Professional Documents
Culture Documents
Unit Structure
7.0 Overview
7.1 Learning Outcomes
7.2 Internal Control
7.2.1 Components of the Internal Control System
7.2.2 Types of Internal Control
7.3 Internal Control and Auditors
7.4 Assessing Internal Control Systems
7.5 Recording the System
7.6 Tests of Control: Sales and Receivables System
7.6.1 Control Objectives
7.6.2 Control Procedures
7.6.3 Tests of Control
7.7 Tests of Control: Purchases and Payables System
7.7.1 Control Objectives
7.7.2 Control Procedures
7.7.3 Tests of control
7.8 Tests of Control: Wages System
7.8.1 Control Objectives
7.8.2 Control Procedures
7.8.3 Tests of Control
7.9 Tests of Control: Cash System
7.9.1 Control Objectives
7.9.2 Control Procedures
7.9.3 Tests of Control
7.10 Tests of Control: Inventories
7.10.1 Control Objectives
7.10.2 Control Procedures
Unit 7 1
Audit Principles and Practices – DFA 3103
7.0 OVERVIEW
When adopting the system-based audit, the auditor will rely on systems which prevent or
detect any variations from correct processing of documents into entries in the financial
records, and hence their inclusion in the financial statements. The auditor needs to
understand the systems and verify that controls are effective throughout the period under
review. So, in this unit, the various aspects of internal controls will be considered.
According to ISA 315 Understanding the Entity and its Environment and Assessing the
Risks of Material Misstatement defines the internal control system as the process
Unit 7 2
Audit Principles and Practices – DFA 3103
designed and effected by those charged with governance, management, and other
personnel to provide reasonable assurance about the achievement of the entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations and compliance with applicable laws and regulations. In other words, internal
control is designed and implemented to address identified business risk that threatens the
achievement of organisation objectives.
The control environment that includes the overall attitude, awareness and
actions of directors and management regarding internal controls and their
importance in the entity. In other words, it provides the framework within which
controls operate. The control environment alone does not guarantee the
effectiveness of the overall control systems. Management attitude towards control
is a major factor in determining how controls operate.
The entity’s risk assessment process is carried out to identify and act in response
to business risks and the results thereof. Risk assessment is vital as risks, both
internal and external, may adversely affect an entity’s ability to initiate, record,
process, and report financial data consistent with the assertions of management in
the financial statements.
Unit 7 3
Audit Principles and Practices – DFA 3103
Control activities describe the policies and procedures that help management to
put into practice their directives. Control activities may vary in forms, for
example, segregation of duties, physical controls, performance reviews or
information processing.
Preventative controls include procedures that prevent risks to occur. For example,
authorisation control and segregation of duties. This type of control is the most
Unit 7 4
Audit Principles and Practices – DFA 3103
Under the system approach the auditor will have to decide the extent to which they can
place reliance on the internal controls of an entity. This is important to the external
auditors because reliance on internal control will reduce the amount of substantive testing
of transactions. Moreover, efficient operation of the internal control system will ensure
the completeness and accuracy of the accounting records. However, if the internal control
system is very weak, the auditors may decline an audit of an entity. The reason is that the
auditor would be apprehensive of the high level of control risk that may exist.
Internal auditors are also concerned with internal controls as they have a major
responsibility to review an organisation’s system of internal control and to provide
assurance that the corporate governance requirements are complied with. The corporate
governance guidance in respect of internal audit states that ‘an objective and adequately
resourced internal audit function should be in a position to provide the Board with much
if the assurance it requires regarding the effectiveness of the system of internal control.’
In other words, the internal auditors should ensure that controls in place are adequate to
detect and prevent risks and the controls are operating effectively.
According to ISA 315, the auditors should obtain an understanding of the accounting and
internal control environment sufficient to determine their audit approach. The auditors
would start by assessing the adequacy of the accounting systems as a basis for preparing
the financial statements and identify the potential misstatements that could have occurred
Unit 7 5
Audit Principles and Practices – DFA 3103
in the accounts. The outcome of the assessment will help the auditors to design
appropriate audit procedures.
The procedures used to understand the entity should take into consideration the
materiality level, the size and complexity of the entity, types of internal controls but more
importantly the risk considerations (inherent and control). Indeed, the auditors will
perform a preliminary assessment of control risk at the planning stage of the audit. It is a
process to evaluate the effectiveness of an entity’s accounting and internal control in
preventing or detecting and correcting material misstatements. It is important to know
that some control risks will always exist because of the inherent limitations of the
accounting and internal control system.
Auditors usually used the following methods to understand the accounting and internal
control system:
Examine previous audit work that contains records of the system as it operated at
the last audit date.
Review client own documentation of the system such as the accounting system
manual, which would provide essential information to the auditors.
Interviews with client’s staff to gather information on how they carry out their
functions.
Walk through checks to trace particular transactions from source to destination.
Observation of client’s procedures, especially, in activities which involve high
risk such as wages payout.
Unit 7 6
Audit Principles and Practices – DFA 3103
There are several techniques for recording the accounting and internal control system.
Narrative notes
This is a simple way to describe and explain the system and at the same time making
comments to show a better understanding of the system. However, this method is not
convenient for large businesses as it may be difficult or time consuming to describe the
system clearly. Narratives notes can be used to support flowcharts.
Flowcharts
Questionnaires
Unit 7 7
Audit Principles and Practices – DFA 3103
Unit 7 8
Audit Principles and Practices – DFA 3103
These include:
(a) Orders
(i) Orders received from existing customers should be checked against the
customers’ accounts and this should be evidenced by initialling. It
should be ascertained that new orders do not exceed the credit limit
allocated to existing customers before being accepted.
(ii) Orders received from new customers should be sent to the credit
control department for credit worthiness before being accepted. A
credit limit should then be allocated to the new customers.
(iii) All orders received should be recorded on pre-numbered sales order
documents.
(iv) All orders should be authorised before any goods are despatched.
(v) The sales should be used to produce a delivery note for goods moving
out of the department. No goods should be delivered without a
delivery note.
Unit 7 9
Audit Principles and Practices – DFA 3103
(iii) Sales invoices and credit notes should be checked for prices and
accuracy by a person other than the one preparing the invoice.
(iv) All invoices and credit notes should be serially pre-numbered.
(v) Credit notes should be authorised by a responsible officer not involved
in delivery or accounts receivable functions.
(vi) Cancelled invoices should be authorised by a responsible, and retained
and matched to the appropriate delivery notes.
(e) Receivables
(i) A receivable ledger control account should be prepared regularly and
checked to individual sales ledger balances by an independent officer.
(ii) There should be different staff to record receivables, despatch goods and
collect cash.
(iii) Statement of accounts should be sent regularly to customers.
(iv) Procedures should exist to follow-up overdue balances by customers.
(v) Procedures should exist to ensure receipt of overdue balances.
Unit 7 10
Audit Principles and Practices – DFA 3103
These include:
(a) Sequence test checks are carried out on invoices, credit notes, delivery notes
and orders to ensure that all items are accounted for and there are no
omissions or duplications.
(c) Arithmetical accuracy of invoices, credit notes, discounts and tax is checked.
(d) Delivery notes are checked to ensure that they are matched to appropriate
invoices and credit notes.
(e) Batch total controls are checked to ensure that they have been applied
properly and to trace batches from input to output.
These include:
(a) Procedures to ensure that goods or services are purchased under proper
authorities.
Unit 7 11
Audit Principles and Practices – DFA 3103
(b) Procedures to ensure that only goods or services necessary for the proper
conduct of business operations.
(d) Goods and services received are properly inspected for quality, quantity and
conditions.
(e) Invoices and related documentations are properly checked and approved
before posting to the payables ledger.
(a) Orders
(i) There should be a duly approved purchased requisition for every order.
(ii) All orders should be authorised by a responsible officer whose
authority limits are predetermined. Any order beyond this limit should
be authorised by the board.
(iii) Capital expenditure or major items should be approved by the board.
(iv) All orders should be recorded on appropriate documentations e.g. a
purchase order form where the supplier’s name, quantity ordered and
price are shown.
(v) Copies of orders should be retained for follow-up action.
Unit 7 12
Audit Principles and Practices – DFA 3103
These include:
(a) Sequence check test are carried out on purchase orders, goods received notes
and goods returned notes to ensure that all items are included and there are no
omissions or duplications.
Unit 7 13
Audit Principles and Practices – DFA 3103
(b) Authorisation for purchase orders and payments of invoices and adjustment to
payable ledger are checked.
(c) Arithmetical accuracy of purchase invoices, debit notes, discounts and tax are
checked.
(d) Goods received notes and goods returned notes are checked to ensure that they
are referenced to purchase orders and debit notes.
(a) Wages and salaries should be computed in respect of client’s approved list of
employees.
(b) Wages and salaries should be computed at the approved rates of pay for each
employee or category of employees.
(c) Payrolls should be calculated accurately.
(d) Payment should be made to the correct employees.
(e) Liabilities to different institutions (tax authority, insurance and banks) should be
properly recorded.
(a) Authorisation
Unit 7 14
Audit Principles and Practices – DFA 3103
(b) Recording
Unit 7 15
Audit Principles and Practices – DFA 3103
These include:
(i ) Test sample of time sheets, clock cards or other documents for approval
by responsible official including overtime.
(ii ) Check sample of payments for authority, particularly, if in cash.
(iii ) Observe wages distribution to confirm adherence to procedures.
(iv ) Test authorities for payroll amendments and deductions.
(v ) Examine evidence of approval calculations.
(vi ) Examine evidence of approval of payrolls by a responsible officer.
(vii ) Examine payroll reconciliations.
(viii ) Test controls procedures over unclaimed wages.
These include:
Unit 7 16
Audit Principles and Practices – DFA 3103
Cash sales
(i ) Cash sales should be recorded promptly and accurately, e.g., cash sale
invoices.
(ii ) The document used to record cash sales should be pre-numbered and a
copy should be retained for reconciliation purposes.
(iii ) Cash received should be reconciled on a daily basis with the invoice totals.
(iv ) The reconciliation should be done by an officer independent of the cash
receipts and recording functions.
Unit 7 17
Audit Principles and Practices – DFA 3103
Petty cash
(i) Written authorisation should exist for the level and location of cash
floats.
(ii) Access to the petty cash floats should be restricted to authorised
officers.
(iii) Petty cash should be kept in safe custody under the responsibility of a
reliable officer.
(iv) Withdrawal from the petty cash should be authorised by a responsible
officer, not the petty cashier.
(v) The ‘imprest’ system should be used to reimburse the float.
(vi) Vouchers should be produced before the cheque is signed for
reimbursement.
(vii) A maximum amount should be placed on a petty cash payment to
discourage normal purchase procedures being by-passed.
(viii) Petty cash reconciliation should be made at regular intervals.
Unit 7 18
Audit Principles and Practices – DFA 3103
Unit 7 19
Audit Principles and Practices – DFA 3103
(c) All receipts and issues should be recorded and cross-checked with the
appropriate GRN or requisition.
(d) Total inventory records should be maintained and reconciled with detailed
inventory records and discrepancies investigated.
(e) Inventory should be periodically checked against the records by an officer
independent of the stores and significant differences investigated.
(f) Maximum and minimum inventory level should be pre-determined and
regularly reviewed for adequacy.
(g) Re-order quantities should be pre-determined and regularly reviewed for
adequacy.
(h) Deliveries of goods should pass through stores and hence be checked and
recorded as received.
(i) Inventories should be in safe locations to prevent damages and theft.
(j) Access to stores should be restricted.
(a) Observe physical security of inventories and environment in which they are
held.
(b) Test procedures for recording of inventory movements in and out of
inventory.
(c) Test authorisation for adjustments to inventory records.
(d) Test authorisation for write-off or scrapping of inventories.
(e) Test controls over recording of inventory movements belonging to third
parties.
(f) Test procedures for authorisation for inventory movements, i.e., the use of
authorised goods received and despatch notes.
(g) Inspect reconciliations of inventory counts to inventory records (this gives
overall comfort on the adequacy of controls over the recording of inventory).
(h) Check sequences of despatch and goods received notes for completeness.
Unit 7 20
Audit Principles and Practices – DFA 3103
(i) Assess adequacy of inventory counting procedure and attend count to ensure
they are carried out.
7.11 SUMMARY
1. Internal control system as the process designed and effected by those charged
with governance, management, and other personnel to provide reasonable
assurance about the achievement of the entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency of operations and
compliance with applicable laws and regulations.
2. The control environment that includes the overall attitude, awareness and actions
of directors and management regarding internal controls and their importance in
the entity.
3. The entity’s risk assessment process is carried out to identify and act in response
to business risks and the results thereof.
4. The information system consists of the procedures and records established to
initiate, record, process, and report entity transactions and maintain accountability
for the related assets, liabilities and equity.
5. Control activities describe the policies and procedures that help management to
put into practice their directives. Control activities may vary in forms, for
example, segregation of duties, physical controls, performance reviews or
information processing.
6. Internal Control Questionnaires are used to ask whether controls exist to ensure
that a particular control objective is achieved.
7. Internal Control Evaluation Questionnaires are designed to determine whether
there are controls that prevent or detect specified errors or omissions.
Unit 7 21
Audit Principles and Practices – DFA 3103
8. Control objectives for all systems are that only authorised transactions are
promptly recorded at the correct amount in the appropriate accounts in the proper
accounting period.
9. Control procedures include procedures to ensure completeness, accuracy,
authorisation and proper documentation.
10. Tests of control involve ensuring that the control procedures have been applied
effectively throughout the accounting period.
7.12 ACTIVITY
Activity 1
During the course of their five year period as auditors of S.E Ltd, Paul and Joe have been
particularly concerned that the company, as it grew, should develop internal control
systems appropriate to its size and complexity.
Required:
(b) State and explain any four types of internal control giving an illustration of
each type of control as it might be found in S.E Ltd’s system for the
purchasing of materials and the control of stocks. Your answer should
suggest possible consequences if your illustrated control was not in operation.
(c) Discuss the difficulties which S.E Ltd might have faced in establishing
efficient and effective internal control as it grew over the first five years of
existence.
Unit 7 22