630 likes | 761 Views
Auditing 1. Lecture 13 Internal Controls. Introduction. The auditors must understand the accounting system and control environment in order to determine their audit approach.
E N D
Auditing 1 Lecture 13 Internal Controls
Introduction • The auditors must understand the accounting system and control environment in order to determine their audit approach. • An understanding of internal control assists the auditor in identifying types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing and extent of further audit procedures.
Definitions • Internal control is defined as ‘the whole system of control, financial and otherwise, established by the management in other to carry on the business of the enterprise in an orderly and manner efficient, ensure adherence to management policies, safeguard the assets and secure as far as possible the completeness and accuracy of records’. APC of UK • The individual components of an internal control system are known as controls or internal controls.
Definitions • ‘Internal control is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations’. ISA 315
Definitions • Internal controls includes all policies and procedures adopted by the directors and management of an entity to assist in their objective of achieving as far as possible the orderly and efficient conduct of the business including adherence to internal policies, safeguard of assets, the prevention and detection of fraud and error, the accuracy and completeness of accounting record and timely preparation of reliable financial statement.
Objectives of Internal Controls • Internal Controls are instituted in an organization in order to ensure: • The reliability and integrity of information • Compliance with policies • The safeguarding of assets • The economical and efficient use of resources • The accomplishment of established objectives and goals for operations and programmes
Elements of internal controls • Internal control has five elements; • The control environment • The entity’s risk assessment process • The information system relevant to financial reporting • Control activities • Monitoring of controls
Control environment • The control environment is the framework within which controls operate. It is very much determined by the management of a business. • It includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. • A strong control environment does not by itself, ensure the effectiveness of the overall internal control system, but can be a positive factor when assessing the risks of material misstatement. A weak control environment can undermine the effectiveness of controls
Elements of control environment • Communication and enforcement of integrity and ethical values. • Commitment to competence • Participation by those charged with governance • Management’s philosophy and operating style • Organizational structure. • Assignment of authority and responsibility • Human resource policies and practices
Entity’s risk assessment process • ISA 315 says the auditor shall obtain an understanding of whether the entity has a process for; • Identifying business risks relevant to financial reporting objectives. • Estimating the significance of the risks • Assessing the likelihood of their occurrence • Deciding upon actions to address those risks
Information system relevant to financial reporting • This is a component of internal control that includes the financial reporting system, and consists of the procedures and records established to initiate, record, process and report entity transactions and to maintain accountability for the related assets, liabilities and equity. The areas include; • Classes of transactions in the entity’s transactions • Procedures within both IT and manual systems are initiated • Related accounting records • Controls surrounding journal entrries
Control activities • These are those policies and procedures that help ensure that management directives are carried out. • Control activities include those activities designed to prevent or detect and correct errors. They include activities relating to authorisation, performance reviews, information processing, physical controls and segregation of duties. • Examples are approval and control of documents, controls over computerised application, checking arithmetical accuracy of records, etc
Monitoring of controls • This is a process to assess the effectiveness of internal control performance over time. It includes assessing the design and operation of controls on a timely basis and taking necessary corrective actions modified for changes in conditions.
Limitations of accounting and control systems • Any internal control system can only provide the directors with reasonable assurance that their objectives are reached, because of inherent limitations. These include; • The costs of control not outweighing their benefits • The potential for human error (key) • Collusion between employees • The possibility of controls being by-passed or overridden by management • Controls being designed to cope with routine and not non-routine transactions
Recording accounting and control systems • The auditor must keep a record of the client’s systems which must be updated each year. This can be done through the use of narrative notes, flowcharts, questionnaires or checklists.
Narrative notes • The purpose of narrative notes is to describe and explain the system, at the same time as making any comments or criticism which will help to demonstrate an intelligent understanding of the system. • Advantages • Simple to record and understand • Flexible method and can be used for any system • Editing is easy when computerised • Disadvantages • Time consuming compared to flowcharts • Awkward to update if kept manually • Difficult to identify missing controls
Flowcharts • This can take many forms but generally are graphic illustrations of the physical flow of information through the accounting system. Flowlines represent the sequence of processes, and other symbols represent the inputs and outputs to a process. • Visit http//www.rff.com/flowcharts_samples.htm • Advantages • Can be prepared easily after a little experience • Fairly easy to follow and review • System is recorded in its entirety from start to end • Eliminate the need for extensive narrative • Disadvantages • Suitable for standard systems • Amendment is difficult without withdrawing • Time consuming to areas that are of no audit significance
ICQs • The major question which internal control questionnaires are designed to answer is ‘How good is the system of controls?’ • Although many different forms of ICQs exist in practice, they all conform to the following basic principles. • They comprise a list of questions designed to determine whether desirable controls are present. • Formulated to cover each of the major transaction cycle. • ICQ is to evaluate the system as well as record it. • Example; Are purchase invoices checked with GRN before being passed for payment? YES/NO/Comments
ICQ example on Goods inward • Are suppliers examined on arrival as to quantity and quality? • Is such an examination evidenced in some way? • Is receipt of suppliers recorded, perhaps by means of goods inwards notes? • Are receipt records prepared by a person independent of those responsible for; • Ordering function? • The processing and recording of invoices
ICEQs • ICEQs are concerned with assessing whether specific errors (or frauds) are possible. • They concentrate on significant errors or omissions that could occur at each phase of the appropriate cycle if controls are weak. Examples on purchases include; • Is there reasonable assurance that; • Goods or services could not be received without a liability being recorded? • Receipt of goods or services is required in order to establish a liability? • A liability will be recorded: • Only for authorised items • At the proper amount?
Advantages and disadvantages of ICEQs • Advantages • Can ensure all controls are considered • Quick to prepare • Easy to use and control • Easier to apply to a variety of systems than ICQs • Identify key controls • Highlight deficiencies • Disadvantages • Can be drafted vaguely, hence misunderstood • May contain irrelevant controls • May not include unusual controls • May overstate controls
Checklists • Checklists may be used instead of questionnaires to document and evaluate the internal control system. • The difference is that instead of asking questions, statements are made to ‘mark off’ and tick boxes are used to indicate where the statement holds true. • Example • ‘Suppliers are examined on arrival as to quantity and quality’. Tick Cross out • Checklists share many advantages and disadvantages of ICQs and ICEQs
TYPES OF INTERNAL CONTROLS • Preventive Controls: that is, to deter undesirable event from occurring. • Detective Controls: This is aimed at detecting undesirable event which have occurred. • Corrective Controls: To remedy any undesirable event that has occurred.
INTERNAL CONTROL MEASURES/ PROCEDURES • S – Segregation of Duties • O – Organisation • A – Authorisation • P – Physical • S – Supervisory • P – Personal • A – Arithmetical and accounting • M – Management
SEGREGATION OF DUTIES: • These should be a division of responsibilities for authorizing or initiating transactions physical custody and control of assets recording the transaction. Segregation of duties reduces the risk of intentional manipulations or error and increase the element of checking
ORGANISATION: • Enterprises should have a plan of their organization, defining and allocating responsibilities and identifying lines of reporting for all aspects of the enterprises operations, including the controls. The delegation of authority and responsibility should be clearly specified
AUTHORISATION OR APPROVAL • All transactions should require authorization or approval by an appropriate responsible person. The limits for these authorizations should be specified
PHYSICAL: • These are concerned mainly with the custody of assets and involve procedures and security measures designed to ensure that access to assets is limited to authorized personnel. For example, the custody of the keys to the safe should be limited to only the cashier and possibly a highly placed responsible official.
SUPERVISORY • Any system of internal control should include the supervision of responsible officials of day to day transactions and recording thereof.
PERSONNEL: • There should be procedures to ensure be procedures to ensure that personnel have capabilities commensurate with their responsibilities. Inevitably, the proper functioning of any system depends on the competence and integrity of those operating it. The qualification, selection and trainings well as the innate personal characteristics of the personnel involved are important features to be considered in setting up any control system.
ARITHMETIC OR ACCOUNTING: • These are the controls within the recording functions which check that the transactions to be recorded and processed have been authorized, that they are all included and that they are correctly recorded and accurately processed. Such controls include checking the arithmetical accuracy of the records, the maintenance and checking of totals, reconciliations, control accounts and trial balance and accounting for documents.
MANAGEMENT: • These are the controls exercised by management outside the day to day routine of the system. They include the overall supervisory controls exercised by management, the review of management accounts, and comparisons thereof with budget, the internal audit function and any other special review procedures.
Limitations on the effectiveness of internal controls • No internal control system however elaborate, can by itself guarantee efficient administration and the completeness and accuracy of the records, nor can it be proof against fraudulent collusions, especially on the part of those holding positions of authority or trust. Internal controls depending on separation of duties can be avoided (side stepped) by collusion.
Limitations on the effectiveness of internal controls • Authorization controls can be abused by the persons in whom the authority is vested, whilst the competence and integrity of the personnel operating the controls may be ensured by selection and training, these qualities may alter due to pressure exerted both within and outside the enterprise. • Human error due to errors of judgment or interpretation, or misunderstanding, carelessness, fatigue or distraction may undermine the effective operation of internal controls.
Why internal controls should interest the auditor • If the auditor wishes to place reliance on any internal controls, he should ascertain and evaluate these controls and perform compliance tests on their operation. • The Auditors objective in evaluating and testing internal controls is to determine the degree of reliance which he may place on the information contained in the accounting records. If he obtains reasonable assurance by means of compliance test that the internal controls are effective in ensuring the completeness and accuracy of the accounting records and the validity of entries therein, he may limit the extent of his substantive testing
Lecture 14Test of controls In specific areas of business
Financial statement assertions • Audit tests are designed to obtain evidence about the financial statement assertions. • Assertions relate to classes of transactions and events, account balances at the period-end, and presentation and disclosure. • Financial statement assertions are the representations by management, explicit or otherwise, that are embodied in the financial statements as used by the auditor to consider the different types of potential misstatements that may occur.
Financial statement assertions • ISA 315 states that the auditor must use assertions for classes of transactions (ie income statement), account balances (ie SOFP), and presentation and disclosures in sufficient detail to form the basis for the assessment of risks of material misstatement and the design and performance of further audit procedures.
Assertions about classes of transactions and events • Occurrence; transactions and events that have been recorded have occurred and pertain to the entity. • Completeness; all transactions have been recorded. • Accuracy; amounts and other data have been recorded appropriately • Cut-off; transactions have been recorded in the correct accounting period • Classification; recorded in the proper accounts
Assertions about account balances • Existence; assets, liabilities and equity interests exist. • Rights and obligations; entity holds or controls the rights to assets and liabilities are the obligations of the entity. • Completeness; all assets, liabilities and equity (ALE) that should have been recorded have been recorded. • Valuation and allocation; all ALE are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.
Assertions about presentation and disclosure • Occurrence and rights and obligation; disclosed events, transactions and other matters have occurred and pertain to the entity. • Completeness; all disclosures that should have been included in the financial statements have been included. • Classification and understandability; financial information is appropriately presented and described, and disclosures are clearly expressed. • Accuracy and valuation; information are disclosed fairly and at appropriate amounts.
Cash sales and collections • OBJECTIVES • To ensure that all cash to which the enterprise is entitled is received • To ensure that all such cash is properly accounted for and entered in the records • To ensure that all cash is deposited promptly and intact.
Cash sales and collections • MEASURES: • Clearly defining and limiting the number of persons who are authorized to receive cash. Sales assistants, cashiers etc. must be clearly identified. • Establishing a means of evidencing cash receipts. E.g. receipt books should be numbered serially and should be in triplicates, a responsible official other than the cashiers should keep control of the cash receipt books and the issues as well. • Ensure that whoever pays cash, must receive a receipt. And if a cash register is used, the amount rung up should be visible to the customer.
Cash sales and collections • MEASURES • Appointment of officials with responsibility for employing cash register at prescribed intervals, and agreeing the amount present with till roll totals. Such collections should be evidenced in writing and be initialed by the assistant and the supervisor. • All cash and cheque must be banked intact and promptly. • All cash shortages and excesses should be promptly investigated. • The cashier should not have access to other cash funds or sales ledgers or even the purchases ledger. • There should be occasional rotation of jobs.
Test of controls (compliance testing) • As part of his overall plan the auditor must ascertain the adequacy of the accounting system and the internal controls system. He will decide which controls if any he wishes to rely on and plan compliance tests to determine whether such reliance can be warranted. The auditor will almost certainly use the Internal Control Evaluation Questionnaire (ICEQ) completed for each component part of the system to draw up the compliance controls to be tested and provide information as to their strength and importance. • Test of Controls are designed to check that the control procedures are being applied and that control objectives are being achieved.
Sales System • The three separate elements into which accounting controls may be divided clearly appear in the consideration of sales procedures. They are selling (authorisation), goods outwards (custody) and accounting (recording).
Sales System-Control objectives • The control objectives include the following: • Sales are made in accordance with the company objectives, with agreement in place with all customers. • Customer’s orders are authorised, controlled and recorded in order to execute them promptly and determine any provision required for losses arising from unfulfilled commitments. • Goods shipped and work completed is controlled to ensure that invoices are issued and revenue recorded for all sales • Goods returned and claims by customers is controlled in order to determine the liability for goods ordered and claims received but not entered or recorded in the debtors’ records. • Invoices and credit notes are appropriately checked as being accurate and authorised before being entered in the debtors’ records.
Sales System-Control considerations • Selling: Considerations include the following: • What arrangements are to be made to ensure that goods are sold at their correct price and to deal with cheque receipts, discounts and special reduction including those in connection with cash sales? • Who is responsible for and how control is to be maintained over the granting of credit terms to customers. • Who is responsible for accepting customer’s orders and what procedures are to be adopted for issuing production orders and dispatch notes?
Sales System-Control considerations • Selling: • Who is to be responsible for the preparation of invoice and credit notes and what controls are to be instituted to prevent errors and irregularities. For example, how selling prices are to be ascertained and authorised, how the issue of credit note is to be controlled and checked, what checks should be on prices, quantities, extensions and totals shown on invoices and credit notes and how such documents in blank or completed form are to be protected against loss or misuse. • What special controls are to be exercised over the dispatch of goods free of charge or on special terms?
Sales System-Control considerations • Goods Outwards: Factors to be considered include the following: • Who may authorize the dispatch of goods and how such authority is evidenced. • What arrangements are to be made to examine and record goods outwards (preferably this should be done by a person who has no access to stocks and has no accounting or invoicing duties) • The procedures to be instituted for agreeing goods outwards records with customers’ orders, dispatch notes and invoices.