Search in the document preview
ACCA Paper F 8 AUDIT AND ASSURANCE SERVICES (INTERNATIONAL STREAM)
Lecture 3 Control Environment and Control Procedures
DATE: June 2011 TUTOR: Feroza Cooper
The control environment is design by the senior management
Factors that are included in the control environment are:
1. Management's philosophy and operating style
Characteristics that form part of a management's philosophy and operating style and which have an impact on the control environment include the management's:
• approach to the taking and monitoring of business risks;
• reliance on informal face to face contacts with key managers versus a formal system of written policies, performance indicators and exception reports;
• attitudes and actions toward financial reporting;
• conservative or aggressive selection of accounting principles from available alternatives;
• conscientiousness and conservatism in developing accounting estimates;
• attitudes towards information processing and accounting functions and personnel.
2. Integrity and ethical values.
In order to emphasise the importance of integrity and ethical values among all personnel of an organisation the management should:
• Demonstrating integrity and practising ethical behaviour among all employees of the organisation.
3. Commitment to competence. Personnel at every level in the organisation must possess the knowledge and skills needed to perform their jobs effectively.
4. Organisational structure and assignment of authority and responsibility.
An organisational structure contributes to an entity's ability to meet its objectives by providing an overall framework for planning, executing, controlling and monitoring the entity's activities.
Methods of imposing control
The board of directors and the audit committee and the manner in which they exercise their governance and oversight responsibilities have a major impact on the control environment.
Factors include the:
• Proportion of outside directors and the establishment of an audit committee.
• Experience of members in audit committee.
• Extent of their involvement with and scrutiny of management's activities.
* Degree to which they raise and pursue difficult questions with management.
* Nature and extent of their interaction with internal and external auditors.
Internal audit function strengthens the control environment. To be effective, internal audit auditor need to:
• skilled • integrity; • Have appropriate access to the board of directors and the audit committee,
and to the external auditors.
Personnel policies and practices
A fundamental concept of internal control is that it is affected or implemented by people. For the accounting and internal control systems to be effective, human resource policies and practices must ensure that entity personnel possess the expected integrity, ethical values and competence.
Such practices include:
• Developing appropriate recruiting policies.
• Screening prospective employees.
• Developing training policies that communicate prospective roles and responsibilities.
• Exercising disciplinary action for violations of expected behaviour.
• Evaluating, counselling and promoting people based on periodic performance appraisals.
• Implementing compensation programmes that motivate and reward superior performance while avoiding disincentives to ethical behaviour.
Control procedures are those policies and procedures which established to achieve the entity’s specific objective.
They include in particular procedures designed to prevent or detect errors and fraud.
Control procedures are details check and control which are built into the system
Types of internal control
1. Segregation of duties:
No one person should be responsible for the recording and processing of the complete work. This reduces the risk of fraud or error.
2. Physical: To ensure that assets are safeguard and there is restriction the access to the authorised personnel. E.g. using password locks.
3. Authorisation and approval. All transaction should require authorisation or approval by an appropriate person.
4. Arithmetic and accounting. To ensure completeness and accuracy of recoding e.g. Trial Balances, reconciliation’s and control accounts.
5. Personnel. Delegation of duties to people with appropriate skills.
6. Supervision: All actions by all levels of staff should be supervised. The responsibility for supervision should be clearly set out.
7. Management: These are control exercised by management, which are outside and over and above the day to day routine of the system.
Limitation of internal control
1. Cost of implementation internal control systems. 2. Potential human error due to stress of workload, or carelessness. 3. The possibility of circumvention of controls either alone or through collusion
with parties outside or inside the entity. 4. Abuse of responsibility.
5. Management override internal control
Methods of recording the internal control systems
1. Narrative Notes
• Useful when systems are elementary.
• Capable of logical appraisal if properly compiled
- Documents listed in order of processing - Cross-referenced to procedures performed on documents - Division of duties indicated - Authority levels and limit indicated
• Useful supplement to flowcharts and record exception routines (e.g. processing of credit notes in a sales system.
• Difficult to appraise complex systems. • Difficult to highlight controls • Changes in systems might require a complete rewrite
2. Internal Control Questionnaires
Questions determine accounting procedures, documents raised and controls imposed.
• Comprehensive list of questions on all sub systems and all possible aspects of control automatically highlights strengths, weakness and omissions.
• All aspects of accounting and control are considered. • Facilitates review and evaluation are facilitated • Provides an easy way to cross-referencing to audit programmes
• The questions concentrate on the controls themselves rather than the error, fraud or irregularity the control is designed to prevent or detect.
• The questions do not assess materiality or relative importance of controls. • It is difficult to determine the existence of compensating or mitigating
controls when no answers indicate a weakness. • Experience and judgement are required in evaluation. • Standard questions may not apply to the specific situations of different
EXAMPLE: Internal control questionnaire for bank transactions 1. How often is bank reconciliation prepared? 2. (a) Is the person responsible for function independent of the receipts and payment function? (b) Alternatively is the reconciliation independently checked? 3. Does the person preparing the bank reconciliation obtain statements direct from the bank and retain them until the reconciliation is effected? 4. Does the independent reconciliation include? (a) A comparison of the debits and credits shown on the bank statements with the cashbook? (b) A comparison of paid cheques with the cashbook as to names, dates and amounts? (c) A test of the detailed paying-in-slip with the cashbook? (d) An enquiry into contra items? (e) Are items more than one month old investigated to?
• Diagrammatic and shorthand symbols give perspective to the system’s description.
• They aid understanding and communications
• The discipline of construction ensures complete recording of processes, documents files, books and controls.
• Controls and weaknesses are easily highlighted • Continuity of the audit is facilitated where audit staff changes take place. • Review is facilitated by those not familiar with the client or system.
• Complex systems are difficult to evaluate by inexperienced staff. • Changes in systems may require a complete redraft.
4. Internal Control Evaluation Questionnaires (ICEQ’s)
An ICQ tries to establish how good the system of controls is. The ICEQ tries to establish if specific errors and fraud are possible.
Method of evaluating an already ascertained system (e.g. by flowchart)
ICEQ is a list of supplementary questions to assess whether desirable controls are present which individually or collectively prevent or detect the error or fraud in the key questions.
ICEQ’s facilitate the determination of whether desirable are present to detect,
eliminate or prevent the risk of serious error, fraud or irregularity.
They aid the evaluation process of complex flowchart.
They provide a logical basis for subsequent design and selection of detailed audit tests-they are easily cross-referenced to audit programme.
They encourage better comprehension of systems by more junior staff.
Too many supplementary questions can turn the ICEQ and ICQ and hence cause confusion.
Purpose of Test of Controls at Interim audit:
• To obtain information about the operational system on a theoretical basis for example:
• Organisational chart • Procedures manual • Systems notes
• Gather information about the system and perform walk through test. • Ascertain strengths and weaknesses of major operational areas for example: • Complete internal Control Questionnaires
• Perform tests of control
At Final audit:
• Final audit of the company at year-end is to produce statutory financial statement.
• Audit concentrates on verifying the items and management assertions in the balance sheet and profit and loss contained in the financial statement.
• Complete substantive procedures, perform subsequent events review and obtain management representation and form an opinion.
• Report opinion
ISA 265: Communicating Deficiencies in Internal Control to Those Charged with Governance and Management.
‘Significant deficiencies = new term for ‘Material weaknesses’
Significant deficiencies in internal controls include:-
• Controls that are designed, implemented or operated in a way that they are unable to prevent or detect misstatements on a timely basis.
• Controls necessary to prevent and detect misstatement is missing.
The auditor should determine whether individually or in combination the identified deficiencies constitute a ‘significant deficiency.’ Significant deficiencies’ should be communicated to those charged with governance in writing.
Non significant deficiencies should be communicated to management.
Internal Control Tests in specific areas of a business:
Cash and Cheques received by post:
• To ensure that all cash and cheques received by post are accounted for and accurately recorded in the books. To ensure all such receipts are promptly deposited in the bank.
• Measures to prevent interception of mail between receipts and opening
- Appointment of a staff to be responsible for opening of the post and two other person present at the opening of the post.
• Immediate entry of the details of the receipts in a cash book and independent person should be responsible for banking and recording the transaction (Date, payer details amount either cash or cheques).
- Regular independent comparison of the post list with banking records. The tests should be of total, detail and dating to detect teeming and lading at a later stage in the processing
Cash sales and collections:
To ensure that all cash, to which the enterprise is entitled is received, and ensure that all such cash is properly accounted for and entered in the records.
Authorised person should be responsible to receive cash for example sales assistants, cashiers.
Evidence of cash receipts for example pre-numbered duplicate receipts cash or cash registers with sealed till rolls. The duplicate receipts form books should be securely held and issue should be controlled.
A staff should be responsible for emptying cash registers at prescribed intervals and agreeing the amount present with till roll totals or internal registers.
Immediately banked the cash and payments for petty cash should be on imprest system.
Independent comparison of agreed till roll totals with subsequent banking
Persons handling cash should not have access to other cash funds or maintain sales ledger records.
Rotation of duties and cover for holidays and sickness.
Collections by sales should be banked intact daily. There should be independent comparison of the amount banked and records of the salesmen.
To prevent mis-appropriation of cash balance and to prevent unauthorised cash payments
To establish of cash floats of specified amount and location
Appointment of staffs responsible for each cash balance.
Arrangement of security measures including use of safes.
Use of imprest system on the basis that petty cash is replenished by the amount of what the company has spent and there are specific rules on reimbursement only against authorised vouchers.
Strict rules on the authorising of cash payments.
Independent cash count on a regular and a surprise basis.
Insurance arrangements e.g. cash balance and fidelity guarantee.
To prevent misappropriation of bank balance and to prevent teeming and lading.
Reconciliation should be prepared on regular basis.
The reconciliation should be performed by an independent person.
Arrangement should be made for bank statements to be sent direct to the person responsible for the reconciliation.
A comparison of debit and credit in the cash book with corresponding entries in the bank statements.
A comparison of returned cheques with cash book entries noting dates, payee and amounts.
A test of the details paying-in slips with cash book.
All outstanding cheques and lodgements should be traced through to the next period and their validity verified.
Any unusual items e.g. contras or dishonoured cheques should be investigated
The balance at the bank should be independently verified with the bank at intervals.
Special arrangement should be instituted on the controls and recording of trust monies e.g. employee’s sick pay or holiday funds, attachment of earnings.
To prevent unauthorised payments being made from bank accounts.
Control over custody and issue of unused cheque book. A register should be kept if necessary.
Staff should responsible for preparation of cheques.
Rules should be established for the presentation of supporting documents before cheques can be made out. Such supporting documents may include GRNs, purchase orders and invoices.
All such documents should be stamped “paid by cheque no” with date.
Established who should sign cheques. All cheques should be signed by a least two persons, with no person being permitted to sign if he is a payee.
No cheque should be made out to bearer except for the collection of wages or reimbursement of cash funds.
All cheque should be restrictively crossed.
The signing of blank cheques must be prohibited.
Special safeguards should be implemented where cheques are signed mechanically or have pre-printed signatures. Such signing is often made for dividends payments, salary cheques and for others.
Rules to ensure prompt despatch and to prevent interception or misappropriation.
Special rules for authorising and checking direct debits and standing orders.
Wages and salaries
Objective: To ensure that wages are paid only to actual employees at authorised rates of
To ensure that all wages are computed in accordance with records of work performed whether in respect of time, output, and sales made or other criteria.
To ensure that payments are made only to the correct employees.
To ensure that payroll deduction are correctly accounted for and paid over to the appropriate government bodies.
To ensure that all transactions are correctly recorded in the books of account.
There should be separate records kept for each employee. The records should contain such matters as date of engagement, age, next of kin, agreed wages, deduction, qualification, skill and experience.
Procedures for and specified officials responsible for engagement, retirement, dismissals, fixing and changing rates of pay. Procedures should be laid down for notification of these matters to the personnel and wage roll preparation departments.
Time records should be kept, preferably by means of supervised clock card recording. These should be approved and approval acknowledge. All overtime should be authorised.
The payroll should be prepared by personnel unconnected with other wage duties. Special procedures should exist for dealing with advances, holiday pay, luncheon, new employees, employees leaving, sickness and other absences and bonuses.
The preparer of pay wages should be independent.
Special rules should be established for distribution of wages. Surprise attendance at payout should be made at intervals by internal audit or senior manager.
Unclaimed wages should be subject to special procedures. These should include a record to be maintained of unclaimed wages, safe custody of such pay packets, a requirement for investigation, subsequent payout only after proof of entitlement, breaking down and re-bank the unclaimed wage after specified time period.
Payments by cheque and credit transfer should be subject to special procedures. These could include maintenance of separate bank account with regular reconciliation.
Deduction such as PAYE, national insurance, pension contribution and other dues should be subject to prompt payment over to the relevant agencies.
Regular reconciliation should be made between personnel records and wage records.
Wage records should conform to the requirements of statutory sick pay.
Purchases and Accounts payables
To ensure that goods and services are ordered in the quantity, of the quality, and at the best terms available after appropriate requisition and approval.
To ensure that goods and services received are inspected and only acceptable items are accepted.
To ensure that all invoices are checked against authorised orders and receipts of the subject matter good condition.
To ensure that all goods and services invoiced are properly recorded in the books.
There should be procedures for the requisitioning of goods and services only by specified personnel on specified forms with spare for acknowledgement of performance.
Order forms should be pre-numbered and kept in safe custody.
Sequences checks of order forms should be performed on regular basis by senior person in the purchase department.
All goods received should be recorded on goods received notes or in special book.
All goods should be inspected for condition and agreement with order and counted on receipts. The inspection should be acknowledged.
Procedures for dealing with rejected goods or services should be include the creation debit notes with subsequent sequence check and follow up of receipts of suppliers’ credit notes.
Invoice should be checked for arithmetical accuracy, pricing, correct treatment of VAT and trade discount, and agreement with purchase order and good-in records.
Invoices should have consecutive numbers put on them and batches should be pre-list.
Total of entries in the invoice register or purchase day book should be regularly checked.
A staff should be responsible for preparation of purchase ledger and independent of other purchased duties.
The purchase ledger should be subject to regular reconciliation in total by or be checked by an independent senior staff.
Purchase ledger account balances should be regularly compared with suppliers’ statements of account.
Cut-off procedures at the year end are essential.
A proper coding system is required for purchase of goods and services so that the correct nominal accounts are debited.