TASK1

Q.1 Answer

The Privacy Act 1988 contains principles and requirements for the handling of files and records that
contain personal information. Some key points regarding the Privacy Act and files/records are:

 Personal information should be collected by lawful and fair means and in a manner that is not
unreasonably intrusive. Personal information collected must be reasonably necessary for one of
the organization's functions.
 Personal information in files and records must be kept accurate, complete and up-to-date if it is
to be used for any purpose. Organizations should take reasonable steps to ensure that inaccurate
information is corrected.
 Personal information should not be kept longer than necessary for the purpose it was collected.
Records containing personal information should be regularly reviewed and if no longer required,
destroyed or de-identified.
 Organizations must take reasonable security safeguards to protect personal information from
misuse, loss, unauthorized access, modification or disclosure. Appropriate measures should be
used to secure physical files and electronic records with personal information.
 Individuals generally have a right to access their own personal information held in files or
records and request corrections where necessary. Organizations must provide access and
opportunity to correct information, unless an exemption applies.

In summary, the Privacy Act outlines key principles regarding the collection, storage, use, accuracy,
security and access to personal information contained within files and records. Organizations must
comply with these requirements when handling and managing files and records containing personal
information.

Q.2, answer

The Privacy Act 1988 can significantly impact how a company manages its files containing employee and
customer information. Some of the key ways are:

 Collection of information: The company must only collect personal information that is
reasonably necessary for its functions and activities. They cannot collect excessive or irrelevant
information.
 Accuracy of information: The company has an obligation to take reasonable steps to ensure the
personal information it holds is accurate, complete and up-to-date. This may require regular
checks and updates of physical and electronic files.
 Storage and security: The company must implement appropriate storage and security measures
for files containing personal information. This could include securing physical files, password
protecting or encrypting electronic files and restricting access on a need-to-know basis.
 Retention and disposal: The company should have a records management policy that outlines
retention periods for different types of files and information, based on its business needs and
legal requirements. Outdated files containing personal information must be properly disposed
of.
  Access and correction: Individuals have a right to access their personal information held in the
company's files and request corrections where necessary. The company must facilitate these
requests in a timely manner, unless an exemption applies.
 Breach management: If a data breach or unauthorized disclosure of personal information from
files occurs, the company may have notification and remedial obligations under the Privacy Act.

Overall, compliance with the Privacy Act means companies need to adopt proper information handling
and file management practices. This can affect the way files are collected, stored, secured, accessed,
updated and ultimately disposed of.

Q.3, answer

The two most important ethical responsibilities of accountants when preparing financial statements are:

 Accuracy and fair representation: The accountant must prepare financial statements that
accurately and fairly represent the company's financial position and performance in accordance
with accounting standards. This means disclosing all relevant financial information in a
transparent manner, without intentional omissions or misrepresentations.
 Objectivity and independence: The accountant must prepare the financial statements in an
objective and unbiased manner, free from any undue influences. Any conflicts of interest must
be avoided or appropriately disclosed to ensure the reliability and integrity of the financial
information.

Q.4, answer

The ethical implications of discovering a colleague accessing files they should not have access to include:

 Invasion of privacy: Unauthorized access to personal files violates the individual's privacy rights.
This is unethical.
 Breach of confidentiality: Any confidential or sensitive information in the files should only be
accessed by authorized personnel for legitimate purposes. Unauthorized access breaks this
confidentiality.
 Loss of trust: Such inappropriate access by a colleague damages trust and integrity within the
workplace. This makes future collaboration and teamwork difficult.
 Possible legal implications: Depending on the file content, the unauthorized access could
constitute a civil or criminal offence. The individual may face legal penalties.

In summary, unauthorized access to an employee's files by a colleague is a violation of the individual's

privacy and confidentiality, damages workplace trust and relationships, and could have legal
consequences. It is an unethical act that should be appropriately dealt with by the organization.
Q.5, answer

ASIC is the government body that regulates companies and financial markets in Australia.The ASIC Act
2001 determines ASIC's authority and powers, which include investigating and enforcing corporation and
financial services laws, registering companies, and providing information to consumers.

Q.6, answer

The three main Acts that ASIC administers are:

 Corporations Act 2001: Governs the establishment and operation of companies.

 Australian Securities and Investments Commission Act 2001: Established ASIC and determines its
functions and powers.
 Competition and Consumer Act 2010: Includes laws relating to consumer protection, product
safety, unfair market practices and restrictive trade practices.

Q.7, answer

The 4 main directors' duties under the Corporations Act are:

 Duty of care: Act with due care, skill and diligence.

 Duty of good faith: Act honestly and for proper purposes.
 Duty of disclosure: Disclose conflicts of interest.
 Duty not to improperly use position or information: Not improperly use information or position
to gain advantage.

Q.8, answer

Here are explanations of three key features of the A New Tax System (GST) Act 1999:

 It introduces the Goods and Services Tax (GST) at a rate of 10%. GST applies to most supplies of
goods and services made in Australia.
 It provides for input tax credits, which allow businesses to claim a credit for the GST paid on
business inputs. This aims to tax value add at each stage of the supply chain.
 It outlines the registration requirements, tax periods, taxable supplies, exemptions and specific
rules for applying GST in Australia. It forms the legal framework for the administration and
operation of the GST system.
Q.9, answer

The Common Reporting Standard has the following effects:

It requires Australian financial institutions to identify and report on foreign tax residents with accounts in
Australia. It also requires financial institutions in other countries to identify and report on Australian tax
residents with accounts there.This information is exchanged between countries' tax authorities to reduce
offshore tax evasion and ensure tax residents properly pay tax in their country of residency.

Q.N.10, answer

The Global Reporting Initiative (GRI) provides a voluntary framework for sustainability reporting. It
provides standards and guidelines that organizations can use to measure and report their economic,
environmental and social impacts.The GRI framework aims to enhance the comparability and quality of
sustainability reporting, provide a generally accepted framework for transparency and accountability,
and enable greater organizational accountability and transparency on sustainability issues. Many large
corporations use the GRI framework to communicate their sustainability performance through reports.

Q.11, answer

In short, an effective internal control structure assists management in the following ways:

• Risk management - Internal controls help manage risks facing the organization.

•Compliance - Internal controls ensure compliance with policies, laws and regulations.

• Efficiency - Effective controls promote operational efficiency and reduce waste.

• Accountability- Controls provide assurance that employees are performing duties properly.

• Reliability of reporting - Controls ensure accuracy of financial reporting for decision making.

• Asset protection - Controls safeguard assets from loss, waste or misappropriation.

Having internal controls in place provides checks and balances that help management meet objectives,
comply with requirements, operate efficiently and protect assets. The controls establish oversight and
governance within the organization.

Q.12, answer

the relationship between corporate governance and internal audit is:

• Internal audit provides assurance to the board on governance and controls. The results inform
governance.

• Internal audit reports to both the board audit committee and senior management.

• An effective internal audit enables good corporate governance.

• Internal audit and corporate governance are closely related, with internal audit helping to enhance
governance.

The key points are:

• Internal audit assesses risks and controls, and reports issues that can improve governance.

• Internal audit reports to the board and management, acting as part of the governance structure.

• Strong internal audit helps establish an effective governance environment.

So in summary, internal audit and corporate governance are interlinked functions. Internal audit
provides insights that inform and strengthen corporate governance, while reporting into the
organization's governance structure.

Q.13, answer

The limitations of internal controls include:

• Controls only provide reasonable assurance, not absolute assurance. Risks may still occur.

• Controls can become outdated as processes and systems change over time. Regular updates are
needed.

• The cost of controls must be proportionate to the benefits. Excessive controls can reduce efficiency.

• Controls can be circumvented or overridden due to inherent limitations and human factors.

• Controls rely on people performing their roles properly; human limitations impact effectiveness.

Q.14, answer

There are three main consequences of inadequate internal controls:

1.Non-compliance - Weak controls may fail to detect or prevent non-compliance with laws and
regulations. This could lead to penalties, fines and damage to the organization's reputation.

2.Fraud and error - Insufficient internal controls create opportunities for fraud and unintentional errors
to occur and go undetected. This can result in financial losses for the organization.

3.Inefficient operations - Without proper controls, processes may become wasteful, duplicative or
ineffective. This can cause unnecessary costs, delays and reductions in productivity.

Q.15, answer

According to the ASX Corporate Governance Principles, the CEO should not take on the role of Chair after
more than 3 to 5 years in the CEO position. A shorter transition period may be suitable in some
circumstances.
Q.16, answer

A key requirements of an Operational Policies and Procedures Governance Manual is to document:

 The organizational structure and roles and responsibilities of key positions.

 The policies and procedures governing the organization's day-to-day operations, processes,
activities and transactions.
 Guidelines for staff to follow to ensure compliance, efficiency, consistency and quality.
 The authorities and limits of discretion for different roles.
 The processes for managing risks, resolving issues and making decisions.

Q.17, answer

The five components of internal control are:

 Control Environment - Tone and culture set by management.

 Risk Assessment - Identifying and analyzing risks to objectives.
 Control Activities - Policies and procedures to mitigate risks.
 Information & Communication - Sharing relevant info to enable controls.
 Monitoring - Ongoing or separate evaluations of controls.

Q.18, ANSWER

The auditor evaluates controls in 4 stages:

 Obtain an understanding - Document processes, risks and controls.

 Test the design - Evaluate if controls are capable of achieving objectives.
 Test operating effectiveness - Evaluate if controls are applied consistently.
 Form an opinion - Judge whether internal controls are effective.

Q.19, ANSWER

the differences between internal and external audits are:

Internal audits:

• Conducted by in-house teams

• Evaluate effectiveness of governance, risk management and controls

• Have broader scope covering all operations

• Report to management and board

• Provide recommendations for improvement

• Have unlimited access

• Conducted throughout the year

External audits:

• Conducted by independent audit firms

• Provide an opinion on the financial statements

• Focus on financial and accounting processes

• Report to management and shareholders

• Provide assurance that financial statements are fairly stated

• Have limited access subject to management approval

• Conducted annually at financial year end

Q.20, answer

The seven basic internal accounting control procedures are:

 Segregation of duties
 Authorization
 Documents and records
 Physical control over assets
 Independent checks
 Proper execution of transactions
 Adequate documentation

These controls aim to ensure reliability of reporting, efficiency and compliance.

TASK2

Q.1,answer

Report on XYZ Company's Internal Control and Governance Systems

XYZ Company operates in the mining industry, exploring for and producing base metals such as copper,
zinc and silver.

The ASX Corporate Governance Principles recommend structures to ensure ethical behaviour,
transparency and risk management. XYZ has adopted the following practices in line with these principles:

• An independent non-executive Chair who is separate from the CEO role.

• A board skills matrix to ensure an appropriate mix of expertise.

• Audit, nomination and remuneration committees made up solely of independent directors.

• A code of conduct and whistleblower policy outlining expected behaviour.

• A risk management framework to identify, monitor and mitigate risks.

Key features of XYZ's governance and control system include:

• A three lines of defence model with operational controls, risk management and internal audit.

• A delegations of authority framework outlining decision making authority.

• Policies and procedures governing areas such as financial reporting, safety and environment.

• Monthly financial reporting to the board and quarterly reporting to shareholders.

• Regular internal audits of control processes to ensure effectiveness and compliance.

• A robust approval process for capital expenditure and new projects.

Legislation including the Corporations Act 2001 and Australian Securities and Investments Commission
Act 2001 mandate internal controls and governance requirements for XYZ.

Internal controls and governance are particularly important in XYZ's industry due to:

• Potential safety, environmental and heritage risks requiring strict operating controls.

• Large capital investments requiring robust approval, reporting and oversight.

• Exposure to commodity price fluctuations highlighting the need for risk management.

• Regulatory oversight of mining activities and reporting obligations.

In summary, XYZ has implemented governance practices and internal controls aligned with regulatory
requirements and tailored to the risks and needs of its industry. This framework aims to ensure ethical
and prudent decision making, compliance and transparency for stakeholders.

Q.2,answer

Dear Assessor,

I have attached my Internal Control and Governance Report on XYZ Company as requested.The report
provides an overview of XYZ Company which operates in the mining industry exploring for and producing
base metals. I have summarized the key corporate governance practices adopted by XYZ in line with the
ASX Corporate Governance Principles and Recommendations.

The main features of XYZ's internal control and governance framework are also described, including risk
management processes, delegation of authority policies, reporting systems and internal audit functions.
I have highlighted the relevant legislation that XYZ must comply with and why effective controls and
governance are especially important in the mining industry due to its risks.The objective of the report is
to demonstrate that XYZ has implemented a governance and control system aligned with regulatory
requirements and the specific risks it faces in its business operations.Please let me know if you require
any clarification or further detail on the contents of the report. I would be happy to discuss and expand
aspects as needed. I have endeavored to write the report in a clear and succinct manner with
appropriate in-text citations.

I look forward to receiving your feedback.

Kind regards,

Amit

TASK3

Q.1, answer

Report Title: Control Procedures and Management Report

Tasks for Newly Appointed CFO:

•Review monthly management accounts within 2 weeks of month end

•Review annual budget vs actual reports quarterly

•Review annual audit report and sign-off within 1 month of receipt

•Review bank reconciliations within 1 week of month end

•Meet with CEO monthly to discuss financial position

Procedure for Unapproved Purchases:

All purchase orders over $500 require two approvers from a pre-authorized list

Purchases without correct approval will be cancelled and flagged to managers

Orders will be batched weekly for approval to streamline process

Procedure for Payroll Processing:

Timesheets must be signed by employee and supervisor before payroll run

Payroll clerk will check 10% of timesheets for accuracy after each payroll

Any errors will be flagged for investigation and corrected on next payroll.

Implementation Plan:

Stakeholders: Finance team, all department managers

Consultation: Meetings and email communications

Timeline: Procedures to take effect from next payroll/purchase cycle

Performance Indicators:

• % of orders correctly approved

• % of timesheets accurately checked

• # of errors flagged

Review: Procedures to be reviewed 6 months and 12 months after implementation

Report to Management:

Issues include unapproved purchases and payroll errors...Procedures based on review of similar
processes used by ANZ Bank and Westpac...Implementation and review timelines set out above...Finance
team and managers responsible for different aspects...Aims to reduce errors, increase oversight and save
costs...Performance measures listed above to evaluate compliance and success.

In summary, the clear documentation of roles, responsibilities and procedures for the Finance function
and new CFO will help improve internal controls, governance and performance.

Q,2, answer

Dear CEO [AIA],

Please find attached my Control Procedures and Management Report outlining key tasks and
responsibilities for the newly appointed CFO role, as well as recommended internal control procedures
and an implementation plan for addressing issues with unapproved purchases and payroll
processing.The report identifies two internal control procedures - one for purchase approvals and one for
timesheet accuracy - and proposes performance indicators to evaluate their effectiveness after
implementation. An implementation plan setting out stakeholders, consultation approach, timelines and
review schedule is also included.

A draft report to management summarizing the key issues, research supporting the recommendations,
implementation details and performance measures has been written for your review.I would appreciate
the opportunity to meet with you to discuss the contents of this report and seek your feedback before
finalizing the report for wider distribution. Please let me know if next Tuesday or Thursday after 2pm
would be suitable times for a 30 minute meeting.

I look forward to your response and our discussion to ensure these internal control procedures and new
processes for the Finance department are appropriate and comprehensive.

Kind regards,

Amit
Q.3, answer

As we discussed in the attached report, there are currently some issues with unapproved purchases and
payroll processing errors that need to be addressed. The recommended procedures aim to reduce these
risks by:

Requiring two approvers for purchases over $500 to ensure spending is properly authorized

Checking timesheets for accuracy after each payroll run to catch and correct any errors early

By implementing segregation of duties, approval processes and independent checks, we can better
control expenditures, detect fraud and ensure payroll is correct. This will save the company money,
improve budgeting and reduce the risk of non-compliance.

I understand this will require input and effort from various stakeholders, so the implementation plan
aims to:

 Consult with affected teams to identify issues and gain buy-in

 Set realistic timeframes that minimize disruption while still enabling benefits to be realized soon
 Select performance indicators to evaluate compliance and effectiveness once the procedures are
in place.

To implement these changes successfully with full support, I recommend we proceed as outlined in the
report. However, I value your feedback and insights from your leadership experience. Are there any
aspects of the proposed procedures or implementation plan you believe require modification?

CEO: The procedures seem reasonable, but how confident are you they will achieve the desired results?

I understand your question. While no internal control can guarantee issues will be entirely eliminated, by
following best practice approaches and learning from examples of other successful implementations, I
am confident these measures will significantly improve the current situation if properly enforced. Of
course, once rolled out I recommend regularly reviewing the procedures to identify any further
refinements that could optimize their effectiveness.

Q.4, answer

Revised Control Procedures and Management Report

Procedure for Unapproved Purchases:

the following addition:

4. The finance team will conduct a review of the new procedures after 3 months to identify any areas for
improvement.

Procedure for Payroll Processing:

the following addition:

4. The HR department will audit a sample of 15% of timesheets for the first 2 payroll cycles to ensure
accuracy and compliance.

Implementation Plan:

Same as original report, with the following change:

Performance Indicators:

• % of orders correctly approved within 7 days

• % of timesheets accurately checked

• # of payroll errors

• % improvement in error rate after 6 months

Report to Management:

The CEO recommended a review of the procedures after 3 months and an initial audit by HR to ensure
accuracy and compliance. The performance indicators have also been updated to measure the
improvement in errors.

In summary, the refined internal control procedures aim to reduce expenses, ensure payroll accuracy and
identify opportunities for improvement within an acceptable timeframe. Regular oversight and auditing
will help maximize compliance and benefits over time.

Q.5, answer

Dear CEO,

During our meeting on Tuesday we discussed the proposed internal control procedures for the Finance
department. You provided useful feedback that has been incorporated into my Revised Internal Controls
Report, which I have attached.

The revised report includes the following changes:

• An HR audit of timesheets for the first 2 payroll cycles to ensure accuracy and compliance.

• A finance team review of the purchase approval procedures after 3 months to identify areas for
improvement.

• Additional key performance indicators to measure the percentage improvement in error rate over
time.

In summarizing our discussion, I believe we agreed the proposed procedures - with the above
refinements - represent a reasonable approach to addressing the issues around unapproved purchases
and payroll errors in a timely manner. Regular oversight and reviews will help optimize the controls over
time.The purpose of this email is to request your formal approval to proceed with implementation of the
internal control procedures as outlined in the revised report. With your approval, I will work with the
relevant stakeholders to roll out the new processes and controls according to the implementation plan.

Please let me know if you require any clarification or further information before providing your approval.
I appreciate your feedback and guidance to help ensure the success of this initiative.

Kind regards,

Amit

TASK4

Q.1, answer

Internal Controls Evaluation Report

Introduction

An audit of the company's purchasing process was conducted to evaluate the effectiveness of internal
controls in ensuring compliance with purchasing policies and procedures. The audit criteria included
compliance with the requirements for:

• Obtaining purchase requisitions and approvals

• Obtaining multiple competitive quotations for purchases over $5,000

• Using the company's official purchase order form

• Receiving and verifying goods before processing vendor invoices for payment

Findings

The audit found that performance indicators were only partially met:

• Only 70% of purchases had an approved requisition form

• Only 50% of purchases over $5,000 had evidence of obtaining quotations

• Only 80% of purchases had an official purchase order

• 60% of vendor invoices had evidence of goods being verified before payment

These results indicate non-compliance with key control requirements, exposing the company to the risks
of unauthorized or excessive purchases, and payments for goods not received.
Recommendations

To improve the effectiveness of purchasing controls, I recommend:

• Providing refresher training on purchasing policies and procedures for all staff involved in the
purchasing process

• Implementing a checklist to be completed for all purchases, confirming requisition approval,

quotations, purchase orders and goods verification before payment.

• Conducting periodic spot checks by finance staff to monitor compliance with purchasing controls.

•Introducing consequences for non-compliance with purchasing policies, such as warnings or disciplinary
action.

These recommendations aim to strengthen awareness, documentation, oversight and accountability

around the purchasing process, in order to achieve full compliance with internal controls and reduce
risks.

Q.2, answer

Dear CEO [AIA],

Please find attached my Internal Controls Evaluation Report assessing the effectiveness of controls within
the company's purchasing process.

The audit examined compliance with requirements for purchase requisitions, quotations, purchase
orders and verifying goods received. While some controls were working well, the results indicate
significant non-compliance in key areas, exposing the company to risks.

To address this, I have recommended:

• Providing refresher training on purchasing policies and procedures

• Implementing a checklist to confirm compliance for all purchases

• Conducting periodic monitoring by finance staff

•Introducing consequences for non-compliance

These measures aim to strengthen awareness, documentation, oversight and accountability around
purchasing in order to achieve and sustain full compliance with controls.

I would appreciate the opportunity to discuss my report and recommendations with you to receive your
feedback and approval to move forward with implementing the suggested improvements. Please let me
know if you have any questions or would like me to provide any clarification or further detail on my
analysis and recommendations.
I look forward to hearing from you and our discussion to ensure the company's purchasing controls are
operating as effectively as possible.

Kind regards,

Amit

Q.3, answer

Revised Evaluation Report

Findings

The CEO agreed with audit results showing some controls were not fully effective.

Recommendations

• Provide refresher training on purchasing policies. The CEO suggested including a quiz at the end to test
staff understanding.

• Implement a checklist for all purchases. The CEO recommended making this a digital form to be
automatically emailed to finance for approval.

• Conduct monthly spot checks of 10% of purchases by an internal auditor. The CEO wanted a higher
frequency of checks.

• Introduce consequences for non-compliance such as written warnings for first offenses and possible
suspension for repeat issues. The CEO supported this approach.

• Install a scanner at the receiving dock for staff to scan incoming items. This will create an automated
record of goods received. The CEO liked this option to strengthen controls.

These recommendations aim to strengthen compliance through improved communication, oversight and
accountability around the purchasing process. Automating certain controls through technology where
possible will also enhance their effectiveness.

The CEO supported my recommendations and suggested the additional measures: a staff quiz after
training, digital checklists sent to finance automatically, monthly audits by an internal team and a
receiving scanner. Taken together, these improvements should ensure controls are operating at the
highest possible level. I will finalize an implementation plan based on this feedback and guidance.
Q.4, answer

To All Staff,

Please see the attached Revised Evaluation Report which outlines new internal control procedures that
will be introduced for our company's purchasing process.An audit found that some current controls were
not fully effective in ensuring compliance with policies and procedures. This exposed the company to
risks from unauthorized or excessive purchases, and payments for goods not received.

To address this, the following improvements will be implemented:

•Refresher training on purchasing policies with a short quiz to check understanding

• A digital checklist to confirm requisition approval, quotations, purchase orders and goods receipt for
every purchase. This form must be submitted to finance for approval.

•Monthly spot checks of 10% of purchases by an internal auditor

• Consequences for non-compliance such as written warnings or possible suspensions

• Installation of a scanner at the receiving dock for staff to record incoming items

These new procedures aim to strengthen compliance through better communication, oversight, and
accountability. The automatic controls enabled by technology should also enhance effectiveness. The
changes outlined represent an important step to ensure our company's purchasing controls operate at
the highest possible standard. Full compliance with these procedures is required going forward.

Please contact me if you have any questions about the new internal control procedures. I will
communicate the rollout details and training schedule soon.

Regards,

Amit

Internal Controls Manager