Announcements

 First ILP: Monday 19 February 2024, 16h00

VDS 1046

R 2. GROUP 2 - English
E BACC English A-L (AUD 288)
M3. GROUP 3 - English
I BACC English M-Z (AUD 288)
N 4. GROUP 4 - English
D BCOMM English MANAGEMENT
E ACCOUNTING (AUD 388)
R BCOMM
288)
English FIN ACC (AUD
 Auditing Fundamentals – Chapter
AUDITING 288 388 4
INTERNAL
CONTROL AND ISA 315 “Understanding the entity
and its environment and assessing
INTRODUCTION TO the risk of material misstatement”

CYCLES
Lecture 1
ISA 330 “The auditor’s procedures
in response to assessed risks”
LEARNING OUTCOMES
1. Outline & discuss the definition of Internal Control (IC).

2. Describe the inherent limitations of IC.

3. Outline the auditor’s responsibility in respect of IC.

4. Name, describe & practically apply the components of an IC

system.

5. Formulate and identify control objectives for different

transaction cycles.
4
 AUDIT PROCESS
OVERVIEW

ISA’s, govern
the process Pre-
Planning
engagement
1 2
4 3
Evaluation,
conclusion, Obtaining
reporting evidence

Auditing Fundamentals

5
 Pre-engagement activities

Audit process
Planning
 Knowledge of Business
• Understanding of entity’s
environment
• Understanding of Acc system &
288/388 IC
 Risk evaluation
 Materiality

Audit procedures
 Tests of Control (TOC) and /or
 Substantive procedures (SP)

Evaluation & Reporting

6
 AF 4.3.1
INTERNAL CONTROL SYSTEM: p. 119
DEFINITION
ISA 315 4(C)

the process designed ,effected and maintained by

management to provide reasonable assurance about
achievement of entity’s objectives relating to
 reliability of financial reporting
 effectiveness & efficiency of operations
 compliance to laws & regulations

7
 AF
INTERNAL CONTROL SYSTEM:4.3.3
INHERENT LIMITATIONS p. 127

IC system can only provide reasonable

assurance because:
1. Cost vs Benefit
2. Directed at routine, repetitive transactions
3. Human error
4. Collusion for circumvention of internal controls
5. Abuse of responsibility
6. Control becomes inadequate

8
INTERNAL CONTROL SYSTEM:
AUDITOR’S DUTY
To gain adequate knowledge of the business, including the
system of internal control by:

Prior experience & Discussions & Reading manuals Inspecting

knowledge enquiries with staff documents &
records

Observation Walk through tests

How?
9
INTERNAL CONTROL SYSTEM:
AUDITOR’S DUTY
Auditor has to document his/her knowledge of the internal
control system utilizing the following documents:
1. System description
2. Internal Control questionnaire
 Yes: sound internal controls
 No- weakness in IC- potential risk
 Consider compensating controls
3. System flow charts
 Standardized symbols
 Flow of documents
 Sequence of events Documentatio
10
Components: Internal Control System (COSO
Model)

4.3.2.1 Control environment

4.3.2.2 Risk assessment process

Information system for

fin reporting & Control Activities
communication
[relevant business processes,
[policies & procedures (IC)]
accounting systems & cycles]

4.3.2.3 4.3.2.4

Monitoring- evaluate effectiveness of internal control &

4.3.2.5 corrective actions
11
 AF 4.3.2 .1
CONTROL p. 120
ENVIRONMENT
Client commitment to competence (employ competent
staff)
Human resource policy and practices (code of ethics)
Organizational structure (responsibility and authority)
Participation by those charged with governance (AC)
Philosophy and operating style (care about issues + Act)
Ethical values and integrity (tone set from the top)
Responsibility for reporting authority (isolation of
responsibility)
12
 AF 4.3.2 .2
RISK ASSESSMENT p. 121
PROCESS
Process by which management identifies and responds to
relevant risks that threaten achievement of business
objectives
Conducted once a year formally
Reviewed, updated and applied continually

Risk
Risk Risk
quantificatio
identification evaluation
n

13
INFORMATION SYSTEM FOR REPORTING AF
4.3.2.3.1
“Procedures and records established to initiate, execute, record, process, report p. 121 -
entity
transactions, events and conditions and to maintain accountability for related assets,
liabilities and equity.” 122
1. Transactions
Decision & approval
1. Initiate
2. Implementation of the decision
2. Execute
3. Source documents
3. Record
4. Accounting records
4. Process • E.g., cash book
• Sub-ledger
5. Reporting • Journals
• General ledger

5. Financial statements 14
 Auditing Fundamentals – Chapter
AUDITING 288 388 4
INTERNAL
CONTROL AND ISA 315 “Understanding the entity
and its environment and assessing
INTRODUCTION TO the risk of material misstatement”

CYCLES
Lecture 2
ISA 330 “The auditor’s procedures
in response to assessed risks”
Components: Internal Control System (COSO
Model)

4.3.2.1 Control environment

4.3.2.2 Risk assessment process

Information system for

fin reporting & Control Activities
communication
[relevant business processes,
[policies & procedures (IC)]
accounting systems & cycles]

4.3.2.3 4.3.2.4

Monitoring- evaluate effectiveness of internal control &

4.3.2.5 corrective actions
16
 AF 4.3.2.4
CONTROL ACTIVITIES p. 124 - 126
To ensure that identified risks are prevented, or should they
materialise, that they are timeously detected and addressed,
through:
S Segregation of duties
C Access Control
R Independent Review
R Documentation and Records
A Authorisation and approval
R Reconciliation 17
S = SEGREGATION OF DUTIES (distribution AF p. 125 (c)
of work)

Segregate incompatible functions

 A transaction should not be handled by only 1 employee from begin to end.
 Reduces the probability that 1 employee can commit error/fraud and hide it.
 Incompatible functions (should be performed by different employees) are
• Initiation of a transaction;
• Authorisation of a transaction;
• Execution of a transaction;
• Recording of a transaction; and
• Control/Safeguarding of asset involved (only where applicable).
 E.g., for the purchase of an asset on pg. 125 in AF

C = ACCESS CONTROL / SECURITY AF p. 125 (d)

Logical (not in 288/388) & physical security

Access control to assets (e.g., locks, safes, security guards, cameras); and
Access control to documents/records (e.g., stationary register).
18
R = INDEPENDENT REVIEW (double review)AF p. 126 (e)
 2nd independent person checks work completed by 1st person, and
 sign or initial (evidence that check was performed and pinpoint
responsibility.

R = DOCUMENTATION AND RECORDS AF p. 124 (a)

 Document design
• Easy identification of different types of forms (e.g., colour/size)
• Pre-printed
• Pre-numbered (enable sequence checking)
• Logical design & lay out
• Space for signatures/initials
• Multi-copied source documents (to be send to different divisions)

 Stationary Control
• Safeguarded
• Register
• Cancellation of documents after use
19
A = AUTHORISATION and APPROVAL AF p. 124 (b)
 In terms of company policy
• specific authorisation levels given the
- type of transactions
- value of transactions (amount)
• after reviewing supporting documents
 Evidence of authorisation required
• sign (as evidence that authorisation was given and pinpoint
responsibility)

R = Reconciliation AF p.
 Reconciliation between actual vs recorded assets
126 (e)
• Comparing e.g., physical stock counts with inventory account
 Reconciliation between two sets of recorded information
• Comparing e.g., bank account to bank statements; and
• Comparing e.g., sub-ledger to general ledger.

20
 AF 4.3.2 .5
MONITORING OF p. 126
CONTROLS
Assesses the effectiveness of the design and operation of
internal control measures put in place
Responsibility of the internal audit department
Performed by management or those charged with
governance

21
 AF 4.3.2.3.2
CYCLES p. 123

Purchases &
Payment
Investment and
financing
Inventory &
Cash & Bank
Production

Salary & Wages

Sales & (HR process)
Receipts

How business works?

22
 BUSINESS CYCLES
ACCOUNTING SYSTEM & • Acquisitions &
INTERNAL CONTROL Payments
• Revenue & Receipts
ACCOUNTING SYSTEM • Wages & Salaries
• Inventory& Production
1. Transactions • Bank & Cash
Decision & approval
INTERNAL
2. Implementation of the CONTROL
CONTROL
decision SYSTEM OBJECTIVE
S
3. Source document
To achieve
4. Accounting record
• E.g., cash book
• Sub-ledger
• Journal
• General ledger

5. Financial statements 23
CONTROL OBJECTIVES AF 4.4.2
Control
Control ensures that:
p. 130
objective
Validity (All transactions/events executed and recorded were…)
- Authorised (according to entity’s policy); AND
- Occurred (not fictional);
- During period; AND
- Supported by sufficient and appropriate documentation.
Completeness (All transactions/events that occurred during the period are…)
- All recorded;
- In a timely manner; AND
- None omitted.

Accuracy (All transactions/events are…)

- Recorded at correct amounts (quantity, price, and
calculation);
- Correctly classified in the entity’s accounting records; AND
- Correctly summarised and posted to entity’s accounting
records.
NOTE – the relationship between control objectives and assertions to be addressed later
(p133) 24
 AF 4.4
3 STEPS FOR MANAGEMENT TO DESIGN
p. 128 - 136
IC-SYSTEM

Step 1 Identify risk (“What Could Go Wrong?”)

Step 2 Formulate control objective

Step 3 Apply components of internal control to design

proper system to address the risks and thereby achieve
control objective

Slide 25
HOMEWO
RK
Bring Question l.14(Class
question) with for the next
lecture

26
 Auditing Fundamentals – Chapter
AUDITING 288 388 4
INTERNAL
CONTROL AND ISA 315 “Understanding the entity
and its environment and assessing
INTRODUCTION TO the risk of material misstatement”

CYCLES
Lecture 3
ISA 330 “The auditor’s procedures
in response to assessed risks”
RECAP!
Inherent
limitations (slide
What is internal control
8)

To provide reasonable 1. Reliable FR;

assurance that the entity
Designed and
maintained by
is achieving its objectives 2. Effective operations;
relating to
Process Management and
3. Compliance with laws
and regs

System of Auditor must

internal understand and
evaluate
control company’s IC Characteristics of
(COSO) (slide 9 and 10) good IC system
Slide 11

1. Initiate and approve;

1. Control 2. Execute;
environment; 3. Record;
4. Process; and In order for auditor to be 1. Validity;
2. Risk assessment; 5. Report able to assess whether 2. Accuracy; and
3. Information these characteristics are 3. Completeness
systems (Slide 1. Segregation of duties;
present Slide 20
12); 2. Access control;
4. Control activities 3. Independent review;
4. Records;
(Slides 13 to 16); 5. Authorisation; and
and 6. Monitoring
5. Monitoring Slide 28
CLASS EXAMPLE

29
CLASS QUESTION
l.14 “ Cinnebon”

30
QUESTION PACK

31