Professional Documents
Culture Documents
DEPARTMENT OF ACCOUNTANCY
AUDITING 300/BCTA
2011
QUESTION 1
(25 MARKS)
Mr Ntato Mokonane achieved his lifelong dream when he opened his own restaurant, The
Proud Peacock, in partnership with his brother-in-law, Mr Xolile Xosi. The restaurant has
been open for 18 months and has proved to be very popular. Mr Mokonane has asked you
to advise him on the controls he should have in place in his restaurant.
Your initial enquiries have revealed the following:
The restaurant employs a cashier, four permanent waitresses, a barman and a
second chef (to fill in on the nights that Mr Mokonane is off duty).
The waitresses are currently paid a basic wage of R100 per night and whatever they
can earn in tips.
All food and drinks orders are recorded on pre-numbered order pads. Each waitress
has her own unique sequence.
The restaurant has a set menu selection that is changed once a quarter.
On completion of their meal, customers are required to proceed to the cashier and
quote their table number. The cashier then rings up the cost of the meal using a copy
of the waitress's completed order form. The cash register is situated at the exit point.
Mr Mokonane has expressed interest in computerising his business. He has identified the
Pastel Point of Sale software package as being the most appropriate to the restaurants
needs. He has indicated that he is planning to replace the current cash register with a
computer terminal linked to a cash drawer and to install a terminal in his office which will be
used for recording all other accounting activities. Initial enquiries about the software have
shown that it is a reliable package with adequate access control features.
QUESTION 1
(SUGGESTED SOLUTION)
a) Access controls:
The terminals should be situated in such a manner that only staff members have access
thereto.
(1)
Each user should be assigned a unique user ID and password that should be contained
in the access table of the operating system.
(1)
The access table/ user matrixes should define each users access privileges according
to the least privilege principle i.e. only grant access to a user for those applications that
he requires in order to perform his duties.
(1)
Only Ntato should have access to the access table in order to change a users privileges.
(1)
Upon logging in the user should be authenticated by means of a password that is: (1)
o
Unique
o
Confidential
o
Changed regularly
(2)
The system should also provide for:
o
Automatic shutdown in the event of illegal access attempts (e.g. no more than 3
incorrect password attempts)
(1)
o
Time-out facilities (shutdown or password controlled screen savers) in the event of
non-activity for a period of say 3 minutes.
(1)
Automatic logging of all access and access violations.
(1)
These logs should be reviewed on a daily basis by Ntato.
(1)
Only Ntato should have access privileges to these logs
(1)
Encryption of confidential information, for example, passwords.
(1)
Maximum (10)
Accuracy:
Automatic pricing of sales according to prices on the menu masterfile.
(1)
Limit check (any valid example) eg. that cash received is not less than the amount
due.
(1)
Alphanumeric and field size checks on all input fields (any valid examples). (1)
Reasonableness testing (any valid examples) eg. On quantities ordered.
(1)
Automatic calculation of price x quantity and calculation of change by computer.(1)
Format tests on sales codes (or other valid examples).
(1)
Screen tests by cashier.
(1)
Dependency tests eg. Sales only accepted if waitress code is entered (any other
valid examples).
(1)
Field size tests eg. On table number (or other valid examples).
(1)
Completeness:
(1)
(1)
(1)
(1)
(1)
Maximum (13)
Presentation (2)
(1)
QUESTION 2
(55 MARKS)
Mavericks & Co is stock brokers on the Johannesburg Securities Exchange (JSE). The
following computer-based client transactions are used by the firm to purchase shares on behalf
of their clients:
1)
2)
3)
4)
Set out in point form the weaknesses in internal controls identified in the above
scenario.
(21)
b)
Suggest internal controls which would increase the reliability and effectiveness of the
system and therefore eliminate the weaknesses identified in the internal controls of the
company.
(26)
c)
List the risks associated with electronic data transfer, if the firm wishes to make use of
Electronic Data Transfer (EDT) to load the transactions directly from the JSE's system
on to the firm's system.
(5)
Presentation (3)
QUESTION 2
(SUGGESTED SOLUTION)
WEAKNESS
INTERNAL CONTROL
Completeness
No completeness control (e.g. number
sequence) is performed on the brokers notes.(1)
(1)
Accuracy
No comparison of the brokers note with the
client's original demand.
(1)
(1)
No controls exist to ensure that queries are
followed up properly.
(1)
(1)
Validity
No controls procedure to ensure that only the
debtors manager opens new accounts. (1)
(1)
Maximum (21)
Maximum (26)
c) Risks of EDT
1
2
3
4
5
6
(1)
(1)
(1)
(1)
(1)
(1)
Maximum (5)
Presentation (3)
QUESTION 3
(10 MARKS)
You are the auditor of Cologne For Men (Pty) Ltd. This company imports mens cologne from
all over the world, but mainly from Europe and the USA. Inventory is generally kept in the
companys warehouse for an average of one month, before being sold to cosmetic stores.
These cosmetic stores are located in Johannesburg, Durban and Cape Town. A decision
was thus taken a number of years ago to set up branches in Durban and Cape Town (the
companys head office is in Johannesburg). Grant Cornish heads up the head office in
Johannesburg, while Nicole Soares heads up the Durban branch and Wade Manthe, the
Cape Town branch. These branches are connected to the Johannesburg head office via an
extended real-time network system. All of the application programmes and general ledger
have been computerised
You have been given the responsibility to perform the audit of Inventory.
Inventory:
You have already attended the inventory count and all audit work in respect of the inventory
quantities that appear in the final inventory list has been completed. You only have to
complete the audit work on the valuation of the inventory including the provision for slow
moving inventory and cut-off.
From the systems description, you obtained the following data fields that exist for the
inventory valuations, movements and ageing:
Product number
Product category
Description of the item
Location
Quantity on hand
Average age (in days) of inventory
Selling price
Cost price
Inventory movements between the stores and branches and
between branches
* document number
* date
* quantity received or despatched
* whether inventory is still in transit
Date of last inventory count
Date on which there was last a movement in the inventory
item
10
QUESTION 3
(SUGGESTED SOLUTION)
REPORT
Report that separates the stock into categories
and prints it according to ageing in which
inventory last moved
(1)
Report of last movements before year end in
each location
(1)
Report that shows the quantity items on hand
and multiplies it with the cost price per item to
get a total
(1)
Report of inventory totals per category of
inventory
(1)
OBJECTIVE
Gives the values of stock by age to assist with
the provision of stock calculation
(1)
Testing cut-off at year-end
(1)
11
QUESTION 4
(40 MARKS)
PART A
(20 MARKS)
Ms OG Seatle Maitse achieved her lifelong dream when she opened her own restaurant,
Complex 49, in partnership with the love of her life, only known to most as Jingles. The
restaurant has been open for 22 months and has proved to be very popular.
Ms Seatle - Maitse has expressed interest in computerising her business. She has identified
the Pastel Point of Sale software package as being the most appropriate to the restaurants
needs. She has indicated that she is planning to replace the current cash register with a
computer terminal linked to a cash drawer and to install a terminal in her office which will be
used for recording all other accounting activities. Initial enquiries about the software have shown
that it is a reliable package with adequate access control features.
Being new to this computer environment topic, Ms Seatle Maitse was not quite sure of what
exactly she should expect as characteristics of a CIS environment and was hoping that you
could also assist her regarding this query.
YOU ARE REQUIRED TO:
a) Discuss the controls that you would have expected to find during the development and
implementation of the new Pastel Point of Sale software system.
(10)
b) State what advice you would offer to Ms Seatle - Maitse, as to controls which should
be implemented so that the restaurant will be prepared in the event of any disasters
occurring in the future;
(10)
PART B
(20 MARKS)
As part of your period audit of Big Shots (Pty) Ltd, you identified inventory as a significant
balance and would like to perform detail procedures on the balance.
You have already gathered the following information about the inventory:
Big Shots has a central warehouse in Johannesburg and 12 distribution warehouses
spread throughout the country.
They (Big Shots) uses a fully computerised inventory system which is able to
determine inventory quantities for any item at any warehouse at any time by adding
and deducting quantities sold, transferred and adjusted.
The system determines the cost of inventories on a weighted average basis.
The system has not changed significantly over the last year and no major changes
are expected in the immediate future.
You have established that your in house audit retrieval software (CAAT) package is fully
compatible with the clients system.
YOU ARE REQUIRED TO:
a) List the possible functions of your audit retrieval software.
(5)
b) In relation to the above, list how you would use the functions of the softwares
capabilities to audit the inventory system
(13)
PLEASE NOTE: a) and b) should be answered in a tabular format.
Presentation (2)
12
QUESTION 4
(SUGGESTED SOLUTION)
Part A
a) Program development and implementation controls
1.
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
2.
3.
Implementation
The conversion must be planned:
prepare date and time schedules for conversion;
(1)
cut-off points must be determined;
(1)
the conversion method must be defined (parallel, launch, direct).
(1)
Preparation for conversion:
preparation of files with standing data on the new system;
(1)
training of staff in respect of the use of the new system;
(1)
the preparation of the premises (constant power supply/airconditioning, etc.).
(1)
Control over the conversion by the data control group:
supervision by competent senior management;
(1)
the auditors should also be involved.
(1)
MAXIMUM (10)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(MAXIMUM 10)
Part B
Uses of Audit Retrieval Software
Castings and Calculations
(1)
(1)
Selection
(1)
(1)
(1)
(1)
Stratification of balances
(1)
14
(1)
General
(1)
(1)
15
QUESTION 5
(20 MARKS)
PART A
(10 MARKS)
You are the second year clerk on the audit of Top Fashions (Pty) Ltd. For the 28 February
2011 period end audit you are responsible to evaluate the internal controls over the sales
order entry system. You have obtained the following information:
16
PART B
(10 MARKS)
Top Fashions (Pty) Ltds sales are on credit and the sales have improved in recent years
due to the directors constantly monitoring sales patterns and fashion trends. All account
receivable records are maintained at head office. The account receivable system is fully
computerized.
You have identified that the following data fields exists in the accounts receivable system:
Account number
Debtors name
Address
Credit rating dependent on new customers introduced, length of service, regularity of
payments
Credit limit
Aged outstanding balances:
o Current
o 30 days
o 60 days
o 120 days
o 150 days
o 180 days
o Over 180 days
Total balance outstanding
Date of last purchase, invoice number and amount
Date of last payment, receipt number and amount
Sales month-to-date
Receipts month-to-date
Sales year-to date
Receipts year-to-date
YOU ARE REQUIRED TO:
List the reports that you would extract from the accounts receivable master file using your
audit retrieval software. Give reasons for the selection of each report.
(10)
17
QUESTION 5
(SUGGESTED SOLUTION)
2.
The computer matches the delivery notes with the order and print a list of
outstanding orders:
(1)
it is followed up by management.
(1)
3.
4.
Accuracy
1.
(1)
(1)
Existence testing
-
(1)
(1)
Check digits
(1)
(1)
2.
Calculations
-
PART B
REPORT
Printout of selected items for testing
Printout of circularisation requests
Report of payments after year end
Printout of
balances
negative
total outstanding
19
QUESTION 6
(35 MARKS)
You were recently appointed the auditor of Original Living Ideas Ltd (OLI), an entity that
listed on the JSE. The company operates a number of designer furniture store outlets
situated in Rosebank, Sandton, Hyde Park and Randburg. OLI has a financial year end of 31
May. It is the first year that you will be auditing OLI. The audit committee has informed you
that the audit has to be completed by 20 June 2011. As the financial statements will be
required by NBOSA, the companys bankers, on 25 June 2011 to review whether OLIs loan
facility should be renewed.
As part of your risk assessment procedures, during the planning of the audit, you
documented the following regarding the fully computerised system used by OLI:
OLI receives designs for furniture from a number of well-known interior decorators. These
are appraised and the most popular furniture is manufactured according to the latest lifestyle
trends. The furniture is stored in a central warehouse and distribution takes place from this
point. The various stores only hold furniture for display purposes to encourage the public to
order a specific piece. Once ordered the piece is dispatched from the warehouse for delivery
to the customer.
During the current year OLI launched a new on line sales platform that allows customers to
order furniture electronically via the Internet. Orders that are received via the internet are
also distributed from the warehouse for delivery to customers. Customers specify the date
and time of delivery on their orders. Upon delivery of the furniture the customer also receives
an invoice from OLI which includes all packaging and delivery costs. The company does not
make any cash or credit card sales. The customers account is debited before delivery takes
place.
OLI uses a central file server situated at their head office in Killarney to control the system.
The store outlets and central warehouse facility use an electronic data interchange hub
through on-line terminals to connect to the system. This allows terminals at each outlet to
form part of a wide area network and integrate with the central database mainframe on a real
time basis. You noted that no back up of the system was maintained and there is also no
data recovery plan in the event of a disaster.
Store orders that are captured by a sales rep in the store, are processed after verifying all
client information. The sales reps may make changes to the customer masterfiles if any
details have altered. When an order is received at a store outlet it is entered via a terminal
into an orders pending file at which time it is given a sequential number. This file links with
orders received via the internet sales platform so that all orders generated run sequentially.
The system automatically generates a cross referenced picking slip after verifying stock
availability.
This slip can be printed out at the store and warehouse. If there is no stock available a
picking slip will not be generated and an error report can be generated of all orders with no
stock availability. The warehouse clerks pick stock, package it for delivery, update the
orders pending file and a combined invoice/delivery note is automatically generated for
those items picked. Should an item not be available then the order remains in the orders
pending file and appears on daily outstanding orders report.
The directors of OLI have raised a concern with you about an incident that occurred shortly
after the launch of the new internet sales system. A customer has denied his obligation to
make payment claiming that he did not place an order with OLI at anytime or receive any
furniture. The directors would like to know which controls should be present in the system to
prevent unauthorised orders being placed by a person using customers details (personal
information) without their knowledge or consent.
20
(a)
(b)
Describe the controls required to ensure that changes made to customers standing
data are complete, accurate and valid.
(15)
21
(20)
QUESTION 6
(SUGGESTED SOLUTION)
Part (a)
NON-IT RISKS:
1. Company Listed on the JSE:
Risk of non-compliance with stringent JSE listing requirements; complex reporting
requirements as auditor has to report on companys adherence to JSE listing
requirements
(1)
Risk that client overstates assets and profits to retain listing status
(1)
2. New audit client
Risk that opening balances may be misstated
(1)
Risk that accounting policies may not be consistently applied
(1)
Risk that we as auditors will not identify misstatements as we are unfamiliar with the
client
(1)
3. Tight audit deadline
Risk that post balance sheet date events might not be identified
(1)
Risk that financial information may be incomplete
(1)
Risk that creditors and provisions may be understated -statements not received in
time
(1)
4.3rd Party reliance
Risk of legal liability i.t.o S46 as we are aware financial statements will be used by
NBOSA
(1)
IT RISKS:
5. Fully Computerised environment: (General Risks)
Risk that weak general controls could affect the continuity of processing (1)
Risk that a weak control environment exists because:
(1)
o Management is not committed to proper IT governance,
(1)
o There is no backup / data recovery plan
(1)
Risk that weak application controls could affect the completeness, validity and
accuracy of recorded transactions
(1)
Risk of errors and ineffective programmed controls because of a lack of user training
(1)
Risk that there will be an absence of input documentation
(1)
Use of WAN increases risk of unauthorised access; changes to transactional
data/masterfiles
(1)
6. On-Line System
Risk that there will be inadequate audit trails providing evidence of authorization
(1)
Increased risk that there will be unauthorised use of the computer:
- Unauthorised changes made to transactions / balances
(1)
- Unauthorised access to data
(1)
- Unauthorised processing of data resulting in update of incorrect data to
system
(1)
Risk that masterfiles are amended without the necessary authorization
(1)
Risk of corruption of data due to concurrent processing
(1)
7. Real Time processing of transactions:
Risk that incorrect data processed onto the system
Risk of data loss due to any interruption during processing (no backup)
22
(1)
(1)
23
Part (b)
MASTERFILE CONTROLS:
Completeness:
All changes to customers master file data should be:
o Requested in writing on a pre-numbered, pre-printed master file amendment form
(1)
o Master File amendment forms should be designed to facilitate the capturing of all
data
(1)
o Any unused Master file amendment forms should be subject to standard stationery
control protocol (under lock and key; the responsibility of a designated staff member
with appropriate authority)
(1)
Changes to Master files should be reconciled:
o To a list/register of requested amendments (completeness)
(1)
o To the master file amendment forms (accuracy and completeness of changes)
(1)
o All outstanding items/ exceptions should be followed up by management
(1)
o To supporting documentation (minutes of meeting/contract with customer)(1)
Accuracy:
All master file changes should be logged by the system
o This activity log should be reviewed by management on a regular basis
(1)
(1)
All changes made to standing data should be agreed to authorised master file amendment
forms
(1)
Programmed Input validation tests/ edit tests should be carried out:o Alpha-numeric and field size checks on customer account numbers; ID numbers
o Missing data checks
o Reasonableness checks on ID numbers
o Recordcounts
o Any other valid edit check
max=3
Validity:
All proposed masterfile amendments must be authorised in writing by two senior officials
(1)
All amendments should be reviewed by management before; during and after
implementation
(1)
Write access to masterfiles should be restricted to authorised personnel by means of user
ID, passwords and terminal ID controls
(1)
General:
All changes to customers master file data should be made off-line and only go live
after approval and testing
(1)
The master file should be reviewed regularly by management
(1)
The masterfile data should be encrypted and kept in a library with strict access
control
(1)
Adequate backup procedures should be implemented in order to recover standing
data in the event of data corruption during an amendment
(1)
Password Controls
(1)
MAXIMUM (15)
24
QUESTION 7
(50 MARKS)
You have been the external auditor responsible for the audit of Africhem Limited (Africhem)
for the past three years and have been reappointed to perform the audit for the reporting
period ended 30 June 2011.
Africhem is a company listed on the Johannesburg Security Exchange (JSE) and is South
Africas oldest producer of chemical products to the farming industry. Africhem apply
innovation and technology to help farmers to produce higher quality products to the public.
They assist farmers in producing healthier foods, better animal feeds and more fiber, while
also reducing agriculture's impact on our environment.
Africhems head office is located in Bloemfontein, and has multiple branches around South
Africa. The locations are variously administrative and sales offices, manufacturing plants,
seed production facilities, research centers, and learning centers all part of the corporate
focus on agriculture and supporting farmers.
Africhems accounting system is fully computerised. This system is an integrated complex
application which minimises the use of hard copy documents wherever possible and handles
a high volume of transactions on a daily basis. The system makes use of real time
processing.
Your first year audit clerk George Clooney was responsible for documenting the
understanding of the internal control environment of the purchase system and Meg Ryan,
the senior audit clerk, was responsible for documenting any audit differences identified
during the audit that could affect the audit opinion.
The following documents are attached:
WORKING PAPER
REFERNCE
C4
C6
DESCRIPTION
Purchase system Internal controls
Audit differences
25
Reviewed by:
Date:
C4
YES
NO
Organisational and management controls
Is there proper segregation of duties?
Are levels of responsibility clearly defined?
Are proper policies in place regarding staff recruitment
and training?
Are there proper controls in place around virus
protection?
Does the system automatically generate reports for
management review? For example:
Exception reports (fluctuation in purchase
volumes; significant purchase orders; material
price variations).
Management information reports (audit trial;
deviations from budgets).
Performance-related reports (stock-outs; supplier
performance; delivery lead times).
Logical access
Does the system provide the following logical access
control?
The user is required to input an ID and password
combination in order to gain access to the
application.
Effective password controls around the use of
passwords.
Menu selections displayed are restricted based
upon the access privileges defined by the user ID.
User access rights are restricted to those
processing functions and data files required for
the users normal duties.
Changes to user access rights are automatically
reported for review by management.
Logon IDs are automatically disabled/revoked
after a prescribed number of logon failures, a set
period of inactivity, or when employees resign or
relocate within the organization.
An activity log for review by an authorized person
is generated in respect of unauthorized access.
Physical access
Is the following physical access controls in place?
Access controls to the computer hardware.
Access control to the terminals.
Access controls to programs and data files.
Manual logs and review of logs.
Screening and training of staff on physical access
controls.
Emergency access controls.
27
Reviewed by:
Date:
C6
Audit differences
One of Africhems major branches that is situated in Kroonstad commenced the
manufacturing of a highly toxic chemical and two months before year end two of the
employees working at this branch died after falling seriously ill. The initial investigation into
their deaths suggested that they were victims of chemical poisoning suffered from working
with the toxic chemicals. A government investigation was instituted on 15 May 2011.
At the last directors meeting for the current reporting period the directors of Africhem took
the decision to close the branch in Kroonstad, with immediate effect, until completion of the
government investigation. The board of directors also took the decision that should the
government investigation indicate that the employees illness and death was directly
attributable to their work conditions at the branch, the Kroonstad branch would remain
closed permanently. In addition a firm of attorneys has instituted legal proceedings against
Africhem on behalf of the family members of the two employees. We have established that
should the government investigation connect the employee illness to the companys process,
the employees family members will in all likelihood be successful in their actions against the
company.
Through discussions with the companys financial manager, Julia Roberts, we have been
informed that the company has decided to treat the matter as follows in the financial
statements for the period ended 30 June 2011:
No reference to the temporary or possible permanent closure of the branch will be
made. However full disclosure will be made to the shareholders at the annual general
meeting.
The following note will be included:
o The company is the defendant in a lawsuit brought against it by two
employees. The case concern health problems allegedly caused by the
employees work environment at the Kroonstad branch. The total claim is R2
500 000 but it is at present impossible to determine the outcome of the
litigation.
The going concern ability of Africhem is in no way threatened by this matter. All other
aspects of the audit have been satisfactorily dealt with. The outcome of the government
investigation is expected to take some months.
YOU ARE REQUIRED TO:
a)
Refer to working paper C4 and list the general computer controls relating to the
purchasing process that have not been included in the internal control questionnaire.
(30)
b)
Describe the audit strategy for the audit of the reporting period ended 30 June 2011,
taking into consideration that Africhem has a fully computerized environment. (9)
c)
Refer to working paper C6 and discuss fully the audit report that you would consider
appropriate should the directors treat the matters in the financial statements in the
manner indicated by the financial manager.
(9)
Presentation (2)
28
QUESTION 7
(SUGGESTED SOLUTION)
(1)
Other considerations:
o Changes to the system should be backed up.
(1)
o Training of users in respect of the use of the updated system.
(1)
o Post-implementation reviews should be performed on the changes.(1)
Computer operating controls:
There must be scheduling of processing which is regularly reviewed.
Set-up and execution of programmes must be in place:
o This must be done my competent persons
o Assisted by means of a procedure manuals/instructions.
o Regularly tested.
o Constant supervision and review over this process.
Ensure the use of correct programmes and data files.
(1)
(1)
(1)
(1)
(1)
(1)
MAX (3)
(1)
(1)
(1)
(1)
(1)
MAX (3)
Database systems:
o Access controls around database system.
o Supervision and review (by database manager).
o Documented policies.
(1)
(1)
(1)
MAX (2)
Processing on microcomputers:
o Control over software.
(1)
o Programs written internally are tested and should be documented. (1)
Business Continuity Controls
Emergency plan and disaster recovery procedures:
o Establish procedures in respect of procedures and responsibilities in case of
a disaster.
(1)
o Prepare a list of files and data to be recovered in the case of a disaster.
(1)
o Provide alternative processing facilities.
(1)
o Plan, document and test the disaster recovery plan.
(1)
MAX (3)
Backups:
o Backup data files regularly on a rotational basis.
(1)
o Perform on-line or real-time backups.
(1)
o Store copies of backup files on separate premises.
(1)
o Have hardware backup facilities.
(1)
o Store backups in a fireproof safe.
(1)
o Policies around retention of files or records
(1)
MAX (4)
Other controls:
o Adequate insurance.
o On over reliance on staff.
o Virus protection controls
o Physical security measures
o Cable protection.
(1)
(1)
(1)
(1)
(1)
MAX (2)
30
(1)
(1)
(1)
MAX (2)
Program Libraries:
o Access to backup programmes controlled by access software
(1)
o Passwords
(1)
o Updating must be authorized
(1)
MAX (2)
Utilities:
o Stored separately
(1)
o Use logged and reviewed
(1)
MAX (1)
TOTAL MAXIMUM (30)
b) AUDIT STRATEGY
Africhem has a fully computerized environment which will have the following influence on the
audit strategy for 2010:
Obtain a thorough understanding of the clients internal control and information
systems environment
(1)
An combined audit approach should be considered due to the following:
(1)
o Complex computer system
(1)
o High volume of transaction
(1)
o Less hard copy evidence available
(1)
o Transactions are generated automatically
(1)
Combined audit approach could only be used when reliance can be placed on the
companys internal controls
(1)
If reliance cannot be placed on the internal controls more extensive substantive
procedures will have to be performed.
(1)
Following an combined audit approach (if reliance can be placed on controls) will
include:
o Testing the general computer controls
(1)
o Testing the application controls
(1)
o Above can be performed by auditing through the computer
o Performing limited substantive procedures
(1)
o Above can be performed by auditing with the computer
o Controls will be tested throughout the period of reliance
(1)
Effective function of general computer controls is a pre-requisite for the effective
function of application controls.
(1)
Consider the use of CAATS in performing of audit procedures.
(1)
Consider the use of experts.
(1)
MAXIMUM (9)
31
c) AUDIT REPORT
ISSUE 1: LITIGATION
The treatment of the pending litigation is satisfactory, no adjustment (provision) to
the financial statements need be made as the outcome of the case is unknown,
and damages cannot be reasonable quantified.
(1)
However the wording of the note (disclosure) is inaccurate and inadequate and
appears to be an attempt to play down the matter especially in view of the directors
intention not to make any reference to the closure of the branch.
(1)
Therefore an uncertainty exist which has not been adequately disclosed. (1)
This represents a disagreement on inadequate disclosure of the matter.
(1)
The disagreement is material to the fair presentation of the AFS, but not pervasive.
(1)
A qualified audit report will be required.
(1)
ISSUE 2: TEMPORARY/PERMANENT CLOSURE OF BRANCH
This matter should at least be disclosed as the financial statements should deal with
every fact or circumstances material to the appreciation of the state of the company
affairs. (AFS should present fairly)
(1)
It is also possible that losses may rise out of the temporary closure of the branch
(penalties, labour disputes).
(1)
In addition at period end there is uncertainty about the future of the branch (could
be permanently closed down). This is vital information for the users.
(1)
There is no need to treat this as a closure of a division as there has been no
implementation of a permanent closure or other known costs.
(1)
Therefore a disagreement exists on the failure to disclose the matter.
(1)
The matter is material to the fair presentation of the AFS, but not pervasive. (1)
A qualified audit report will be required.
(1)
MAXIMUM (9)
PRESENTATION (2)
32
QUESTION 8
(50 MARKS)
You have recently been promoted to manager in the computer audit division of RGL
Incorporated (hereafter RGL), a well established medium size auditor firm situated in
Sandton, Johannesburg. RGL is part of a global organisation of independent professional
service firms, united by a common desire to provide the highest quality of services to their
clients.
RGL has grown steadily since its inception on 1 March 1982. The RGL network is a mediumsized professional services organisation. This growth has been attained primarily through a
reputation of giving sound professional advice and formulating trusted confidential business
relationships. RGL has a broad-based clientele which includes local and national clients, as
well as international clients of both a personal and corporate nature. One of their clients is
LaVee (Pty) Ltd (hereafter LaVee), a medium sized company in the domestic foods market.
The company has a 30 June period end and this year will be the first year that RGL has held
the appointment as auditor.
LaVee has a number of food production facilities spread around Gauteng with the head
office situated in Isando. The company has fully integrated computerised financial
accounting and management reporting systems which were developed some years ago. The
systems were developed in-house to ensure that the complex procedures and controls
required by the directors of LaVee could be incorporated. Most of the data processing takes
place at a data processing centre at the head office. The production facilities all have on-line
terminals linking them to head office and other branches which allows for real time
processing of certain applications.
Unfortunately things at LaVee did not get off to a great start. The senior manager on the
audit, Sechaba Mooi, has (like most of the other staff members) little experience in
computers and believes that auditing around the computer is perfectly adequate. The
planning meeting for the 30 June audit, in fact turned out to be Sechaba Mooi simply
issuing instructions to the audit team, with no mention of LaVees computerisation being
made at all.
On challenging Sechaba on this, he responded:
This firm adheres to the planning statement ISA 300 in developing the overall audit strategy.
This statement does not even mention the word computers which suggest to me that
auditing around the computer is a perfectly adequate approach to the audit.
Accounts receivable
Your concern regarding the approach was further justified when the third year audit clerk on
the audit, approached you to assist him with auditing accounts receivable around the
computer. He gathered the following information for the period end audit:
June 2010
June 2011
R 2 546 215
R 3 765 935
65 days
84 days
33%
41%
398
529
Outstanding
Accounts receivable as % of
current assets
Number of accounts receivable
33
All customers are supplied with a hardcover copy of the product catalogue from which they
can select the goods to be purchased from the company. Orders must be placed by phoning
the companys tollfree number. Calls are automatically directed to one of four clerks who
enters the order directly into the system.
In June 2011 RGLs computer division conducted an evaluation, including test of controls on
the revenue and receipts cycle, and found that the information produced by the system was
valid, accurate and complete.
The accounts receivable department is headed by Zama Zamini, the credit manager, and is
staffed by three debtors clerks. Zama reports to Joan Richardson, the financial manager.
The accounts receivable master file contains the following fields:
Fields
Account Number
Example
Name
July 2005
Total owed
R 35 001.90
Credit limit
R 36 000
Credit terms
60 days
S4359
East,
Soweto
To ascertain the allowance for credit losses at year end, a percentage of the amount
appearing in each of the aged fields is determined. The amounts are then added together.
These percentages are:
30 days 3%
60 days 7%
90 days 20%
120 days and over 30%
As in past, Joan is quite prepared to allow you to interrogate the accounts receivable master
file using RGLs generalised audit software and you intend to do so.
Possible expansion
During a casual conversation in the corridors of LaVee, Joan mentioned to you that they
(LaVee) are considering taking advantage of the business opportunities presented by E
commerce which she briefly explained as the buying and selling of products or services over
electronic systems such as the Internet and other computer networks. She has indicated to
you that she has done a detailed analysis regarding all the benefits E commerce presents to
LaVee but is still not sure of what the disadvantages or more in particular, the risks are of
conducting business via the internet.
34
(5)
For the remainder of the questions assume a different approach was adopted to that
suggested by Sechaba.
c) Describe the application controls that you would expect to find in place to ensure that all
orders are taken from customers are valid, accurate and complete
(15)
d) Identify the information which you would extract from the accounts receivable master file
to assist you in the audit of the allowance for credit losses. Describe how you would use
the information. Do not give audit procedures.
(11)
e) Assist Joan in setting out the risks of conducting business over the internet.
(10)
Presentation (2)
35
QUESTION 8
(SUGGESSTED SOLUTION)
a) Sechaba Moois decision to audit LaVee using the around the computer approach
Sechabas decision to audit around the computer is not sound because: (1)
The approach is only suitable where
o The system is simple; LaVees system is however:
Is an integrated financial accounting and management reporting
system.
(1)
Has a central processing department and a series of on line links to its
production facilities. Its system therefore complex not simple.
(1)
It is also unsound to ignore the power of the computer in conducting an audit.
(1)
It is also unlikely that RGL will attain a cost effective audit using this approach.
(1)
To use this approach no significant controls should be built into the system. LaVees
system is complex and includes significant controls in the system which realistically
cannot be ignored by the auditor of LaVee
(1)
A clear audit trail must exist to use this approach: Whilst this may the case in
LaVees case, this alone cannot facilitate the use of around the computer approach.
(1)
Due to the fact that company has wide spread branches which could be indicative of
a higher volume of transactions. Because of this, an around the computer approach
is also not sound.
(1)
The adoption of the approach is not consistent with the firms policy/intention to
adhere to the auditing standard ISA 300.
(1)
o The understanding the entity cannot be adequately completed without
obtaining a thorough understanding of LaVees computerisation. (1)
o ISA 315 requires that the clients internal control be thoroughly understood so
that the risk of material misstatement can be addressed.
(1)
o If this is not the done the audit strategy and plan will not reduce the level of
audit risk to an acceptable level.
(1)
The decision to audit around the computer cannot be justified on the grounds that the
manager (and the firm) have limited skills in computer audit if the firms does not
have the skills to perform the audit they should have declined the audit or have
obtained the skills of a computer auditor.
(1)
MAXIMUM (7)
36
Only the credit manager should have write access to remove a hold on the
customers account.
(1)
Programmed mandatory fields should be installed which enhance the validity
of the order, e.g. customer order number/name of buyer and date.
(1)
All telephone conversations should be recorded/information confirmed with
client.
(1)
All orders should be logged.
(1)
Completeness and Accuracy
Screen should be formatted to promote accurate and complete capture, e.g.
as an internal sales order.
(1)
Screen dialogue should be available to guide order clerk e.g. screen prompts
(1)
Programme checks should be done e.g.
o Alphanumeric check on the account number entered
(1)
o Limit checks on the credit available balance versus the amount
request for new goods
(1)
o Mandatory field such as completing fields such as account number,
goods purchased, stock code, etc.
(1)
All orders should be automatically sequenced.
(1)
Clerks should ask client to repeat order and compare this to the input screen
prior to proceeding with processing
(1)
Sequence testing should be performed by the system on all orders, and an
exception report should be printed for all gaps in the sequence.
(1)
o This should be followed up by Zama Zamini
(1)
MAXIMUM (15)
d) Extract from the accounts receivable master file to assist you in the audit of the
allowance for credit losses.
Extract printouts of:
A small random sample of debtors which reflects the aging of the amount owed
by the debtor.
(1)
Use: This would be used as a basis for checking the accuracy of the aging
(by tracing to source documents). Accurate aging is necessary as the
allowance is based on the aging fields.
(1)
All debtors:
o Where the balance owed exceeds the credit limit
(1)
o Where aging fields indicates that the debtor has exceeded his credit
terms.
(1)
Use: Each of these debtors would be discussed with Zama to obtain an
explanation of why the credit limits/terms have been exceeded and whether it
is an indication that the full amount will not be received from the debtor.
(1)
All the debtors for whom there is an entry in the status field
(1)
Use: From this list all debtors with a status problem which may affect the
collectability of the debt would be identified. Supporting documentation (e.g.
correspondence with attorneys, letters to the debtor) would be reviewed and
discussed with Zama.
(1)
Use firms software to re perform the casts and extract the totals of all numeric
fields on the master file.
(1)
Use: These totals would be used to recalculate the allowance using
prescribed percentages, e.g. 3% of the 30 days outstanding balance
(1)
38
Use totals to compare July 2010 amounts to July 2009 to determine whether
the debtors book is getting older. e.g. a greater percentage of debt is in the
120 days and over column.
(1)
MAXIMUM (11)
e) Assist Joan in setting out the risks of conducting business over the internet.
Lack of privacy of information
(1)
Unauthorised access to credit card information whilst being transmitted
(1)
Unauthorised access to credit card information once it arrives at the supplier
(1)
Dealing with a supplier without integrity, resulting in non delivery
(1)
Hardware failure resulting in immediate loss of revenue
(1)
Software failure resulting in immediate loss of revenue
(1)
No legal certainty in cases of non payment or non delivery who the responsible
person/party would be. (in which country and under what law does the aggrieved
party sue?)
(1)
Lack of visible audit trail (hard copies of documents)
(1)
Exposure to viruses
(1)
Possible data corruption
(1)
Loss of business buyers not connected to internet
(1)
Competitors gain access to product information
(1)
International tax liabilities
(1)
Potential copyright liabilities
(1)
Information no updated regularly, resulting in loss of income
(1)
Lack of innovation and continuous improvement lose competitive advantage.
(1)
MAXIMUM (10)
Presentation: Logic (1)
Layout (1)
39
RECOMMENDATIONS
1.4
1.5
1.
2/3
2.
3.
2.1
2.2
2.3
2.4
40
Masterfile amendments
should be entered onto preprinted sequentially
numbered forms.
The processing of masterfile
amendments should be
restricted to Sarah de Wet
and her terminal.
Prenumbered printouts of
masterfile amendments
processed should be
reviewed by Peter Preemar
for
*
authority (validity)
*
accuracy
*
completeness.
In addition, frequent
comparisons between the
records and physical assets
should take place e.g.
inventory counts, wages and
employees.
4.
5.
5.1
5.2
5.3
6.
6.1
4.
6.
6.2
6.3
4.1
her signing powers
should be taken away.
5.
A knowledgeable independent third
party should be introduced, in this
case our computer services
department.
5.1
All program changes systems
development should be made in
conjunction with our computer
services department.
5.2
A full set of systems documentation
should be supplied and lodged with
our firm.
(Note 5.1 and 5.2 would protect Toybuild
(Pty) Ltd against the failure of
Compware CC and any lack of skill,
competence, resources they may
have
6.1
All of the terminals should be
allocated to specific staff members
who will be accountable therefore.
6.2
6.3
7.
7.2
Access/systems security
7.
7.1
7.2
7.3
Continuity of operations
8.
9.
9.1
9.2
8.
9.
10.
8.2
8.1
Back up of files should be
regular, thorough and planned, Peter
Preemar should ensure that this is
done.
Backups should be secured in (at
least) fire proof lockable locations.
Control environment
10.
42
43
Batch controls
1.
When Maria Mathews removes the order from the order book she should
1.1
perform a sequence check, noting the sequence of numbers e.g. 3327 to
3391, and count the documents.
1.2
1.3
2.
Maria Mathews should then check the last number in the sequence of orders
presented by each sales representative the previous week to ensure there is no
gap in sequence. (Note: this procedure could also be done by the computer at a
later stage.)
3.
Maria Mathews should perform tests on the orders, ensuring that they have been
correctly and accurately completed, initialing the orders to acknowledge her
tests.
4.
She should then divide the orders into workable batches (by sales representative
would probably be the most practical) and for each batch, complete a pre-printed
sequenced batch control sheet by entering:
*
a unique batch number and batch identification e.g. batch 10 of 15, week
ending Friday 3 July, orders
*
control totals
Document count
5.
Maria Mathews should then enter the identification details and control totals into
a batch register and sign it.
6.
Nicholas Zondi should count the number of batches he receives from Maria
Mathews, acknowledge receipt of the batches by signing the batch register.
7.
Nicholas Zondi should key in the details and control totals of each batch (before
entering the date of the individual orders) to create a batch header label.
8.
The data off each order should be keyed in (subjected to validation checks, see
below) and the computer should calculate the same control total but based upon
what has been keyed in e.g. document count.
9.
The computer generated totals should then be compared to the totals on the
header label; where there are discrepancies, the batch should be rejected and
checked.
Simple physical access controls to the terminals used by Nicolas Zondi should be
in place as appropriate, e.g. terminal lock.
2.
3.
4.
5.
There should be terminal time out and automatic shutdown in the face of access
violations.
5.1
these should be logged and frequently reviewed by IT.
Once the create picking slip module has been accessed, the screen should be
formatted in such a manner
*
that it resembles the hard copy picking slip which will be produced and
*
it facilitates the easy capture of data off the order (accuracy)
2.
The program should require the minimum keying in of data off the order form,
e.g.
*
entry of the inventory code should bring up the description and price
*
entry of the account number should bring up the customers details.
(Nicholas Zondi should only have to key in account number, order
number, inventory item, quantity ordered and the sales representatives
code.)
3.
There should be mandatory field checks; in this case all fields are important and
Nicholas Zondi should not be able to proceed to the next order until he has
entered data in all fields.
4.
There should also be appropriate screen dialogue and prompts e.g. before
Nicholas Zondi moves to the next order he should be asked if all items on the
order have been correctly entered?
5.
45
5.1
5.2
5.3
5.4
b)
1.
balance owing
credit limit and
available credit
2.
Before accepting an order, the sales representative should work out the
value of the order and compare it to the available balance. If the
available balance is exceeded the order should be reduced/tailored to fall
within the available credit, and the matter discussed with the customer
immediately.
2.1
where the order cannot be tailored/reduced to fall within the
available credit, application should be made to Rishi Patel to
increase the credit limit before the order is finalised. Rishi Patel
should only increase the credit limit after conducting thorough
creditworthiness checks.
3.
c)
1.
2.
46
3.
4.
5.
Rishi Patel and the financial manager should review the log, tracing from
the log to the supporting documentation.
47