Systems and Controls Master Class

A comprehensive guide to internal control systems and their evaluation by auditors.

1. Effect of controls on the audit

The auditor's assessment of a client's internal control system directly influences the audit approach. The extent of substantive testing is determined by the reliability of the controls.

Impact on Audit Strategy

If control risk is low:

  • More reliance on internal controls.
  • Increases the appropriateness of interim audit testing.
  • Allows for a reduction in detailed substantive procedures at the final audit stage.

If control risk is high:

  • Increase the volume of procedures at and after year-end.
  • Increase the level of substantive procedures.
  • Obtain more evidence from external sources.
  • Less reliance on analytical procedures and management representations.

Limitations of Internal Controls

The auditor can never eliminate substantive procedures entirely due to the inherent limitations of internal controls. These include:

  • Human error and ineffective controls.
  • Collusion of staff in circumventing controls.
  • The abuse of power by management (management override).
  • Management judgment on the nature and extent of controls.

2. Components of an internal control system

According to ISA 315, there are five key components of an internal control system that auditors must understand:

Components of an internal control system Control environment Risk assessment process Information System Control activities Monitoring

The five components of an internal control system.

  • The control environment: The overall attitude, awareness, and actions of management and those charged with governance regarding internal controls.
  • The risk assessment process: How management identifies and manages business risks.
  • The information system: The processes and records for initiating, recording, processing, and reporting transactions.
  • Control activities: The policies and procedures that ensure management's directives are carried out.
  • Monitoring of controls: The client's process of assessing the effectiveness of controls over time.

3. Ascertaining and documenting systems

Auditors must document a client's control systems before evaluating them. The method used is a matter of auditor judgment and can include:

  • Narrative notes: Simple to record but can be cumbersome for complex systems.
  • Flowcharts: Easy to visualize the whole system and spot missing controls, but can be difficult to amend.
  • Questionnaires: Quick to prepare and ensure common controls are present. Two types are common: Internal Control Questionnaire (ICQ) and Internal Control Evaluation Questionnaire (ICEQ).

4. Testing the system

A test of control involves the auditor obtaining evidence that a client has implemented the controls they say they have and that these controls have worked effectively. The focus of the test is the control procedure, not the underlying balance.

Tricky Area: Test of Control vs. Substantive Procedure

Remember that a test of control is different from a substantive procedure. A test of control proves that a control is working. A substantive procedure proves the accuracy of a financial statement balance. For example, reperforming a bank reconciliation is a test of control to confirm the client's control is effective. Confirming the bank balance directly with the bank is a substantive procedure.

5. Communicating control deficiencies

Auditors are required to communicate any significant deficiencies in internal controls to management and those charged with governance, typically via a management letter. The report should be structured to clearly outline the deficiency, its consequence, and a recommendation.

Example: Management Letter Extract

Deficiency

Purchase invoices were missing from the sequentially numbered file.

Consequence

There is a risk that purchases and liabilities are not completely recorded, which could lead to a loss of supplier goodwill and discounts.

Recommendation

All invoices should be sequentially filed on receipt. A regular sequence check should be performed to ensure completeness.

System-Specific Controls

Internal controls are applied to every business system to ensure transactions are handled correctly. Here are the common controls for key systems:

Sales System

Controls ensure that goods are only sold to creditworthy customers, all orders are processed and accurately recorded, and payments are received correctly.

Stage 1 Order received Stage 2 Goods despatched Stage 3 Invoice sent Stage 4 Transactions recorded Stage 5 Cash received

Stages of a typical sales system.

Purchases System

Controls ensure that all purchases are for a valid business use, are made at an appropriate price, and that the company only pays for goods it has actually received.

Payroll System

Controls ensure that only genuine employees are paid, for work actually done, at the correct rates, and that payments are correctly and promptly recorded.

Inventory System

Controls ensure that inventory is safeguarded from theft, loss, or damage, and that inventory levels are appropriate to avoid stockouts or excessive storage costs.

Cash System

Controls ensure that petty cash is kept to a minimum, cash is safeguarded from theft, and payments are only made for legitimate business expenditure.

Test Your Understanding Questions and Solutions

Test your understanding 1: Murray Co Sales Cycle

Murray case study: Sales cycle

Ordering

For all new customers, a sales manager completes a credit application which is checked with a credit agency and a credit limit is entered into the sales system by the credit controller. Credit checks are not reperformed unless a customer requests an increase to their credit limit. If an increase is requested, a new check will be performed and the credit limit revised.

The orders are entered into the sales system by a sales assistant. After the order has been accepted, the sales assistant checks that the goods are available and that the order will not take the customer over their credit limit.

Goods despatch

When the warehouse receives the order, a goods despatch note (GDN) is generated and a member of the warehouse team packs the goods using the GDN. A second member of the team double checks the details on the GDN to the goods packed, signing the GDN to evidence the check.

Four copies of the GDN are produced. One copy is sent with the goods and retained by the customer. A second is sent with the goods, signed by the customer and returned to Murray Co to confirm receipt of the goods which is filed in the warehouse. A third copy is sent to the sales team who update the system and the fourth copy is sent to the accounts department.

Invoicing

Sales invoices are raised by the accounts department using the GDNs. Sales invoices are not sequentially numbered, and no review is performed to ensure all goods have been invoiced.

Sales invoices are prepared using the approved company price list, which is updated quarterly. Payment terms are stated on the sales invoice and all customers have 10 days to pay their invoice.

Discounts must be requested by a sales manager and authorised by the sales director to allow the accounts team to raise an invoice.

Recording transaction

The receivables ledger is reviewed for credit balances by the senior accountant on a monthly basis and the receivables ledger is reconciled with the receivables ledger control account when the sales ledger manager has time. Monthly customer statements are sent to customers.

Cash receipt

Receipts are counted by the office assistant, recorded by the cashier in the cash book, and the sales ledger clerk is notified of the receipt. The sales ledger clerk agrees the amount received to the amount invoiced and marks the invoice as paid.

The credit controller reviews the aged receivables analysis on a fortnightly basis to assess the level of slow moving debts and an allowance is made for any debts which are considered doubtful. Debts which are more than six months overdue are chased up.

Required:

In respect of the sales system of Murray Co:

a) (i) Identify and explain FIVE KEY CONTROLS which the auditor may seek to place reliance on; and
(ii) Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating effectively.
Note: Prepare your answer using two columns headed Key control and Test of control respectively. (10 marks)

(b) Identify and explain FIVE DEFICIENCIES and provide a recommendation to address each of these deficiencies.
Note: Prepare your answer using two columns headed Control deficiencies and Control recommendation respectively. (10 marks)

(Total: 20 marks)

Question (a)(i): Identify and explain FIVE KEY CONTROLS which the auditor may seek to place reliance on; and
Question (a)(ii): Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating effectively.

Key controls and tests of control:

Key Control Test of Control
Credit checks are performed and credit limits set, reducing the risk of irrecoverable debts. Inspect a sample of customer files to ensure a credit check has been performed and a credit limit has been entered into the system.
A second member of the warehouse team checks goods packed, signing the GDN to evidence the check. Observe the goods despatch process and inspect GDNs for evidence of the second signature to confirm the check was performed.
Customers sign the GDN and return it to Murray Co, which helps to minimize disputes and serves as proof of delivery. Inspect a sample of GDNs retained by the warehouse to ensure they are signed by customers.
The invoice is raised from the GDN, ensuring the customer is invoiced for the correct quantity of goods despatched. Inspect GDNs for evidence of being matched to invoices. Agree the details on both to ensure the control has been effective.
Discounts must be requested by a sales manager and authorized by the sales director. Inspect a sample of sales orders with discounts for evidence of the sales director's signature authorizing the discount.

Question (b):

Identify and explain FIVE DEFICIENCIES and provide a recommendation to address each of these deficiencies.

Control deficiencies and recommendations:

Control Deficiency Recommendation
Credit checks are only reperformed if a customer requests a credit limit increase. Credit checks should be performed annually to ensure the credit limit is still appropriate.
The availability of goods is only checked after the order has been accepted. Sales assistants should be able to view real-time inventory information in the system and check availability when the order is taken.
Sales invoices are not sequentially numbered, making it difficult to identify if any are missing. Sales invoices should be sequentially numbered and a sequence check should be performed on a daily/weekly basis.
No review is performed to ensure all goods have been invoiced. A review should be performed to ensure that every GDN has a matching invoice.
The receivables ledger is only reconciled when the sales manager has time. The receivables ledger should be reconciled to the control account on a monthly basis and reviewed by a different, responsible official.
Test your understanding 2: Murray Co Purchases Cycle

Murray case study: Purchases cycle

Ordering

Goods or services are obtained by placing a purchase requisition with the centralised purchasing department. Requisitions are sequentially pre-numbered and a weekly sequence check is performed. All requisitions must be authorised by an appropriate manager.

On receipt of a purchase requisition, a purchase officer agrees the manager's signature to the signatory list held on file and checks inventory levels where appropriate. Orders are placed with suppliers using sequentially pre-numbered purchase orders.

Orders can only be placed with suppliers from the approved supplier list. Suppliers can only be added to the approved suppliers list by the procurement team once the terms of the contract have been agreed, and references obtained. Written confirmation is requested for all orders placed, and the purchase officer agrees the quoted price against the agreed price list and ensures any bulk discounts to which Murray Co is entitled, have been honoured.

Goods receipt

Goods are received into the central warehouse. Goods are inspected for condition and quantity by a warehouse operative, and agreed to the purchase order before the supplier's delivery note is signed to accept the goods.

A sequentially pre-numbered goods received note (GRN) is prepared by the warehouse team manager, and grid-stamped. The grid stamp is signed by the warehouse operative to confirm that the goods have been inspected for condition and quantity and agreed to the purchase order.

The warehouse manager updates the inventory system on a daily basis from the prepared GRNs. The warehouse manager checks the sequence of purchase orders received on a weekly basis and informs the purchasing department of any missing orders so that they can be followed up.

Invoicing

On receipt of an invoice by the head office accounts team, the invoice is matched to and filed with the relevant GRN, using the purchase order number marked on the invoice (if there is no purchase order number marked on the invoice, this must be obtained from the supplier). The invoice number is noted on the GRN grid stamp. The invoice is also checked to the original purchase order to ensure the agreed prices and discounts have been honoured.

A monthly check of GRNs is made by the purchase ledger manager, to identify any GRNs for which no invoice has been received.

Recording transaction

The purchase ledger clerk enters invoices into the system in batches. A batch control sheet is used, which details the number of invoices and the total value. These details are checked to the system batch report.

Each invoice is stamped as 'recorded' once the details have been entered onto the system. The purchase ledger manager inspects the file of invoices on a monthly basis to ensure that all invoices have been recorded.

Suppliers are required to submit monthly supplier statements, which are reconciled to the supplier's ledger account by the purchase ledger manager. The purchase ledger is reconciled to the purchase ledger control account on a monthly basis by the purchase ledger manager, and reviewed by the company accountant.

Cash payment

The list of payments is sent to the company accountant, who agrees the details of each payment to the relevant invoice and signs each invoice to authorise payment and evidence the check. The list of payments is signed by the accountant once all invoices have been checked, and sent to the cashier's office for payment.

If any individual payment is for more than $25,000 or total payments are for more than $250,000 a second signatory is required. These payments must also be checked and signed by either the financial controller, or finance director.

Payments are made by the cashier's office by bank transfer. Invoices are stamped as 'paid', and returned to the purchase ledger team who record the payment and file the invoices (separately from invoices not yet paid).

The purchase ledger manager checks GRNs on a monthly basis to ensure that invoices have been received and paid on a timely basis.

Required:

In respect of the purchases system for Murray Co:

(i) Identify and explain TEN KEY CONTROLS which the auditor may seek to place reliance on; and
(ii) Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating effectively.

Note: Prepare your answer using two columns headed Key control and Test of control respectively.

(20 marks)

Question: Identify and explain TEN KEY CONTROLS which the auditor may seek to place reliance on and describe a TEST OF CONTROL for each.

Key controls and tests of control:

Key Control Test of Control
Centralized purchasing department ensures cost-effective purchasing. Inspect the organization chart and a sample of purchase orders to verify all purchases are made through the department.
Sequentially pre-numbered requisitions and a sequence check are performed to ensure all requisitions are fulfilled. Inspect the requisition log for evidence of a weekly sequence check, such as a signature.
All requisitions must be authorized by an appropriate manager. Inspect a sample of requisitions for the signature of an appropriate manager.
Goods are inspected for condition and quantity and agreed to the purchase order upon receipt. Observe the goods receipt process and inspect delivery notes for a signature confirming the check.
A sequentially pre-numbered goods received note (GRN) is prepared and a sequence check is performed. Inspect evidence of the sequence check being performed, such as a signature.
The invoice is matched to the GRN to ensure only goods that have been received are paid for. Inspect a sample of invoices to ensure they are filed with the relevant GRN.
The invoice number is noted on the GRN and a monthly check is made for GRNs with no invoice. Review the GRN for the invoice number and inspect evidence of the monthly check being performed.
Batch controls are used for entering invoices, ensuring accuracy of the purchases and payables figures. Inspect a sample of batch control sheets for evidence of completion and agreement to the system batch report.
Supplier statement reconciliations are performed to identify and correct errors. Inspect a sample of monthly supplier statements for evidence of reconciliation being performed and re-perform the reconciliation.
Payments are authorized by the company accountant, preventing fraud. Inspect a sample of payments for evidence of the company accountant's review and authorization.
Test your understanding 3: Murray Co Payroll Cycle

Murray case study: Payroll cycle

Clock cards submitted and input

Murray Co employs a total of 300 people, 200 of these being workers who are paid weekly in cash. Weekly paid workers are required to record their times of arrival and departure at the factory using a clock card which is inserted in a time recording clock. Use of the time recording clock is supervised by the relevant factory manager.

On a weekly basis the cards are collected and passed to the works office where the clerk totals up the hours worked on each card and lists the total hours worked (a 'hash' total). The cards and the total hours list are then passed to the wages clerk who enters the hours worked into the payroll system and agrees the total entered.

Gross pay, deductions and net pay calculated

The payroll system calculates the gross and net pay and a payroll report is generated by the payroll manager. The payroll manager recalculates a sample of employee wages and compares his figures to the amounts calculated by the payroll system. He passes the payroll report to the wages clerk who creates a payment list detailing the payments to be made to the monthly paid employees and the taxation authority.

The payroll report and payment list are passed to the company accountant. The company accountant reviews the payment list for any unusual amounts and compares each employee's net pay on the payroll report to the payment list. He also compares the totals with the previous week as a reasonableness check. Once all of these procedures are complete, the company accountant signs both documents and raises a cheque requisition for the weekly paid workers. The signed payroll report is returned to the payroll clerk who generates the payslips from the payroll system. The payslips, cheque requisition and signed payment list are then passed to the cashier's department for processing.

Payments to employees and tax authorities

Employees are paid in cash at the employees' request. The cashier draws a cheque for the net amount of the payroll which is then signed by two directors. The cheque is given to a secure cash transit company who draw the money from the bank and deliver it under guard to the cashier. The cashier then puts the money into pay envelopes along with a pay slip for weekly paid workers.

The sealed envelopes and relevant clock cards are then used for pay-outs. Each worker obtains their money once they have identified themselves and signed their clock card. Unclaimed wages are held for three weeks before being banked.

Monthly paid workers and the tax authorities are paid by bank transfer on the last day of each month, as per the payment list authorised by the company accountant.

Payroll costs and payments recorded

A copy of the payroll list is sent to the head office accounts team who record the payroll expense and payments made. Any unclaimed wages are notified by the wages office to the head office team on an anomalies list completed once all of the clock cards have been returned. The head office accounts team check the bank statements to ensure that this money has been banked.

Standing data and other amendments

Leaver and joiner forms must be completed and authorised by the employee's immediate manager and the finance director at least one month before the amendment is required to the payroll. Other amendments to standing data, e.g. pay rises and hourly rates, are completed on a specific form for this purpose, and authorised in the same way. A monthly report of amendments to standing data is sent to the finance director for review and authorisation. Standing data files are sent to departmental managers on a quarterly basis for review.

Required:

In respect of the payroll system for Murray Co:

(i) Identify and explain TEN KEY CONTROLS which the auditor may seek to place reliance on; and
(ii) Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating effectively.

Note: Prepare your answer using two columns headed Key control and Test of control respectively.

(20 marks)

Question: Identify and explain TEN KEY CONTROLS which the auditor may seek to place reliance on and describe a TEST OF CONTROL for each.

Key controls and tests of control:

Key Control Test of Control
Supervision of clock card use to ensure only genuine employees are paid for work done. Observe the clocking in and out procedures.
A hash total of hours is agreed, reducing the risk of incorrect payments. Observe the totalling process and inspect a sample of payroll sheets for the wages clerk's signature.
The payroll manager recalculates a sample of wages, ensuring the system calculates wages accurately. Review a sample of the calculations performed by the payroll manager.
Segregation of duties between payroll calculation and cheque requisition prevents fraud. Inspect the monthly payment list and payroll report for the company accountant's signature.
Review of payroll by the company accountant ensures anomalies are identified. Inspect the payroll report and payment list for the company accountant's signature.
Payroll cheque is signed by two directors. Inspect the bank mandate to ensure it requires the signature of two directors for large cheques.
Cash is delivered by a secure transit company. Observe the cash being delivered and inspect invoices for the security firm's services.
Workers must identify themselves and sign clock cards to receive money. Observe the payment process and inspect a sample of signed clock cards.
Head office accounts record payroll and are notified of unclaimed wages. Inspect the anomalies list and enquire whether weekly notifications occur.
Completion and authorization of standing data forms. Select a sample of employees with pay rises and inspect the system details to ensure the forms have been completed and authorized.
Test your understanding 4: Rhapsody Co Sales Cycle

Rhapsody Co sales cycle

Rhapsody Co supplies a wide range of garden and agricultural products to trade and domestic customers. The company has 11 divisions, with each division specialising in the sale of specific products, for example, seeds, garden furniture, and agricultural fertilizers. The company has an internal audit department which provides reports to the audit committee on each division on a rotational basis.

Products in the seed division are offered for sale to domestic customers via an Internet site. Customers review the product list on the Internet and place orders for packets of seeds using specific product codes, along with their credit card details, onto Rhapsody Co's secure server. Order quantities are normally between one and three packets for each type of seed. Order details are transferred manually onto the company's internal inventory control and sales system and a two part packing list is printed in the seed warehouse. Each order and packing list is given a random alphabetical code based on the name of the employee inputting the order, the date and the products being ordered.

In the seed warehouse, the packets of seeds for each order are taken from specific bins and despatched to the customer with one copy of the packing list. The second copy of the packing list is sent to the accounts department where the inventory and sales computer is updated to show that the order has been despatched. The customer's credit card is then charged by the inventory control and sales computer. Irrecoverable receivables in Rhapsody Co are currently 3% of the total sales.

The computer system checks that for each charge made to a customer's credit card account, the order details are on file to prove that the charge was made correctly.

Required:

In respect of sales in the seeds division of Rhapsody Co:

(i) Explain FOUR deficiencies in the sales system, and
(ii) For each deficiency provide a recommendation to overcome that deficiency.

Note: Prepare your answer using two columns headed Control deficiency and Control recommendation respectively.

(8 marks)

Question: (i) Explain FOUR deficiencies in the sales system, and (ii) For each deficiency provide a recommendation to overcome that deficiency.

Deficiencies and Recommendations:

Deficiency Recommendation
Orders placed on the website are transferred manually, which may lead to human error. The computer systems should be upgraded so that order details are transferred directly between the two systems.
Each order is given a random alphabetical code, making it difficult to check for completeness. Orders should be sequentially numbered, and a daily sequence check should be performed.
The customer's credit card is charged after goods are despatched, risking non-payment. Authorization to charge the credit card should be obtained prior to the despatch of goods.
There is no check that all orders have been invoiced and charged. An exception report of orders not invoiced should be generated weekly and investigated.
Test your understanding 5

Question: Explain THREE actions that the auditor may now take in response to this problem.

Solution:

  • The auditor can increase the amount of controls testing. This may indicate that the control deficiency was not as bad as initially thought.
  • The problem can be raised with management and those charged with governance so that corrective action can be taken.
  • The auditor can perform additional substantive procedures. If controls have not worked effectively there is a greater risk of misstatement.
Test your understanding 6: Numero Uno Payroll System

Numero Uno Payroll System

You are an audit senior working at a medium sized firm of auditors. One of your clients, Numero Uno, is an exclusive hotel situated in the centre of Big City. As part of your audit procedures, you are assessing the controls surrounding payroll. You have read last year's audit file and have obtained the following information:

The hotel employs both full and part time staff. Due to the nature of the business most of the work is done in shifts. All staff are paid on a monthly basis.

New members of staff are given an electronic photo identification card on the day they join by the personnel department. This card is used to 'clock in' and 'clock out' at the start and end of the shift to record the hours worked.

At the end of each week the information recorded on the system is sent automatically to the payroll department and also to the head of each of the three main operating divisions: Rooms, Food & Beverage and Corporate Events. Each head of division must reply to the payroll department by email to authorise the hours worked by their staff.

The payroll clerk collates all the authorised information and inputs the hours worked into a standardised computerised payroll package. This system is password protected using an alphanumerical password that is only known to the payroll clerk and the finance manager.

Once the hours have been entered, the calculations of gross pay and taxation are calculated automatically along with any other statutory deductions. Once calculated, a payroll report is produced and printed. The finance manager reviews the report and compares the data to last month to identify and follow up any unusual variances. When he is satisfied with the information, he authorises the payroll run by signing the payroll report and the payroll clerk submits the data.

Payslips are sent to the home address of each employee and payment is made by bank transfer.

Required:

In respect of the payroll system for Numero Uno:

(i) Identify and explain FOUR KEY CONTROLS which the auditor may seek to place reliance on; and
(ii) Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating effectively.

Note: Prepare your answer using two columns headed Key control and Test of control respectively.

(8 marks)

(Total: 10 marks)

Question (a): Define 'tests of control' and explain their importance. (2 marks)

Solution:

A test of control tests the operating effectiveness of controls in preventing, detecting, or correcting material misstatements. It's important for an auditor to test controls to ensure their initial understanding is appropriate, allowing them to assess the risk of misstatement and design appropriate substantive audit procedures.

Question (b):

Identify and explain FOUR KEY CONTROLS and describe a TEST OF CONTROL for each.

Key controls and tests of control:

Key Control Test of Control
Staff are assigned a unique ID card to record hours worked, with segregation of duties between card allocation and payroll processing. Inspect ID cards and agree employee details to HR records to verify existence.
Hours worked are authorized by divisional heads, reducing the risk of overstating hours. Inspect emails from divisional heads authorizing the hours worked.
The payroll system is password protected, limiting unauthorized access and manipulation of data. Use test data to enter a "dummy" password to ensure access is not granted.
The finance manager reviews the payroll report and compares it to last month's report to identify unusual variances. For a sample of months, inspect the payroll reports for evidence of the finance manager's signature.
Test your understanding 7: Bunbury Co Payroll System

Question 1: Which of the following is the main reason for the control of segregation of duties between calculation of payroll and responsibility for changes to standing data?

  • A. Changes to standing data must be performed by a manager whereas payroll calculations can be performed by a payroll clerk
  • B. If one person was responsible for both they would be more likely to make errors due to a high workload
  • C. If one person was responsible for both they could increase their salary and make fraudulent payments to themselves
  • D. Each individual role within an organisation must be carried out by different people

Solution:
C. Segregation of duties helps to prevent fraud.

Question 2: Which of the following procedures would provide the most reliable evidence that the first control, payroll calculations are checked by a payroll manager, is working effectively?

  • A. Enquiry with the payroll clerk performing the payroll calculation
  • B. Enquiry with the payroll manager performing the check
  • C. Recalculation of the payroll amounts by the auditor
  • D. Inspection of the payroll report for evidence that a sample of payroll amounts are checked

Solution:
D. Inspection of the payroll report for evidence that a sample of payroll amounts are checked.

Question 3: Which of the following is NOT a test of control?

  • A. Inspection of employee contracts to confirm the salary the employee should be paid
  • B. Inspection of payroll reports for evidence of authorisation by the manager
  • C. Inspection of the list of employees for each department for evidence of the department manager's review
  • D. Observation of the payroll function to confirm segregation of duties is in place

Solution:
A. Inspection of employee contracts is a substantive procedure.

Question 4: Which of the following is a control objective relevant to the control that each department manager reviews the list of employees?

  • A. To ensure payroll is accurately calculated
  • B. To ensure only valid employees are paid
  • C. To ensure employees are paid for the correct hours
  • D. To ensure employees are paid at the correct salary

Solution:
B. The department manager would identify if any fictitious employees or employees who had left the company were included on the list.

Question 5: Which of the following could be used by Bunbury Co to monitor the effectiveness of the company's controls?

  • A. Internal audit assignments
  • B. Performing bank reconciliations
  • C. Authorisation of payments
  • D. Segregation of duties

Solution:
A. Internal audit can monitor the effectiveness of controls by regularly testing them.

Test your understanding 8

Question 1: Which of the following best describes the requirement of the auditor in respect of the controls documentation?

  • A. The auditor must document the systems this year as they may have changed since last year
  • B. The auditor may enquire whether the systems have changed since last year, and if not, no further work is necessary
  • C. The auditor must perform procedures to ensure the systems work as documented on file e.g. by performing walkthrough tests
  • D. No work is necessary on systems documentation unless the client informs the auditor that changes have occurred

Solution:
C. The auditor must perform procedures to ensure the systems work as documented on file.

Question 2: Which of the following best describes the auditor's approach in respect of reliance on internal controls?

  • A. Tests of controls must be performed over material areas of the financial statements
  • B. Tests of controls must be performed each year over the areas where the auditor is hoping to place reliance on the controls
  • C. Tests of controls are not necessary this year as no deficiencies were identified last year
  • D. Tests of controls must be performed over all areas irrespective of whether the auditor is planning to place reliance on those controls

Solution:
B. Tests of controls are only performed when the auditor is planning to place reliance on those controls.

Question 3: Which of the following questions would NOT be included in an internal control evaluation questionnaire?

  • A. How does the company ensure sales are only made to creditworthy customers?
  • B. How does the company ensure that purchases are only made for a valid business use?
  • C. How does the company ensure that all purchases are recorded?
  • D. Is access to the warehouse restricted to authorised personnel only?

Solution:
D. This question would be included in an internal control questionnaire, not an evaluation questionnaire, as it asks for a "yes/no" answer, not a description of the control.

Question 4: Internal controls should be monitored on an ongoing basis to ensure they are adequate, relevant and working effectively. Which of the following will NOT monitor the internal controls of a company?

  • A. External auditor
  • B. Management
  • C. Consultancy firm hired by management
  • D. Internal auditor

Solution:
A. The external auditor tests controls but does not monitor them on an ongoing basis.

Question 5: Match the description to the appropriate method of documenting a control system.

Description Method
A diagram depicting the controls in place at each stage of a process Flowchart
A disadvantage of this method may be that controls are overstated ICQ/ICEQ
An advantage of this method is that they are easy to prepare in advance and therefore efficient ICQ/ICEQ
For larger systems this method may be time consuming and it may be difficult to identify missing controls Narrative notes