how an investor can analyze a company’s liquidity. the firm said: The audits were conducted by Price Waterhouse in accordance with applicable auditing standards and were supported by appropriate audit evidence. it is not possible for us to comment upon the alleged irregularities. and the biggest reason to take on debt is to leverage the . You are required to prepare working paper indicating the internal audit problems you would expect to face and how you plan to overcome them. so a company's capital structure can be relevant to its long-term survival. it is usually because they cannot pay their debts. that the value of a firm should be independent of its debt ratio. Ans:. PricewaterhouseCoopers. So was this a total lapse in supervision or were the bank statements forged? No one knows yet. Asutosh Associates. Not just the cash. Given our obligations for client confidentiality. When companies do declare bankruptcy. Long -term creditors can also put restrictions on the company such as preventing it from taking on additional debt or paying higher dividends. you are in charge of internal audit team of M/s Rajesh Technologies involved in the manufacture of plastic tubes. but details of what they have found are yet to emerge. But PricewaterhouseCoopers. stung by this insinuation hit back at Satyam. Most public companies have at least some debt.Satyam’s auditors:So what were the auditors. (Extracted from Rediffmail. companies and investors have to worry about things like taxes and the risk of default. They check bank statements and certificates.com). Price Waterhouse will fully meet its obligations to cooperate with the regulators and others. The cops have already raided the PwC office in Hyderabad. In a statement to the media. doing? There was no cash within the company's banks and yet the auditors went ahead and signed on the balance sheets saying that the money was there. From the information you obtained you find the company is facing liquidity problem for the last two years.

or can generate. That is why it is important to look at a company’s debt and liquidity. Before investors will buy commercial paper. When a company runs into financial problems. since corporate bonds are primarily long-term debt. No. Agencies rate a company’s debt according to the perceived threat of default. That is why investors should always take a little time to check debt and liquidity ratios before entering any trading position. this certainly causes the company’s bond holders some distress. There is lots of liquidity in the options of companies such as IBM and Microsoft.equity (much like buying stock on margin). liquidity means something very different at the company level. the banks most companies up in the short term. and drawing on it is an admission the company . When a ratings agency such as Moody’s or Standard and Poor’s downgrades a company’s debt. Since a lot of corporate debt tends to be short-term. But the greater the proportion of debt to equity on the balance sheet. this facility is not meant to be used. Still. Here we are referring to whether or not the company has. Liquidity in the option markets refers to the volume of contracts changing hands in a day. even temporary cash flow problems can quickly become life threatening. where liabilities (loans) have a longer duration than their assets (deposits). It is not unlike a run on a bank. If everyone suddenly wants their money now. enough cash to keep operating if they had to pay off short-term debt quickly. it is usually a company’s short-term debt that gets them in trouble. However. This gives them a bit more security that they will be paid. since there are many buyers and sellers. If the company does not have liquid assets available. there can be a real risk to the company if investors lose confidence in it. this is not usually the source of liquidity problems (unless a large amount just happens to be nearing expiration). However. If they lose confidence altogether they will simply refuse to lend at any price. Return on equity is very important to investors. Qwest and WorldCom learned. they usually require a commercial paper back-up facility with a bank. Of course. Once investors lose confidence. Investors demand a higher premium to lend to the company. liquidity can mean the difference between survival and death. crises periodically seem to emerge from almost nowhere to cause the sudden collapse of companies that seemed solid only weeks before. as the value of the bonds will drop. the higher the business risk. their debt rating is usually quickly downgraded. Still. as companies such as Enron. Banks use liquidity analysis to assess the risk of a company not being able to repay them in the short term. the bank will not be able to meet the demand and be forced to close. Most investors are familiar with the corporate bond market.

March 2002: . and is now AT&T).4 billion at the time.51 1. Below is a price chart that compares the financial performance of these four companies for the period March 2001. Verizon (Symbol: VZ).1 Equity 6. For the earnings number you could choose to use EBIT (earnings before interest and taxes).3 31. This is what happened to Qwest about two years ago.6 2. This ratio should be compared with what is normal in their industry and not simply against all other businesses.6 18. $4 billion is a lot of money to come up with in short time. or the more aggressive EBITDA (which adds back the non-cash costs of depreciation and amortization). Even if you are not looking at looking at a company’s financials.0 7. So one of the first ratios an investor should look at is the company’s debt to its total capital. other investors certainly are.is having severe liquidity problems.15 You can see that Qwest at the time had a substantially higher amount of debt relative to their equity. their market capitalization was $16.8 26. It was a stop-gap measure that put off a financial reckoning for a few months. Total capital is all their debt plus equity. and Bell South (Symbol: BLS). Company Q SBC VZ BLS Total Debt 24. This is measured by a ratio called “times interest earned”. and a loss of $4 billion the previous year. The next thing to look at is a company's ability to meet its debt payments. Times interest earned is a company’s earnings divided by their total interest cost. When Qwest had trouble borrowing in the commercial paper markets.67 5.6 Earnings -4. but credit agencies responded by cutting the rating on its outstanding bonds to near junk status.2 0.98 3.9 20. they had to draw down their $4 billion credit line with banks. By comparison. Their times interest earned number looks particularly bad. Numbers are in billions of dollars. Below is a table I put together that have some of these key numbers and compares Qwest at that time of their financial problems with the other “baby bells” of the time: SBC Communications (Whose symbol was SBC.1 32.1 63. they had annual revenue of about $20 billion. Investors clearly recognized that Qwest was a substantially more risky investment with a worse financial outlook compared to its peers.5 Times Interest Earned -0.

should it need to. This ratio gives you a sense of a company's ability to meet all short-term liabilities with liquid assets. SBC Communications. An even more conservative ratio would be the cash ratio. inventory.000 during the prior time period for the four companies: . accounts receivables.5).4 and 0. Does this mean you should look for this in other companies and immediately enter short positions (like buying puts) on them? Not Necessarily. both ratios for Qwest were well under 1. and prepaid expenses.6). As you can see. you would have made more money over the past five years choosing one of the other baby bells.7. It requires more work to dig out and calculate. and Verizon) had similar current and quick ratios of between 0. since it subtracts inventory from current assets.0 (Qwest had a quick ratio of 0. the better (Qwest had a current ratio of 0. The key in this industry is investor confidence. marketable securities. A ratio of 1 implies adequate current assets to cover current liabilities. Current liabilities include all debt due within a year. and these companies could go on like this indefinitely as long as investors retain their confidence in them. and the higher above 1. What does this mean over the long-term investors? First.Investors should also take a look at a company's current ratio and the quick ratio. The quick ratio is a little more conservative measure of liquidity than the current ratio. The current ratio is a measurement of cash resources relative to the shortterm level of obligations. while the other ratios are easily found on any decent financial website. A healthy company should have a quick ratio of at least 1. The chart below compares the growth of $10. but I would rarely loof at this myself. which is the sum of cash and marketable securities divided by current liabilities. All the “Baby Bells” (Bell South. Current assets include cash and equivalents. It is calculated by dividing all current assets by all current liabilities.

But if. the auditor does not normally examine all the information that is available to him because he can reach a conclusion about an account balance. like most investors. If you got out at the height of the bubble you obviously would have made more. Hopefully this article has convinced you the importance of at least looking a company’s debt and liquidity situation before you consider entering any position. Statistical sampling technique add scientific flavor to old.The other thing you will notice is that Quest has exhibited much more price volatility than its peers.” Statistical sampling technique is a well accepted audit techniques now-a-days. enable the auditor to form an opinion on the financial information. there is no one financial number or ratio that can give you all the information you need. generally accepted by auditing professional. class of transactions or a control by way of judgmental or statistical sampling procedures. and obviously got caught up in the tech and telecom bubble more than any of its peers. in total. Statistical sampling techniques are based on the probability theory. of „test checking‟. Ans:. Just as no option strategy works in every market and situation. Statistical sampling in auditing means forming an opinion about a group of items on the basis of examination of a few of the items. In forming such an opinion. you continued to hold on through the collapse of that bubble you would have lost about two-thirds of your original investment.” The following is the text of SA 530 modified as per our requirement: . The Institute of Chartered Accountants of India has issued SA 530: “Audit sampling” which is mandatory in nature and applicable to all kinds of audit.5 Explain the use of Sampling technique in Internal audit [SA500].Use of Sampling Techniques in Internal Audit SA500:„Audit Evidence‟ issued by the Institutes of Chartered Accountant of India says: “The audit evidence should. Q.

when performing substantive procedures on invoice processed during the period. Either method. When using either statistical or non statistical sampling methods. applying audit procedures to all items within a population which have a particular characteristics (for example all items over a certain amount) does not qualify as audit sampling with respect to the portion of the population examined. when properly. Population . the population from which the auditor wishes to sample. Perform audit procedures thereon. and evaluate sample results so as to provide sufficient appropriate audit evidence. When designing an audit sample. Tests performed on 100% of the items within a population do not involve sampling. For example. the auditor will be concerned with matters such as the proper reflection of the monetary amounts of such invoices in the financial statements. The auditor would first consider the specific audit objectives to be achieved and the audit procedures which are likely to best achieve those objectives.Introduction 1. This standard applies to statistical and non-statistical sampling methods. 2. the auditor will be concerned with matters such as whether an invoice was clerically checked and properly approved on the other hand. when performing tests of control over an entity‟s purchasing procedures. The purpose of this standard is to establish standards on the design and selection of an audit sample and the evaluation of the sample results. 4. since the items were not selected from the total population on a basis that was expected to be representative. and the sample size. the auditor should design and select an audit sample. Audit objectives 6. It is important to recognize that certain testing procedures do not come within the definition of sampling. nor with regard to the population as a whole. 3. Design of the sample 5. the auditor should consider the specific audit objectives. Auditing sampling means the application of audit procedure to less than 100% of an item within an account balance or class of transactions to enable the auditor to obtain and evaluate audit evidence about some characteristics of the items selected in order to form or assist in forming a conclusion concerning the population. applied can provide sufficient appropriate evidence. likewise. Consideration of the nature of the audit evidence sought and possible error conditions or other characteristics relating to that audit evidence will assist the auditor in defining what constitutes an error and what population to use for sampling.

When determining the sample size. the population could be defined as the accounts receivable listing. enables the auditor to direct audit efforts towards the items which for example. For example. unmatched receiving reports or other populations that would provide audit evidence of understatement of accounts payable. the auditor may direct attention to larger value items for accounts receivable to detect overstated material misstatements. contain the greatest potential monetary error. suppliers‟ statements. the auditor should consider sampling risk. stratification may result in a smaller sample size. the tolerable error. the Sampling unit could be defined as customer balance or individual customer invoices. on the other hand.7. To assist in the efficient and effective design of the sample stratification may be appropriate. if the auditors objective were to test for overstatement of accounts receivable. unpaid invoices. 12. Sample size 10. 8. when testing for understatement of accounts payable. In addition. based on a sample. Examples of some factors affecting sample size are contained. The auditor will need to determine that the population from which the sample is drawn is appropriate to the specific objective. The auditor is faced with sampling risk in both tests of control and substantive procedures as follows: (a) Tests of Control: . but rather subsequent disbursements. The individual items that make up the population are known as sampling units. This process reduces the variability of the items within each stratum. The population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. for example. the population would not be accounts payable listing. The auditor defines the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit objectives. The population can be provided into sampling units in a variety of ways. and the expected error. which have similar characteristics (often monetary value). each of which is a group of sampling units. if the auditor’s objectives were to test the validity of accounts receivable. Stratification therefore. Sampling risk 11. may be different from the conclusion that would be reached if the entire population were subjected to the same audit procedure. Sampling risk arises from the possibility that the auditor’s conclusion. The strata need to be explicitly defined so that each sampling unit can belong to only one stratum. For example. Stratification 9. Stratification is the process of dividing a population into sub population.

ii) Risk of Incorrect Acceptance: The risk that. which would establish that the initial conclusions were incorrect. In tests of control. based on the preliminary assessment of control risk. the auditor is able to conclude. The lower the risk the auditor is willing to accept. the greater the sample size will need to be. 14. The risk of over reliance and the risk of incorrect acceptance affect audit effectiveness and are more likely to lead to an erroneous opinion on the financial statements that either the risk of under reliance or the risk of incorrect rejection. The smaller the tolerable error. is related to the auditor’s judgment about materiality. 16. although the sample result does not supports the auditors assessment of control risk. the actual compliance rate would not support such an assessment. the tolerable error is the maximum rate of deviation from a prescribed control procedure that the auditor would be willing to accept. The risk of under reliance and the risk of incorrect rejection affect audit efficiency as they would ordinarily lead to additional work being performed by the auditor. Expected error . the tolerable error is the maximum monetary error in an account balance or class of transactions that the auditor would be willing to accept so that when the results of all audit procedures are considered. Tolerable error is the maximum error in the population that the auditor would be willing to accept and still concludes that the result from the sample has achieved audit objective. Sample size is affected by the level of sampling risk the auditor is willing to accept from the results of the sample. in substantive procedures. ii) Risk of Over Reliance: The risk that. Tolerable error 15. (b) Substantive Procedures: i) Risk of Incorrect Rejection: The risk that. although the sample result supports the conclusion that a recorded account balance or class of transactions is not materially mis-stated.i) Risk of Under Reliance: The risk that. with reasonable assurance. in fact it is not materially mis-stated. that the financial statements are not materially mis-stated. in fact it is materially mis-stated. Tolerable error is considered during the planning stage and. the greater the sample size will need to be. although the sample result supports the conclusion that a recorded account balance or class of transactions is materially mis-stated. although the sample result supports the auditor’s assessment to control risk. 13. or the entity. the actual compliance rate would support such an assessment. for substantive procedures.

Selection of the sample 18. The auditor should select sample items in such a way that the sample can be expected to be representative of the population. (b) Systematic selection. the result would be that the auditor would have selected all. provided that auditor attempts to draw a representative sample from the entire population with no intention to either include or exclude specific units. the auditor would need to determine that the population is not structured in such a manner that the sampling interval corresponds with a particular patter in the population. and evidence available from other procedures. When using systematic selection. the auditor would consider such matters as error levels identified in previous audits. of the sales of that particular branch. Having carried out. every 20th voucher number) or on monetary totals (for example. the auditor should: . (c) Haphazard selection. three methods commonly used are: (a) Random selection which ensures that all items in the population have an equal chance of selection. Evaluation of sample results 20.17. for example by use of random number tables. For example. care needs to be taken to guard against making a selection that is biased. which may be an acceptable alternative to random selection. When the auditor uses this method. a larger sample than when no error is expected ordinarily needs to be examined to conclude that the actual error in the population is not greater than the planned tolerable error. the first interval having a random start. those audit procedures that are appropriate to the particular audit objective. which involves selecting items using a constant interval between selections. While there are a number selection methods. if in a population of branch sales. 1000 increase in the cumulative value of the population). If the auditor expects error to be present in the population. a particular branch’s sales occur only as every 100th item and the sampling interval selected is 50. This requires that all items in the population have an opportunity of being selected. every Rs. The interval might be based on certain number of items (for example. In determining the expected error in a population. Smaller sample sizes are justified when the population is expected to be error free. 19. changes in the entity‟s procedures. or none. on each sample item. for example. towards items which are easily located. as they may not be representative.

even though it may have an effect on other areas of the audit such as the assessment of doubtful accounts. In analyzing the errors detected in the sample. and extent audit procedures in this area. There are several acceptable methods of projecting error results. the auditor needs to keep in mind the qualitative aspects of the errors . Therefore. or if the procedures performed do not enable the auditor to obtain sufficient appropriate audit evidence the item would be treated as an error. for example. When the expected audit evidence regarding a specific sample item cannot be obtained. 22. When projecting error results. For example. it may be inappropriate to consider this an error is evaluating the sample results of this particular procedure. 23. the auditor may decide to identify all items in the population which possess the common feature. (b) Project the errors found in the sample. a misposting between customer accounts does not affect the total accounts receivable. in all the cases. In designing that sample. In analyzing the errors discovered. Analyze of errors in the sample 21. type for transaction. These include the nature and cause of the error and the possible effect of the error on other phase of the audit. the auditor will have defined those conditions that constitute an error by reference to the audit objectives. thereby producing a sub-population. the method of projection will need to be consistent with the method used to select the sampling unit. or is unable to perform satisfactory alternative procedures. The auditor would also consider the qualitative aspects of the errors. 24. in a substantive procedure relating to the recording of accounts receivable. or period of time. Projection of errors 25. The auditor projects the error results of the sample to the population from which the sample was selected. However. For example. location.(a) Analyze any errors detected in the sample. the auditor may observe that many have a common feature. the auditor may be able to obtain sufficient appropriate audit evidence that eh receivables is valid by reviewing subsequent payments from the customer. If the auditor does not. the auditor may be able to obtain sufficient appropriate audit evidence through performing alternative procedures. product line. The auditor would than perform a separate analysis based on the items examine for each sub population. if a positive account receivable confirmation has been requested and no reply was received. the auditor will first need to determine that an item in question is in fact an error. (c) Reassess the sampling risk. In such circumstances.

When the projected error exceeds tolerable error. The projected population error used for this comparison in the case of substantive procedures is net of adjustments made by the entity. The other three are internal loss data. published in the Federal Register on December 7. When the population has been divided into sub-population.S.Introduction This paper on Business Environment and Internal Control Factors (BEICFs) is one in a series of industry position papers by the AMA Group1 on business practices affecting the implementation of AMA in the United States. Background BEICFs are risk measures used in the management and measurement of operational risks.6 What factors influence the internal control environment? Give examples for each factors. Pillar 1 that AMA institutions must consider in estimating their minimum capital requirement operational risk. Q. 2007. external loss data and scenario analysis. would consider extending the audit procedure or performing alternative audit procedures. They are one of four elements identified in Basel II. Effective date 27. Rule for Risk Based Capital Standards: Advanced Capital Adequacy Framework. This statement on Standard Auditing Practices becomes operative for all audits relating to accounting periods beginning on or after April 1. Ans:. To accomplish this. the projection of errors is done separately for each sub-population and the results are combined. suggests that they are forward-looking indicators of the risk profile. 1998. The auditor needs to consider whether errors in the population might exceed the tolerable error. It is intended to help initiate a dialogue between the industry and the regulatory community on this aspect of the implementation of the AMA. The U. the auditor reassesses the sampling risk and if that risk is unacceptable. Reassessing sampling risk 26. the auditor compares the projected population error to the tolerable error taking into account the results of other audit procedures relevant to the specific control or financial statement assertion.found. The Basel Framework goes a bit further and discusses them as a way of achieving the “alignment of risk management to capital.” and of providing some “immediacy” in .

opting in. The AMAG is open to any financial institution regulated in the United States that is either mandated.Support for the AMAG is provided by RMA and Operational Risk Advisors LLC. Many firms. including about two thirds of the core firms surveyed. there appears to be no precise generally accepted regulatory definition of BEICFs yet. use BEICFs to make ex-post adjustments to their capital estimation calculations. Their institutions are listed for identification purposes. capital estimation purposes. and there were thirteen members as of the time of this writing. financial services federal regulatory agencies.followed by audit scores. because of the uncertainty that exists about the relationship between future losses and BEICF values. The RMA – the Risk Management Association -is a member-driven professional association whose purpose is to advance the use of sound risk management principles in the financial services industry. The names of AMAG members that agree with this Industry Position Paper are shown in Attachment 2. Of the twenty or so US financial service institutions that are currently viewed as mandatory or opt-in Basel II institutions. The Group consists of senior operational risk management professionals working at financial service organizations throughout the United States. statistics on regulatory exam issues and other key risk indicators. sixteen were members of the AMAG at the time of this Survey. in that order. Whether they are positive or negative. Industry Positions Position 1: BEICFs are defined as measures that track changes in the operational risk in the business environment and changes in the effectiveness of a firm’s controls. The purpose of the AMAG is to share industry views on aspects of AMA implementation with the U. nor the views of the individual financial service firms whose staff have participated in the AMAG. For 1 The Advanced Measurement Approaches Group (AMAG) was formed in 2005 by the RMA at the suggestion of the U. Beyond that however. Inter-Agency Working Group on Operational Risk. This paper does not necessarily represent the views of RMA’s institutional membership at large. or considering opting in to Basel II. Risk Control Self Assessment (RCSA) results are the most commonly applied BEICFs. Industry Practices A recent RMA survey of AMAG members indicates that most use BEICFs for risk management purposes and that almost all of them consider BEICFs as at most an indirect input into their models for capital estimation purposes.capital estimates. these adjustments are typically kept within percentage limits. The environment is defined to include both the internal and external circumstances of the firm’s businesses. .S. About half of core and a number of opt-in firms use BEICFs to allocate capital among business units. A senior officer responsible for operational risk management represents each member institution on the AMAG.S. and controls are defined as processes that the firm has in place to reduce or eliminate its operational risks.

An example might be the use of a screening system that enhances transaction risk management. Controls operate by reducing the exposures created by the business environment. and the evolution of the firm’s markets. including the diversity and sophistication of its customers and counterparties. do not include such things as: insurance – an asset with contingent worth. by preventing specific individual risks from arising and by mitigating their effects when they do arise. the liquidity of capital markets it trades in and the reliability of the infrastructure that supports those markets. the degree of automation of the product process and the firm’s capacity for automation. because those data are always taken into account in the other three elements. The system does not enforce a particular behavior so much as enable improved decision making about risk. They can be specific like the confirmation process after a trade or the due diligence before a new hire. This includes:· • • • • • the quality and availability of the firm’s people. and other resources. Factors are leading measures or indicators of change in the environment or in control effectiveness. Controls. Although past losses are an indicator of future losses. or fully automatic. loss data are excluded from factors in the context of capital estimation to avoid doublecounting. like the sign-off often required at certain steps in loan processing by software before the process can proceed. like many software and building access controls. are not themselves processes. including such things as: . by detecting causes.The business environment is the internal and external circumstances of a firm’s businesses that can materially affect its operational risk profile. Otherwise many kinds of objective and subjective measures can be used as factors. or business processes which contribute directly to the delivery of services to customers. the products they deliver and the processes they use to deliver them. Many risk management processes that support trade-offs of risk and return are not controls. They can be manual. the legal and regulatory environment for the businesses. Internal controls are the detective and preventive processes the firm has in place to reduce the frequency or the severity of operational risk losses or to eliminate altogether the chance of operational risk events. vendors. the complexity and riskiness of the businesses. however. partially automatic. which may be used in a control but. or general like a risk and control self assessment process used to detect and assess risks. risk indicators. like the supervisory end-of-day review of a trader’s tickets.

the effectiveness of existing controls. purpose and integration. and in balanced scorecards for performance evaluation. The Basel Framework and U. such as numbers of new products and increases in gross and net revenues. BEICFs add value in risk management by providing definition and specificity to policy on risk appetite and tolerance. and progress in closing them. and the relevance of available measures to understanding the business environment and controls. The usefulness of individual measures will depend on: the level in the organization of the manager who is using them. use them to set thresholds determined by policy. usefulness. and other risk indicators. Position 3: Firms need flexibility to tailor their choice of BEICFs. and by prompting line manager responses to signals of critical changes in the business environment and internal control effectiveness. outputs from risk and control self assessments. Investment in the development of additional BEICFs should usually be driven by where they are likely to make the largest impact on management.S. Rule (see Attachment 1) leave the impression that BEICFs are primarily of value in the context of capital estimation. All AMAG member firms believe that the main value of BEICFs is as tools for managing operational risk. degree of automation and the rate of change in external circumstances – in other words. control gaps. to benchmark one unit’s performance against another’s. In reporting. Firms use BEICFs to characterize and report on the dynamics of the business environment and on the state of their internal controls. the number of customer complaints. process architecture. Availability and applicability of BEICFs will depend on such things as the business profile.· · · · · · · · measures of business expansion. to define triggers for escalation. depending on availability. the number of audit points and other measures tracking regulatory and policy compliance and progress in closing any gaps in existing practices. Position 2: BEICFs are more useful for risk management than measurement. the business environment. the management style. as opposed to capital estimation. the usefulness will also depend on . including general indicators like staff turnover and specific ones like peak capacity utilization in a trading system. the risk appetite and tolerance of the organization. Some firms include BEICFs in risk reporting on changing conditions and control effectiveness. applicability. including indicators reflecting the emergence of new risks.

causality. BEICFs may become more useful in capital estimation. appropriately balancing effectiveness with efficiency. Position 4: BEICFs should play a secondary role in capital estimation. typically through scenario analysis) into the capital model. and leveraging existing sources of information. and whether they are used as a direct or indirect input (the latter. If it is ever possible to establish significant statistical relationships with future loss distributions. for example. 1 Why Internal check is necessary? Choose an organization of your choice and find out how internal checks are put in place. This includes how they are included in the management reporting process. A firm's choice of BEICFs will also depend on the purpose for which they are being used and the manner in which they are integrated into the AMA framework. they should be an input into scenario analysis or into a global adjustment to a calculated capital estimate reflecting considerations not otherwise taken into account. Master of Business Administration – MBA Semester 3 MF0013 – Internal Audit and Control – 4 Credits (Book ID: B1211) Assignment Set – 2 (60 Marks) Q.the extent to which measures are supplemented by descriptive information and analysis on. In the latter case. 20% or 30%. For capital estimation. Other important considerations include providing information that is useful for line of business risk management. . Until then. 10%. their use should remain secondary to internal and external loss data and scenario analysis. it may well make sense to continue the current practice of the majority of AMAG firms and limit their overall effect to an increase or a decrease of some specified amount such as 5%.

where the official concerned issued you a token and enters the token numbers on the back of the cheque and in the token book. Automatic checking of job 3. it is ensure that the job performed by one employee gets checked. The purchase process should invariably be start with the placing of a requisition duly authorized by a senior official to the purchase department. Rotation of jobs 5. No employee. you produce the cheque to a counter. Multiple recording of same transactions 4.Ans:Internal check:Internal check is an important process of internal control system. From the above discussion. we can summarize some characteristics of internal check: 1. and if it tallies then he sends the cheque to the cashier to make payment. The cheque is then send to the ledger clerk. Prevention of errors and frauds 6. allowed handling transactions from beginning to end. Proper segregation of duties 2. The cashier makes the payment against the token handed over to you and records it in his cash register. First. The department should be headed by a qualified and trained senior officer. Let us understand the concept of internal check with a practical example of a medium sized manufacturing company regarding its purchases. automatically by another employee. Here arrangement is such that the job of one employee is automatically checked by other. Example: Please recall what happens when you visited a bank branch to encash a cheque. The cheque then sent to an officer. who verify your signature on the cheque with bank records. The department should maintain a list of approved suppliers with whom orders for making purchases are regularly placed. • • . Separation of custodial and recording functions. • Purchases should be supervised by and organized by a separate department called purchase department or procurement department. who verify the balance in your account and makes debit entry therein. Under the system of internal check. This is an excellent example of internal check. alone.

The person in charge of receiving the goods should prepare a Goods Received Note (or Materials Received Report) and send a copy thereof to the Accounts department and to the department upon whose requisition the good have been ordered. It should also send copies of the order to the Accounts Department.• Each department of the company should have a book of requisition slips bearing serial numbers. should be clearly laid down. the purchase department should place an order with the supplier selected by it. • • Upon receipt of a requisition. the purchase department should send inquiry letter to the listed suppliers for quotation of the price. fright and delivery terms. inspection. acceptance and transfer of the goods to concerned departments. In case an order has been placed with a supplier other than the one who had quoted the lowest price. After due checking. the reason for the same should be recorded. The purchase department should keep a separate record of requisition forms received from different departments. The purchase department should maintain a register of books of requisition slips issued to different departments. Goods received should be inspected to see that they are exactly as ordered. necessary particulars of the purchase should be recorded in the purchase register and the number of the purchase order should be marked on the invoice. the purchase (or the Accounts) department should check it with the order and the goods received/ inspection note to ensure that the rate. quality and quantity of the goods are exactly as earlier agreed. discount. After examination of the terms quoted by suppliers. The final inspection report should send to Accounts department. • • • • • • . Receipt of goods should be recorded in the Goods Received (or Inward) Register. This should be dome with the assistance of the inspection department and the department which has requisitions the goods. Upon receipt of the suppliers invoice. Wherever possible. The procedure relating to receipt. goods received note and goods inspection note may be combined. stores department and the department which has made the requisition.

From there. These should also check with the advice note covering the return of rejected goods to the supplier. the items to be entered on the bin cards or stores ledger should be those actually accepted. the following problems arise in the implementation of internal control: (a) Separation of duties: In a manual system. a program may reconcile a vendor invoice against a receiving document and print a cheque for the amount owed to a creditor. . recording transactions. Thus. the relevant entries should be passed in the stock (bin) card.• The Accounts department should not make payment to the supplier unless the invoice has been passed for payment by an authorized person after due verification. and the goods received note should be prepared accordingly. Where only a part of the goods are returned to the supplier as being defective. In a computer system.2 Detail the specific problems of electronic data process relating to Internal control. For the goods returned to the suppliers. • • • • • • Q. or a fresh bill is demanded from the suppliers. a credit note may also be obtained from him. For example. either the bill is passed only for the value of goods actually accepted. as also where the supplier has overcharged in respect of any of the items. and custody of assets. In case any goods are rejected on account of being defective or for any other reason. In such a case.Specific Problems of Electronic Data Process relating to Internal Control In an EDP system. credit note should be obtained from him (against a debit note prepared in his name) failing which a debit entry should be passed in his individual account. As a basic control. All incoming credit notes should be numbered and stamped the same way as invoices. they should be returned to the supplier and not entered either in the stores ledger or the bin cards. Goods received should also be entered in respective stores ledgers. In such a case. Ans: . however. the traditional notion of separation of duties does not always apply. it should be adjusted from the total amount of the bill and only the net amount should be paid to him. separation of duties prevents or detects errors and irregularities. separate individuals are responsible for initiating transactions. In case any advance sum has been paid to the supplier against the order.

Therefore. Highly skilled personnel are needed to develop. it may be difficult to determine whether incompatible functions have been performed by system users. organizations sometimes have been forced to compromise in their choice of staff. (c) Competent and trustworthy personnel: The technology of data processing is now exceedingly complex much more complex than in the days of manual systems. well trained and experienced data processing personnel have been in short supply. one of the objectives of using a database management system is to provide multiple users with access to the same data. Some minicomputers and microcomputers allow users to change programs and data easily. If the minicomputer or micro computer does not have an inbuilt capability to provide a secure record of changes. assuring that an organization has competent and trustworthy data processing personnel has been a difficult task. thereby reducing the control problems that arise with maintaining redundant data. Unfortunately. they provide no record of these changes. however. and the rapid evolution of technology inhibits management’s ability to evaluate an employee’s skills. modify. In a minicomputer and microcomputer environments. Historically. it is not always easy for an organization to assess the competence and integrity of its EDP staff. In a computer system. . (b) Delegation of authority and responsibility: A clear line of authority and responsibility is an essential control in both manual and computer systems. Moreover. a fixed price list is issued for personnel to use when products are sold.this program is performing functions that in a manual systems would be considered incompatible. For example. (d) System of authorizations: Management issues two types of authorizations to execute transactions. furthermore. High turnover in the data processing industry has been the norm. delegating authority and responsibility in an unambiguous way may be difficult because some resources are shared among multiple users. This user assumes ultimate responsibility for the integrity of the data. When multiples users have access to the same data and integrity of the data is somehow violated. For example. Some organizations have attempted to overcome these problems by designating a single user as the owner of data. the existence of competent and trustworthy personnel becomes even more important when computer systems are used to process an organization’s data. Thus. it is not always easy to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the error. General authorizations establish policies for the organization to follow. since a relatively small number of individuals assume major responsibility for the integrity of the data. Specific authorizations apply to individual transactions: for example. maintain and operate today’s computer systems. separation of incompatible functions may be even more difficult to achieve.

however. In a well designed computer systems. in the way they concentrate the data processing assets and records of an organization. When this situation is coupled with a decreased ability to separate incompatible functions. auditors have to examine not only the work of employees but also the veracity of program processing. (f) Physical control over assets and records: Physical control over access to assets and records is critical in both manual systems and computer systems. For example. (e) Adequate documents and records: In a manual system. no visible audit or management trail may be available to trace the transaction. Thus. The absence of a visible audit trail is not a problem for the auditor provided that systems have been designed to maintain a record of all events and there is a means of accessing these records. Audit trails are often more extensive than those maintained in manual systems. . in an online order entry system customers orders received by telephone may be entered directly into the system. auditors evaluate the adequacy of procedures for authorization by examining the work of employees. when evaluating the adequacy of authorization procedures. Some minicomputer and microcomputer software packages for example. Computer systems differ from manual systems. In a computer system. In a manual system. adequate documents and records are necessary to provide an audit trail of activities within the system.acquisitions of major capital assets may have to be approved by the board of directors. a person wishing to perpetrate a fraud may be maintained at a single site the data processing installation. Thus. in a manual system. In computer systems. If the organization does not have suitable backup. some transactions may be activated automatically by a computer system: for example. a fire that destroys a computer room may result in the loss of all major master files in an organization. This concentration of data processing assets and records also increases the loss that can arise from computer abuse or a disaster. authorization procedures often are embedded within a computer program. Unfortunately. For example. For example. Similarly. For example. the order entry module in a sales system may determine the price to be charged to a customer. execution and recording of some transactions. the perpetrator does not have to go to physically distance locations to execute the fraud. Thus. documents may not be used to support the initiation. provide inadequate access controls and logging facilities to ensure preservation of an accurate and complete audit trail. serious control problems can arise. it may be unable to continue operations. not all computer systems are well designed. an inventory replenishment program may initiate purchase orders when stock levels fall below a set amount.

Documents showing the receipt and acceptance of goods should also be send to the accounts department. For example. Where tenders are invited. Purchases and creditors b. programs may sort an inventory file by warehouse location and prepare counts by inventory item at different warehouses. however. The goods receipt documents should be cross checked with final purchase orders.(g) Adequate management supervision: In a manual system. In computer systems. (h) Comparing recorded accountability with assets: Periodically. Q. 2. In a manual system. In a computer system. the procedure for opening and acceptance thereof should be laid down. Purchase and Creditors:Basic considerations for having an effective internal control system for Purchase and Creditors are as follows: 1. 4. Thus. The preparation and authorization of purchase orders should be under a senior manager. data and the assets that the data purports to represent should be compared to determine whether incompleteness or inaccuracies in the data exist or shortages in the assets have occurred. 6. 3. management supervision of employee activities is relatively straight forward because managers and employees are often at the same physical location. . The procedure for issuing purchase requisitions should be specified. an irregularity may not be discovered. If unauthorized modifications occur to the programs or data files that the programs use. supervision of employees may have to be carried out remotely. however. Supervisory controls must be built into the computer system to compensate for the controls that usually can be exercised through observation and inquiry. data communications may be used to enable employees to be closer to the customers they service. especially with regard to quantity and quality. independent staff prepares the basic data used for comparison purposes. programs are used to prepare this data.3 Explain the principal considerations in internal control on: a. 5. Fixed assets Ans:.a. Predetermine guidelines should exist for inspection of goods received.

2. b. Serial numbers should be allotted to each item for easy identification. The receipts from such disposals should be properly accounted for. 8. maintenance of ledger accounts and reconciliation of statements sent by suppliers. discounts on account of inferior quality of goods.4 Explain the steps of evaluating internal control systems using flow chart. 6. 7.7. payment documents duly authorized by a senior official. 11. or write off of fixed assets should be allowed only under proper authorization of the top management. documents regarding purchase returns. Adequate procedures should be established with regard to purchase returns. Proper accounting records should be maintained for expenditure during the construction period distinguishing carefully between capital and revenue expenditure. Payments for fixed assets should be made only after authorization of the top management. Fixed assets registers should be maintained showing brief particulars of all items. Before payments are made to suppliers. Depreciation rates should be properly authorized. Fixed Assets:Basic considerations for having an effective internal control system for Fixed Assets are as follows: 1. An authorize official from the accounts department should be made responsible for checking suppliers‟ invoices. and other similar adjustments. showing that the goods have been received as specified in the purchase order should be verified by the accounts department. Fixed assets should be physically verified periodically. 3. scrapping. Sale. 10. purchase records. Q. 9. 4. The accounts of various suppliers should be confirmed periodically from statements received from them. 5. Lawful policies and procedures should be implemented with regard to purchases from the companies under the same group and from the employees. Ans:- . Capital expenditure budget should be prepared regularly. payments to suppliers.

It gives a bird’s eye view of the system and is drawn up as a result of the auditors review thereof.Introduction:. More specifically it can show: a) At what point a document is raised internally or received from external sources. Every detail relevant from the control point of view and the details about how an operation is performed can be included in the flow chart. however. Care should be taken to see that the first column head is devoted to the section or the individual wherefrom a transaction originates and the placements of other column heads should be in the order of the actual flow of the transaction. It should. f) Filing of the documents g) Final disposal by sending out or destruction. it provides the most concise and comprehensive way for reviewing the internal controls and the evaluator’s findings. A flow chart is normally a horizontal one in which documents and activities are shown to flow horizontally from section to section and the concerned sections are shown as the vertical column head. in appropriate cases an individual also may be shown as the vertical column head. As a matter of fact a very sound knowledge of internal control requirements is imperative for adopting flow charting technique for evaluation of internal controls. purchases. also it demands a highly analytical mind to be able to see clearly the inter division of a job and the appropriate control at relevant points. It is a graphic presentation of internal controls in the organization and is normally drawn up to show the controls in each section or sub section. if judicious use of them can be made. it is probably the most effective way of presenting the state of internal controls in the client’s organization. wages. As distinct from a narrative form. d) Distribution of the document to various section department or operations. e) Checking authorization and matching at relevant stages. It has been stated earlier that a flow chart is a symbolic representation the flow of activity and related documents through the section from origin to conclusion. production . These can be sales. in a condensed but meaningful manner. though cannot perhaps be totally banished are reduced to the minimum and by that process.The flow charting technique is an important technique for evaluation of the internal control system. not be understood that details are not reflected in a flow chart. b) The number of copies in which a document is raised or received. Essentially a flow chart is a diagram full with lines and symbols and. A properly drawn up flow chart can provide a neat visual picture of the whole activities of the section or department involving flow of documents and activities. c) The intermediate stages set sequentially through which the document and the activity passes. it can successfully bring the whole control structure. narratives. especially the essential parts thereof. In a flow chart.

it should be so done and. For actual drawing of the flow chart. examine internal control and risk assessment system.Introduction:- . it is necessary to briefly narrate some aspects of flow or control on the flow chart. documents may be matched. necessary use of keyed narration should be made. which in turn should be corresponded at the bottom. Q. to effectively supplement the information on the flow chart. For example. be remembered that wherever it is possible to obviate the use of narration. Each one of the main functions is to be linked with related functions for making a complete course. Ans:. For example. however. Purchase is to be linked with sundry creditors and payments.T. This will be slightly bigger narration and it should be provided at the bottom. Calculation” alongside the document. It will not make the chart less intelligible. There should be a direction of movement for the activity and documents. annexed or destroyed. there may be points for checking the documents. Skinner an Anderson in their book “Analytical Auditing” has suggested the following symbols for the use of auditors: Sometimes. But if the requirement for narration is slightly bigger. the narration should be given at the bottom of the chart by making the exact position of the chart needing the narration by an asterisk or some other suitable symbol. drastic losses in its stock and devaluation of its assets.etc. the auditor has to formulate his symbols to reflect the flow and the connected details. this is a relevant fact and it can be expressed by entering “S. without making it cumbersome. when it is unavoidable. In fact. Those which could be entered on the chart itself. should be recorded in the chart. This will depend upon the details that the auditor can get from the section head or by a process of verification on the basis of the rough flow chart. if the billing section makes the calculation of the sales tax payable by customer. on a flow chart on production you may have to narrate how production orders are initiated. sales with sundry debtors and collection. incorporating questions. the answers to which are to be looked into from the flow chart. at several stages new documents may be added. a questionnaire is also is also enclosed with a flow chart.5 Lehman Brothers Holding filed for Chapter 11 bankruptcy protection following the massive exodus of most of its clients. It should. The keying symbol should be placed by the side of the document and the narration at the bottom. In context with this case. the questionnaire is a guide for the study of a control system through flow charts. Generally.

2008. investment management. However. participated in business in investment banking. Lehman Brothers' investment banking and equities businesses in Europe and the Middle East. Hong Kong and Australia. On September 15. the firm filed for Chapter 11 bankruptcy protection following the massive exodus of most of its clients. 2008. a court-appointed examiner. Neuberger Berman Inc.. It was a primary dealer in the U. Inc. the British bank Barclays announced its agreement to purchase. published the results of its year-long investigation into the finances of Lehman Brothers. Aurora Loan Services. a revised version of that agreement was approved by Judge James Peck. subject to regulatory approval. Lehman's North American investment-banking and trading divisions along with its New York headquarters building. This practice was a type of repurchase agreement that temporarily removed securities from the company's balance sheet. with regional headquarters in London and Tokyo. until declaring bankruptcy in 2008. research and trading. and the Crossroads Group. The filing marked the largest bankruptcy in U. as well as. was sold to its management on December 3." On March 11. The deal became effective on 13th October 2008. private equity. Nomura Holdings announced that it would acquire Lehman Brothers' franchise in the Asia Pacific region. Creditors of Lehman Brothers Holdings Inc. now known as Neuberger Berman Group LLC. Lehman Brothers' investment management business. The firm's worldwide headquarters were in New York City. It is the fourth largest private employee-controlled asset management firm globally. During the week of September 22. including Japan. FSB. history. Its primary subsidiaries included Lehman Brothers Inc. retain a 49% common equity interest in the firm. The Capital Group Companies and Wellington Management Company. 2010. SIB Mortgage Corporation.. was a global financial services firm which. these deals were described by Lehman as the outright sale of securities and created "a materially misleading picture of the firm’s financial condition in late 2007 and 2008. unlike typical repurchase agreements.Lehman Brothers Holdings Inc. Jenner & Block. drastic losses in its stock. 2008. as well as offices located throughout the world. This report revealed that Lehman Brothers used an accounting procedure termed repo 105 to temporarily exchange $50 billion of assets into cash just before publishing its . behind Fidelity Investments.S. The following day. and private banking. including Neuberger Berman. 2008..S. Treasury securities market. A March 2010 report by the court-appointed examiner indicated that Lehman executives regularly used cosmetic accounting gimmicks at the end of each quarter to make its finances appear less shaky than they really were. On September 20. equity and fixed-income sales. and devaluation of its assets by credit rating agencies. Eagle Energy Partners. Lehman Brothers Bank.

the former CEO. at the financial statement and assertion levels. In this unit. Auditor’s assessment of inherent risk. In Unit – 11. we will discuss how auditors assess those risks. we will also discuss the internal control system applied in Bank and Insurance companies. Banking and Insurance companies by nature entails a huge amount of risk and resultantly. Auditing is primarily related to forming an opinion on financial statements of an enterprise. what is „risk‟? In simple term „risk‟ is the variability of actual happening from the expected happening associated with a given event. states that: ”The objectives of the auditor to identify and assess the risks of material misstatement. Changes in operating environment. Size and complexity of the business. through understanding the entity and its environment. Way of documentation of business operations. Fuld. The action could be seen to implicate both Ernst & Young. thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. the bank's accountancy firm and Richard S. In financial world. For forming an opinion. Naturally that means he is taking a risk. auditor has to rely on the accuracy and reliability of financial data and the effectiveness of internal control system.The nature and extent of the procedures performed by the auditor to obtain an understanding of the accounting and internal control systems generally depend on: • • • • • Nature of policies or kind of procedures. In this unit. “Identifying and Assessing the Risk of Material Misstatement Trough Understanding the Entity and its Environment”. Risk Assessment is an important dimension of internal control system. This could potentially lead to Ernst & Young being found guilty of financial malpractice and Fuld facing time in prison. In this we will discuss about various dimensions of internal control. including the entity’s internal control. you are thinking. The auditor should make a study of internal control relevant for his audit. SA 315. Jr.” Obviously. Internal Control and Risk Assessment:. Although most controls related to audit are relevant for financial reporting but all controls . This will help the auditor to reduce the risk of material misstatement to an acceptably low level. you have learned how to evaluate internal control system. risk is the variability of the actual return from the expected return associated with a given asset.financial statements. whether due to fraud and error. internal control systems in context of these organizations have special importance for sound business operations.

influences the nature. The auditor. inherent risk and control risk are highly interrelated. Also management often reacts to inherent risk situations by designing accounting and internal control systems to prevent and detect mis. the auditor should consider the initial assessment of control risk (in conjunction with his assessment of inherent risk) to determine the appropriate detection risk to accept for the financial statement assertions. The higher the assessment of inherent and control risk. Internal controls. It is the judgment of auditor to decide whether a control individually or in combination with other is relevant for audit or not. The assessed levels of inherent and control risks cannot be sufficiently low to eliminate the need for the auditor to perform any substantive procedure for significant account balance and transaction classes. the more assurance the auditor must . regardless of the assessed levels of inherent and control risks the auditor should perform some substantive procedures. Auditor normally classified audit risk for assessment into control risk and inherent risk. Inherent risk signifies the chances that recording of transactions have been done either erroneously or under the influence of management fraudulent activity. even if fairly simple and unsophisticated. timing and extent of substantive procedures to be performed to reduce detection risk to an acceptable level. the auditor may have obtained evidence about the effectiveness of bank reconciliation process through inquiry and observation). in forming his opinion on financial information.relevant for financial reporting may not be relevant for audit. Assessment of control risk Assessing control risk is the process of evaluating the effectiveness of an entity‟s accounting and internal control systems in preventing or detecting material misstatements in the financial statements. consequently.statements in such situations. may contribute to the reasonable assurance the auditor seeks. in obtaining understanding of the system pertaining to cash. As a result. Control risk signifies that a material misstatement could occur but would not be prevented or detected by internal control system.g. together with the inherent risk assessment. there is a possibility of inappropriate risk assessment. needs reasonable assurance that transactions are properly recorded in the accounting records and that transactions have not been omitted. After having a basic idea of the accounting and internal control system. When planning the audit approach. Some of the procedures performed to obtain understanding of the accounting and internal control systems may not have been specifically planned as tests of control but they may provide evidence about the effectiveness of both the design and operation of policies and procedures relevant to certain assertions and. The auditor’s control risk assessment. if the auditor attempts separately to assess inherent and control risk when they are highly interrelated. Consequently. audit risk may be more appropriately determined in such situation by making a combined assessment. the auditor should make an initial assessment of control risk for the appropriate assertions in the financial statements. serve as tests of control (e. Relationship between the assessments of inherent and control risks: In many cases.

analyzed. the auditor should also consider whether substantive procedures will provided sufficient assurance to reduce detection risk to an acceptable level. investments etc. (b) Details of the methods and procedures followed by the auditor during such examination. “Documentation”. he should either qualify or disclaim the opinion or. fixed assets. Ans:. issued by the Institute of Chartered Accountants of India. Working papers are the documents based on which the auditor expresses his knowledge of accounting principles and procedures as applied in the preparation of reports. records. customers. 6 Explain the importance of working papers. . The evidence may be physical or documentary. Certificate from an authorized official with regard to inclusion of all outstanding assets and liabilities in the final accounts. Correspondence with debtors. bankers. examined and pieced together to reach reasonably logical and verifiable conclusions. statements and analysis of business information. withdraw from the engagement. creditors etc. Certificates of officials with regard to bad debts. analyze and examine adequate evidence which stands the test of logic and veracity. and (c) Conclusions reached by him as regards the objects of the audit. When both inherent and control risks are assessed at a high level. audit working papers consists of: (a) Evidence obtained during the audit examination. if this is not practicable. or the system of internal control operated by the enterprise under audit.obtain from the performance of substantive procedures. and confirmations obtained from them. Q. The working papers serve as the proof of how the relevant evidence was obtained. When the auditor determines that detection risk cannot be reduced to an acceptable level. and in the form of books of account. The following are various important working papers: • • • • • • Audit programme Schedule of debtors and creditors. Certificate as regards quantity and value of stock in trade.Important Working Papers :According to SA 230. To form his opinion as regards the informations in the financial statements the auditor has to select.

administering and review of the work. Division of labor: Working papers help in appropriate division of work among the audit staff. from the original records to the financial statements. and shareholders. Even where the audit work extends to different offices or branches of the client. leases etc. though on a sample basis. If the validity of the auditor’s opinion. They are the supporting evidence that the audit was conducted as per the generally accepted. leaving no question raised therein unanswered. assertion or recommendation as to the financial statements is later questioned. and then working papers prepared at each place may be compiled at the central office to have an overall view of the work. controlling. Working papers also constitute the basis for making rectification and adjustment entries. auditing standards and practices. Trial balance Copies or excerpts from the minutes of the meetings of Board of directors. Draft of audit report and the final copy. Copies or excerpts of significant contract. The progress of the work can thus be effectively monitored even where the audit work extends to different offices or branches of monitored. • • • . The importance of working papers is due to following reasons: Planning. organizing. in case his own records are lost. This is because an auditor’s work mostly consists in tracing the business transactions. Use as permanent record: Working papers constitute a permanent record of auditing procedure employed.• • • • • • Adjustments entries in the journal Particulars of investments. Bridge between original transactions and financial statements: Working papers provide an important link between original transactions and the financial statements. control and review of audit work: Working papers provide a means of planning. organization. and vice versa. or separate audit programmes may be prepared for each place. and the financial records examined. working papers can be produced as an evidence to establish the said opinion or assertion. depreciation etc. They also provide a proof that generally accepted auditing standards and practices have been duly followed in the conduct of work. The client can make use of these. • Basis of auditor’s opinion: Working papers are the basic documents for the report of the auditor. The auditor should therefore ensure that the working papers are conclusive and complete in every respect. the audit programmes may be divided into so many parts. in the sense that different working papers may be made the responsibility of different audit clerks under the supervision of a senior clerk or the auditor himself.

Comments as to the working of the internal control system will also be found in working papers relating to audit tests in respect of each aspect of the enterprise. the auditor may come across certain situations or conditions in the pattern of management of the client’s business which. may nevertheless be useful in future planning. working papers facilitate an in-depth review of the internal control system. though not directly connected with his work and. They serve as an index to the auditor’s ability to plan and organize the audit. he has to take decision as to the nature of evidence to be obtained and the tests to which evidence should be subjected. Basis for further work: In the course of his examination. • • . because at each stage of audit. Basis for evaluation and training of audit staff: Working papers provide a means to test whether the auditor and his staff have done their jobs as per the required standards.• Basis for review and revision of internal controls: Internal control questionnaires form part of the working papers. Thus. which forms the basis of recommending suitable changes therein. being outside the purview of his report. therefore. the notes and analysis prepared by the auditor as part of his working papers may also prove useful to the client in several other areas. Thus. Review of the past year’s working papers and reports submitted by senior audit clerks can also be used as a basis to provide the required training to the staff.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->