Audit and assurance (AA) Homework

7/3/2020

Kit Page 58, Q119 Equestrian

(a) Four type of control activity

- Segregation of duties
Assignment of role and responsibility to ensure authorizing, recording, maintaining custody are
carried out separately.
For e.g. Having separate department such as HR for evaluating new joiners and Payroll dept for
payroll processing.

- Information processing
Application and general IT controls to ensure the completeness, accuracy and authorization of
information.

- Authorization

Approval from suitably responsible official to ensure that the transaction is genuine.
For e.g. New customers undergo a credit check, after which a credit limit approved by the sales
director.

- Physical control
Restricting access to physical assets to reduce the risk of theif.
For e.g. High value inventory is stored in a secure location across all nine warehouses and access is
via a four-digit code.

- Performance review
Compensation or review of the performance.

(b) Control Deficiency and control recommendation

Control Deficiency Control Recommendation

Physical verification of assets within the non-
current asset register has not been undertaken
for some time.
A current program has confirmed only 15% of
NCA, due to staff shortages.
If non-current assets are not physically verified on
a regular basis, there is a risk of assets being
misappropriated or misplaced as there is no check
on the existence of asset.
Equestrian Co has experienced significant staff
shortages within IA department. In addition,
several members of the current IA team are new
to the company.
Maintaining an IA department is an important
control as it enables senior management to test
Acquire additional resources to complete the
physical verification of all assets.
If any assets cannot be located, they should be
written off. Following this full review, on monthly
basis a sample of assets at the sites should be
verify to confirm existence.
Recruite additional employees to join the IA
department. In the interim, employees from other
departments could be seconded to IA to assist
them with the internal audits. Review thoroughly
to the work done by the seconded person.
Control Deficiency Control Recommendation
whether controls are operating effectively within
the company.
During the year, the human resources (HR) Reprioritised the task of HR dept.
department has been busy; therefore the payroll immediately revert back to HR to undertake.
department has set up new joiners to the Additionally, review all new joiners set up by
company. payroll.
This is a lack of segregation of duties, as
employees are able to set up new joiners in the
payroll system and process their pay, this leads to
a risk of fictitious/duplicate employees being set
up.
The wage rate has been increased by the HR All increases of pay should be agreed by the board
director and notified to the payroll supervisor by of directors.
email. Upon agreement of the pay rise, a written
As payroll can be a significant expense for a notification of the board decision should be sent
business, this should be made by the board as a to the payroll supervisor. This change should
whole and not just by report to the payroll director.
the HR director.
In addition, the notification of the payroll increase
was via email and the payroll supervisor was able
to make changes to the payroll standing data
without further authorisation. This increases the
risk of fraud or errors arising within payroll.
New customers undergo a credit check, after Credit limits should continue to be approved by
which a credit limit is proposed by the sales staff the sales director; however, on a regular basis the
and approved by the sales director, these credit sales director should review these limits based on
limits are not reviewed after this. order history and payment record.
Over a period of time it may be that the
customers’ credit limits have been set too high,
leading to irrecoverable debts, or too low, leading
to a loss of sales.
High value inventory is stored in a secure location The access codes for all of the sites should be
across all nine warehouses and access is via a changed. Each site should have a unique code,
four-digit code, which is common to all sites. known to a small number of senior warehouse
As the code is the same across all sites, there is a employees. These codes should be changed on a
risk of fraud. Several people will be aware of the regular basis.
codes and could access inventory of the nine sites.
The bank reconciliations are only reviewed by the The bank reconciliations should be reviewed by
financial controller if the sum of reconciling items the financial controller on a monthly basis, even if
is significant. the reconciling items are not significant, should
The bank reconciliations could contain significant leave evidence of review by way of signature on
errors, but a low overall amount of reconciling the bank reconciliation.
items, as there could be compensating errors
which cancel each other out.
Control Deficiency Control Recommendation
If they are not reviewed, there may be a risk of
fraud.