AUE1501/501/3/2021

Tutorial Letter 501/3/2021

INTRODUCTION TO AUDITING
AUE1501

Semesters 1 and 2

Department of Auditing

This tutorial letter contains the study guide

for the module.

BARCODE
 Contents
ORIENTATION TO AUE1501 .................................................................................................................. 4
1 TOPIC 1: THE BUSINESS WORLD AND CORPORATE GOVERNANCE .............................. 11
LU 1: VARIOUS TYPES OF BUSINESS ENTITIES ........................................................................... 14
LU 2: CORPORATE GOVERNANCE .................................................................................................. 22
LU 3: INTERNAL CONTROL ............................................................................................................... 30
2 TOPIC 2: THE INTERNAL AUDITOR ........................................................................................ 37
LU 4: INTRODUCTION TO INTERNAL AUDITING ................................................................................ 38
LU 5: THE RESPONSIBILITIES OF THE INTERNAL AUDITOR ............................................................ 44
LU 6: PROFESSIONAL CONDUCT REQUIREMENTS FOR INTERNAL AUDITORS ............................ 46
LU 7: INTERNAL AUDIT AND GOOD CORPORATE GOVERNANCE ................................................... 50
3 TOPIC 3: THE EXTERNAL AUDITOR ....................................................................................... 53
LU 8: THE DEVELOPMENT OF THE EXTERNAL AUDITING PROFESSION ....................................... 54
LU 9: ASSURANCE BY THE EXTERNAL AUDITOR ............................................................................. 60
LU 10: PROFESSIONAL CONDUCT REQUIREMENTS FOR EXTERNAL AUDITORS ......................... 65
LU 11: THE RELATIONSHIP BETWEEN INTERNAL AND EXTERNAL AUDITORS.............................. 71
4 AUDITING CONCEPTS .............................................................................................................. 74
LU 12: ASSERTIONS ............................................................................................................................. 75
LU 13: AUDIT EVIDENCE ...................................................................................................................... 79
LU 14: MATERIALITY AND AUDIT RISK ............................................................................................... 87
LU 15: RISK ASSESSMENT AND FURTHER AUDIT PROCEDURES................................................... 92
5 THE AUDIT PROCESS ............................................................................................................. 101
LU 16: THE OVERALL AUDIT PROCESS ........................................................................................... 102
LU 17: REACHING CONCLUSIONS AND REPORTING ...................................................................... 110
6 SYSTEMS AND CYCLES WITHIN A BUSINESS ENTITY ..................................................... 113
LU 18: SYSTEMS AND CYCLES WITHIN A BUSINESS ENTITY .................................................. 114
7 THE REVENUE AND RECEIPTS CYCLE ............................................................................... 124
LU 19: ACTIVITIES AND DOCUMENTS ........................................................................................... 125
LU 20: RISKS AND CONTROLS (Part I) .......................................................................................... 129
LU 21: RISKS AND CONTROLS (Part II) ......................................................................................... 134
8 THE ACQUISITIONS AND PAYMENTS CYCLE .................................................................... 141
LU 22: ACTIVITIES AND DOCUMENTS ........................................................................................... 142
LU 23: RISKS AND CONTROLS............................................................................................................ 147
9 `THE BANK ACCOUNT: RECEIPTS AND PAYMENTS ........................................................ 154

2
 AUE1501/501/3/2021

LU 24: THE STEPS IN PERFORMING A BANK RECONCILIATION .............................................. 155

10 PAYROLL AND PERSONNEL CYCLE ................................................................................... 158
LU 25: PERSONNEL AND PAYROLL PREPARATION AND PAYMENT ........................................... 159

3
ORIENTATION TO AUE1501

1 INTRODUCTION
Welcome to this fully online module. It is a challenging module with a packed syllabus. The
good news is that you will learn something which has practical value – at some stage you will be
using some of these principles and concepts. Therefore, from the start get the right mindset
towards the module. Your approach to the module must be an openness and willingness to
learn. We all know learning something new takes effort, more so with auditing. I wish to
encourage reflection, engagement and aiming for deep learning. With deep learning I mean to
remember what you have learned so that you can apply at some stage (not just to pass an
examination). If you study merely to pass an examination, then you will have forgotten the
content before the results were released – not such a bright idea in the long run. The knowledge
that you accumulate at Unisa is to lay a strong foundation to develop you into a critical thinker in
the work place. The world will be a better off if add value to society. The learning effort must
come from you. If your mindset is tuned to the effect just to pass an examination, then I have
failed.
The teaching strategy followed is to try and get you to make the content your own. In other
words, how would you respond to, for example risks if the risks are in your own business? How
would you manage the risks (controls) if it was in your own business? Remember you don’t
want a bankrupt business, with a huge bank overdraft – that is senseless. You must feel it -
especially in your bank account if you make poor decisions. The idea behind relating to the
content, is that it will be stored in your long-term memory and you will remember it. Therefore,
you will be required to reflect on what you learn and think how you can apply it to your real or
imaginary business. You will come across self-reflection activities in the study guide. They are
designed so you can think about certain issues.

There is no prescribed textbook for this module, therefore you will be required to do some
research and perform some writing activities on certain topics to accumulate your own learning
content. To make this task easy for you, the documents referred to in each topic may be found
on myUnisa under additional resources. These documents are important, and you may at some
stage in your career have to refer to some of them - so don’t just ignore them. Furthermore, it is
also good for you to know that these documents exist and what they look like. It is like a test
driving a new car!

In some instances, you will be required to search the internet for definitions. Follow the
instructions in the study guide and do so – copy and paste them where you can access them
later. You will also find links to YouTube videos (international presentations). Their purpose is to
clarify complex content. If you identify better links, please share them with us. We will also
develop and present our own videos as we go along.

From the above teaching strategy, you can gather that self-study is an essential component for
success. In addition to self-study, the study guide includes E-Tutor discussions. These
discussions serve only as a guideline. Your E-Tutor will initiate his/her own discussion forums
and assist you where he/she can. The Teams platform will also be used. Please participate
4
 AUE1501/501/3/2021

because it is all about constructing new knowledge. But remember, you must first put in the
learning effort. Your E-Tutor cannot do that for you. The purpose of E-Tutors and study groups
must not be to create short cuts to earn good year marks and to pass an examination. It is was
remains in your memory that counts.

2. NO PRESCRIBED TEXT BOOK REQUIRED

There is no prescribed text book for this module. However, the study guide often refers
(references) to the following book and if you require additional reading, or more context, you
may request the book from the library:

Adams, A. Diale, T. and Richard, G. (2019). Auditing Notes for South African Students 11th
Edition. LexisNexis: Durban.

Please note, you need not acquire the above book and your study guide is adequate for
assessment purposes. The book is merely recommended for those of you who wish to explore
and learn more on the content addressed in this module.

3 WHAT IS THIS MODULE ABOUT?

The purpose of the module is to introduce you to the basic principles that apply in the audit
world. The general principles regarding the origin of auditing, the auditing profession and the
role of auditors are covered. The purpose is also to enable you to identify business and audit
risk areas in an entity; to identify control measures to mitigate risks, all restricted to small and
medium size enterprises.

After completing this module successfully, you will be able to demonstrate an understanding of,
and describe elementary auditing/internal auditing principles applicable to small and medium
size enterprises.

The learning material consists of 10 topics and within each topic you will find the learning units
(The bullet points below represent the learning units). At the beginning of each learning unit the
outcomes that we wish to achieve with a learning unit are stated. The learning unit ends with a
confirmation from you whether you were able to achieve those outcomes. If you are not
comfortable with achieving the outcomes, then go back and engage with the content until you
have mastered it. Scan the following list because it will give you a feel of what the module is all
about.
Topic 1: The business world and corporate governance
• Various types of business entities
• Corporate governance
• Internal control

Topic 2: The internal auditor

• Introduction to internal auditing
• The responsibilities of the internal auditor

5
• Professional conduct requirements for internal auditors
• Internal audit and good corporate governance

Topic 3: The external auditor

• The development of the external auditing profession
• Assurance by the external auditor
• Professional conduct requirements for external auditors
• The relationship between internal and external auditors

Topic 4: Auditing concepts

• Assertions
• Audit evidence
• Materiality and audit risk
• Risk assessment procedures, test of controls and substantive procedures

Topic 5: The audit process

• The audit process
• Reaching conclusions and reporting

Topic 6: Systems and cycles within a business entity

• Systems and cycles within a business entity

Topic 7: The revenue and receipts cycle

• Activities and documents
• Risks and controls Part I
• Risks and controls Part II

Topic 8: The acquisitions and payments cycle

• The activities and documents
• The risks and controls

Topic 9: The bank account: receipts and payments

• The steps in performing a bank reconciliation

Topic 10: Payroll

• Personnel and payroll preparation and payment

3 HOW TO PACE YOURSELF

The module is quite full and requires of you to allocate enough time to the subject. The lessons
will assist you but you must follow them on a weekly basis. Do not mislead yourself by thinking
that you can scrutinise this module and just do the last two assessments. You will get confused
and, in the end, you will not enjoy the subject. If you registered late, you must do more in less
time.

6
 AUE1501/501/3/2021

Providing you with an estimate of the time that you should allocate to each topic is difficult
because we all study at a different pace. Your pace depends on your prior knowledge you have
gained from example work experience, and your reading and comprehension speed. If English
is your second language, then build in more time. In addition, students register at various stages
making it more difficult to provide a study plan that will suit everybody.

As soon as you register, identify the assignment due dates and plan to meet those deadlines.
Remember, there is nothing prohibiting you from submitting your assignment before their due
dates. As you progress, and you can submit an assignment before the due date, then please do
so.

Topics 1 to 4 is not that difficult to get your head around the content, and you can use your
average reading and learning time as a rough guide to calculate your own learning programme.
However, topics 5 to 10 is more complex and requires more thought and insight, and your
progress will automatically be slower. Make sure you plan for this in advance. A rough estimate
would be to allocate one third of your time to cover Topics 1 to 5 and two thirds of your time to
cover Topics 5 to 10. From the above information, set up your own study plan. By doing so you
are demonstrating the time management skills.

4 THE MYUNISA PLATFORM

The Covid-19 pandemic has forced us into the digital environment with a big bang. In
2020 we were forced to move from the traditional venue-based examinations to online
assessment in a very short period. The students who battled the most with this change
were those who were not familiar with the myUnisa platform. You must be able to access
the myUnisa platform or you will disadvantage yourself.

The announcements on myUnisa are our only way that we can communicate to 3 000 to 4
000 simultaneously and immediately. In the dark ages we had to rely on the postal
services. Therefore, please make use of this platform, very often students contact us with
questions that were adequately addressed in the announcements.

As explained, you are not expected to buy a prescribed textbook for this module.
However, with the study activities in this guide you will be generating your own notes. To
do this, certain documents were identified and will be available to you under additional
resources in myUnisa. Because of copyright issues we cannot include those documents
as part of this study guide. Download those documents as soon as you have internet
access on your computer. You can then refer to them later without facing the challenges
of internet costs or access. It is essential that you do the activities and save your notes
because the content will be examined.

7
5 MEANING OF SOME WORDS (ICONS)

STUDY: A reference to a text is provided and you are required to read and comprehend
the content. In other words, you must understand what you have read, and this means
theoretically, that you are able to pass a quiz on the content. No quizzes are set, it is just
to illustrate to you what is meant by the term understand. With an activity, read the
content and ask yourself did I understand what I just read? The activity is usually followed
by a study activity.

STUDY ACTIVITY: This is a task designed to assist you to compile your own learning
notes. The activity will direct you to a text and indicate to you what you must
extract/compile from the text. The text will be available to you on myUnisa under the
additional resources tab. The content compiled by you from the study activities are
essential in preparing you for the examination – they form part of the examinable content.

INTERNET ACTIVITY: These activities are usually intended for you to do some sort of
search on the internet to find definitions, examples or images. Copy and paste these
activities, they form part of your learning material.

VIDEO: A link to a YouTube video is provided. The videos are intended to provide you
with some context. Sometimes the links will not work because the provider may have
removed the content. Although we try and update the links if you cannot open a link it is
not a train smash. Let us know as soon as you come aware of a non -functional link and
we can search for an alternative.

REFLECTION: Think about it. When students become reflective about the teaching and
learning process, they are strengthening their own capacity to learn. Central to this is the
principal of reflection as metacognition, where students are aware of and can describe their
thinking in a way that allows them to "close the gap" between what they know and what they
need to learn.

Reflection takes your studies to a deeper level by integrating new knowledge to your
existing knowledge. This can be combined with discussion forums with your e -Tutor but in
the end your insight will be assessed and not that of the group. The reflection process is
cyclical:

8
 AUE1501/501/3/2021

DISCUSSION: This is a discussion which can be initiated by your e-Tutor in your

allocated groups. The discussion is a guide and your e-Tutor may expand on the idea.
The aim of a discussion is to share thoughts and learn from others (see “consider” in
above diagram) and to construct a good argument while participating. Remember the
basics of good manners when exchanging your views on a public forum and check your
tone. Rudeness, racist remarks, etc. is not on in any discussion forum – please mind your
manners.

6 MEANING OF WORDS

Meaning of words is extremely important when attempting the assignments and the
examination. In this module we require you to understand the meaning of certain words to
enable you to interpret assessment criteria, comprehend what various activities in the study
guide require you to do and interpret assignments and examination questions.

To indicate the length, scope and format of answers to study activities and questions, we have
deliberately built limits or restrictions into the questions by using action verbs. These action
verbs give you an indication of how to tackle the given problem and what style of writing is
called for.

An analysis of the action verbs contained in a question will

• enable you to plan the answer systematically and organise your thoughts logically
• ensure that you comply with the lecturer's requirements

You will also save yourself time and trouble by eliminating irrelevant material that falls outside
the scope of the answer.

For the purposes of this module, the following meanings will be attached to the following action
words:

Word Meaning
Compare Place side by side in order to observe similarities, relationships and
differences
Complete Finish; accomplish; supply whatever is missing
Define Describe accurately; establish the exact meaning; explain the inherent
meaning; make clear; give an account of the overall character
Describe Give an account of the respective particulars or essential
characteristics; outline clearly; give an accurate account
Determine Establish; reach a conclusion or decision

Discuss Examine; explain; examine by means of argument

Explain Make clear or comprehensible; elucidate; give the meaning in detail

Identify Establish through consideration; recognise; pick out

9
 Word Meaning
Illustrate Explain; shed light on; use an example to elucidate something
List Note/specify matters or objects that are related to one another
Name/mention/state Specify by name; give names, characteristics, items, elements or facts
Organise Divide into classes or groups according to certain characteristics; place
in a particular order
Prepare Make ready in advance; finish; get something ready on the basis of
previous study
Record Put in writing; set down for reference and preservation

Substantiate Supply reasons or facts; support a view or argument

Summarise Give a brief account; briefly state the essence of a matter

Tabulate Arrange in tabular form

10
 AUE1501/501/3/2021

TOPIC 1

1 TOPIC 1: THE BUSINESS WORLD AND CORPORATE GOVERNANCE

TOPIC OVERVIEW

Why is this module important?

To address the dilemma of poverty in our country we need to think in terms of job creation. The
state cannot be the only or main role player in job creation because it is not sustainable. Why
not? Ask yourself the following question – where will the money come from to finance this
trend? I think that you personally experience the impact of the high fuel levy and VAT on your
cash flow because things are costing you more and you know that these taxes cannot really be
increased by much more. In addition, you cannot simply increase company and personal
income taxes to balance the books because investors will lose confidence and invest
elsewhere! If you borrow funds, the loan will bear interest and must be paid back. Nobody lends
you money and receives no gain in return. If you print more money the inflation rate will soar,
and the currency becomes worthless. If government enforces any of the above, what do you
think will happen to that country’s investment base? To this end, do an internet YouTube
search for example “What SA’s downgrade to junk bond status mean for you?” At the time of
this video the Covid virus was not even an issue so things are even more serious
https://www.youtube.com/watch?v=G9UBNe_p2tM (Duration 7 min 47 sec).

Reflection

Reflect on how the downgrade status together with Covid-19 pandemic affected you personally.

Entrepreneurs are needed for prosperity. Poor economic growth accompanied by a population
growth means poverty. Your responsibly is to be part of the solution to alleviate poverty. As an
auditing student you may just be that person who can help. The more successful businesses
that come to light who can contribute towards the state through taxes, the more successful a
country becomes. That is obviously assuming the state applies the funding correctly. In this
regard, government, in collaboration with business and labour, must boost economic growth. If
the company tax base is not expanded (not increased), where will the state find money to pay
for example the civil servants, build hospitals, and improve other essential services, within a
junk bond status environment?

Read https://internationalbanker.com/finance/unemployment-in-south-africa-urgent-attention-
required/

You can read about South Africa’s plans in terms of the National Development Plan (NDP) to
boost economic growth and job creation in South Africa. You can read about the plans by
government by opening the following link: https://www.gov.za/issues/national-development-plan-
11
2030. You need to play an active role to boost the economy and rely less on the state for this.
The performance of the State-Owned Enterprises (SOEs) is not something that we can be
proud of at the moment: https://businesstech.co.za/news/government/361454/eskom-saa-sapo-
and-all-the-other-state-companies-the-south-african-government-has-run-into-the-ground/

Reflection

Carefully consider these questions and use the internet to assist you:
• What is the South African unemployment rate?
• What can be changed on the economic front?
• What is the active role that you can play in this regard?

The good news is that you, the auditing student, with the knowledge that you are going to equip
yourself with, can bring about positive changes. Perhaps you are thinking you do not have the
finances to make a change. But then do yourself a favour, go and read up on the history of any
mega business of your choice. Many of them started out very small, housed in a small room or
garage. The Bearing Man Group (Now Invicta Holdings) was started by a housewife who sold
bearings in her garage. Go and explore how Microsoft started. Remgro started with Dr Anton
Rupert manufacturing cigarettes in a garage while he was a university student!

In the post-apartheid era we have success stories of Black Like Me (12 minutes)
https://www.youtube.com/watch?v=w0mYch5sT4U In addition, read the following success
stories of successful black SA entrepreneurs:
https://www.inspiringwomen.co.za/four-successful-black-entrepreneurs-south-africa/

They all started off small and eventually grew into a mega business some listed on the stock
exchange. Vision, determination and action! Think about it, what stops you from growing into a
successful entrepreneur? Go to Small Enterprise Development Agency (SEDA) website and
read their success stories http://www.seda.org.za/AboutUs/Pages/Home.aspx

As we work through this module I want you to visualise your own business. Auditing is a
practical subject and you can apply the principles that you are going to learn to your own
business or at work. Think of a business that you would like to start. You can for example
aspire to become a consultant, an inventor of a useful gadget or manufacturer of a new gadget,
or a retailer. Give your business a name. By thinking of your own business you have become
the creator of adding value to an idea. The aim with your idea is to sell the commodity at a
profit. As your business expands you soon be a job creator!

As we work through the business cycle (from Topic 6 onwards) I want you to “see” the
accounting systems and internal control measures that you are going to implement to contain
the risks that apply to your own business idea. Remember that accounting is integrated with
auditing so in your mind, don’t regard them as separate subjects. Through visualising you will
probably remember better and therefore be able to recall the content that you have studied.

Remember: successful sustainable businesses aids to uplift society. But then business must be
conducted by applying acceptable business practices
12
 AUE1501/501/3/2021

https://www.standardizations.org/bulletin/?p=133. Corruption and fraud are not the way to do

things. We will learn about corporate governance in this topic. I think you can now better
understand why this module should be important for you to learn.

At the completion of this topic you should be able to demonstrate an informed understanding of
the various types of business entities, learn about good corporate governance of business
entities and internal control as part of corporate governance.

This topic is divided into the following learning units:

Learning unit Title Page

1 Various types of business entities 14

2 Corporate governance 22
3 Internal control 30

13
 LEARNING UNIT 1
LU 1: VARIOUS TYPES OF BUSINESS ENTITIES

In this learning unit we are going to

• explain the advantages and disadvantages of each type of business entity
• differentiate between the various categories of companies

1.1 INTRODUCTION

Think about that business that you want to start. The first question that comes to mind is: what form
should it take?

1.2 VARIOUS BUSINESS ENTITIES

The Department of Trade and Industry in South Africa recognises that a business can be
operated through certain types of legal entities. In this learning unit, we are going to look at each
of the following types of business entities:

• Sole proprietor
• Partnership
• Close corporation
• Company

Internet Activity

Go and open the following link and read about the legal issues of the different types of business
entities. Think of the business that you have in mind and use the questions on that page to
assist you in deciding on the most appropriate business entity. Notice the factors that you have
to consider.
http://www.seda.org.za/ServicesOfferings/ Factsheets/Pages/Whatisthebestform.aspx

14
 AUE1501/501/3/2021

Discussion 1

What kind of trade interests you?

E-tutor assistance required

Consider the following questions and post your thoughts about any of them on the
discussion forum in your e-tutor Unisa page provided for the purpose. If you do not post
your own idea, you have to respond constructively to a post by another student.

- If you could start a business, what would would it be dealing in?

- What would you name your business?
- Which type of business entity would probably start off with and why?
- If your business grows, which type of business entity will suit your new needs, why?
- How many people do you aim to employ?

We have taken your idea (business idea) and we have given it a body (legal entity)!

In the remainder of this learning unit I will make reference to a useful document published by the
South African Revenue Services (SARS): The South African Revenue Services (SARS), Tax
Guide for Small Businesses: 2018/2019. The document can be found under Additional
Resources on the myUnisa page of this module.

The above document allow us to identify some of the advantages and disadvantages of each
type of business entity. Most businesses initially start off as a sole proprietor. As soon as the
entrepreneur recognises that he/she needs more expertise or funds he/she might think in terms
of a partnership or even a private company.

1.2.1 Sole proprietor

According to The South African Revenue Services (SARS), Tax Guide for Small Businesses
(2018/2019), a sole proprietorship is a business that is owned and operated by a natural person
(individual). This is the simplest form of business entity. Only the proprietor has the authority to
make decisions for the business. The proprietor assumes the risks of the business to the extent
of all of his or her assets, whether used in the business or not.

Like everything else in life, running an entity as a sole proprietor has advantages and
disadvantages. These can be listed as follows:

15
 ADVANTAGES
• Simple to set up and manage
• The owner is free to make his/her own
decisions
• There are few legal requirements for
setting up
• The owner gets all the profits
• It is easy to close down if you want to
DISADVANTAGES
• A single owner has limited skills
• The owner can get business capital only
as an individual
• All business debts are the owner’s
responsibility
• It is not a separate legal entity

1.2.2 Partnership

A partnership (or unincorporated joint venture) is the relationship existing between two or more
persons who join together to carry on a trade, business or profession. A partnership is also not a
separate legal person or taxpayer. Each partner is taxed on his or her share of the partnership
profits and may contribute money, property, labour or skills, and each expects to share in the
profits and losses of the partnership. It is similar to a sole proprietorship except that a group of
owners replaces the sole proprietor. As is the case for a sole proprietorship a partnership also
has advantages and disadvantages. (South African Revenue Services (SARS), Tax Guide for
Small Businesses: 2018/2019).

ADVANTAGES
• Simple to set up and manage
• It has greater financial strength than a
sole proprietorship
• All the partners’ skills benefit the
entity
• Each partner has a personal interest
in the entity
DISADVANTAGES
• It is not a separate legal entity
• Sharing the decision making can slow
down the process
• All business debts are each partner’s
responsibility
• Lower degree of business continuity as
the partnership technically dissolves
every time a partner joins or leaves the
partnership
• Number of partners restricted to 20
except in the case of certain
professional partnerships such as
accountants, attorneys, etc

16
 AUE1501/501/3/2021

1.2.3 Close corporation (CC)

Close corporations were a simplified form of business, like a small private company. It is a legal
entity with its own legal personality and perpetual succession and must register as a taxpayer in
its own right. The CC has no share capital and therefore has no shareholders. The owners of
the CC are the members. Members do not hold shares in the CC and, therefore, they have a
membership interest in the CC. This interest is expressed as a percentage.

However, with the implementation of the Companies Act 2008, no new close corporations can
be created. An existing close corporation may be bought and an amendment of the members
names and percentage of interest in the CC are lodged. In sum, existing close corporations are
still an acceptable business type, but no new CCs can be formed.

If a CC is converted to a company, how will the legal status of the CC be affected?

Such a conversion will affect the legal status of the close corporations as follows (Adams, Diale &
Richard (2019:3/58)):

• Members of the close corporation will be entitled to become shareholders in the converted
company.
• All assets, liabilities, rights and obligations of the close corporation will continue to be vested
in the new company.
• Any legal proceedings against or instituted by the close corporation may be continued.

The following table represents the advantages and disadvantaged of a CC (South African
Revenue Services (SARS), Tax Guide for Small Businesses: 2018/2019).

ADVANTAGES
• Relatively easy to establish and
operate
• Life of the business is perpetual,
that is, it continues uninterrupted as
members change
• Members have limited liability
DISADVANTAGES
• There is a restriction of a maximum
of 10 members
• There are more legal requirements
than for a sole proprietor or
partnership

• Transfer of ownership is easy

• Fewer legal requirements than a

private company

17
1.2.4 COMPANY

A company means a juristic person incorporated in terms of the Companies Act, a domesticated
company, or a juristic person that is registered in terms of the Companies Act (Companies Act, No
71 of 2008).

A company is therefore a separate legal entity.

The following are advantages and disadvantages of a company (See South African Revenue
Services (SARS), Tax Guide for Small Businesses: 2018/2019.)

ADVANTAGES DISADVANTAGES
• Life of the business is perpetual, that • It is subject to many legal
is, it continues uninterrupted as requirements
shareholders change
• The shareholders loss is limited to the • More difficult and expensive to
share capital contributed establish and operate than other forms
of ownership such as a sole
proprietorship or partnership
• Shareholders are not personally
responsible for the entity’s debts
• Transfer of ownership is relatively
easy
• It is adaptable for small, medium and
large entities

1.3 CATEGORIES OF COMPANIES

NB: You will find the Companies Act No 71 of 2008 under additional resources.

Companies can be divided into two main categories namely, profit- and non-profit companies. The
following definitions are extracted from Section 1 of the Companies Act No 71 of 2008:

Non-profit Company means a company— (a) incorporated for a public benefit or other object as required
by item 1(1) of Schedule 1; and (b) the income and property of which are not distributable to its
incorporators, members, directors, officers or persons related to any of them except to the extent permitted
by item 1(3) of Schedule 1;

Profit company means a company incorporated for the purpose of financial gain for its shareholders;

The profit companies can be divided into four main categories, namely State-owned-, public-,
private-, and personal liability companies.

The following definitions were obtained from Section 1 of the Companies Act No 71 of 2008:

State-owned company means an enterprise that is registered in terms of this Act as a company, and
either— (a) is listed as a public entity in Schedule 2 or 3 of the Public Finance Management Act, 1999 (Act

18
 AUE1501/501/3/2021

No. 1 of 1999); or (b) is owned by a municipality, as contemplated in the Local Government: Municipal
Systems Act, 2000 (Act No. 32 of 2000), and is otherwise similar to an enterprise referred to in paragraph
(a);

Public company means a profit company that is not a state-owned company, a private company or a
personal liability company;

Private company means a profit company that— (a) is not a public, personal liability or state-owned
company; and (b) satisfies the criteria set out in section 8 (2) (b);”

Personal liability company means a profit company that satisfies the criteria in section 8 (2) (c);

Study Activity 1

Go to the Companies Act (Additional Resources) and study Section 8(2)(b) and Section 11(c)
because the information will help you to answer Study Activity 2. You will come across the term
Memorandum of Incorporation in Section 8(2)(b). Go to the definition in Section 1 of the Companies
Act to read the definition of Memorandum of Incorporation.

• List four categories of profit companies that can be formed.

• The following diagram will assist you to remember the various categories.

19
DIAGRAM 1: THE CATEGORIES OF COMPANIES

Study Activity 2

Complete the following table by listing the characteristics of each type of the profit companies.
Identify additional characteristics to complete the table. Make use of the Companies Act No 71
of 2008.

Suggested Solution 2
Reference: Companies Act No 71 of 2008

State owned Public Private Personal

Name SOC Ltd Name Ltd Name (Pty) Ltd Name Inc.
Profit motive Profit motive Profit motive Profit motive
Sate owned Transferability of Transferability ofMeet criteria of
securities not securities restricted private company.
restricted (See private
company)
May offer securities May not offer MOI must state that
to public securities to public it is a personal
liability company

20
 AUE1501/501/3/2021

Reflection

Did you know that the state owns companies that have a profit motive?

Search on the internet “South African state-owned enterprises” and list two examples.
_______________ and ________________

1.4 SUMMARY AND SELF-ASSESSMENT

In this study unit we had a look at the various types of entities as well as their advantages and
disadvantages. We also had a look at the different categories of companies.

After having worked through the learning unit and the study references, are you able to
• explain the advantages and disadvantages of each type of business entity?
• differentiate between the various categories of companies?

21
 LEARNING UNIT 2
LU 2: CORPORATE GOVERNANCE

In this learning unit we are going to

• define corporate governance and examine the objectives of the King IV Code of
Corporate Governance
• describe the philosophical underpinnings of the King IV Code of Corporate
Governance
• describe the first three principles of the King IV Code of Corporate Governance

2.1 INTRODUCTION

In the previous topic we looked at the different types of businesses. As soon as your business
grows from a small sole proprietor into a large company, more and more parties become
involved. For example, you will appoint people to work for you; you will want to apply for a loan
at a bank to expand your business; you will buy supplies on credit. As more parties become
involved, more responsibility and accountability are expected from business owners and
leaders. People doing business with you will want to trust you. This brings us to agency theory.
“Agency theory” is a term whereby the principals of the business (e.g. shareholders) appoint
agents to run a business on their behalf (e.g. Board of directors). The problem arises when the
agents act in self-interest and not in the interests of the business
https://en.wikiquote.org/wiki/Agency_theory

The question arises: why do we read so much about fraud and corruption? This is a worldwide
problem. Major international enterprises involved in corruption are Lehman Brothers, Enron,
Worldcom, and Parmalat. In South Africa corruption is increasing rapidly
https://www.emerald.com/insight/content/doi/10.1108/09513550410562266/full/html.

So, how can we try to address this world-wide problem? One way is to formulate practices,
principles and governance outcomes. Your way of doing business (even your start-up business)
should be in the spirit of good corporate governance. An attempt to end corruption and fraud
begins with your mindset towards good business practices. The aim of this learning unit is to
introduce you to corporate governance. In South Africa we make use of King IV Report on
Governance. This knowledge will allow you to argue and think about current issues because you
have a frame of reference. When reading about bad business practices in the news, you will
have a learned about corporate governance and this will better equip you to decide for yourself
about the acceptability of their actions. Therefore, you will be able to make informed decisions.
You will be able to measure people’s actions against the principles contained in the King IV
Report. NB: You will find the King IV Report under additional resources. The correct
reference to the King IV report is: The King IV Report on Corporate Governance for South Africa
2016, The Institute of Directors in Southern Africa. For ease of reading, I will refer to it as King
IV (2016: xx), where xx refers to the page number in the report.
In any business organisation, corporate governance helps to strengthen the roles and
22
 AUE1501/501/3/2021

relationships between the organisation’s management, board of directors, and its stakeholders.
Such stakeholders may include the shareholders, debt holders, trade creditors, suppliers,
customers and communities affected by the organisation’s activities, whereas the board of
directors, executives, management and other employees are regarded as the internal
stakeholders (Adams, Diale & Richard (2019:4/2)). It further states that healthy, honest, open,
competently and responsibly controlled companies will improve the quality of modern society.

Corporate governance is defined as “the exercise of ethical and effective leadership by the
governing body towards the achievement of the following governance outcomes: ethical culture;
good performance; effective control, and legitimacy” King IV (2016:20). Furthermore, “ethical
and effective leadership should complement and reinforce each other” King IV (2016:20). We
will focus on ethical leadership and effective leadership later in this topic.

Video

I want you to open this link and introduce you to the man himself, Judge Mervin King (7
minutes): https://www.youtube.com/watch?v=8meq3mPthqw

2.2 BACKGROUND TO THE KING IV REPORT

Why do we need a King IV?

Video

https://www.youtube.com/watch?v=h7G8hQxpDrM (8 minutes)

Corporate governance is set in a context of a changing world. The 21st century has been
characterised by fundamental changes in business and society and new global realities are
severely testing the leadership of companies and other organisations.

Study Activity 1

Study King IV (2016:3) and complete the following activity.

The world has changed in both business and society. New global realities characterise the 21st
century. Complete the list of these changes and realities that the world faces.

Suggested Solution 1:
1. Inequality
2. Globalised trade
3. Social tensions
4. Climate change
5. Depletion of natural assets

23
6. Financial instability
7. __________________________
8. __________________________
9. __________________________

Study Activity 2

Study King IV (2016:22) and complete the activity:

Describe the five main objectives of King IV.

Suggested Solution 2:
1. Promote corporate governance…
2. Broaden the acceptance…
3. Etc.

Study Activity 3

Study King IV (2016:20,23-26).

Certain concepts form the foundation stones of King IV and could be referred to as the
“philosophical underpinnings” of corporate governance. Adams, Diale & Richard (2019:4/7)
identified seven concepts. It is important to understand these underpinnings because then you
can apply it to many circumstances. The concepts are important, and the following diagram
provides you with some structure when reading the above study reference.

After studying the above, use the diagram below to list and explain the concepts “philosophical
underpinnings” of corporate governance.

24
 AUE1501/501/3/2021

DIAGRAM 2: THE PHILOSOPHICAL UNDERPINNINGS OF THE KING IV

25
2.3 LEADERSHIP, ETHICS AND CORPORATE CITIZENSHIP

To be successful, the codes of corporate governance require mindful

implementation of the recommended practices (King IV (2016:36)).
Therefore, understanding the relationship between governance outcomes is
principles and practices is key to the mindful application of the King IV Code.

Study

Study King IV (2016:36) and then King IV (2016:40). In this module we will focus only on the
first three principles.

2.3.1 Leadership

Study

Study King IV (2016:43)

Principle 1. The governing body should lead ethically and effectively.

The recommended practice of directors is that they should individually and collectively cultivate
certain characteristics and exhibit them in their conduct.

Study Activity 4

Refer to King IV (2016:43).

List the six characteristics which directors should cultivate and exhibit in their conduct. For each
characteristic explain the practices (For the purpose of this activity members of the governing
body means directors).

26
 AUE1501/501/3/2021

Suggested Solution 4:
1. INTEGRITY:

• Directors must act in good faith in the best interests of the organisation.
• Directors should avoid conflict of __________ .
• Directors should act __________ .
• Directors should set __________ .

2. COMPETENCE:

• Directors should take steps ___________________________________________

• Directors must act __________________________________________________
• Directors should continuously develop ___________________________________

4. RESPONSIBILITY:

• Directors should assume _____________________________________________

• Directors should exercise _____________________________________________
• Directors should take ________________________________________________
• Directors should attend ______________________________________________

5. ACCOUNTABILITY:

• Directors should be _________________________________________________

5. FAIRNESS

• Directors should adopt _______________________________________________

• Directors should direct _______________________________________________

6. TRANSPARENCY

• Directors should be _________________________________________________

27
Discussion 1
Do you understand the application of the characteristics of principle 1?
E-tutor assistance required

Think of a director or other leader that is in the news for probably not meeting these
characteristics? Which characteristic(s) do you think was lacking?

Would we have expereinced loadshedding if the directors between 2010 to 2020 of

Eskom had adhered to Principle 1? Substantiate your argument.

2.3.2 Organisational ethics

Principle 2. The board should govern the ethics of the company in a way that supports the
establishment of an ethical culture.

The essence of this principle is that an ethical culture cannot be established and maintained if
the board does not set the tone, convey the company’s ethical norms and values to internal and
external stakeholders (Adams, Diale & Richard (2019:418)).

Study

Study King IV (2016:44) to understand the recommended practices.

Reflection

If an organisation obtains valid negative publicity due to fraudulent activities, to what extent do
you think that the board must own up?

2.3.3 Responsible corporate citizenship

Principle 3. The governing body should ensure that the company is and is seen to be, a
responsible citizen.

Video

To orientate yourself watch (6 Min) https://www.youtube.com/watch?v=b2YiuHAFG6A

Study

Study King IV (2016:45) to understand the recommended practices.

28
 AUE1501/501/3/2021

Reflection

• Would you like to see leadership, ethics and corporate citizenship evident in government,
municipalities, and state-owned enterprises?
• What will eventually (in the long term) happen to a business where these ethical values and
standards are absent?

2.4 SUMMARY AND SELF-ASSESSMENT

In this learning unit we introduced you to corporate governance, defined corporate governance
and examined the objectives of the King IV Code of Corporate Governance. We described the
philosophical underpinnings and the first three principles of the King IV Code of Corporate
Governance.

After having worked through the learning unit and the study references are you able to:

• define corporate governance and examine the objectives of the King IV Code of
Corporate Governance?
• describe the philosophical underpinnings of the King IV Code of Corporate Governance?
• describe the first three principles of the King IV Code of Corporate Governance

In the next topic, we will discuss the role of internal control in the organisation.

29
 LEARNING UNIT 3

LU 3: INTERNAL CONTROL

In this learning unit we are going to

• define internal control
• describe the limitations of internal control
• list the five components of internal control
• link the elements of control to each of the five components of internal control
• describe the principles of internal control

3.1 INTRODUCTION

Let’s summarise what you have learnt so far: You know what business you want to set up, and you
have some idea of what corporate governance is about. However, we now have a new challenge.
Let’s assume your business expands; this means you need more resources. For example, you
need to appoint people – sales persons, accountants, drivers, cleaners, etc. You will need to
purchase or lease assets to expand the business, borrow money from banks or convince potential
investors based on budgets and financial statements prepared by your employees. You cannot do
all of this on your own any longer and must delegate; you need some way to control what’s
happening in the business. Expansion means there more risk and responsibility over these
resources is required. This study unit is going to introduce you to the concept of internal control.

3.2 INTERNAL CONTROL IN THE BUSINESS CONTEXT

Management is responsible for running all aspects of the entity. The objectives of the business will
be set, the risks relating to achieving those objectives will be identified and suitable books, records
and documents, and policies and procedures will be put in place to address those risks.

The policies and procedures that are put in place will include the implementation of effective internal
controls to ensure, amongst others, the efficient effective and economic operating of the business.
Internal controls are implemented in response to risk.

30
 AUE1501/501/3/2021

DIAGRAM 3: INTERNAL CONTROL OVERVIEW – A BUSINESS PERSPECTIVE

Source: Adams, Diale & Richard (2019:5/2- 5/4); ISA 315

31
Video

The following video introduces the reasons for internal controls and the main categories of
internal control (3.5 minutes).
https://www.youtube.com/watch?v=UsF-VGxMeuQ

3.3 DEFINITION OF INTERNAL CONTROL

In this learning unit we are going to refer to two documents found under your additional resources:

• Internal control - Integrated Framework Executive summary (2013), issued by the

Committee of Sponsoring Organizations of the Treadway Commission (COSO). (I will be
referencing to this document as follows: COSO (2013:xx), where xx refers to the page
number).

• ISA 315 (REVISED): Identifying and assessing the risks of material misstatement through
understanding the entity and its environment, issued by International Federation of
Accountants (IFAC). (I will be referencing to this document as follows ISA 315: Par xx, where
xx refers to the paragraph number).

Let us begin with an acceptable definition of internal control from the COSO document:

Internal control is a process, effected by an entity’s board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives relating to operations,
reporting, and compliance. COSO (2013:3).

The document goes further to highlight certain fundamental concepts reflected in the definition.

Study Activity 1

Refer to COSO (2013:3) and complete the following statement:

The above definition of internal control definition reflects certain fundamental concepts. Internal
control is:
• _________________________________________________________
• _________________________________________________________
• _________________________________________________________
• _________________________________________________________

Study Activity 2

Refer to COSO (2013:3).

List and describe the three categories of objectives of internal control.

Let us examine IFACs definition of internal control in terms of ISA 315: Par 4:
32
 AUE1501/501/3/2021

Internal control – The process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and
compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the
components of internal control. (ISA 315).

Note the similarities and variances between the two definitions. Using the above two definitions,
formulate your own definition of internal control.

--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------

3.4 LIMITATIONS OF INTERNAL CONTROL

Internal controls have its limitations and cannot provide absolute assurance that the risks can be
adequately responded to. In this section we are going to examine the limitations. You as
business owner must be aware of these limitations.

Reflection

Think of your home. What controls do you have in place to safeguard your assets?

Did you notice that your controls have its limitations? I for example think immediately of the cost
vs benefit. I cannot afford the state-of-the-art security system but have rely on controls that I can
afford.

Study Activity 3

Refer to ISA 315 and study paragraphs A53-A57.

Describe the inherent limitations of internal control.

Suggested Solution 3
The inherent limitations of internal control are summarised in the following diagram 4.

33
DIAGRAM 4: INHERENT LIMITATIONS OF INTERNAL CONTROLS

(The above diagram is only a summary and you should be able to describe the inherent
limitations in more detail).

3.5 COMPONENTS OF INTERNAL CONTROL AND THEIR ELEMENTS

This section is very important to enable you to understand internal control. You will need to refer to
both the COSO and ISA documents. Please complete the study activities - you have access to both
documents to do so. There are five components of internal control that we are going to unpack
individually and then examine them holistically as a useful framework to assess effective internal
controls.

Study Activity 4

Study COSO (2013:4 and 5)

You are required to define each of the five components and list the elements belonging to each
component.

Take 5 A4 sheets of paper. Label each sheet as follows:

1. Control environment (sheet 1)

2. Risk assessment (sheet 2 etc.)
3. Control activities
4. Information and communication
5 Monitoring activities.

34
 AUE1501/501/3/2021

On each labelled sheet of paper, draw two columns. The first column is for the definition and the
second column is to list the elements belonging to that component.

Your first sheet of paper must look like this:

Control environment
Define control environment List the elements belonging to the control
environment
-What it is- -What distinguishes it-
The control environment is the set of standards, processes, and • integrity and ethical values of the organization
structures that provide the basis for carrying out internal control • ………… etc.
across the organization…

Now go and complete the above sheet and apply the same procedure for the remaining four sheets
of paper. We are going to use these papers in the next study activity.

3.6 A FRAMEWORK OF PRINCIPLES FOR INTERNAL CONTROLS

In the previous section we identified the components of internal control and their relevant elements.
We can build on this information and progress to a framework of internal controls by setting out the
principles for each component.

Study Activity 5

Study COSO (2013:6-7)

Take the five sheets of paper and turn them over. Now for each component, describe the principles
belonging to that component.

These five sheets of material you must use to prepare yourself for the examination. You have now
learned about a very important section on internal control. It is the foundation make sure it is solid.

In a practical work-related situation, auditors would be required to obtain an understanding of a

client’s internal controls as part of their audit evidence. That is where this framework becomes
useful. For example, principle 1 states: The organisation demonstrates a commitment to integrity
and ethical values. To obtain an understanding of a client’s internal control, the auditor would mere
explore the following question: What measures does an organisation have in place to demonstrate
a commitment to integrity and ethical values?

In the examination the principles can be assessed as follows: I could either to require you to
describe the relevant principles for a component, say for risk assessment. Or require of you to
identify a principle or element that does not belong to a particular component (short or multiple-
choice questions).

35
3.7 SUMMARY AND SELF-ASSESSMENT

In this study unit we had a looked at context of internal control in an organisation. We formulated a
definition of internal control and noted its limitations. We then examined the five componts of
internal control with their relevant elements. Based on this backgound we examined the principles
of internal control.

After having worked through the learning unit and the study references are you able to
• define internal control
• describe the limitations of internal control
• list the five components of internal control
• link the elements of control to each of the five components of internal control
describe the principles of internal control

This topic dealt with the selected aspects of the internal control. In the next topic, we will discuss
the role of the internal audit function in the organisation.

36
 AUE1501/501/3/2021

TOPIC 2

2 TOPIC 2: THE INTERNAL AUDITOR

TOPIC OVERVIEW

In this topic you will be introduced to the internal auditing profession and the profession’s main
area of work focus. Some of you may pursue the internal auditing profession or work directly
with the internal auditors in the work context, so attend to this topic with an open mind. The
public must rely on the services provided by a professional and therefore members of a
profession are expected to behave in a certain manner. To this end, the professional conduct of
internal auditors is discussed. The topic concludes with the role of internal auditors in the
capacity of corporate governance.

At the completion of this topic you should be able to demonstrate an informed understanding of
the key terms, concepts, facts, general principles, rules and theories of the internal auditing
profession.

This topic is divided into the following learning units:

Page
Learning unit Title

4 Introduction to internal auditing 38

5 The responsibilities of the internal auditor 44

6 Professional conduct requirements for internal auditors 46

7 Internal audit and good corporate governance 50

37
 LEARNING UNIT 4

LU 4: INTRODUCTION TO INTERNAL AUDITING

In this learning unit we are going to

• discuss the organisational position of the internal auditor
• define the internal audit function
• introduce the Institute of Internal Auditors (SA)

4.1. INTRODUCTION

In Learning Unit 1 we spoke of you starting your own business. Assume your business has
grown and you need funding to expand. You want to list your company on the stock exchange
to raise funds through issuing shares to the public. Who do you think will invest in your company
and why? Many factors will be considered.

Now ask yourself this question: Will you invest your hard-earned money in any business? The
answer will likely be no, you don’t want to gamble. You would probably invest in a business that
is, inter alia, well managed. In other words, a business managed in terms of the code of
corporate governance principles. In Learning Unit 2 you were introduced to corporate
governance. If you look at the 17 principles listed in the King IV Code on Corporate Governance
you will gather that corporate governance is about strengthening the relationship between
management (board of directors), and stakeholders (shareholders, creditors, employees, and
the general public). If you reflect on the above, management has a huge responsibility to
society.

In this learning unit we are going to look at the internal audit function as a component of
ensuring good corporate governance and explore the career possibilities of the internal auditor.

4.2. POSITIONING THE INTERNAL AUDIT FUNCTION

We realised in Learning Unit 2 that a business has certain risks and the controlling body
(board of directors) and the executive management (which we will refer to as management) are
responsible for establishing the organisation and then ensuring that it operates successfully and
efficiently. The board of directors are responsible mainly for the governance process (i.e.
establishes and maintains corporate policies and provides information about its stewardship –
accountability). The executive management is responsible for conducting the risk management
and control processes. The audit committee is a subcommittee of the board that deals with
financial reporting and related matters on behalf of the board of directors (internal audit activity
and external auditors) (Adams, Diale & Richard 2019:4/28). In terms of the Companies Act,
state-owned companies, listed companies and larger private companies must have an audit
committee.

38
 AUE1501/501/3/2021

Diagram 5 below shows you a bigger picture of the management structure in a large
organisation. The diagram will assist you to better understand the important role that the internal
auditor fulfils within the organisation. Study the diagram. The board of directors reports financial
information to external interested parties in an organisation. The external interested parties
include the shareholders, and other stakeholders for example banks, creditors and regulators.
However, someone must see to it that the information reported by the directors is creditable.
This is the duty of the audit committee.

The audit committee oversees and monitors the audit process. In terms of King IV (2016:55) the
audit committee oversees the effectiveness of the internal and external audit functions and the
integrity of the annual financial statements. Therefore, the audit committee, in its independent
oversight role, fulfils a pivotal role between the external auditor, the internal auditor, executive
management and the board of directors to achieve its objectives.

The executive management (Chief Executive Officer or CEO and Chief Financial Officer or
CFO) fulfil an operational function (day-to-day operations) with the assistance of the internal
audit function. Notice that the internal audit function Chief Audit Executive is on the same level
as that of the executive management and not on a lower level. Therefore, the internal audit
function operates at executive level. One would now ask a very important question: How
“independent” can the internal auditors operate in an organisation that pays their salaries?
Besides the Code of Ethics for internal auditors requiring the internal auditor to function
independently, the internal audit function maintains its independence by reporting to the audit
committee.

Notice the interaction between the internal auditor, external auditor and the audit committee. In
the learning units to follow, we will examine the interaction between the external and internal
auditor.

39
DIAGRAM 5: POSITIONING THE INTERNAL AUDITOR

Management must set goals; plan what has to be done and what means are to be used;
organise to have the necessary means/people available at the right time; give guidance (direct),
and exercise control to ensure that objectives are met; and keep records of all activities so that
they are able to give account of their curatorship over the interests of the stakeholders (Adams,
Diale & Richard 2019:4/6).

The overall objective of an internal audit is determined by the needs of the board and executive
management, and the internal auditor must ensure that these needs are satisfied by the internal
audit report, which he or she submits to the board and the audit committee.

40
 AUE1501/501/3/2021

4.3. DEFINING INTERNAL AUDIT

We begin with a definition of internal auditing. Source: IIA 2020: https://na.theiia.org/standards-

guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx:

The Definition of Internal Auditing states the fundamental purpose, nature, and scope of
internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

To properly grasp any definition, it is important to have a comprehensive understanding of all

the components that make up the definition. The different components of the definition are
described in the Collins online https://www.collinsdictionary.com/ as follows:

INDEPENDENT: free from the control or influence of others

OBJECTIVE: aim or purpose; when used as an adjective, not biased
ASSURANCE: promise or guarantee (assure: convince; make certain)
OPERATION: method or procedure of working
SYSTEMATIC: methodical; according to a plan
DISCIPLINED: able to behave and work in a controlled way
APPROACH: deal with a task in a particular way
EVALUATE: find or judge the value of
IMPROVE: make or become better
EFFECTIVENESS: producing the desired result
RISK: hazard, for example, loss or damage
CONTROL: power to direct something; regulate
GOVERNANCE: government, control or authority; the action, manner or system of
governing

Analysing the meaning of all the different concepts or words in the definition should enhance
your understanding of the definition. Do you see that the definition is very powerfully packed
with meaning and that internal auditing has a fundamental executive function?

From the above definition you can conclude that one expects certain behaviour of the internal
auditor. Imagine if you cannot trust the internal auditors! Therefore, one expects a code of
ethics. The code of ethics states the principles and expectations governing the behaviour of
individuals and organisations in the conduct of internal auditing. It describes the minimum
requirements for conduct and behavioural expectations rather than specific activities.

In addition, one expects the internal auditor when performing their assurance activities to
conform to certain standards. Therefore, the internal auditor is subject to the International
Standards for the Professional Practice of Internal Auditing (the Standards). Standards are

41
principle-focused and provide a framework for performing and promoting internal auditing. The
Standards provide guidance for the conduct of internal auditing at both the organisational and
individual auditor levels. They are the result of careful study, consultation and deliberation about
the basic principles for providing internal audit services.

4.4. THE INSTITUTE OF INTERNAL AUDITORS IN SOUTH AFRICA (IIA-SA)

From the http://www.iiasa.org.za/ website you can gather that the Institute of Internal Auditors
South Africa (IIA SA) is part of an international network representing the interests of internal
auditors worldwide. As a part of this international network, the IIA SA upholds and supports the
fundamental tenets of the profession – the Code of Ethics and the International Standards for
the Professional Practice of Internal Auditing. The IIA SA supports the profession by providing a
wide range of services dedicated to the education and advancement of internal auditors and
dynamically promoting and developing the profession in South Africa. The IIA SA’s objectives
are to build the profession, its credibility and a thriving business environment in South Africa.
The IIA SA serves internal auditors in South Africa by offering Technical Guidance, Professional
Training Programs, Certification Programs, Continuing Professional Development Opportunities,
Conferences and Networking Opportunities.

The Institute of Internal Auditors South Africa (IIA SA) facilitates the advancement of the
profession through an on-the-job training program (professional training program), a test of
competence (internal audit technicians (IAT)), professional internal audit training (PIA) and
certified internal auditors (CIA). Accordingly, all these professional offerings help the internal
auditor’s competence and accountability towards a code of ethics.

The IIA SA offers two professional training programs, namely:

Internal Audit Technician (IAT): This is the first level designation that all internal auditors
entering the profession should obtain. An IAT should be able to perform routine audit tasks,
execute audit programmes, prepare work papers and draft audit findings.

Professional Internal Auditor (PIA): previously known as the General Internal Auditor (GIA) is
the next step in the career path and is a supervisory level designation. A PIA should be able to
perform some senior and supervisory tasks, and conduct multiple audit duties. These include
budgeting, planning, audit program preparation, scheduling, staff monitoring, completion of
special projects with little supervision, and preparation of audit reports.

Certified Internal Auditor (CIA)

The CIA is the premier global designation of the internal auditing profession. The CIA is
recognised by individuals and organisations throughout the world as “The Global Mark of
Excellence in Internal Auditing”.

The professional elements in internal auditing are developed and maintained by the Institute of
Internal Auditors to offer the internal audit practitioners a full range of internal audit guidance.
The Code of Ethics and the professional standards are exemplary to the guidance.

42
 AUE1501/501/3/2021

Video

The following of 7.5 minutes provides you with an overview of what internal auditors do and the
skills required by them.

https://www.youtube.com/watch?v=sJTAWW9xABg

Reflection

Do you think this could be a possible career for you?

4.6. SUMMARY AND SELF-ASSESSMENT

After having worked through the learning unit and the study references, are you able to
• discuss the organisational position of the internal auditor
• define the internal audit function
• share insights about the Institute of Internal Auditors (SA)

In the next learning unit, we are going to look at the role of the internal auditor in more detail.

43
 LEARNING UNIT 5
LU 5: THE RESPONSIBILITIES OF THE INTERNAL AUDITOR

In this learning unit we are going to

• describe the duties associated with internal auditing

5.1 INTRODUCTION

In this learning unit we are going to look at some of the responsibilities of internal auditors. We
will focus on an IIA brochure, namely, All in a day’s work – A look at the varied responsibilities of
internal auditors (additional resources).

5.2 WHAT ARE THE DUTIES OF INTERNAL AUDITORS

Activity

As an introduction read “What do Internal Auditors do?” and “Role of Internal Audit”
https://www.iiasa.org.za/page/About_IA

Study Activity 1

Study All in a day’s work – A look at the varied responsibilities of internal auditors and make
sure you can answer the following questions:

• What is internal auditing?

• What skills do internal auditors have?
• Compare the broad focus of internal auditors and external auditors
• List the responsibilities of internal auditors

Video

How to Succeed as an Internal Auditor

https://www.youtube.com/watch?v=lJuZDvyEBHU

44
 AUE1501/501/3/2021

Activity

Read the following blog https://www.iiasa.org.za/blogpost/889226/326601/Reflections-on-the-

auditing-profession

Discussion 1
Where were the internal auditors?

E-tutor assistance required

You have a clear understanding what the function is of internal auditors.

Consider the following questions and post your thoughts about any of them on the
discussion forum provided for the purpose. If you do not post your own idea, you have
to respond constructively to a post by another student.

Discuss the following practical issues

• In general, what functions can internal auditors fulfill to prevent major corporate
scandals from happening?
• Do you think that the internal auditors could have played a more assertive role in
Eskom and SAAs failures?
• What could have prevented the internal auditors in providing adequate
assurance, insight and objectivity in the above SOEs?

5.3 SUMMARY AND SELF-ASSESSMENT

In this learning unit we learned about the important role of the internal auditor in an organisation and
the value that the internal audit activity can add to an organisation.

After having worked through the learning unit and the study references, are you able to
• describe the duties associated with internal auditing

45
 LEARNING UNIT 6
LU 6: PROFESSIONAL CONDUCT REQUIREMENTS FOR INTERNAL
AUDITORS

In this learning unit we are going to

• explain the professional conduct principles and rules for internal auditors

6.1 INTRODUCTION

We know that the internal auditor performs independent assignments on behalf of the board of
directors of the company (Adams, Diale & Richard 2019:1/3). In the previous learning unit we
examined the various functions performed by the internal auditor. We will now examine the
professional conduct of internal auditors.

Like for soccer, there must be rules for the team players in an audit team. The internal auditor
has to behave in a certain way so that reliance can be placed on the assurance he/she provides
to management, the board and the audit committee. Remember: corporate governance is as
strong as its weakest link. Therefore, if the internal auditors behave unethically, then the
important function that they are supposed to fulfil in corporate governance, collapses.

The code of ethics of the Institute of Internal Auditors (IIA) comprises the principles relevant to
the profession and practice of internal auditing and rules of conduct that describe the behaviour
expected of internal auditors. This learning unit presents the purpose of the IIA’s code of ethics,
applicability, principles and rules of conduct.

6.2 PURPOSE OF THE CODE OF ETHICS

The IIA Code of Ethics is found on the IIA’s website. You can access the Code of Ethics at
https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-of-Ethics.aspx

The Code of Ethics is recognised in terms of the International Standards for the Professional
Practice of Internal Auditing (the Standards). The purpose of the Institute's Code of Ethics is to
promote an ethical culture in the profession of internal auditing. A code of ethics is necessary
and appropriate for the profession of internal auditing, founded as it is on the trust placed in its
objective assurance about governance, risk management and control. (Source:
https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-of-Ethics.aspx)

The Institute's Code of Ethics extends beyond the definition of internal auditing to include two essential
components:

1. principles that are relevant to the profession and practice of internal auditing

2. rules of conduct that describe behavioural norms expected of internal auditors

46
 AUE1501/501/3/2021

These rules are an aid to interpreting the principles into practical applications and are intended
to guide the ethical conduct of internal auditors.
"Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications,
and those who perform internal audit services within the definition of internal auditing.

6.2.1 Applicability and enforcement of the Code of Ethics

This Code of Ethics applies to both entities and individuals that perform internal audit services.
For IIA members and recipients of or candidates for IIA professional certifications, breaches of
the Code of Ethics will be evaluated and administered according to the Institute's bylaws and
administrative directives. The fact that a particular conduct is not mentioned in the Rules of
Conduct does not prevent it from being unacceptable or discreditable, and therefore, the
member, certification holder, or candidate can be liable to disciplinary action.

Video
Culture of Ethics Part 1 and 2
https://www.youtube.com/watch?v=oBH5vZTdRyI
https://www.youtube.com/watch?v=7R5ZjMtQdpk

Video
Deadly Internal Audit Sins
https://www.youtube.com/watch?v=WbPx6jMgbYA
6.3 THE PRINCIPLES AND RULES OF CONDUCT

Study Activity 6.1

Consult the “Code of ethics” as referred to in 6.2 above.
List and describe the four principles that internal auditors are expected to apply and uphold.
For each of the principles, describe the rules of conduct.
Suggested solution
1. The four principles

Reference: International Professional Practice Framework of the Institute of Internal Auditors, 2009
found in https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-of-
Ethics.aspx
1. Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on
their judgment.

47
2. Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating and
communicating information about the activity or process being examined. Internal auditors make
a balanced assessment of all the relevant circumstances and are not unduly influenced by their
own interests or by others in forming judgments.

3. Confidentiality
Internal auditors respect the value and ownership of information they receive and do not
disclose information without appropriate authority unless there is a legal or professional
obligation to do so.
4. Competency
Internal auditors apply the knowledge, skills and experience needed in the performance of
internal audit services.
Based on the above principles, the rules of conduct are formulated.

2 The rules of conduct for each principle

Reference: International Professional Practice Framework of the Institute of Internal Auditors, 2009
found in https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-of-
Ethics.aspx

1 Integrity

Internal auditors

• shall perform their work with honesty, diligence, and responsibility

• shall observe the law and make disclosures expected by the law and the profession
• shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to
the profession of internal auditing or to the organization
• shall respect and contribute to the legitimate and ethical objectives of the organization.

Reflection
Consider how integrity affected you this week in decisions that you had to make

Video
Violating The IIA’s Code of Ethics: A Scenario to Consider, Part 4

https://www.youtube.com/watch?v=PE9XyPNKPJ4

2 Objectivity

Internal auditors:

• shall not participate in any activity or relationship that may impair or be presumed to impair their
unbiased assessment. This participation includes those activities or relationships that may be in
conflict with the interests of the organisation
• shall not accept anything that may impair or be presumed to impair their professional judgment
• shall disclose all material facts known to them that, if not disclosed, may distort the reporting of
activities under review.

48
 AUE1501/501/3/2021

3 Confidentiality

Internal auditors:

• shall be prudent in the use and protection of information acquired in the course of their duties
• shall not use information for any personal gain or in any manner that would be contrary to the
law or detrimental to the legitimate and ethical objectives of the organisation.

Video
Violating The IIA’s Code of Ethics: A Scenario to Consider, Part 3

https://www.youtube.com/watch?v=d32f8NsPDMs

4 Competency

Internal auditors:

• Shall engage only in those services for which they have the necessary knowledge, skills, and
experience
• Shall perform internal audit services in accordance with the International Standards for the
Professional Practice of Internal Auditing (Standards)
• Shall continually improve their proficiency and the effectiveness and quality of their services.

Video

Violating The IIA’s Code of Ethics: A Scenario to Consider, Part 2

https://www.youtube.com/watch?v=L7TrNyYk95E

6.4 SUMMARY AND SELF-ASSESSMENT

In this learning unit we had a look at the professional conduct of the internal auditor. We also
had a look at its applicability to the individual and organisations practicing internal auditing.

After having worked through the learning unit and the study references are you able to

explain the professional conduct principles and rules for internal auditors?

In the next learning unit, we will discuss the role of internal audit in good corporate governance.

49
LEARNING UNIT 7

LU 7: INTERNAL AUDIT AND GOOD CORPORATE GOVERNANCE

In this learning unit we are going to

• explain the role of internal audit in terms of good corporate governance
• read an academic article on internal audit and corporate governance

7.1. INTRODUCTION

In Learning Unit 2, we looked at leadership, organisational ethics and responsible corporate

citizenship (the first three principles of King IV). We also focussed on the board and its directors.
I think that by now you have a good understanding of the objectives and value that internal
auditors add to business and how they should behave. In this learning unit we are going to refer
again to the King Code IV and we will focus on Principle 15 of King IV dealing with assurance
that relates to the internal auditor.

Principle 15: The governing body should ensure that assurance services and functions enable an
effective control environment, and that these support the integrity of information for internal decision-
making and of the organisation's external reports. King IV (2016:68)

As part of good governance, the internal auditor is commonly known to be involved in

measuring the compliance with the entity's policies and procedures. The internal auditor advises
management and the board of directors with its committee structures regarding how to better
execute their oversight responsibilities (Adams, Diale & Richard 2019:4/46).

7.2. THE RECOMMENDED PRACTICES PERTAINING TO INTERNAL AUDIT

Activity

This is an important activity. Study King IV (2016:69) Internal audit paragraphs.

Using the above study reference and Diagram 6 below, write a short concise essay explaining
the role of the internal audit function and good corporate governance. Start your essay with
“Internal audit” and build in all the elements contained in the diagram into your essay. The
completed essay forms part of your learning material.

50
 AUE1501/501/3/2021

DIAGRAM 6: OVERVIEW OF THE INTERNAL AUDIT FUNCTION AND THE AUDIT

COMMITTEE

51
7.3 THE ROLE OF INTERNAL AUDIT FUNCTION ON CORPORATE GOVERNANCE AND
MANAGEMENT

This section is very important because it summarises what we have learned in this topic so far and
ties up all the loose ends. Furthermore, we examine it from an international perspective and come
to the realisation that corporate governance is a global phenomenon.

You are required to read the academic article: G Kontogeorgis, (2018). The Role of Internal Audit
Function on Corporate Governance and Management. International Journal of Accounting and Financial
Reporting 2018, Vol. 8, No. 4. (Found in Additional resources). While reading the article, focus on
the bullet items in the Tutor Guidance below and consult with your tutor about the article if
necessary. Compile notes while reading the article.

Tutor Guidance

Faclitate your group to work through and understand the content of the article. The
following structure is provided.

• The meaning of corporate governance

• Why corporate governance is important
• Note Sawyer’s (2003) definition of internal auditing
• The role of standards IPPF
• Why the internal auditor is well positioned to fulfil the corporate governance
• The importance of the audit committee
• Definition of internal controls
• The expanded role of the internal auditor
• Reflect on the conclusion paragraph

SUMMARY AND SELF-ASSESSMENT

In this learning unit we had a look at the role of internal audit in good corporate governance. The
discussion in this study unit focused on the need for and the role of internal audit in assuring
good corporate governance.

After having worked through the learning unit and the study references, are you able to

• explain the role of internal audit in terms of good corporate governance?

• pass a test about what you have read in the academic article?

In the next topic, we will discuss the function of the external auditor.

52
 AUE1501/501/3/2021

TOPIC 3
3 TOPIC 3: THE EXTERNAL AUDITOR

TOPIC OVERVIEW

In this topic we will introduce you to the external auditing profession and some of the accounting
bodies. We will then examine some of the functions of the external auditor fulfills. As was the case
with the internal auditor, the external auditor is a professional. Professionals must behave in a
certain manner to maintain the trust of the public. Therefore, in Learning Unit we will examine
professional conduct. The topic closes with the relationaship between external and internal auditors
in proctice.

The aim of this topic is to guide you in acquiring an informed understanding of the key terms,
concepts, facts, general principles, rules and theories of the external auditing profession.

This topic is divided into the following learning units:

Learning units Title Page

8 The development of the external auditing profession 54

9 Assurance by the external auditor 60

10 Professional conduct requirements for external auditors 65

11 The relationship between internal and external auditors 71

53
 LEARNING UNIT 8
LU 8: THE DEVELOPMENT OF THE EXTERNAL AUDITING PROFESSION

In this learning unit we are going to

• discuss basic aspects regarding the external auditing profession

8.1. INTRODUCTION

This learning unit presents an overview of the development of the profession of external
auditing. In the previous learning unit we worked with the King Code of Governance Principles,
in particular the internal audit. In Learning Unit 4 we looked at the role of the audit committee in
the appointment and overseeing the planning and execution of the external audit. Now go back
to Learning Unit 4, diagram 5. Let’s recap: Where are we now in the operational business
environment represented in diagram 5? You have learned about the audit committee (go and
tick it), internal audit (go and tick it), and operational management (go and tick it). We are now
going to look at the independent auditor (external auditor).

8.2. THE EXTERNAL AUDITING PROFESSION

Discussion 8.1
The aim of this discussion is to provide you some insight to the auditing
profession and its challenges

E-tutor assistance required

Consider the following question and post your thoughts about it on the discussion
forum provided for the purpose. If you do not post your own idea, you must respond
constructively to a post by another student.

The discussion is needed to create a context of what we are going to learn in the topic.
Reflect on the following question:

With reference to diagram 5 in Learning Unit 4, do we really need external auditors

(think of their roles) and if so, explain why auditors are important?

Recently we became aware of auditors obtaining a bad reputation due to scandals. In

the following video we will see the dilemma when the public questions the reliability of
the auditors’ work and plans by the Independent Regulatory Board for Auditors (IRBA)
to restore the public’s confidence. Note how many problems can be ascribed to
behaviour – something that you have control over.

54
 AUE1501/501/3/2021

Video

https://www.youtube.com/watch?v=954XmdS6UQY&feature=youtu.be
(24 minutes)

Discuss what can be done, at all levels, to restore the public’s confidence in auditors.

The following is a link to the strategic plan mentioned in the video. You need only to
read the executive summary:
https://www.irba.co.za/upload/IRBA%20Strategic%20Plan%202016%20to%202021.pdf

8.2.1 The Auditing Profession Act

The Auditing Profession Act (Act 26 of 2005) (APA) regulates the External Auditing Profession
by instituting the Independent Regulatory Board for Auditors (IRBA), which has the responsibility
of controlling the auditing profession in South Africa. In other words, the APA created IRBA. An
external auditor must complete the education, training and professional requirements before
he/she can register as a Registered Auditor (RA) with IRBA.

Differentiate between a RA and CA(SA)

The South African Institute of Chartered Accountants (SAICA)

(https://www.saica.co.za/Default.aspx) is an accredited professional body. IRBA outsources the
education, training and professional requirements to SAICA. Remember, there is a difference
between a Registered Auditor (RA) and a Chartered Accountant (South Africa) (CA(SA)). The
CA(SA) is a professional accounting (not auditing) designation. A prospective RA has to
undergo all the CA(SA) education and training requirements and an additional specialised
auditing professional development period of 18 months before he/she can register as a RA.
Therefore, a CA(SA) is not automatically a RA.

Currently to register as a member of the IRBA as a RA, an individual must in essence achieve
the following:
• Satisfy the educational requirements of SAICA, i.e. obtain a recognised qualification from
an accredited university, and pass the Initial Test of Competence (ITC) and the
Assessment of Professional Competence (APC)
• Complete a training contract in public practice (in a registered training office).
• Obtain an audit specialist qualification.

Go and explore the IRBA website and focus on “about” IRBA and what they do
http://www.irba.co.za/.

So what does a person who is a Registered Auditor do (RAs)?

An external auditor is an independent professional who conducts external audits of companies. An
external auditor expresses an opinion on the fair presentation of companies’ financial statements.
In expressing the opinion an auditor would typically audit the accounting systems, procedures and
financial statements of a company, and would evaluate the way in which the company manages
corporate funding and financial risk. An auditor would also ensure that a company complies with all the
legal requirements of its business and that tax payments are correct and in line with tax legislation and
requirements.
So why does the country need Registered Auditors (RAs)?
Registered Auditors add credibility to the financial statements of companies

(Source https://www.irbalearning.co.za/what-is-an-ra/learners)

55
Section 90 of the Companies Act No 71 of 2008 requires that all public companies, state-owned
companies and certain private companies with a prescribed public interest score, to appoint a
registered auditor. Furthermore, corporate governance requires public companies and state-
owned companies to appoint an audit committee who in return must appoint external auditors.
Users of annual financial statements like banks will rely on audit reports accompanying the
annual financial statements and therefore indirectly also require external auditors. The
appointment of external auditors is to improve the creditability of the annual financial
statements. The auditing profession acts in the public interest and therefore must be regulated.
The Auditing Profession Act 26 of 2005 allows for the establishment of IRBA. IRBA has the
responsibility of looking after the professional interests of auditors. It deals with such matters as
registration, education and training, accrediting professional bodies (such as SAICA) for
membership, and prescribing standards of competence and ethics. The IRBA is also there to
protect the public in their dealings with registered auditors, and to discipline IRBA members who
“break the rules”.

8.2.2 Accounting bodies

There are a few accounting bodies in South Africa and you can explore each body’s website if
you are interested in an accounting career. Remember, members of the accounting bodies may
not be public auditors – only RAs.

The South African Institute of Chartered Accountants (SAICA):

https://www.saica.co.za/Default.aspx
The Association of Chartered Certified Accountants (ACCA):
http://www.accaglobal.com/za/en/qualifications/glance/acca/overview.html
The Charted Institute of Management Accountants (CIMA):
http://www.cimaglobal.com/Our-locations/Africa/South-Africa/
The South African Institute of Professional Accountants (SAIPA):
http://www.saipa.co.za/

56
 AUE1501/501/3/2021

DIAGRAM 7: EXTERNAL AUDITOR AND ACCOUNTING BODIES

Offering accounting services such as bookkeeping, taxation, management or financial advice is

not restricted to members of SAICA. As indicated above, there are other accounting bodies
such as SAIPA, ACCA or CIMA who also offer these services, but if an individual or firm wishes
to offer auditing services they must be, in terms of the Auditing Profession Act, registered with
the Independent Regulatory Board for Auditors (IRBA).

8.3. THE NATURE OF PROFESSIONAL STATUS

What does it mean to be a professional?

Internet Activity

Google “professional” and find a definition of the word.

____________________________________________________________________________
___________________________________________________________________________

57
Reflect

Will you allow an unqualified inexperienced person who calls him-/herself a doctor to operate on
you? If not, what are your reasons?
____________________________________________________________________________
______________________________________________________

Did you notice that your reasons tied up with the definition of a professional? ___

Up to now you have noticed that internal auditors, registered auditors, chartered accountants
are referred to as professionals. What qualities should a professional accountant possess?

Internet Activity

Google “Characteristics of a Professional Accountant” and list at least five characteristics that a
professional accountant should demonstrate.

Suggested Solution 8.1

1. Specialised knowledge and skills 4.
2. 5.
3.

2.5 PRONOUNCEMENTS WHICH REGULATE THE AUDITING PROFESSION

Auditors must behave in a certain way and perform their work in terms of internationally
recognised standards. South Africa follows the International Standards on Auditing (ISAs) which
are professional standards for the auditing of financial information. These standards are issued
by the International Federation of Accountants (IFAC) through the International Auditing and
Assurance Standards Board (IAASB).

The ISAs provide the standards which the auditor must attain and provide guidance on how this
should be done. The ISAs do not provide detailed lists of audit procedures; this is left up to the
individual auditor or audit firm, for example, auditing firm A will have their particular methods of
doing things and auditing firm B will have their own methods. Auditing is not an exact science
and, provided the ISAs are complied with, an audit of the appropriate quality will be achieved.

The ISAs cover the entire audit process. They provide guidance ranging from preliminary
engagement activities, through planning the audit, gathering sufficient appropriate evidence, and
deciding on the appropriate audit opinion.

58
 AUE1501/501/3/2021

Video

Watch the following video to understand why auditing standards are needed and that South Africa
follows the ISAs issued by the IAASB.

https://www.youtube.com/watch?v=TdkTSbvejvM (5:45 minutes)

8.4 SUMMARY AND SELF-ASSESSMENT

In this study unit we had a look at the external auditing profession. We also had a look at the
pronouncements that regulate the external auditing profession.

After having worked through the learning unit and the study references are you able to

• discuss the basic aspects regarding the external auditing profession?

In the next study unit, we will discuss the role of the external auditor.

59
 LEARNING UNIT 9
LU 9: ASSURANCE BY THE EXTERNAL AUDITOR

In this learning unit we are going to

• explain the objective of an audit
• identify the level of assurance provided by external auditors
• identify organisations subject to a financial statement audit

9.1. INTRODUCTION

In the previous learning unit we looked at the auditing profession and noticed that it is highly
regulated through legislation, standards and codes. Although external auditors perform many
different functions in practice (non-assurance engagements), for the purposes of this module
the main function of the external auditor registered with the IRBA is to perform the external audit
of financial statements (assurance engagements). So, what do auditors really do when they
audit financial statements? All the auditor’s work is summarised in an audit report that
accompanies the annual financial statements. Therefore, the undersigning of the auditor’s work
is reflected in the audit report.

9.2. THE EXTERNAL AUDITOR

The following is an example of an unmodified audit opinion extracted from the audit report. Note
that this is the type of opinion that a business aspires for:

Opinion

We have audited the financial statements of ABC Company (the Company), which comprise the
statement of financial position as at December 31, 20X1, and the statement of comprehensive income,
statement of changes in equity and statement of cash flows for the year then ended, and notes to the
financial statements, including a summary of significant accounting policies. In our opinion, the
accompanying financial statements present fairly, in all material respects, (or give a true and fair
view of) the financial position of the Company as at December 31, 20X1, and (of) its financial
performance and its cash flows for the year then ended in accordance with International Financial
Reporting Standards (IFRSs). ISA 700 (Revised)

Activity 9.1

Explain to a friend what an audit entails by formulating your own definition from the following two
extracts:

In terms of the IRBA Manual of Information (2014:1/11) an audit means

the examination of, in accordance with prescribed or applicable auditing standards - (a) financial statements
with the objective of expressing an opinion as to their fairness or compliance with an identified financial

60
 AUE1501/501/3/2021

reporting framework and any applicable statutory requirements; or (b) financial and other information,
prepared in accordance with suitable criteria, with the objective of expressing an opinion on the financial and
other information;

In terms of ISA 700 (Revised), the objectives of the auditor are:

(a) To form an opinion on the financial statements based on an evaluation of the conclusions drawn from the
audit evidence obtained; and
(b) To express clearly that opinion through a written report.

My own understanding of an audit, using different words from those appearing in the
descriptions above:

____________________________________________________________________________
____________________________________________________________________________
__________________________________________

Internet Activity 9.1

The purpose of this activity is to illustrate to you what an audit report looks like in real life.

We all have bought something from Shoprite, so let’s go to their annual financial statements.
Google “annual financial statements Shoprite” and then select and open an example of their
latest annual financial statements. Scroll through the document (heavy stuff) but all I want you
to do is to read the page titled “Independent Auditor’s Report to the Shareholders of Shoprite
Holdings Limited”. Note that the report sets out the director’s responsibilities, the auditor’s
responsibilities and the audit opinion. This is an example of an audit report issued by an auditor
after completing an audit. Save the page of the independent audit report to complete Activity
9.2.

9.3. LEVELS OF ASSURANCE

What are the levels of assurance that the auditor can provide (it depends on the scope of the
audit)? The work performed by the auditor can be divided into four levels of assurance as
indicated in diagram 8.

61
DIAGRAM 8: LEVELS OF ASSURANCE

For the “standard” audit, the auditor aims for reasonable assurance. The auditor does not certify
or confirm the absolute correctness of financial information, but rather, expresses an opinion on
the financial statements been fairly presented in terms of an accepted accounting framework.
The audit is designed to provide reasonable assurance that the financial statements, taken as
a whole, are free of material misstatement, not that they are one hundred per cent correct. The
ISA, defines reasonable assurance as a “high but not absolute” level of assurance.

To this end, the level of assurance provided is explained in the auditor’s report. The following
paragraph is an extract from standard audit report explaining the level of assurance provided by
the auditor:

Auditor’s Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes
our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit
conducted in accordance with ISAs will always detect a material misstatement when it exists. Misstatements
can arise from fraud or error and are considered material if, individually or in the aggregate, they could
reasonably be expected to influence the economic decisions of users taken on the basis of these financial
statements. ISA 700 (Revised)

After reading the above extract, are you able to determine the level of assurance provided by
the auditor in terms of Diagram 9?
Activity 9.2
Refer to the independent auditor’s report of Shoprite’s annual financial statements. Are you able
to identify the level of assurance provided by their auditors in terms of Diagram 8?

62
 AUE1501/501/3/2021

9.4. BUSINESSES SUBJECT TO AN AUDIT

In Learning Unit 8 we referred to the Companies Act and identified which companies are subject
to an audit. Determining which businesses are subject to an audit depends on the extent to
which the annual financial statements will affect or influence the general public. Therefore, all
public companies and state-owned companies will automatically be subject to an audit. What
about the private companies and close corporations? The audit of financial statements is
legislated to protect the general public. For example, it will be senseless for a very small
company (low turnover), with one shareholder and three employees to be subjected to an audit
– the audit fee alone will bankrupt them! An independent review will be adequate for the banks
and SARS.

So which companies must be audited? A private company or close corporation with a public
interest (PI) score of 350 points and above is subject to an audit in terms of the Companies Act.
To calculate the Public Interest Score (PIS) the following criteria are used. Notice that the
criteria are intended to protect public exposure (interest).
(Source: http://www.cipc.co.za/index.php/manage-your-business/compliance-and-recourse )

Aspects to consider when calculating the PIS:

• Number of employees (or average over a financial year, if this number varies from year
to year) – 1 point per employee.
• Third party liabilities – 1 point per R1 million (or portion of)
• Turnover – 1 point per R1 million (or portion of)
• Number of shareholders – 1 point per shareholder (irrespective of how many shares
they hold individually).

9.5. THE FINANCIAL STATEMENT AUDIT ENGAGEMENT

Close corporations and private companies with a public score of 350 points and more are
subject to a financial statement audit. All public and state-owned companies, regardless of their
public interest score, are subject to a financial statement audit. Private companies with a public
score between 100 to 349, who compile their own annual financial statements, are also subject
to a review. The level of assurance provided by a financial statement review is one of
“reasonable assurance”. Refer to Diagram 9 and note the level of assurance provided when the
auditor or registered accountant provides a review, i.e. limited. Remember in Learning Unit 8 we
gathered that registered accountants cannot perform a standard audit but that only Registered
Auditors may do so. However, registered accountants may perform a review.

9.6 SUMMARY AND SELF-ASSESSMENT

In this study unit we discussed the role of the external auditor.

After having worked through the learning unit and the study references are you able to

63
• explain the objective of an audit?
• identify the level of assurance provided by external auditors?
• identify organisations subject to a financial statement audit?

In the next learning unit we will discuss the professional conduct requirements for external
auditors.

64
 AUE1501/501/3/2021

LEARNING UNIT 10
LU 10: PROFESSIONAL CONDUCT REQUIREMENTS FOR EXTERNAL
AUDITORS

In this learning unit we are going to

• provide an overview of the SAICA and IRBA codes of professional conduct

10.1. INTRODUCTION

In the previous learning unit we gathered that all public, state-owned and private companies,
subject to the public interest score, are subject to an audit. The duty to perform an audit is
legislated by law (Companies Act) to protect the general public. Due to the nature of the
auditor’s duties it is essential that the auditor be seen (perceived) by the public as being a
professional. If auditors were to lose their professional status then the profession would become
as extinct as the dinosaurs. A financial scandal like Enron resulted in the collapse of an
international audit firm. Therefore, both SAICA and IRBA will guard their professional status with
all that they have. The professional conduct of their members is considered in a very serious
light and has codes of conduct to govern their members’ behaviour. Although these principles
apply to auditors and CAs, you can adapt them to your own lifestyle.

10.2. THE SAICA AND IRBA CODES OF PROFESSIONAL CONDUCT

There are two Codes of Professional conduct which provide ethical guidance to professional
accountants and auditors in South Africa respectively, namely the South African Institute of
Chartered Accountants (SAICA) Code of Professional Conduct and the Independent Regulatory
Board for Auditors (IRBA) Code of Professional Conduct. These codes are very similar, and we
are going to examine some of the principles, threats and safeguards.

10.3. INTRODUCTION TO THE IRBA CODE OF PROFESSIONAL CONDUCT

In this section we are going to examine the IRBA Code of professional conduct. We will be
referring to the Manual of Information issued by IRBA (additional resources).

The existence of the auditing profession is based on their responsibility to act in the interest of
the public. One may then ask how should auditors conduct themselves in an ethically and
professional manner to keep the public’s trust? To this end, the Code of professional conduct
establishes the fundamental principles of ethical behaviour and provides a conceptual
framework which the auditor can apply to the various ethical situations. The auditor then
identifies the various threats of a potential situation and then considers the various safeguards.

65
10.3.1 The fundamental principles

Internet Activity

Before continuing, Google the meaning of the words “integrity” and “objectivity” and note the
difference between the two.

The following table is an extract from the Manual of Information IRBA (2014:4/20-4/21) listing
the five principles with their meaning).

Principle Means to…

1. Integrity be straightforward and honest in all professional and business

relationships. Integrity implies fair dealing and truthfulness.

Therefore, no association with reports, returns, communications or

other information where the registered auditor believes that the
information:
(a) Contains a materially false or misleading statement;
(b) Contains statements or information furnished recklessly; or
(c) Omits or obscures information required to be included where such
omission or obscurity would be misleading.
2. Objectivity not allow bias, conflict of interest or undue influence of others to
override professional or business judgments.

Therefore, to not perform a professional service if a circumstance or

relationship biases or unduly influences the registered auditor’s
professional judgment with respect to that service.
3. Professional maintain professional knowledge and skill at the level required to
competence and ensure that a client receives competent professional services based
due care on current developments in practice, legislation and techniques and
act diligently and in accordance with applicable technical and
professional standards.

Diligence encompasses the responsibility to act in accordance with

the requirements of an assignment, carefully, thoroughly and on a
timely basis.

Therefore, to not undertake or continue with any engagement which

the registered auditor is not competent to perform, unless he/she
obtains advice and assistance which enables him/her to carry out the
engagement satisfactorily.
4. Confidentiality respect the confidentiality of information acquired as a result of
professional and business relationships and, therefore, not disclose
any such information to third parties without proper and specific
authority, unless there is a legal or professional right or duty to
66
 AUE1501/501/3/2021

Principle Means to…

disclose, nor use the information for the personal advantage of the
registered auditor or third parties.

5. Professional comply with relevant laws and regulations and avoid any action that
behaviour discredits the auditing profession.

Self-Reflection

Think of two recent events in your personal life where you unknowingly demonstrated both
integrity and objectivity.

For example, telling a friend the truth, for example about her hairstyle (objectivity) or refusing to
pay a traffic officer a bribe and accepting the fine when you know you were in the wrong
(integrity).

10.3.2 The conceptual framework approach

We know that in terms of the Code that the auditor must comply with the five fundamental
principles (IRBA 2014:4/21). However, it would be impossible to define every situation that
creates threats to compliance with the fundamental principles and specify the appropriate
action. Therefore, a conceptual framework approach is followed. A conceptual framework
approach requires a registered auditor to identify, evaluate, and address threats to compliance
with the fundamental principles. This approach prevents the auditor to identify loopholes in the
Code.

The steps followed by the auditor in applying the conceptual framework approach is to use
professional judgement to identify the threats to compliance with the fundamental principles,
evaluate the identified threats and address the threats by either eliminating them or reducing
them to an acceptable level (IRBA 2014:4/22). To be able to do this, the auditor must
understand the fundamental principles, have knowledge of the type of threats that may arise
and the safeguards which may be applied.

10.3.3 Threats

Based on the above principles the code went further and identified some practical factors that
need to be considered by the auditor. These factors are referred to as threats. The following five
threats are identified in the code (IRBA 2014:4/23):

Threats Core concept

1 Self-interest: the threat that a financial or other interest will inappropriately influence the
registered auditor’s judgment or behaviour.

67
 Examples (IRBA 2014:4/32):

• A member of the assurance team having a direct financial interest in the

assurance client.

• A firm having undue dependence on total fees from a client.

• A member of the assurance team having a significant close business

relationship with an assurance client.

• A firm being concerned about the possibility of losing a significant client.

• A member of the audit team entering into employment negotiations with the
audit client.

• A firm entering into a contingent fee arrangement relating to an assurance

engagement.
2 Self-review: the threat that a registered auditor will not appropriately evaluate the results
of a previous judgment made or service performed by the registered auditor,
or by another individual within the registered auditor’s firm, on which the
registered auditor will rely when forming a judgment as part of providing a
current service.

All that the above is saying is a self-review threat exists when an auditor
must review work that they previously or are associated with) performed
(and the chances are that the auditor will not appropriately evaluate those
results

Examples (IRBA 2014:4/33):

• A firm issuing an assurance report on the effectiveness of the operation of

financial systems after designing or implementing the systems.

• A firm having prepared the original data used to generate records that are
the subject matter of the assurance engagement.

• A member of the assurance team being, or having recently been, a director

or officer of the client.

• A member of the assurance team being, or having recently been,

employed by the client in a position to exert significant influence over the
subject matter of the engagement.

• The firm performing a service for an assurance client that directly affects
the subject matter information of the assurance engagement.
3 Advocacy: the threat that a registered auditor will promote a client’s position to the point
that the registered auditor’s objectivity is compromised.

Examples (IRBA 2014:4/33):

•The firm promoting shares in an audit client.

• A registered auditor acting as an advocate on behalf of an audit client in

68
 AUE1501/501/3/2021

litigation or disputes with third parties.

4 Familiarity: the threat that due to a long or close relationship with a client, a registered
auditor will be too sympathetic to their interests or too accepting of their work

Examples (IRBA 2014:4/33):

• A member of the engagement team having a close or immediate family

member who is a director or officer of the client.

• A member of the engagement team having a close or immediate family

member who is an employee of the client who is in a position to exert
significant influence over the subject matter of the engagement.

• A director or officer of the client or an employee in a position to exert

significant influence over the subject matter of the engagement having
recently served as the engagement partner.

• A registered auditor accepting gifts or preferential treatment from a client,

unless the value is trivial or inconsequential.

• Senior personnel having a long association with the assurance client.

5 Intimidation: the threat that a registered auditor will be deterred from acting objectively
because of actual or perceived pressures, including attempts to exercise
undue influence over the registered auditor.

Examples (IRBA 2014:4/34):

• A firm being threatened with dismissal from a client engagement.

• An audit client indicating that it will not award a planned non-assurance

contract to the firm if the firm continues to disagree with the client’s
accounting treatment for a particular transaction.

• A firm being threatened with litigation by the client.

• A firm being pressured to reduce inappropriately the extent of work

performed in order to reduce fees.

• A registered auditor feeling pressured to agree with the judgment of a client

employee because the employee has more expertise on the matter in
question.

• A registered auditor being informed by a partner of the firm that a planned

promotion will not occur unless the registered auditor agrees with an audit
client’s inappropriate accounting treatment.

10.3.4 Safeguards

Rather be safe than sorry! The auditor is obliged to apply measures that will reduce the threat to
an acceptable level. Safeguards are divided into two categories, namely:

69
• safeguards created by the profession, legislation or regulation
• safeguards in the work environment

The first category is regulatory measures brought about by the profession and legislation, for
example, the auditor must rotate after five years to enhance objectivity. These are rules and
must be complied with.

The second category is how the auditor manages his/her business that will contribute to good
management procedures. For example, leadership of the firm that stresses the importance of
compliance with the fundamental principles, quality control procedures and implementation
thereof.

For a complete list of the examples of safeguards you may refer to the Manual of Information
(IRBA 2014:4/34).

10.4 THE SAICA CODE OF PROFESSIONAL CONDUCT

In this section we examine SAICA’s Code of professional conduct. We have already examined
the IRBA Code of Professional Conduct for Registered Auditors. Open and read the following
link http://classtelevision.blogspot.com/p/auditing-saica-code-of-professional.html (It is not
necessary to watch the videos)

Note the similarities between the two codes (IRBA and SAICA). Furthermore, the content in the
above link reinforces what we have learned.

10.5 SUMMARY AND SELF-ASSESSMENT

In this learning unit we discussed the professional requirements of external auditors. The SAICA
and IRBA codes of professional conduct were also emphasised.

After having worked through the learning unit and the study references, are you able to

• provide an overview of the SAICA and IRBA codes of professional conduct?

In the next learning unit we will discuss the relationship between internal and external auditors.

70
 AUE1501/501/3/2021

LEARNING UNIT 11
LU 11: THE RELATIONSHIP BETWEEN INTERNAL AND EXTERNAL
AUDITORS

In this learning unit we are going to

• discuss the differences and similarities between internal and external auditors
• discuss the conditions allowing the external auditor to rely on the work of the
internal auditor

11.1. INTRODUCTION

In Topic 2 you were introduced to the function of the internal auditor. Topic 3 (the topic that we
are currently busy with) introduced you to the functions of the external auditor. You would have
gathered that there are some similarities between the two professions. One could argue that the
external auditor can rely on some of the work performed by the internal auditor. The internal
auditor would probably know more about the daily operations of a business than the external
auditor.

There are also important differences between the internal and external auditors. In this learning
unit we are first going to identify the most important differences. Thereafter we are going to look
at some rules in terms of the International Standards of Auditing (ISAs), should the external
auditor wish to use or rely on the work of the internal auditor. Think of the benefits of relying on
the work of the internal auditor, for example the operational knowledge of the internal auditor,
flagging of high-risk areas identified by the internal auditor that the external auditor could
consider when planning an audit, and saving on the audit fees, to name but a few. It is
important, however, to realise that the relationship is based on the coordination of internal audit
activities with external audit activities.

11.2. DIFFERENCES BETWEEN THE EXTERNAL AND INTERNAL AUDITOR

Understanding the differences allows us to understand and appreciate the respective

professions better. You would have come across some of these differences while you studied
topics 2 and 3.

The following is a list of differences between internal and external auditors.

Reference: Adams, Diale & Richard (2019:1/2-1/3)

Internal auditors External auditors

Obtain a mandate from management/the Obtain a mandate through legislation

audit committee
71
Perform a management function
Are contracted by the company
they are working with
Function independently in the
organisation, but remain part of it
Report to management (including
the audit committee)
Internal audit covers all the organisation’s
operations
Internal audit performs audits throughout
the year
Registered with the Institute of Internal
Auditors (IIA)
Perform an external attestation
function (auditing function)
Work for an independent audit
firm
Function independently from the
organisation
Report to the shareholders
External audit works primarily with those
financial systems that have a bearing on
the final accounts
External audit tends to be a year-end
process, even though some testing may
be carried out during the year
Registered with the Independent
Regulatory Board for Auditors (IRBA)

11.3. SIMILARITIES BETWEEN INTERNAL AND EXTERNAL AUDITORS

You have learned that there are differences are between the functions of the internal and
external auditors. The comparison is not complete without looking into some of their similarities.
Similarities could mean reliance on the work performed by each other.

Similarities between internal and external audit are as follows (Source:

https://www.bakertilly.com.kw/en/differences-similarities-internal-external-audit-activities/):

• Testing
Both the external and internal auditors carry out testing routines and this may involve examining
and analysing many transactions.

• Internal Control Systems

The internal auditor and the external auditor are concerned with authenticated procedures,
organizations’ systems of internal control and relevant implementation. Further, both tend to be
deeply involved in information systems, since this is a major element of managerial control, as
well as being fundamental to the financial reporting process.

• Standards
Both adopt a professional discipline and operate to professional standards.

• Cooperation
Both seek active co-operation between the two functions, as they are inter-dependable.

• Reporting
Both produce formal audit reports on their activities.

72
 AUE1501/501/3/2021

11.4. RELYING ON THE WORK OF THE INTERNAL AUDITOR

Because of the similarities it would be obvious for the external auditor to rely on the work of the
internal auditor. ISA 610: Using the work of internal auditors deals with the external auditor’s
responsibilities if using the work of the internal audit function in obtaining audit evidence. (ISA
610 is included under additional resources if you wish to view the standard). For this module, we
are not going into so much detail, you only need to know that there are certain requirements
that must be adhered to before the external auditor can rely on the work of the internal auditor.

Study Activity 11.1

Study the document “Reliance Internal Auditor” found under additional resources.

From the above document list the six factors that must be considered before the external
auditor can rely on the work of the internal auditor, with examples substantiating compliance
with the factor.

11.5 SUMMARY AND SELF-ASSESSMENT

In this learning unit we discussed the relationship between internal and external auditors. We
have seen that it is important that the internal and external auditors meet periodically to discuss
issues of common interest that could help them to benefit from each other in terms of skills,
expertise and also to minimise the duplication of efforts.

After having worked through the learning unit and the study references are you able to

• discuss the differences and similarities between internal and external auditors?
• discuss the conditions allowing the external auditor to rely on the work of the internal
auditor?

In the next topic we are going examine some of the auditing concepts or terms.

73
 TOPIC 4

4 AUDITING CONCEPTS

TOPIC OVERVIEW

Any profession, for example a medical doctor, lawyer, and scientist uses a certain vocabulary.
This is necessary to ensure that communication between colleagues and record keeping of
events is concise. There is no room for misunderstanding in a profession. Everyone in that
particular profession will know the meaning of a certain term without someone explaining it to
them. In the previous topics we concluded that internal and external auditors are professionals.
Therefore, we can expect them to use certain terms in their day to day activities. In this topic
you will be introduced to certain auditing concepts and methods, procedures and techniques
that auditors use. The next time the auditor visits the business where you are employed, you will
be able to form a good understanding about some of the questions that they ask. In this topic
we are going to introduce you to some of the auditing concepts.

This topic is divided into the following learning units:

Learning unit Title Page

12 Assertions 75

13 Audit evidence 79
14 Materiality and audit risk 87
15 Risk assessment procedures, test of controls and substantive 92
procedures

74
 AUE1501/501/3/2021

LEARNING UNIT 12
LU 12: ASSERTIONS

In this learning unit we are going to

• list the main categories of assertions
• describe the various assertions
• interpret an assertion

12.1. INTRODUCTION

In Learning Unit 9 we gathered that the end product of the external auditor is the audit report.
Why is the audit report important? To provide assurance to the shareholders and other
interested parties that the annual financial statements (AFSs) prepared by management fairly
present the financial position and results. More to the point, in the audit report the auditor
expresses an opinion addressed to the shareholders, that the annual financial statements fairly
present, in all material respects, the financial position of a company on a particular date
(financial year-end) and its performance (results) and cash flows (movements) for that particular
financial year. You can deduce that everything revolves around the AFS. In this learning unit we
are going to examine how the AFS are made up of various “assertions” implied by management.
Why does the auditor want to assess the assertions? During the planning of an audit the auditor
will assess each assertion and consider the risk or likelihood of material misstatement
applicable to that particular assertion. Once the assertions at risk are identified the auditor can
focus his/her audit procedures to address those risk areas. Does this make sense?

12.2. THE ANNUAL FINANCIAL STATEMENTS

The focus of the external auditor is on examining the annual financial statements. From your
accounting studies you know exactly what a set of annual financial statements looks like. Please
refer to your accounting module to refresh your knowledge.

Remember: the directors (management) are presenting financial reports to the shareholders of
the business through annual financial statements (AFS). Are the AFS a fair presentation of
financial results and position? The auditors have the function to report to the shareholders of a
business that these financial statements presented by the directors are a fair presentation of the
financial position and results.

Let’s assume the reporting period of a business entity is from 1 January to 31 December of a
particular year. You have a “snapshot” at year-end, reflecting the financial position on a
particular date, in our case 31 December. This snapshot is referred to as the statement of
financial position at 31 December. You also have a “documentary” of events or results for a
year from 1 January to 31 December and this is referred to as the statement of comprehensive
income and retained earnings for the year ended 31 December. The net results from the
75
statement of comprehensive income is captured as retained income in the statement of financial
position. Financial statements have to be presented and disclosed in terms of an acceptable
financial reporting framework and standards, for example IFRS. Presentation and disclosure are
extremely important for shareholders and analysists. Proper presentation and disclosure allow
one to know exactly what assumptions are used and therefore "apples can be compared with
apples".

Internet Activity 12.1

If you do not have an idea what financial statements look like, open the following links. If you do,
you can skip this activity.

For an example of a statement of financial position open the following link:

https://accounting-simplified.com/financial/statements/statement-of-financial-position.html

For an example of a statement of comprehensive income open the following link:

https://accounting-simplified.com/financial/statements/income-statement-profit-and-loss.html

To refresh your knowledge about presentation and disclosure open the following link:
https://accounting-simplified.com/financial-accounting/accounting-concepts-and-principles/

12.3. CATEGORIES OF ASSERTIONS

When presenting the annual financial statements, the directors are making certain statements or
assertions to the shareholders. These assertions are divided into two major categories:

• assertions about classes of transactions and events, and related disclosures for the period
under audit (statement of comprehensive income activities)
• assertions about account balances, and related disclosures at the period end (financial
position)

Study

ISA 315 (Revised) paragraphs A189-A190 found on page 64 (You will find this document under
additional resources).

Video

Once you have studied the above paragraphs, proceed to watch the YouTube clip:

https://www.youtube.com/watch?v=X37KHU7YDiw (12 minutes)

Activity 12.1
(This activity can be performed in a group discussion with the guidance of your E-Tutor)
After watching the video answer the following questions:
76
 AUE1501/501/3/2021

1. Why do we need assertions?

2. How are assertions used in the annual financial statements?
3. List the assertions for transactions and events, and related disclosures with the implied
meaning made by directors with the particular assertion.
4. List the assertions for account balances with the implied meaning made by directors with
the particular assertion.
5. Did you notice that some assertions are only applicable to transactions and others to
balances? Complete the following table of assertions and categories. For each given
assertion you are required to mark (“x”), the category that the assertion applies to. For
example, the assertion occurrence is applicable to transactions and presentation and
disclosure but not to account balances.

Classes of
Account balances
transactions, account
Assertion and related
balances and related
disclosures
disclosures

Occurrence x
Completeness
Accuracy
Cut-off
Classification
Existence
Accuracy, rights and obligations
Valuation and allocation
Presentation

77
Discussion 12.1
E-Tutor assistance required

Consider the following question and post your thoughts about it on the discussion forum
provided for the purpose. If you do not post your own idea, you have to respond
constructively to a post by another student.

Your friend presents you with a set of annual financial statements (AFS) of his company
Tau (Pty) Ltd and he wants you to loan him R30 000. You open the AFS, the page titled
Statement of financial position at 31 December 20XX. A line item catches your eye:
Trade Accounts Receivables R136 145

Required

Discuss what your friend is actually asserting with the above line item in the AFS.

12.4 SUMMARY AND SELF-ASSESSMENT

In this study unit we stressed that the financial statements assertions are important to assist the
auditor to gather audit evidence about the transactions and events and account balances and
the related disclosures.

After having worked through the learning unit and the references to the prescribed study material,
are you be able to

• list the two main categories of assertions?

• describe the various assertions?
• interpret an assertion?

In the next learning unit, we will discuss audit evidence and you will apply the assertions to a
document.

78
 AUE1501/501/3/2021

LEARNING UNIT 13
LU 13: AUDIT EVIDENCE

In this learning unit we are going to

• describe the concept of audit evidence
• recognise the various sources of audit evidence
• explain audit evidence which can be collected through tests of controls and
substantive procedures

13.1. INTRODUCTION

In the previous learning unit we learned about management’s assertions embedded in the AFS
prepared for the shareholders and that the auditors must express an opinion on these AFS. As
stated in ISA 500 par 1, before the auditor can express an opinion, evidence must be collected
and examined to support the auditor’s opinion. The auditor cannot just grab an opinion out of
thin air. In addition, the auditor may need to defend their opinion if challenged in a court of law.
In sum, the day-to-day activities of the auditor is collecting and examining evidence. Audit
evidence comprises both information that supports and corroborates management’s assertions,
and any information that contradicts such assertions (ISA 500:A1).

In this learning unit we will be examining what is regarded as sufficient appropriate audit
evidence.

13.2. SUFFICIENT APPROPRIATE AUDIT EVIDENCE

ISA 500 – Audit evidence is a standard explaining what constitutes audit evidence in an audit of
financial statements, and deals with the auditor’s responsibility to design and perform audit
procedures to obtain sufficient, appropriate audit evidence to be able to draw reasonable
conclusions on which to base the auditor’s opinion. If audit evidence is not sufficient, then the
auditor cannot draw a conclusion. If audit evidence is not appropriate, then the auditor cannot
draw a conclusion. So, what do these two terms mean?

79
DIAGRAM 10: SUFFICIENT, APPROPRIATE EVIDENCE

We are going to examine the above diagram in more detail.

The following definitions are extracted from ISA 500 par 5:

Sufficiency (of audit evidence) – The measure of the quantity of audit evidence. The quantity of the
audit evidence needed is affected by the auditor’s assessment of the risks of material misstatement
and also by the quality of such audit evidence.

Appropriateness (of audit evidence) – The measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is
based

Appropriateness of evidence comprises of two important requirements, namely reliability and

relevance.

13.2.1 Reliability

Auditors should always attempt to obtain evidence from the most trustworthy and dependable
source possible. Evidence is considered more reliable when it is:

• obtained from an independent external source;

• generated internally but subject to effective control;
• obtained directly by the auditor;
• in documentary form; and
• in original form.

80
 AUE1501/501/3/2021

Broadly speaking, the more reliable the evidence the less of it the auditor will need. However,
the converse is not necessarily true: if evidence is unreliable it will never be appropriate for the
audit, no matter how much is gathered.

13.2.2 Relevance

To be relevant, audit evidence has to address the objective/purpose of a procedure. The

evidence must be relevant to the assertion being tested. For example:

Attendance at an inventory count provides us with a good example of the relevance of

procedures. During counting the auditor considers the relationship between inventory records
and physical inventories, as follows:

• identifying items of physical inventory and tracing them to inventory records to confirm
the completeness of accounting records; and
• identifying items on the inventory record and tracing them to physical inventories to
confirm the existence of inventory assets.
Activity 13.1
The following activity is very important for you to see how assertions and relevance of audit
evidence works. The following is an example of a credit sales invoice issued by the company Africa
Computers Ltd for commodities sold by the company on credit.

81
 Africa Computers Ltd
Tax invoice
INV 1001
Date: 30 May 20XX
Africa Computers Ltd
PO Box 1234
Polokwane

To Vendor:
B Beautiful
PO Box 25031
Durban

Description Quantity Price Total

Laptop computers 2 13 500 27 000.00

Genius mouse 1 100 100.00

Envelopes 1 125 125.00

Debtors statements 1 370 370.00

Total 27 595.00

Approved by: H Moale VAT 3 863.30

Received by: B Beautiful
Paid 31 458.3

82
 AUE1501/501/3/2021

Required:

Describe how the information shown on the above credit sales invoice could be used by the
company auditor in support of the following assertions:

(a) Occurrence

(b) Completeness

(c) Accuracy

(d) Cut-off

(e) Classification

(f) Presentation

Suggested Solution 13.3

Reference: Adams, Diale & Richard (2019:5/19)

Information on the credit sales invoice that can be used by the company's auditor in support of
the assertions.

a) Occurrence
• By inspecting the sales journal to see whether the sales invoice has been recorded, the
auditor obtains an indication that the transaction actually took place.
• By inspecting to see that the name of XY Ltd does appear on the invoice and that the
name of the other party to the transaction (B Beautiful) was correctly accounted for in
the accounting records, the auditor can satisfy him or herself that a valid transaction
was concluded between the two parties.
• By inspecting that the responsible person authorised the transaction under his or her
signature, the auditor gets assurance that the transaction did actually take place.
• Inspecting to see whether the other party signed for the receipt of the goods provides an
additional assurance that a valid transaction did actually occur.

b) Completeness
• By inspecting the date on the sales invoice, the auditor can ensure that the transaction
was recorded at the time it was carried out.
• By inspecting the sequential recording of sales invoices and ensuring that the number of
the sales invoice in question has been sequentially accounted for, the auditor can
ensure that all the sales invoices have been recorded in the accounting records.

83
c) Accuracy
• By recalculating the accuracy of the calculation of quantities and prices on the sales
invoice and also checking the addition of the amounts on the invoice and the resultant
total, the auditor is able to satisfy him or herself about the amount (value) of the
transaction.
• By inspecting that the total amount of the invoice has been accounted for in the
accounting records, the auditor is able to satisfy him or herself that the transaction was
recorded at the correct amount.

d) Cut-off
• By comparing the date on the invoice with the date of recording in the accounting
records, the auditor can obtain satisfaction that the transaction was accounted for in the
correct accounting period.

e) Classification
• By inspecting that the transaction has been correctly allocated in the accounting records
according to the particulars that appear on the sales invoice (credit sales), it is possible
to obtain satisfaction that the sales transaction was correctly classified in the sales
journal.
• By inspecting that the sales invoice has been posted to the correct ledger account and that
the total of the credit sales account has been correctly reflected in the trial balance, the
auditor can satisfy him or herself that the sales transaction has been correctly classified in
the accounting records.

f) Presentation
• Although this cannot be determined from inspection of the credit sales invoice alone, sales
are eventually appropriately aggregated or disaggregated and clearly described as turnover
in the AFS. The accounting policies to account for turnover is set out as an understandable
note in the AFS.

13.3. SOURCES OF AUDIT EVIDENCE

Where does the auditor find audit evidence? Think of a business. You have the accounting
records, for example the purchases journal and the general ledger. You have the source
documents generated by the business used to initiate transactions for example the order and
goods received note. You have the documents provided by third parties, for example the
invoice and bank statements. You have evidence generated by personnel of the business, for
example budgets and ratio analysis. Minutes of meetings and explanations by management are
also examples of audit evidence. That is why the concept of reliable evidence is so important.
Some audit evidence is obtained by performing audit procedures to test the accounting
records, for example, through analysis and review, reperforming procedures followed in the
financial reporting process, and reconciling related types and applications of the same
information. Through the performance of such audit procedures, the auditor may determine that
the accounting records are internally consistent and agree with the financial statements (ISA
500:A7)
84
 AUE1501/501/3/2021

13.4. AUDIT PROCEDURES FOR OBTAINING AUDIT EVIDENCE

We know the criteria for acceptable audit evidence. We know the sources of audit evidence.
We now have to examine the audit procedures for obtaining audit evidence. How is audit
evidence collected by the auditor?

DIAGRAM 11: AUDIT PROCEDURES

Audit procedures to obtain audit evidence can include inspection, observation, confirmation,
recalculation, reperformance, and analytical procedures, often in some combination, in addition
to inquiry. These methods are applied during the performance of audit procedures.

Study
Refer to ISA 500 par A13-A25 (additional resources) and briefly describe each method.

Although inquiry may provide important audit evidence, and may even produce evidence of a
misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence
of a material misstatement at the assertion level, nor of the operating effectiveness of controls.

Tests of control are designed to evaluate the operating effectiveness of controls in preventing or
detecting and correcting material misstatement. Substantive procedures are designed to detect
material misstatement. We will examine the audit procedures in Learning unit 15 where the
auditor performs a risk assessment to determine where to focus on with the further audit
procedures.

13.5 SUMMARY AND SELF-ASSESSMENT

In this learning unit you learned about the nature, reliability, sufficiency and relevance of audit
evidence, and how audit evidence is obtained through test of controls and substantive
procedures.

85
After having worked through the learning unit and the references to the prescribed study material,
are you be able to

• describe the concept of audit evidence?

• recognise the various sources of audit evidence?
• explain audit evidence which can be collected through test of controls and substantive
procedures?

In the next learning unit we are going to look at two important auditing concepts, namely
materiality and audit risk.

86
 AUE1501/501/3/2021

LEARNING UNIT 14
LU 14: MATERIALITY AND AUDIT RISK

In this learning unit we are going to

• discuss materiality and audit risk and the relationship between them

14.1. INTRODUCTION

Materiality and audit risk are the auditor’s magic formulas when collecting audit evidence. In this
learning unit you are going to learn how auditors think when collecting audit evidence. If a
business was small and there were no costs involved in auditing, then one could have audited
each and every transaction and certify (as opposed to fairly present) the annual financial
statements. But in practice this cannot happen. Imagine if the auditors were to examine each and
every transaction of Standard Bank – you will never see the audit report because their work will
never end! With the limited resources on the one hand and reporting on the fair presentation of
the annual on the other, one can expect a formula to reach a balance. That is exactly where
materiality and audit risk play a vital role in the daily life of the auditor.

Users of the AFS want to be satisfied that the audited financial statements on which they are
relying, are free of material misstatement and their reliance is an implied acceptance that the
auditor has performed his or her function properly. However, there is always the risk that the
auditor will “get it wrong” and give an incorrect opinion. Therefore, the auditor must plan and
perform audit procedures, so they do not get it wrong. In other words, the auditor must plan and
perform audit procedures so that the audit risk is at an acceptable level. We will first be looking at
the term materiality and then the term audit risk and how these concepts make up the magic
formula.

14.2. MATERIALITY

The auditing term “material” is frequently used by auditors. What does this term mean? Let’s
take a practical example. Assume you are a waiter at a restaurant and the practice is that if you
serviced your guests well you would probably earn a gratuity (tip) of 10% of the account value.
Assume the bill of the table you served was R1 200. How would you feel if the client added a tip
of R115 instead of your expected R120? You would probably think it’s okay. On the other hand,
how would you feel if they left you with only a R10 note? Your reaction would now be different.
What we are effectively saying is that the R5 difference in the tip was immaterial – it resulted in
no emotions. However, undertipping of R110 becomes material and you would feel cheated. Let
us search for a formal definition of the auditing concept “materiality”.

87
Activity 14.1
Google a suitable definition for materiality e.g. “materiality concept in auditing” or “audit
materiality definition”

Suggested Solution 14.1

An example of the search results:

Audit materiality is one of the most important concepts for auditors. Misstatements, including
omissions, are considered to be material if, individually or in the aggregate, they are reasonably
expected to influence the economic decisions of users of the financial statements. Materiality in
audit comprises both quantitative and qualitative aspects.
Source:https://corporatefinanceinstitute.com/resources/knowledge/accounting/audit-
materiality/

A definition of audit materiality must contain the following elements:

• an omission or misstatement
• the influence of such an omission or misstatement on the economic decisions of
users/shareholders
• based on the information in the financial statements

Materiality, as a concept in auditing, refers to the information which is important or significant

enough to affect the decision making of users of financial statements if such information is
removed or a change in how it is presented is made. Therefore, materiality is important to the
auditors to help them to focus their attention on the areas where the material errors or
omissions may occur i.e. the more “important” figures.

In auditing, the materiality concept usually applies when auditors evaluate whether the client’s
financial statements contain material misstatement or not. In this case, financial statements do
not give a true and fair view if they contain material misstatement. Both qualitative and
quantitative factors have an impact on materiality. A quantitative consideration is simply about
the relative size of the items in the financial statements. On the other hand, qualitative factors
usually include the nature of the information, the circumstance and possible cumulative effects
of error or omission of such information.
(Source https://accountinguide.com/materiality-concept/ )

In terms of ISA 320 Par 5 the concept of materiality is applied by the auditor both in planning
and performing the audit, and in evaluating the effect of identified misstatements on the audit
and of uncorrected misstatements, if any, on the financial statements and in forming the
opinion (concluding) in the auditor’s report. In other words, the auditor considers materiality
throughout the audit process. Linked with materiality, the auditor considers audit risk. We will
examine the relationship between materiality and audit risk once we defined the concept audit
risk.

88
 AUE1501/501/3/2021

14.3. AUDIT RISK

ISA 200 par 16 defines audit risk (AR) as “the risk that the auditor expresses an inappropriate audit
opinion when the financial statements are materially misstated”.

As illustrated in the diagram below, audit risk has three elements, namely control risk (that which
management does – Learning Unit 3); inherent risk (a weakness or exposure to error), and
detection risk (that which the auditor does and controls).

DIAGRAM 12: AUDIT RISK

Note that risk of material misstatement and audit risk are not the same thing. Risk of material
misstatement comprises of inherent and control risk. The risk of material misstatement plus
detection risk will be the audit risk.

14.4. THE COMPONENTS OF AUDIT RISK

In this section we are going to examine the components of audit risk.

14.4.1 Inherent risk

The term inherent risk (IR) defined (ISA 200 par 16):

Inherent risk is the susceptibility of an account balance or class of transactions to

misstatements that could be material, either individually or when aggregated with misstatements
in other balances or classes of transactions, assuming that there were no related internal
controls.

• What does susceptibility mean? (Use a dictionary.)

Stated differently, inherent risk is the risk posed by an error or omission in a financial statement
due to a factor other than a failure of internal control. In a financial audit, inherent risk is most
likely to occur when transactions are complex, or in situations that require a high degree of
judgment in regard to financial estimates. This type of risk represents a worst-case scenario
because all internal controls in place have nonetheless failed.
89
14.4.2 Control risk

The term control risk (CR) defined (ISA 200 par 16):

Control risk is the risk that a misstatement that could occur in an account balance or class of
transactions that could be material, either individually or when aggregated with misstatements in
other balances or classes of transactions, will not be prevented, or detected and corrected, on a
timely basis by the entity’s internal control.

Organisations must have adequate internal controls in place to prevent and detect instances of
fraud and error. Control risk is considered to be high where the audit entity does not have
adequate internal controls to prevent and detect instances of fraud and error in the financial
statements. When considering control risk one must remember that internal controls do have
their own limitations. In Learning Unit 3 we examined the inherent limitations of internal control.
Assessment of control risk may be higher for example in case of a small sized entity in which
segregation of duties is not well defined and the financial statements are prepared by
individuals who do not have the necessary technical knowledge of accounting and finance.

14.4.3 Detection risk

The term detection risk (DR) defined (ISA 200 par 16):

Detection risk the is risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements.

In other words, detection risk is the risk that the auditors fail to detect a material misstatement in
the financial statements. An auditor must apply audit procedures to detect material
misstatements in the financial statements whether due to fraud or error. Misapplication or
omission of critical audit procedures may result in a material misstatement remaining
undetected by the auditor. Some detection risk is always present due to the inherent limitations
of the audit such as the use of sampling for the selection of transactions.
Detection risk can be reduced by auditors by increasing the number of sampled transactions for
detailed testing.

14.5. RELATIONSHIP BETWEEN THE DIFFERENT COMPONENTS OF AUDIT RISK

Understanding the relationship of AR = (IR + CR) + DR is the ultimate goal of this learning unit.
The video “The basic workings of the audit risk model” explains the relationship.

Video

This is a good video to watch:

90
 AUE1501/501/3/2021

https://www.youtube.com/watch?v=ncYYY5xU3Oo 7 minutes

Activity 14.5
During your planning of the audit of Laduma (Pty) Ltd, you assessed the preliminary reliance
that could be placed on the company’s internal controls as low. Explain the influence of your
preliminary reliance on the internal controls on your assessment of control risk and the impact
on the test of controls, as well as substantive procedures which you should carry out.

Suggested Solution 14.5

Reference: Adams, Diale & Richard (2019:7/3)

Control risk would be rated as high, as you can place less reliance on the company’s internal
control systems. The auditor is compelled to accept a lower level of detection risk. To achieve
this, the auditor would have to increase the extent of his or her substantive procedures.

14.6 SUMMARY AND SELF-ASSESSMENT

In this learning unit you learned about the nature of materiality and audit risk, as well as the
relationship between materiality and audit risk.

After having worked through the learning unit and the references to the prescribed study material,
are you able to

• discuss materiality and audit risk and the relationship between them?

In the next learning unit we will discuss how the auditor can identify and assess the risks of material
misstatement.

91
 LEARNING UNIT 15
LU 15: RISK ASSESSMENT AND FURTHER AUDIT PROCEDURES

In this learning unit we are going to

• explain risk assessment procedures to assess the risk of material misstatement
• explain test of controls and substantive procedures as further audit procedures

15.1. INTRODUCTION

Without knowing it you are performing risk assessment procedures daily and you act according
to your assessment of the risk. I too was a student once, so let’s look at this example to
illustrate the point. When studying for an examination you want to pass – passing is your
objective (for the auditor = to issue the audit report). You have limited time. What do you do?
You identify the topics that you think the examiner would most likely assess in the examination
and focus on those areas (auditor = risk assessment). If you identified the wrong topics then you
fail. (auditor = inappropriate or wrong audit opinion i.e. audit risk). You have control over what
you study. The auditor has control over their audit procedures (auditor = detection risk). To
reduce your audit risk or examination risk, what do you do? You master more learning units!
Thereby you are reducing your chances of failure. Think of any other aspects in your life where
you are in fact assessing risk, acting thereon to manage that risk to meet your objective. Do you
see the auditing principles are not that complex as you thought?

In this learning unit we are going to examine how the auditor obtains audit evidence by
performing risk assessment procedures and then performing “further audit procedures” to
reduce audit risk. Further audit procedures comprise tests of control and substantive
procedures.

15.2. UNDERSTANDING THE CONTEXT OF RISK ASSESSMENT PROCEDURES

The following diagram and description is a simplified overview of identifying and assessing the risks
of material misstatements (ISA 315 (Revised)).

To be in a position to identify and assess the possible risk of material misstatement the auditor must
begin by understanding the business and its environment. Once this understanding or insight is
obtained, the auditor can identify the areas where the risk of material misstatement exists. In other
words, where to focus. Remember risk of material misstatement consists of inherent and control
risk (see previous learning unit). At the early stages of an audit, the auditor calculates a planning
materiality. This allows the auditor to calculate the sample sizes for the proposed audit procedures.
The audit performs the audit procedures and evaluates the errors obtained. If no material errors are
found, the auditor can form a conclusion that no material errors were found. However, if errors are
found, the auditor examines the nature of the errors and decides to modify and increase the audit
procedures. This is necessary to make sure that, for the auditor, the audit risk is at an acceptable

92
 AUE1501/501/3/2021

level. By performing more procedures (detection risk) you are reducing the probability of issuing an
incorrect audit opinion (audit risk). Once all the audit evidence is gathered and evaluated the auditor
reaches a conclusion.

93
DIAGRAM 13: OVERVIEW OF THE RISK ASSESSMENT PROCESS

94
 AUE1501/501/3/2021

15.3. CONDITIONS AND EVENTS THAT MAY INDICATE RISK OF MATERIAL

MISSTATEMENTS

The list that you are going to study may become very important in your accounting career. This will
help develop an instinct to realise that something may be wrong and needs to be investigated.

Activity 15.1
Go to Additional resources open and read the document Examples_RMM.
• Do you agree that these signs are indicative that problems or errors will arise in a
business?
• Will you be able to identify a situation that can be regarded as an example of a risk of
material misstatement?

15.4. RISK ASSESSMENT PROCEDURES

How does the auditor go about gathering information about the client, to identify and assess
risks of material misstatements?

• If it is an existing client, from previous experience, accumulated background knowledge

exists. For example, the integrity of the directors, complexity of the entity, and so forth.

• Inquiries of management and others – asking important people questions. For example,
Internal audit, financial and accounting, and IT personnel.

• Observing what’s going on at the premises.

• Inspection of business strategies, manuals, reports and contracts.

• Analytical procedures will immediately flag problematic areas of focus. For example, an
increase in sales with a decrease in gross profit.

• Brain storming with the audit team.

• Obtaining an understanding of the entity and its internal control.

Activity 15.2
Give an example of using the inspection procedure to obtain information about the client.

95
Suggested Solution 15.2
Reference: Adams, Diale & Richard (2019:7/7)

Along with enquiry, inspection will be a major provider of information in gaining an

understanding of the entity. At this stage of the audit, we are not carrying out a detailed
inspection of “everyday” documents such as sales invoices or purchase orders. This is more
likely to be a detailed review of the following kinds of documents:

• Business plans and strategies

• Internal control procedure manuals, flow charts, organisational charts
• Management reports, minutes of board meetings and board committee meetings
• The company’s integrated report and prior year financial statements
• Relevant trade and financial journals and internet sites
• Important contracts

15.5. FURTHER AUDIT PROCEDURES

Activities 15.1 and 15.2 were examples of how the auditor obtains information to understand the
business in order to identify the areas of material misstatements (risk assessment procedures).
Once this stage is completed the auditor is ready to do the audit field work, referred to in auditing
literature as “further audit procedures”. We are going to look at what these further audit procedures
entail.

Examine diagram 12. You will notice that there are two main types of audit procedures. Test of
controls are audit procedure designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the assertion level. Test of
controls enables the auditor to determine if he/she can rely on the internal controls implemented
by management. If the outcome of the tests of controls is positive it means that the auditor can
rely on the internal controls.

Substantive procedures are audit procedure designed to detect material misstatements at the
assertion level e.g. completeness, accuracy, etc. These include: Tests of detail and analytic
procedures are procedures that test assertions.

96
 AUE1501/501/3/2021

DIAGRAM 13: THE NATURE OF FURTHER AUDIT PROCEDURES

The audit procedures that auditors use to obtain audit evidence include inspection, observation,
external confirmation, recalculation, reperformance, analytical procedures and inquiry.
These procedures are to be used when performing risk assessment procedures, carrying out
test of controls or carrying out substantive procedures.
Activity 15.3
Is it possible to only perform tests of controls?

Suggested Solution 15.3

Reference: Adams, Diale & Richard (2019:5/25-5/26)

No, even if the auditor finds that the accounting system and related control activities are excellent,
he or she must realise that
* all internal control systems have inherent limitations which make them less than 100%
efficient (see learning unit 3)

97
* the internal control system may have been excellent at the time the auditor performed
his/her tests but not at other times during the year
* there will still be inherent risk to consider

Successful test of controls will reduce the extent, and possibly change the nature of substantive
tests, but cannot eliminate the need to perform substantive tests.

Activity 15.4
Describe why the auditor performs substantive procedures?

Suggested Solution 15.4

Reference: Adams, Diale & Richard (2019:5/26)

Substantive procedures seek to provide evidence to support the financial statement assertions.
When performing substantive tests the auditor is interested in the following:

• Balances
• Transactions
• Presentation/disclosures

Activity 15.5
Explain the types of procedures that can be used for carrying out risk assessment procedures,
tests of controls and substantive tests.

Suggested Solution 15.5

Reference: Adams, Diale & Richard (2019:5/23)

Essentially the procedures that the auditor carries out during risk assessment or when testing
controls or performing substantive tests, are described as follows:

• Inspection: involves examining records or documents, whether internal or external, in

paper form, electronic form or other media, or a physical examination of an asset.
• Observation: consists of looking at a process or procedure being performed by others,
or at the performance of control activities.
• External confirmation: obtaining a direct written response from a third party to a
request/query from the auditor to that third party in paper form or by electronic or other
medium.
• Recalculation: consists of checking manually or electronically, the mathematical
accuracy of documents or records.

98
 AUE1501/501/3/2021

• Reperformance: involves the auditor's independent execution of procedures or controls

that were originally performed as part of the entity’s internal control.
• Analytical procedures: evaluating financial information through analysis of plausible
relationships among both financial and non-financial information.
• Inquiry: seeking information of knowledgeable persons, both financial and non-financial,
within the entity or outside the entity.

It is not possible to categorise each of the above procedures as simply either a risk
assessment procedure, a tests of controls procedure or a substantive procedure. The
procedure will be categorised in terms of what the auditor is trying to achieve, therefore
in terms of the objective.

• Inquiry – risk assessment

The auditor inquires of the head of internal audit as to his/her assessment of the likelihood of
material misstatement of inventory.

What is the objective of this procedure?

To gather information about the client so that the identification and assessment of risks of material
misstatement at the financial statement and assertions level can take place.

• Inquiry – test of controls

The auditor inquires of the credit controller as to exactly what functions each member of her
department carries out and what control procedures are in place.

What is the objective of this procedure?

To determine how the internal control measure in question should be evaluated.

• Inquiry – substantive test

The auditor makes inquiries of the factory manager as to the impairment writedowns for a particular
machine.

What is the objective of this procedure?

To obtain audit evidence to detect material misstatements in the financial statements relating to the
valuation of machinery.

15.6 SUMMARY AND SELF-ASSESSMENT

In this learning unit we discussed risk assessment procedures, tests of controls and substantive
procedures and why should they be performed by the auditor.

After having worked through the learning unit and the study references are you able to
99
• explain risk assessment procedures to assess the risk of material misstatement?
• explain test of controls of controls and substantive procedures as further audit procedures?

In the next topic we will examine the audit process.

100
 AUE1501/501/3/2021

TOPIC 5
5 THE AUDIT PROCESS

TOPIC OVERVIEW

In this topic we are going to examine the stages of performing an audit. In the literature this is
referred to as the audit process. What are the steps that you follow every day from the time you
wake up until you go to bed? Like your daily routine, the auditor also follows a certain routine in
conducting an audit. In this topic you are going to be introduced to the audit process and the
main stages are identified, of which reaching conclusions and reporting is a continuation of the
Learning Unit 16 (part of the audit process).

This topic is divided into the following learning units:

Learning unit Title Page

16 The audit process 102

17 Reaching conclusions and reporting 109

101
 LEARNING UNIT 16
LU 16: THE OVERALL AUDIT PROCESS

In this learning unit we are going to

• describe the stages of the audit process that an auditor would follow to complete an
audit
• list the steps involved in each stage of an audit process

16.1. INTRODUCTION

In this learning unit we will introduce you to the audit process and the stages within each
process. After completing this learning unit, you will have a good idea what an audit entails.

16.2. THE AUDIT PROCESS

The audit process can be divided into four main stages as set out in the following diagram:

DIAGRAM 14: STAGES OF THE AUDIT PROCESS

The auditor must decide whether to accept a new appointment or to continue with an existing
appointment. Once the audit engagement has been accepted, the audit must be very carefully
planned. The audit risk is assessed, and further audit procedures are carried out. The auditor
evaluates the audit evidence, concludes and issues the appropriate audit report.

Now let’s compare the stages of the audit process to the stages of your studies. Notice the
similarities!

102
 AUE1501/501/3/2021

Audit stages Studying stages

Preliminary engagement activities Apply for registration.

Planning activities Planning of assignment dates, learning unit
allocation in calendar, do activities, self-reflection
activities etc.
Responding to assessed risk In your case, you study everything!

Concluding stage Revise your notes.

Consider what you know and which areas need
more attention.
Write the exam.
Get the results.

Now that you have been introduced to the audit process we can examine it in more detail i.e.
the steps in each stage. Bear in mind that the stages of the audit process are not “standalone
units” but interrelated and dependent on each other (Adams, Diale & Richard 2019:6/6).

16.3. THE PRELIMINARY STAGE

The preliminary engagement activities take place before an audit engagement is accepted or
continued with. The auditor must identify and evaluate events or circumstances that may
adversely affect the auditor’s ability to plan and perform the audit engagement (ISA 300). The
following is a list of the aspects that must be considered by the auditor in the preliminary stage
of an audit.

The auditor must (ISA 300 and ISA 220):

• maintain the necessary independence and ability to perform the engagement.

• not have issues with management integrity that may affect the auditor’s willingness to
continue the engagement.
• not have any misunderstanding with the client as to the terms of the engagement.
• consider other significant matters that arose during the current or previous audit that
may have implications for the continuance of the audit.
• perform procedures to determine whether to accept or continue with an audit.
• assess whether the firm has the appropriate resources and skills to perform the audit.

Many of the recent auditing scandals could have been prevented if the above requirements
were adequately considered.

103
Self-Reflection
Did you realise that an auditor cannot just accept any client?

Note that the preliminary engagement activities do not apply to internal auditors. Internal
auditors will gain an understanding of the division he or she is going to audit. Internal auditors
cannot choose whether they wish to accept an audit or not, as they are employees of the
company.

Discussion 1
E-tutor assistance required

Consider the following questions and post your thoughts about any of them on the
discussion forum provided for the purpose. If you do not post your own idea, you have
to respond constructively to a post by another student.

• Discuss why the preliminary stage of an audit is important.

• Provide practical examples of possible mishaps that can be avoided with a properly
implemented preliminary stage.
• Describe possible reasons why an audit firm may not wish to accept an audit
engagement.

16.4. THE PLANNING STAGE

16.4.1 Why plan?

Remember: the auditor wants to express an opinion on the fairness of an entity’s annual
financial statements. On the one hand the auditor does not want to be held liable for negligence.
Time is limited. On the other hand, the auditing practice is a business and the partners want to
make a profit. Therefore, balancing the two extremes' effectiveness is the deciding factor.

104
 AUE1501/501/3/2021

Planning in business is important to achieve goals, improve productivity, serves as a

basis of control, facilitates development and so forth.
Discussion 2
E-tutor assistance required

Consider the following questions and post your thoughts about any of them on the
discussion forum provided for the purpose. If you do not post your own idea, you must
respond constructively to a post by another student.

Discuss why planning is important in a business context (management perspective).

Discuss why planning is important for the auditor

From the above discussion you should understand the reasons why it is import for a business
and more specifically, for the auditor to plan an audit. The following benefits of planning an audit
may have been identified by participants on the discussion forum:

16.4.2 The steps in planning an audit

The planning stage of an audit is detailed and involves the following steps: (ISA 300):

1. Establishing an audit strategy and materiality. The auditor established an overall audit
strategy that sets the scope, timing and direction of the audit, and that guides the

105
 development of the audit plan. The strategy document usually includes a statement of
the key decisions needed to properly plan the audit.
3. Develop an audit plan. The audit plan is much more detailed than the strategy
document, since the plan states the nature, timing, and extent of the specific audit
procedures to be conducted by the audit team. The audit plan must consist of the
nature, timing and extent of planned:
• risk assessment procedures. Risk assessment procedures is a description of the
nature, timing and extent of planned risk assessment procedures, sufficient to assess
the risks of material misstatement.
• further audit procedures at the assertion level. This entails a description of the
nature, timing and extent of planned further audit procedures at the assertion level
for each material class of transactions, account balance and disclosure.
• other audit procedures to comply with the ISAs.

To be able to perform the risk assessment procedures the auditor needs to understand the
client company and its operational environment. Risk assessment procedures are performed at
financial statement level and at assertion level:

Risk at financial statement level are those factors affecting the statements holistically. For
example, if management has no integrity then the financial statements are at risk of material
misstatement. Other examples include the experience and knowledge of management,
pressure exerted on management and the nature of the business.

Risk at assertion level refers to the risk of misstatement focussed at the classes of
transactions, account balances and disclosures. Each assertion is analysed for each of the
classes of transactions, account balances and disclosures. An example of risk at assertion level
is inclusion of sales which have not actually occurred, or which do not pertain to the entity i.e.
the occurrence assertion relating to a class of transaction.

16.5. RESPONDING TO ASSESSED RISK STAGE

This stage is where the field work is performed – going out and collecting the evidence
(execution). The responding to assessed risk of an audit involves the following steps: (ISA 330):

• Respond in a general sense to assessed risk at financial statement level.

• Respond specifically to assessed risk at assertion level by carrying out tests of control
and substantive tests.
• Carry out of “other” procedures required to comply with the ISAs.

The auditor should obtain sufficient, appropriate audit evidence regarding the assessed risks of
material misstatement through the designing and implementing of appropriate responses to
those risks.
Activity 16.1
Describe the auditor’s overall response (what will the auditor do) to assessed risk of material
misstatements at the financial statement level.
106
 AUE1501/501/3/2021

Suggested Solution 16.1

Reference: Adams, Diale & Richard (2019:6/20)

Overall responses may be summarised as follows:

• Emphasise professional scepticism.

• Assign more experienced staff with special skills or use experts.
• Provide more supervision.
• Incorporate elements of unpredictability into the audit procedures adopted (do things in a
manner which the client may not expect), e.g. surprise visits to client.
• Make general changes to the nature, timing and extent of audit procedures conducted in the
past.

Notice how risk assessment results in a modification of the audit plan.

Activity 16.2
What does the auditor do when he/she finds specific risk to exist at assertion level?

Suggested Solution 16.2

The answer is to perform further audit procedures. This will entail developing a plan which
describes the nature, timing and extent of further audit procedures, both tests of control and
substantive procedures. The following diagram summarises the above two activities:

107
DIAGRAM 15: THE AUDITOR’S RESPONSE TO ASSESSED RISK

16.6. CONCLUDING STAGE

In the responding to assessed risk stage, the audit procedures were conducted. In other words,
evidence was gathered. The auditor evaluates the evidence, concludes and reports
(expressing of the audit opinion). We are going to examine this stage in more detail in the next
learning unit.

Self-Reflection 16.2
In this learning unit you have been introduced to the four stages of the audit process. Go and
create your own spider diagram that connects all the elements of each stage so that you create
your own bigger picture.

Google “spider diagram” and look at examples of images of spider diagrams. Be creative and
design your own unique spider diagram. Use colours if you want to. If you complete this learning
unit properly then this is all you need to learn when revising for the exams! This link is an
example of available tools https://creately.com/lp/spider-diagram-maker-online/

108
 AUE1501/501/3/2021

16.7. SUMMARY AND SELF-ASSESSMENT

In this learning unit we discussed the overall audit process and how it assists the auditor to
achieve his or her objectives.

After having worked through the learning unit and the study references, are you able to

• describe the stages of the audit process that an auditor would follow to complete an audit?
• list the steps involved in each stage of an audit process?

In the next learning unit, we will discuss the evaluating, concluding and reporting stage.

109
 LEARNING UNIT 17
LU 17: REACHING CONCLUSIONS AND REPORTING

In this learning unit we are going to

• explain the various opinions formed by the auditor

17.1. INTRODUCTION

Throughout this module we indicated that the outcome of an auditor’s work is the audit report.
Remember the agency theory introduced in Topic 1? On the one hand we have management
that run a business on behalf of the shareholders. Management prepares annual financial
statements for the shareholders to report on the financial position and results. On the other
hand, we have the owners of the business: the shareholders. The shareholders need to know
how their business performed and if the results prepared and presented by management can be
relied on. The auditor performs this assurance function and formulates an audit report that
accompanies the annual financial statements. In this learning unit we are going to examine the
final stage of the audit process.

17.2. EVALUATING, CONCLUDING AND REPORTING

In the planning stage we focussed on performing audit procedures based on the risk
assessment. Once the evidence is collected the auditor examines the evidence. The auditor
asks him/herself: Have I collected sufficient audit evidence to reduce the audit risk to an
acceptable level? The auditor keeps trying until sufficient audit evidence is obtained. What
happens if the auditor is unable to obtain sufficient audit evidence after retrying? The auditor
issues a modified opinion which can be either an adverse opinion or a disclaimer of opinion.
What happens if a material misstatement is detected and management refuses to adjust the
financial statements (uncorrected misstatements)? The auditor issues a modified report with an
except for opinion by quantifying the unadjusted error.

Diagram 16 provides on overview of the evaluating, concluding and reporting stage of the audit
process and is self-explanatory. Use the diagram to assist you in familiarising yourself with the
applicable content.

110
 AUE1501/501/3/2021

DIAGRAM 16: EVALUATION, CONCLUDING AND REPORTING

If the auditor is satisfied with the audit procedures and sufficient, appropriate audit evidence was
obtained to reduce the assessed audit risk to an acceptable level, the auditor can issue an
unmodified (unqualified) audit opinion. The opinion mainly says “In our opinion the annual
financial statements present fairly, in all material respects….” This means that the shareholders
and analysts can rely on the annual financial statements.

There are various levels of modified audit opinions.

• We have the except for opinion, describing the effect of the error that management did not
adjust. Users can then make those adjustments on the AFS and then “read” the AFS.

111
• We have an adverse opinion that says that financial statements are not fairly presented.
The users cannot even make their own adjustments. This should result in legal steps
against management.
• We have a disclaimer in opinion that says I do not know. This could for example happen
when no backups were made and there are no records to audit. This too should result in
legal steps against management.

17.3. BRINGING ALL TOGETHER

This brings us to the end of the audit process. With the knowledge obtained in Topics 4 and 5
you will able to follow/understand the following YouTube video that explains the audit process.
Although this is a high-level video (far too advanced for this module), it integrates all the
knowledge you obtained so far. Watch it and see if you can make some sense of what the
presenter is explaining.

Video

https://www.youtube.com/watch?v=1yo3GyvZi9Q 16 minutes.

17.4. SUMMARY AND SELF-ASSESSMENT

In this learning unit we discussed how the auditor reaches conclusions and undertakes
reporting.

After having worked through the learning unit and the study references are you able to

• explain the various opinions formed by the auditor?

In the remaining Topics 6 to 10 we are going to examine the business cycles and their
functions. Within each function, we will examine the documents used, the risks facing each
function and the controls that can be introduced to manage those risks.

112
 AUE1501/501/3/2021

TOPIC 6

6 SYSTEMS AND CYCLES WITHIN A BUSINESS ENTITY

TOPIC OVERVIEW

In this topic you will familiarise yourself with the various business cycles that normally form part
of the accounting system of a business undertaking.

This topic is comprised of the following learning unit:

Learning unit Title Page

18 Systems and cycles within a business entity 114

113
 LEARNING UNIT 18
LU 18: SYSTEMS AND CYCLES WITHIN A BUSINESS ENTITY

In this learning unit we are going to

• identify the different business cycles
• explain the sequence of events in the revenue and receipts cycle and the
acquisitions and payments cycle
• Identify the functions of the above two cycles
• explain the purpose of inventory and the payroll and personnel cycle

18.1. INTRODUCTION

The aim of this learning unit is to introduce you to the business cycles as part of the accounting
system. Once you grasp the activities within each cycle and the sequence of events, then
understanding the risks and control activities will become easier to learn (subsequent learning
units). Remember to always integrate the knowledge that you have gained from your other
accounting subjects. I cannot emphasise the importance of understanding this learning unit
enough. Do not proceed to Topic 7 without understanding this learning unit.

18.2. SYSTEMS AND CYCLES WITHIN A BUSINESS ENTITY

One of the outcomes of an accounting system is to compile financial information that is

complete, accurate and valid and – from this information – prepare annual financial statements
(AFS). To this end, a business entity establishes procedures and records to (Diale & Richard
2019:5/9):

• initiate, record, process and report transactions

• capture events and conditions other than transactions
• accumulate, record, process and summarise information for the preparation of the AFS

The above procedures and events can be designated to systems and cycles within a business
entity. The following are the designated cycles:

• Revenue and receipts cycle

• Acquisitions and payments cycle
• Inventory and production cycle
• Payroll and personnel cycle
• Finance and investment cycle

In this module we are going to examine a retailing business and not a manufacturing
(production) business. We are also not going to examine the finance and investment cycle.

114
 AUE1501/501/3/2021

Refer to diagram 17 to obtain an understanding of how the five business cycles function. Goods
(inventory) are purchased (acquisitions) and paid for through the bank account (payments). The
idea is to sell (revenue) the inventory at a profit and deposit (receipts) the money into the bank
account. To execute the functions, you need employees (payroll) and they too get paid from the
bank account.

As a business expands it may need additional long-term financing. The need arises for example
to buy furniture and fittings or build a bigger warehouse. A loan is negotiated and obtained and
the money is deposited into the bank account. Over time, as the business makes profits it starts
accumulating money in its bank account. Instead of leaving it in the bank where it earns no
interest, the business saves or invests it to earn interest, dividends or capital growth. The
investment enables the business to expand its operations over time.

115
DIAGRAM 17: REPRESENTATION OF THE FIVE BUSINESS CYCLES IN RELATION TO
THE ACCOUNTING SYSTEM

In the introduction to this module you were required to visualise your own business. Visualising
your own business is important because students often confuse the one cycle with the other
and this is by far the highest cause of failure in the examinations. On a piece of paper, draw a
plan of the floor layout of your imaginary business. For example, see the following hand drawn
plan that I visualised:

116
 AUE1501/501/3/2021

As we learn more, and your knowledge base expands, you will refine your business layouts to
better suit your needs. You will learn about the business functions, risks and controls. My
diagram for example needs security cameras and more refinement. You are going to take your
own business idea and design the functions, identify the risks and design control activities to
reduce risks.

Let us begin by first obtaining a bird’s eye view of the revenue and receipts cycle and the
acquisition and payments cycle. In the learning units that follow we will examine the functions,
documents, risks and controls of each cycle in more detail.

117
18.3. REVENUE AND RECEIPTS CYCLE

As explained in section 18.2, the revenue and receipts cycle is about selling inventory (at a
profit) and collecting the money for the inventory sold. We are starting this cycle on the
assumption that we have inventory in the warehouse to sell and that we are selling the goods
on credit (30 days). We are therefore not looking at cash sales.

Refer to Diagram 18, find number 1 and follow the following explanation: A customer
phones/emails their order. The order is placed at the order department. Before goods can be
sold on account the sales authorisation department must establish that the customer either
has an account, and if not, apply for one. For existing account holders, credit management must
establish that the customer does not exceed their approved credit limits. Therefore, the credit
manager examines the credit profile of the customer. If the customer is creditworthy and within
his/her existing credit limits, the order is processed. Make this personal, if it is your business
and you sell R50 000 of goods to a customer (you paid R40 000 for those goods), and they are
not able to pay you, how will that affect you personally? Not a pleasant feeling. So always pay
your debts or refrain from buying something that you know you cannot repay. An authorised
order can now be processed.

The next function is the warehouse department. They use a picking slip, based on the order
and pick the goods in the warehouse and place them to be packed. The despatch department
checks that the right goods are packed and delivered to the customer. The customer signs a
delivery note on receipt of the goods. On the accounting side we have the invoicing
department who invoices the customer for the goods ordered and delivered. The invoice is
recorded in the sales journal by the recording of sales department and posted to the debtors’
ledger. The accounting treatment in the general ledger: revenue account is credited, and the
debtors account debited. At the end of the month a statement of account is issued to the
customer. The statement of account is extracted from the debtors’ ledger. The customer
receives the statement of account and pays the account. Most debtors pay their debts when
they become due. Some do not. The credit management department fulfils another role i.e. to
collect outstanding debts. As soon as a customer makes a payment, a receipt is issued by the
receipts department by the recording of receipts department. The receipt is used to record
the payment from the customer and allocating the payment to the customer’s debtor’s account
in the debtors’ ledger. The accounting treatment in the general ledger: the bank account is
debited and the debtors account credited. The money is deposited and your bank account
balance increases.

118
 AUE1501/501/3/2021

DIAGRAM 18: OVERVIEW OF THE SEQUENCE OF EVENTS IN THE REVENUE AND

RECEIPTS CYCLE

119
Activity 18.1

List the eight functions within the revenue and receipts cycle.
(You will find the answer in the bolded text above)

Reflection

You have completed an overview of the sequence of events in the revenue and receipts cycle.

Involve a friend and tell him/her of your business idea.

• Take them step by step through the sequence of events of the revenue and receipts cycle
• Jot down your friend’s response to your explanation: Could they follow you? Did they add to
your business concept? Did you change your original idea?

18.4. AQUISITIONS AND PAYMENTS CYCLE

As explained in section 18.2, the acquisitions and payment cycle is about buying inventory (at
the best price) and paying the creditor within 30 days. Refer to Diagram 19, find number 1 and
follow the following explanation: The inventory that is sold to your customers are kept in the
warehouse. Once the inventory levels are low, this will be physically observed, and a senior
person will issue a requisition stating how many of a certain item are required. The approved
requisition is sent to the ordering of goods function. The ordering of goods function must
identify the supplier who will provide the best quality, price, and are able to deliver the order as
soon as possible.

The goods are ordered, they arrive and are checked against the order and delivery note by the
receiving of goods function. They physically inspect and count the goods and issue a goods
received note. A goods received note is made out to acknowledge receipt of the goods. Once
the goods received note is issued the transaction can be recorded. This is performed by the
recording of purchases function. The accounting department uses the goods received note,
the purchase order and the supplier’s invoice to record the transaction in the purchases journal
and the creditor’s ledger. The accounting treatment in the general ledger: cost of sales account
is debited and the creditor’s account is credited.

At the end of the month the supplier statement arrives and preparation of the payment begins.
From your creditor’s ledger in your books of account a statement of account of the creditor is
extracted. This is used to reconcile it with the supplier’s statement of account. As soon as the
reconciliation is completed the payment is made. The payment is prepared by the payment
preparation function and paid by the actual payment and recording function. The
accounting treatment in the general ledger: creditor’s account is debited and the bank account
is credited.

120
 AUE1501/501/3/2021

DIAGRAM 19: OVERVIEW OF THE SEQUENCE OF EVENTS IN THE ACQUISITION AND

PAYMENTS CYCLE

121
Activity 18.2

List the five functions within the acquisition and payments cycle.
(You will find the answer in the bolded text above)

Reflection

You have completed an overview of the sequence of events in the acquisitions and payments cycle.

Involve a friend and tell him/her of your business idea.

• Explain to them step by step the sequence of events of the acquisitions and payments cycle.
• Jot down your friend’s response to your explanation: Could they follow you? Did they add to
your business concept? Did you change your original idea?

18.5. INVENTORY

Refer to diagram 17. Both the acquisitions cycle and revenue cycle connect to the inventory
cycle. Goods are received for resale in the warehouse and goods are despatched from the
warehouse and sold at a profit.

18.6. PAYROLL

The payment of salaries and wages is an integral part of any business. Since it is a cycle which
results in an outflow of funds from the business, it is extremely important that the accounting
system and related control activities are sound, to prevent potential significant misappropriation
of funds.

18.7. FINANCE AND INVESTMENT CYCLE

This cycle essentially deals with those transactions which a company enters into to raise
finance, for example by raising start-up capital to hire a business premises, purchase equipment
and inventory. The cycle also deals with the investment the company makes, whether it is in
property, plant and equipment, making long-term loans or investing surplus funds.

18.8 SUMMARY AND SELF-ASSESSMENT

In this learning unit we identified the various business cycles and introduced you to the
sequence of events in the revenue and receipts cycle and the acquisitions and payments cycle.
After having worked through the learning unit and the study references, are you able to

• identify the different business cycles?

• explain the sequence of events in the revenue and receipts cycle and the acquisitions and
payments cycle?
• identify the functions of the above two cycles?
• explain the purpose of inventory and the payroll and personnel cycle?
122
 AUE1501/501/3/2021

Do not continue to the next topic before you are able to achieve the above outcomes. Rather spend
some more time to fully understand this topic. In the next three topics we will elaborate on the
accounting functions that you have identified in this learning unit and the documents used.
Furthermore, you are going to learn to identify the risks and design controls to reduce the identified
risks (including documents) within the revenue and receipts business cycle, the acquisition and
payments cycle and the payroll cycle. Finally, we will examine the controls.

123
 TOPIC 7

7 THE REVENUE AND RECEIPTS CYCLE

TOPIC OVERVIEW

In Learning Unit 18 we briefly looked at the revenue and receipts cycle. We are going to split
the revenue and receipts topics into three learning units. The purpose of this topic is to
introduce you to the documents, risks and controls for credit sales and receipts. Although sales
can consist of credit and/or cash sales, in this topic only the part that relates to credit sales and
receipt of payments from debtors are being dealt with.

This topic is divided into the following learning units:

Learning unit Title Page

19 Activities and documents 125

20 Risks and controls Part I 129
21 Risks and controls Part II 134

124
 AUE1501/501/3/2021

LEARNING UNIT 19

LU 19: ACTIVITIES AND DOCUMENTS

In this learning unit we are going to

• explain the overall risk of the revenue and receipts cycle
• describe the various activities within each function of the revenue and receipts
cycle
• explain the purpose of the documents used in the revenue and receipts cycle
• list the information to be contained in each of the above documents

19.1 INTRODUCTION

In Learning Unit 18 you were introduced to the five business cycles. In this topic, comprising
three learning units, we are going to examine the revenue and receipts cycle. In other words,
this is the cycle where a business sells goods and collects the payments from customers.

We will follow a certain structure (four steps) that we will apply to all the cycles. This will simplify
your learning experience. The notes in this section are based on the book by Adams, A, Diale, T
& Richard, G (2019) Auditing Notes for South African Students 11th edition. The book is not a
prescribed book, but I do recommend it as additional reading material for those of you who wish
to go into more detail. (NB the study guide notes are sufficient for examination purposes) Also
note, I’m going to explain the cycles as if it is a manual system. The reason for this approach is
to explain the underlying principles to you. In a computerised environment many of the activities
are streamlined and automatically executed.

The following structure will be followed in all the cycles:

Step 1: Identify the activities and purpose of each function.

Step 2: Identify the documents involved in each function and their purpose.

Step 3: Identify the risks involved in each function.

Step 4: Describe the controls to mitigate (reduce/prevent) the risks.

All the examination questions are based on the above, boldfaced items contained in the steps.
In this learning unit we will focus on the first two steps.

125
19.2 THE OVERALL RISK OF THE REVENUE CYCLE

Discussion 19.1
E-tutor assistance required

You have a business and you sell your products on credit (account) to your customers.

What is the overall risk arising from selling to customers on account (credit sales)?

• Customers not paying their accounts

19.3 FUNCTIONS FOR THE REVENUE AND RECEIPTS CYCLE

Let us first look at the bigger picture of the revenue and receipts cycle and all the functions. In
Learning Unit 18 we discussed the sequence of events in the revenue and receipts cycle. In
doing so, we identified nine functions for the revenue and receipts cycle. Refer to Activity 18.1
to refresh your memory.

19.3.1 Identify the activities and documents within each function

Within each function we are going describe the activities (job description) and identify the
documents used to execute the activity.

The revenue and receipts cycle

Functions Activities Documents/records
Ordering • Receive an order from a customer • Customer order
• Record the order on a ISO • Internal sales order
• Validate customer details: existing or new customer (ISO)
• Price list
Credit management: • Establish creditworthiness (new customer) • Credit application form
Sales authorisation • Establish that existing credit limits are not exceeded (existing • Credit bureau
customer) information
• Accept/reject order based on above (approve ISO) • Debtors ledger
Warehouse • Act promptly on filling the ISO • Picking slip
• Accurate picking slip and delivery note created • Delivery note
• Goods correctly picked from the shelves
Despatch • Goods transferred from warehouse to despatch must have a • Delivery note
picking slip and delivery note • List of deliveries
• Goods transferred to despatch to be packed and labelled
• Prompt delivery of goods to correct customer
• Goods in despatch area must be physically safeguarded
Invoicing • Promptly notify customer of amount due for goods supplied • Sales invoice
• Signed delivery note matched with customer order • Price lists
• Accurate invoice can be generated
Recording of sales • Promptly record the sale and raise a corresponding debtor • Invoice
• Accurate recording in the sales journal and debtor in debtor’s • Sales journal
ledger • Debtors ledger
• Totals posted to sales and debtors control account in general • General ledger
ledger
Issue receipts • Prompt recording of a payment received • Receipts
• Promptly issue a correct and accurate receipt • Bank statement
Recording of receipts • Promptly and accurately record the receipts in cash receipts • Receipts

126
 AUE1501/501/3/2021

journal and credit the correct debtors account • Cash receipts journal
• Totals posted to debtors control account in the general ledger • Debtors
Credit management: • Collect overdue debtors promptly • Monthly statements
Debt collection • Identify debtors to be handed over to attorneys • Age analysis
• Authorise debts to be written off

The content contained in the above table is very important, make sure that you know it well.

19.4 THE PURPOSE OF THE DOCUMENTS

Understanding the purpose of the document and what it looks like is very essential to
understand the functions, risks and controls of a cycle.

Activity 19.1

(E-Tutor assistance required in monitoring students’ progress in completing this activity)

You are required to search Wikipedia for definitions of each of the following documents. Once
you have defined the document, search for a suitable example (image/picture) so that you can
identify the details appearing on each document.

Document/ Definition of the document Image

Records viewed
Customer order Serves as the customer’s instruction as to what goods are required. Yes
Internal sales
order
Price list

Credit application
form
Debtors ledger

Picking slip

Delivery note

Sales invoice

Sales journal

Receipt

Bank statement

Cash receipts
journal

19.5 TYPICAL EXAMINATION QUESTIONS

The following are extracts from previous examination questions to illustrate to you how the
content in this learning unit may be assessed:
127
• List the nine functions in the revenue and receipts cycle
• Describe the activities in ordering, warehouse and invoicing function in the revenue and
receipts cycle (this could be adjusted to include other functions)
• Describe the purpose of the following documents:
- Internal sales order
- Invoice
- Picking slip
• List the 4 items that should appear on the following documents:
- Credit application form
- Receipt

19.6 SUMMARY AND SELF-ASSESSMENT

After having worked through the learning unit, are you able to

• explain the overall risk of the revenue and receipts cycle?

• describe the various activities within each function of the revenue and receipts cycle?
• explain the purpose of the documents used in the revenue and receipts cycle
• list the information to be contained on each of the above documents?

In the next learning unit we are going to examine the risks and controls for the revenue and receipts
cycle.

128
 AUE1501/501/3/2021

LEARNING UNIT 20

LU 20: RISKS AND CONTROLS (Part I)

In this learning unit we are going to

• identify the risks involved for identified functions
• describe the controls to mitigate (reduce/prevent) the risks for identified functions

The identified functions for this learning unit:

• Receiving customer orders
• Credit management: Sales authorisation
• Warehouse
• Despatch

20.1 INTRODUCTION

In the previous learning unit, we identified the main functions of the revenue and receipts cycle,
the activities within each function and the documents involved. You cannot proceed with this
learning unit if you did not fully comprehend the functions, activities and documents involved. In
the following two learning units we are going to describe the risks and controls for each function.
This learning unit will focus on ordering, credit management (sales authorisation), warehouse
and despatch functions. In the next learning unit we will address the remaining functions of the
revenue and receipts cycle.

20.2 THE RISKS AND CONTROLS

The notes in this section are based on the book by Adams, A, Diale, T & Richard, G (2019)
Auditing Notes for South African Students 11th edition.

20.2.1 The ordering function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks, followed by the controls. A company receives an order from a customer -
what can go wrong (risks)?

The risks associated with the ordering function

• An order received from a non-account holder and processed as if the customer has
account facilities, thereby providing account facilities to someone who does not have the
financial means to pay the account.
• Taking too long to process the order, thereby frustrating and eventually losing the
customer, which means a loss in immediate and future sales (goodwill).
• Errors in the capturing information on the internal sales order from the customer order.
This will result in the following, depending on the capturing error: wrong goods picked, or
129
 the wrong quantity picked, or the wrong delivery address used. This means goods will be
returned and customers will be frustrated. A frustrated customer will buy/shop elsewhere.

What can be done to prevent the above risks (controls)?

The controls associated with the ordering function

• Use prenumbered internal sales orders (ISOs) to record all the orders.
• File of ISOs in numerical sequence. Match the ISO with the delivery note to determine
whether an order has been processed.
• Regular sequence checking (completeness) of the ISOs and identification of unmatched
ISOs must be performed.
• No processing of orders unless received from an approved customer. Customer account
number must appear in the ISO and order clerk must check the customer details on an
approved creditors list.
• Attach the customer order to ISO and ISO signed by another person for accuracy of order
details transcribed on the ISO.
• ISO clerk to sign the ISO for acknowledging that the above tasks have been performed.

Discussion 20.1
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

20.2.2 The credit management - sales authorisation

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. A company wishes to process the order of the
customer. What can go wrong (risks)?

The risks associated with the credit management - sales authorisation

• A credit sale (on account) can be made to a customer who is not creditworthy and who will
therefore not be in a financial position to pay their accounts as they come due. Bad debts
are a financial loss for a business and overdue accounts negatively impact on the cash
flow of a business.

What can be done to prevent the above risks (controls)?

The controls associated with the credit management - sales authorisation

• No further orders are processed before the credit controller’s approval.

130
 AUE1501/501/3/2021

• No ISO sent off to the warehouse for picking before the credit controller approves (signs)
the ISO. The following tasks are approved by the credit controller:
• Credit controller will check and sign the ISO for existing customers:
• The correctness of the customer’s factual details
• That the customer has a satisfactory credit status (balance due on the debtor’s ledger is
checked against approved limits and that account is current)
• Credit controller will check and sign ISO for new customers:
• New customers must complete a credit application form, requesting information like
identification, recent bank statements, credit references, and income and
expenditure/management accounts.
• Details on credit application confirmed by contacting the businesses whose credit
references were provided and obtaining a credit bureau rating based on their database
of litigations, blacklisting etc.
• Repayment terms and credit limit are set by the credit controller based on the above
confirmed information.

Discussion 20.2
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

20.2.3 The warehouse function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. A company wishes to fill the order of the customer.
What can go wrong (risks)?

The risks associated with the warehouse function

• An authorised ISO is issued but not processed by the warehouse
• Goods picked for fictitious sales
• Incorrect goods and/or quantities picked
• Incorrect delivery notes made out

What can be done to prevent the above risks (controls)?

The controls associated with the warehouse function

• As soon as the picker picks the items he/she will initial the picking slip confirming that the
items and quantities picked are correct.

131
• Review checks performed by warehouse foreman to ascertain that all goods picked are
supported by signed picking slips.
• Warehouse clerk to check goods picked against the picking slip and to prepare the
delivery note from the picking slip. Delivery note cross-referenced to picking slip.
• Filing of picking slips in numerical sequence. Picking slip matched with delivery notes.
Reasons for unmatched picking slips (either not yet picked or not yet delivered) must be
investigated.

This function ends when the goods are transferred to despatch, accompanied by a picking slip
and a completed delivery note.

Discussion 20.3
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

20.2.4 The despatch function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. A company despatches goods picked from the
warehouse. What can go wrong (risks)?

The risks associated with the despatch function

• Uncontrolled despatch function can lead to theft of goods
• Incorrect item and quantity of goods despatched
• Goods delivered to a wrong customer
• Customers denying receipt of goods
• Goods from warehouse are not despatched

What can be done to prevent the above risks (controls)?

Controls associated with the despatch function

• On receipt of the goods from the warehouse (accompanied by a picking slip and delivery
note) the despatch clerk:
• Checks quantities and description against the given documents.
• Signs both the picking slip and delivery note acknowledging receipt of goods from the
warehouse.
• Returns a signed picking slip to the warehouse function.
• Retains two copies of picking slip and delivery note.

132
 AUE1501/501/3/2021

• Goods boxed (packed) checked against picking slip (item and quantity) and address on
box against the delivery note. The box is immediately sealed.
• The despatch clerk prepares a delivery list on which appears both the delivery note
number and the number of boxes making up the delivery.
• The driver supervises the loading of the boxes and signs the delivery list. He takes one
copy of the delivery list and the two copies of the delivery notes. The despatch clerk
retains the other copy of the delivery list.
• Gate control inspects goods in vehicle against the delivery list and ascertains if they are
accompanied by delivery notes. Gate control stamps the delivery list acknowledging
performance of the task.
• The customer signs both copies of the delivery note as acknowledgement of receipt of the
goods and keeps one copy.

Discussion 20.4
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

20.3 TYPICAL EXAMINATION QUESTIONS

A short case study will usually be provided, and typical questions asked include:
• Describe the risks associated with the warehouse function.
• Describe the controls to mitigate the risks in the warehouse function.
(The above question can obviously include the other functions).

Another way to assess the controls would be for the risks to be included in the case study, and
you will be required to the describe the controls for that specific risk.

20.4 SUMMARY AND SELF-ASSESSMENT

In this learning unit we focused on the risks and controls of the ordering, credit management
sales – authorisation, warehouse and despatch functions.

After having worked through the learning unit are you able to
• identify the risks involved for identified functions?
• describe the controls to mitigate (reduce/prevent) the risks for identified functions?

In the next learning unit we are going to examine the risks and controls of the invoicing, recording of
sales, issue of receipts, recording of receipts and credit management (debt collection) functions.

133
 LEARNING UNIT 21

LU 21: RISKS AND CONTROLS (Part II)

In this learning unit we are going to

• identify the risks involved for identified functions
• describe the controls to mitigate (reduce/prevent) the risks for identified
functions
The identified functions for this learning unit:
• Invoicing
• Recording of sales
• Issue and recording of receipts
• Credit management: Debt collection
• explain a basis of test of controls

21.1 INTRODUCTION

In the previous learning unit we focussed on the risks and controls of ordering, credit management
(sales authorisation), warehouse and despatch functions. In this learning unit we continue with the
risks and controls of the functions invoicing, recording of sales, receipts and recording of receipts,
management sales (debt collection).

In this topic you are introduced to the various controls applicable to the revenue and receipts cycle.
Therefore, it is now appropriate to revisit the auditing concept “test of controls” as introduced in
Learning Unit 15. The concept “test of control” should become more meaningful to you.

21.2 THE RISKS AND CONTROLS

The notes in this section are based on the book by Adams, A, Diale, T & Richard, G (2019)
Auditing Notes for South African Students 11th edition.

21.2.1 The invoicing function

As soon as the goods are delivered to the customer the customer must be notified of the
transaction value payable by him/her. What can go wrong in this function?

The risks associated with the invoicing function

• Goods are delivered but never invoiced.

• Errors on the invoice e.g. Input errors include incorrect: customer details, quantities, unit
price, item description, unit price, additions, VAT, and discount).

What can be done to prevent the above risks (controls)?

134
 AUE1501/501/3/2021

Controls associated with the invoicing function

• A temporary “pre-invoicing” preparation file is kept. Copies of the ISOs are filed in numerical
sequence. (The ISO is the initiation of the transaction). The purpose of this file is to match the
ISO with the signed delivery note. Once matched, the invoice can be issued because two
important activities are in place, namely proof that the customer ordered goods and that the
customer received the goods.
• On a regular basis, unmatched ISOs must be investigated. (Why does an ISO not have a
delivery note?).
• Once the ISO and delivery note are matched they should be filed numerically, according to the
delivery note number.
• Gaps in the delivery note numbers (missing delivery notes) must be investigated. (Why is a
delivery note, for which no ISO is issued, missing?)

Discussion 21.1
E-tutor assistance required

• What could be possible reasons for an ISO which is not matched with its delivery
note?
- Goods not yet delivered – problems at despatch.
- A customer not accepting the goods or delivery could not take place – goods
returned.
- Goods lost or stolen during delivery.

• What could the possible reasons be for a gap in the sequence of delivery notes?
- Fraud/theft because goods are delivered without issuing an ISO. (If there is no
ISO the transaction is not accounted for).
A cancelled delivery note with all the copies is acceptable.

• Before preparing a numerically sequenced invoice, the invoice clerk:

- Compares the details on the ISO and delivery note.
- Checks the prices on the ISO with the official price list and approved discounts.
• The completed invoice is checked and initialled by a second employee:
- Prices, extensions, casts
- Discount and VAT calculations
- Customer details

135
Discussion 21.2
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

21.2.2 Recording of sales

The invoice needs to be accounted for in the sales journal and debtor’s account. What can go
wrong when recording the invoice in the accounting records (risks)?

The risks associated with the recording of sales function

• Invoices are not recorded in the sales journal (left out).

• Invoices are duplicated in the sales journal.
• Invoices are entered incorrectly, with errors in the sales journal.
• Invoices are entered against an incorrect debtor when posting it to the debtors journal.

What can be done to prevent the above risks (controls)?

Controls associated with the recording of sales function

• Recording the invoices in the sales journal in numerical sequence and identifying missing
invoices.
• Before entering a batch of invoices for the day in the sales journal, the invoices should be
added up (batch total). As soon as the day’s invoices are recorded in the sales journal, the
sales journal is added up. The two totals are compared. This is referred to as batch controls.
• The following review checks must be performed by a person other than the one who recorded
the transaction:
• Daily sequence checks on invoices entered in the sales journal.
• Comparing the customer name and amount entered in the sales journal to the invoice for
accuracy.
• Tracing the posting of the invoice to the correct debtor’s account in the debtors ledger.
• Reconciling the debtors ledger to the debtors control account in the general ledger.

136
 AUE1501/501/3/2021

Discussion 21.3
E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

21.2.3 Issuing and recording of receipts

The customer receives a statement with all of the month’s invoices and based on the statement
they make a payment. In the past cheques were used to pay accounts. Today most businesses
make use of electronic fund transfers (EFTs). Therefore, we are not going to examine receipts
in the mail room for receiving cheques. We will, however, examine the recording of EFTs.

With EFTs, funds are transferred from the customer’s bank account to the seller’s bank account
through internet banking. With EFTs the payment from the debtor will appear directly on the
bank statement as a credit. Therefore, numerous credit entries (deposits) will appear on the
seller’s bank statement.

These deposits need to be allocated to the correct debtors account. Therefore, it is very
important that the customer uses the account reference on the debtor’s statement when
making the EFT. The debtor will sometimes e-mail a remittance advice to assist the debtor’s
clerk to allocate the payment. Once a deposit is identified on the bank statement a receipt must
be created. The receipt is used to allocate the payment to the debtor’s account. The bank
account must be reconciled to the bank statement before the end of the next working day.

The steps in the issue and recording of receipts can be listed as follows:
• Print and e-mail the debtor’s statements.
• Identify the EFTs (deposits) on the bank statement.
• Issue a receipt for the customer for the identified EFT.
• Write up the cash receipts journal.
• Allocate the receipt by crediting the debtor’s account in the debtor’s ledger.
• Reconcile the debtor’s ledger with the debtors control account.
• Reconcile the bank statement with the cash book (containing both cash receipts journal
and cash payment journal).
• Follow up customer queries, unpaid invoices and unallocated receipts.
• Manage accounts not paid at month-end (credit management).

The risks associated with the issuing and recording of receipts function

• Receipts are not promptly recorded or not recorded at all.

137
• Receipts are issued with errors.
• The payment received is allocated to a wrong debtor.

The controls associated with the issuing and recording of receipts function

• A prenumbered receipt is issued as an EFT occurs.

• The cash receipts journal should be written up on a daily basis by date and receipts number.
• Supervisory staff should review the cash receipts journal for missing dates and gaps in
sequence of receipts. They should also test posting to the debtors ledger.
• The cash book containing the cash receipts journal and cash payments journal should be
reconciled with the bank statement on a daily basis.
• Queries from debtors should be investigated by an employee independent of debtors and
banking.
• Reconciliation of the debtors ledger to the debtors control account in the general ledger should
be conducted on a regular basis by the financial accountant.

21.2.4 The credit management function

The credit management function plays an important role in a business. The part of their function
is not to allow credit to customers who will not be able to repay debts. The second function is to
collect the money owing by the debtor as reflected on the debtor’s monthly statement as soon
as possible (receipts). If debtors do not pay their accounts within the 30-day period, it will
seriously affect the cash flow of a business. Remember, to make the sale a business had to
probably buy the goods (inventory) on credit. If a debtor does not pay their account when it
becomes due, the business will have difficulties in paying their creditors. Therefore, it is
important and the right thing to do to pay debts when they come due. Furthermore, it is much
better for a business not to make a sale at all than making the sale to a debtor who does not
pay. The business who must write off a debt due to non-payment is losing the cost price of the
inventory sold.

The risks associated with the credit management - debt collection function

• Debtors do not pay or at all.

• Debts are written off prematurely.
• Debts are written off without the necessary authority.

What can be done to prevent the above risks (controls)?

The controls associated with the credit management - debt collection function

• Debtors statements issued promptly at month end.

• Compile a monthly debt age analysis and contact debtors exceeding 30 days.
• Renegotiate repayment terms and credit facilities.
• Hand over for debt collection.
• Debts to be written off must be authorised by the credit controller and a senior financial
official.
138
 AUE1501/501/3/2021

• Account facilities are blocked.

21.3 THE FORMULATION OF TEST OF CONTROLS

In Learning Unit 15 we indicated that the auditor performs tests of controls and substantive
procedures. A test of control is simply identifying the controls like we did in this topic and
formulate it as an instruction for someone to execute. In other words, tests of controls describe
instructions to audit personnel as contained in an audit programme on how the internal control
measure in question should be evaluated. If there are no controls, then no tests of controls can
be performed.

There are mainly four types of test of controls:

1. Inspection: Consists of examining the documents which provide the auditor with
evidence as to whether a control procedure did occur. For example, the auditor would
inspect the signature of the order clerk indicating the performance of control activities.

2. Reperformance: This procedure involves the auditor’s repeating, either wholly or in part,
the same control procedures that the client performed. For example, reperforming a
creditor’s reconciliation performed by the client.

3. Enquiry: Consists of seeking information from knowledgeable persons inside the entity.
For example, enquire from management as to the procedures followed by ordering clerks
to record phone orders.

4. Observation: This might involve watching a client’s employee performing a control

procedure. For example, the auditor would inspect the order recording process to ensure
that all orders are on sequentially internal sales orders.

From the above methods you can gather that tests of controls are merely asserting whether or
not the control activities that have been prescribed by management/the owner have indeed
been implemented by personnel.

You will not be required to formulate tests of controls in this module.

21.4 SUMMARY AND SELF-ASSESSMENT

In this learning unit the risks and controls of the functions invoicing, recording of sales, receipts and
recording of receipts and credit management were explained. The auditing concept “test of controls”
as introduced in Learning Unit 15 was revisisted.

After having worked through the learning unit are you able to
• identify the risks involved for identified functions?
• describe the controls to mitigate (reduce/prevent) the risks for identified functions?
The identified functions for this learning unit:

139
 • Invoicing
• Recording of sales
• Issue and recording of receipts
• explain a basis of test of controls?

In the next topic we are going to examine the acquisitions and payments cycle.

140
 AUE1501/501/3/2021

TOPIC 8

8 THE ACQUISITIONS AND PAYMENTS CYCLE

TOPIC OVERVIEW

In Learning Unit 18 we briefly looked at the acquisitions and payments cycle. In this topic we
are going to examine the acquisitions and payments cycle in more detail. The topic will be split
into two learning units. The purpose of this topic is to introduce you the activities, documents,
risks and controls for the acquisitions and payments cycle.

This topic is divided into the following learning units:

Learning unit Title Page

22 The activities and documents 142

23 The risks and controls 147

141
 LEARNING UNIT 22

LU 22: ACTIVITIES AND DOCUMENTS

In this learning unit we are going to

• explain the overall risk of the acquisition and payments cycle
• describe the various activities within each function of the acquisition and
payments cycle
• explain the purpose of the documents used in the acquisition and payments
cycle
• list the information to be contained on each of the above documents

22.1 INTRODUCTION

In Learning Unit 18 you were introduced to the five business cycles. In this topic, comprising of
two learning units, we are going to examine the acquisition and payments cycle. In other words,
this is the cycle where a business orders and receives goods (inventory for resale) and pays the
account when it becomes due for payment.

We will continue to follow the structure (four steps) which we used in the revenue and receipts
cycle. This will simplify your learning experience. The notes in this section are based on the
book by Adams, A, Diale, T & Richard, G (2019) Auditing Notes for South African Students 11th
edition. The book is not a prescribed book, but I do recommend it as additional reading material
for those of you who wish to go into more detail. Also note, I’m going to explain the cycles as if it
is a manual system. The reason for this approach is to explain the underlying principles to you.
In a computerised environment many of the activities are streamlined and automatically
executed.

The following structure will be followed in all the cycles:

Step 1: Identify the activities and purpose of each function.

Step 2: Identify the documents involved in each function and their purpose.

Step 3: Identify the risks involved in each function.

Step 4: Describe the controls to mitigate (reduce/prevent) the risks.

All the examination questions are based on the above bolded items contained in the steps. In
this learning unit we will focus on the first two steps.

142
 AUE1501/501/3/2021

22.2 THE OVERALL RISK OF THE REVENUE CYCLE

Discussion 22.1
E-tutor assistance required

You have a business and you want to replenish the inventory for the business. What are
the overall risks involved in the acquisition and payments cycle?

• Paying of fraudulent creditors

• Theft of inventory
• Buying goods that do not sell. etc

22.3 FUNCTIONS FOR THE ACQUISITIONS AND PAYMENTS CYCLE

Let us first look at the bigger picture of the acquisition and payments cycle and all the functions.
In Learning Unit 18 we discussed the sequence of events in the acquisition and payments
cycle. In doing so, we identified five functions for the acquisition and payments cycle. It is very
important that you refer to Activity 18.3 to refresh your memory.

22.3.1 Identify the activities and documents within each function

Within each function we are going to describe the activities (job description) and identify the
documents used to execute the activity.

The acquisition and payments cycle

Functions Activities Documents/records
Ordering of goods • Receive a valid requisition from warehouse for goods to be • Requisition
ordered • Purchase order form
• Initiating an order based on the requisition
• Placing the order at an approved supplier who provides the
best quality, price and service
Receiving of goods • Receive goods from supplier in terms of the order • Supplier delivery note
• Physically inspect the goods in terms of the order (item, • Goods Received Note
quantity, and condition) (GRN)
• Issue a goods received note
• Sign the supplier goods received note
Recording of purchases • Promptly record the purchase and raise a corresponding • Purchase invoice
creditor • Creditors statement
• Accurate recording the purchases journal and creditor’s ledger • Purchases journal
• Totals posted to purchases and creditors control account in • Creditors ledger
general ledger • General ledger
Payment preparation • Valid creditors are paid on time at the correct amount • Remittance advice
• Initiate a payment requisition • Payment requisition

Actual payment • Make an authorised, valid, accurate internet payment • Internet proof of
• Record the payment in the cash payments journal and debit the payment
correct creditor’s account • Bank statement
• Totals posted to the creditors control account in the general • Cash payments journal
ledger • Creditors and general
ledger

143
The content contained in the above table is very important, make sure that you know it well
before you proceed to the next learning unit.

22.4 THE PURPOSE OF THE DOCUMENTS

Understanding the purpose of the document and what it looks like is essential to understand
the functions, risks and controls of a cycle.

Activity 22.1

(E-Tutor assistance required in monitoring students’ progress in completing this activity)

You have performed a similar activity in the revenue and receipts cycle. You are required to
visit Wikipedia for definitions of each of the following documents. Once you have defined the
document, search for a suitable image so that you can identify the details appearing on each
document.

Document/ Definition of the document Image

Records viewed
Requisition Convey to the buying department what is required in the warehouse Yes
Purchase order
form
Delivery note (from
the supplier)
Goods Received
Note
Purchase invoice

Creditors
statement
Purchases journal

Creditors ledger

General ledger

144
 AUE1501/501/3/2021

Activity 22.2
The following is an example of an order form issued by Sweetie Pie Bakery (Pty) Ltd (Sweetie
Pie Bakery) for goods ordered by the company.

Sweetie Pie Bakery (Pty) Ltd

PURCHASE ORDER
ORDER NUMBER 1001
Date: 30 May 20xx
Sweetie Pie Bakery
PO BOX 33445
PRETORIA

To Vendor:
PO BOX 25031
DURBAN
ID company registration number: 342/003344/06

Description Code Quantity

12 x 1 kg bags of flour FLO01 11

5 x 250 g of butter BUT01 5

1000 packs of chocolate chips CCH 01 1 000

Authorised:
_________

Required:

Identify and list the information that should be reflected on a purchase order that was not included in
Sweetie Pie Bakery’s order.

145
Suggested Solution 22.2
Reference: Adams, Diale & Richard (2019:11/6)

The following information should have been reflected on the purchase order but was not:

• The order form is not addressed to the supplier, as the name of the supplier is not included on
the order form.
• The price of the goods to be purchased is not on the order form.
• The order form is not authorised/signed.
• The quantity of the bags of flour ordered was 12 and not 11.

22.5 TYPICAL EXAMINATION QUESTIONS

The following are extracts from previous examination questions to illustrate to you how the
content in this learning unit may be assessed:

• List the five functions in the acquisition and payments cycle.

• Describe the activities in the ordering of goods, receiving of goods, recording of purchase
in the acquisition and payments cycle (this could be adapted to include other functions).
• Describe the purpose of the following documents:
- Requisition
- Purchase order form
- Goods Received Note etc.
• List the 4 items that should appear on the following documents:
- Purchase order
- Goods Received Note

22.6 SUMMARY AND SELF-ASSESSMENT

In this learning unit we examined the various functions and documents/records used in the
acquisition and payments cycle.

After having worked through the learning unit and the study references are you able to

• explain the overall risk of the acquisition and payments cycle?

• describe the various activities within each function of the acquisition and payments cycle?
• explain the purpose of the documents used in the acquisition and payments cycle?
• list the information to be contained on each of the above documents?

In the next learning unit we will examine risks and controls within each of the five functions of the
acquisition and payments cycle.

146
 AUE1501/501/3/2021

LEARNING UNIT 23

LU 23: RISKS AND CONTROLS

In this learning unit we are going to

• identify the risks involved for identified functions
• describe the controls to mitigate (reduce/prevent) the risks for identified functions

The identified functions for this learning unit:

• Ordering of goods
• Receiving of goods
• Recording of purchases
• Payment preparation
• Actual payment

23.1 INTRODUCTION

In the previous learning unit, we identified the main functions of the acquisition and payments
cycle, the activities within each function and the documents involved. You cannot proceed with
this learning unit if you did not fully comprehend the functions, activities and documents
involved. In this learning unit we are going to describe the risks and controls for each function.
This learning unit we will focus on ordering of goods, receiving of goods, recording of
purchases, payment preparation and actual payment.

23.2 THE RISKS AND CONTROLS

The notes in this section are based on the book by Adams, A, Diale, T & Richard, G (2019)
Auditing Notes for South African Students 11th edition.

23.2.1 The ordering of goods function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. A company needs to order inventory (stock). What
can go wrong (risks)?

The risks associated with the ordering of goods function

• Ordering unnecessary or the wrong goods

• Goods are ordered without the necessary authorisation
• Requisitions are not acted upon or orders are either not placed at all or not immediately
placed

147
• The goods ordered are of a poor quality
• The goods ordered are not competitively priced
• The goods are ordered from suppliers who have a poor reputation of not filling (fulfilling)
the orders timeously
• Order forms are misused for fraudulent purchases

What can be done to prevent the above risks (controls)?

The controls associated with the ordering function

• Before a requisition is placed, inventory levels are checked

• No orders are placed without an authorised requisition
• The ordering department files requisitions sequencially
• The order is cross-referenced to the requisition
• The requisition file is reviewed regularly to identify requisitions that are not cross-
referenced to an order
• An approved supplier list is used (approved quality, price and reputation)
• The supplier on the list should be contacted to ascertain the availability and delivery date
of the goods before ordering
• Quotes should be obtained to ascertain that the best price is negotiated
• The order should be reviewed by a supervisor confirming that:
• the order corresponds to the requisition and that the requisition is duly authorised
• the goods are not unusual for the business operations
• the goods are ordered from a suitable supplier whose price and quality are acceptable
• The ordering department files orders sequencially and the Goods Received Note (GRN)
reference is entered onto the orders as they arrive. The file is reviewed regularly to identify
orders which have no GRN reference number.

Discussion 23.1

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

23.2.2 The receiving of goods function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. A company ordered goods and the items arrive at
the delivery area. The Goods Received Note (GRN) is a very important document and is relied
upon the ordering, recording of purchases and payment preparation functions. What can go
wrong (risks) when goods are received by the company which ordered them?
148
 AUE1501/501/3/2021

The risks associated with the receiving of goods function

• Wrongly accepting goods which are:

• Short delivered
• Damaged
• Not ordered
• Wrong items
• GRNs are issued with errors (inaccurate/incomplete)
• No GRNs are made out when goods arrive
• Theft

What can be done to prevent the above risks (controls)?

The controls associated with the receiving of goods function

• An area is designated for receiving goods, physically secured with access controls and
surveillance cameras
• On arrival of the delivery a receiving clerk:
• Obtains the supplier delivery note and identifies the purchase order number
• Obtains the copy of the relevant purchase order and checks the quantity and items of
goods delivered against the purchase order
• Inspects the general condition of the goods delivered
• Rejects all incorrect deliveries and clearly indicates the rejected items on the order and
supplier delivery note
• Ensures that the supplier delivery man signs the amended delivery note
• Issues a GRN for the correct goods
• Signs the supplier delivery note
• When transferring the goods received to the warehouse, the goods must be accompanied
with the GRN, checked and signed by the warehouse clerk

Discussion 23.2

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

23.2.3 The recording of purchases function

149
Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. The goods ordered have arrived and must be
accounted for by recording it as a purchase (or cost of sales). This is a debit entry in the general
ledger and to raise the creditor (credit entry in the general ledger) as a liability for payment.
What can go wrong in the recording of purchases function (risks)?

The risks associated with the recording of purchases function

• The transaction is recorded incorrectly because of an incorrect purchase invoice:

• The invoice reflects goods not ordered (type or quantity)
• The invoice reflects incorrect pricing
• The invoice contains calculation errors
• Raising a fictitious creditor for goods not received results in the invalid outflow of cash
• Delays in recording and misallocation resulting in the posting to the wrong creditor’s
account. Results in reconciliation problems and possible loss of settlement discount.

What can be done to prevent the above risks (controls)?

The controls associated with the recording of purchases function

• The purchases invoice should be matched to the corresponding requisition, purchase

order, goods received note and delivery note and the following checked and signed:
• The details on the purchases invoice (item, price and quantity) must agree with the
purchase order and with items and quantities stated on the GRN.
• The purchase invoice is allocated to the correct account column (cost of sales vs repairs
and maintenance) in the purchases journal and creditors account in the creditors ledger.
(The requisition note should specify the allocation code).
• The additions and calculations on the purchases invoice must be checked.
• At month end a designated employee must ascertain that there are no GRNs issued which
are not yet recorded in the purchases journal. If the goods are received a corresponding
liability must be created.

Discussion 23.3

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

23.2.4 The payment preparation function

150
 AUE1501/501/3/2021

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. The goods have been received and recorded and
the next step is to initiate the payment process. In sum, the right creditor must be paid on time.
Therefore, a requisition must be prepared for the actual payment function (the next function).
What can go wrong in preparing the requisition (risks)?

The risks associated with the payment preparation function

• Payment to fictitious creditors

• Paying incorrect amounts
• Unauthorised payments
• Discounts lost due to late payments

What can be done to prevent the above risks (controls)?

The controls associated with the payment preparation function

• Although this function is performed in the recording of purchases function, the creditors
clerk, on receipt of the creditors statement, compares the statement to the supporting
documentation and reviews the statement for accuracy.
• The creditors statement must be reconciled with the creditors account in the creditors
ledger. Differences must be identified and resolved.
• The creditors who provide a settlement discount if paid within an agreed period must be
identified and the settlement discount must be calculated and deducted.
• Sequenced payment requisition must be completed and authorised.
• Supporting documentation must be attached to the requisition submitted for payment
signatories.

Discussion 23.4

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

23.2.5 The actual payment and recording function

Refer to the previous learning unit for the activities in this function. We are now going to
examine the risks followed by the controls. The payment requisition is authorised and ready for
the EFT transfer and the recording of the payment in the cash payments journal and the debit of

151
the particular creditor in the creditors journal. What can go wrong with the actual transfer and
recording?

The risks associated with the actual payment and recording function

• Incorrect/wrong beneficiary paid

• Incorrect amount transferred either to a fictitious creditor or an overpayment
• Payments inaccurately recorded (error) or intentionally to hide fraud

What can be done to prevent the above risks (controls)?

The controls associated with the actual payment and recording function

• The beneficiary list should be approved and accessed by approved employees.

• Payment initiated on an approved requisition with two signatories. EFT preparation
schedule of payments is prepared and approved by different employees.
• Proof of payment is attached to the requisition.
• The cash payments journal is written up daily.
• The matched proof and payment and requisition is used to capture the transaction in the
cash payments journal and allocation to the creditors ledger.
• Bank reconciliation performed monthly.
• Creditors correspondence investigated.

Discussion 23.4

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

24.3 TYPICAL EXAMINATION QUESTIONS

The following are extracts from previous examination questions to illustrate to you how the
content in this learning unit may be assessed:

A short case study will usually be provided, and typical questions include:
• Describe the risks associated with the ordering of goods function.
• Describe the controls to mitigate the risks in the receiving of goods function.
(The above question can obviously include the other functions).

Another way to assess the controls would be for the risks to be included in the case study, and
you will be required to describe the controls for that specific risk.
152
 AUE1501/501/3/2021

23.4 SUMMARY AND SELF-ASSESSMENT

In this learning unit we examined the risks and controls for the ordering of goods, receiving of
goods, recording of purchases, payment preparation and actual payments.

After having worked through the learning unit, are you able to

• identify the risks involved for identified functions

• describe the controls to mitigate (reduce/prevent) the risks for identified functions
In the next topic we are going to examine the reconciliation of the bank account.

153
 TOPIC 9
9 `THE BANK ACCOUNT: RECEIPTS AND PAYMENTS

TOPIC OVERVIEW

In topic 7 we examined the risks and controls for receipts as part of the revenue receipts cycle
and in topic 8, the payments as part of the acquisition and payment cycle. Both receipts and
payments form part of the bank account. In this topic we are going to explain the steps to be
followed in performing a bank reconciliation.

This topic is divided into the following study units:

Learning unit Title Page

24 The steps in performing a bank reconciliation 155

154
 AUE1501/501/3/2021

LEARNING UNIT 24
LU 24: THE STEPS IN PERFORMING A BANK RECONCILIATION

In this learning unit we are going to

• identify the objectives (assertions) for a bank reconciliation
• identify the documents/records used in a bank reconciliation
• describe the steps in performing a bank reconciliation

24.1 INTRODUCTION

Refer to diagram 17 in topic 6. Transactions revolve around the bank account. You have
learned in topic 7 that EFTs received from customers will need to be deposited into the bank. In
topic 8 you learned that creditors (credit purchases) are paid via EFTs from the bank account.
The transactions that relate to the bank account therefore form part of the revenue and receipts
cycle and the purchases and payments cycle. To check the actual balance of the cash receipts
and payments journal (cash book), it will be necessary to check both the receipts and the
payments against the bank statement.

24.2 OBJECTIVE OF THE BANK RECONCILIATION

What is a bank reconciliation, what are the reasons for reconciling items and what does a bank
reconciliation look like?

For those of you who have not physically performed a bank reconciliation I suggest you view the
following YouTube video. The video is 17 minutes long but it gives you a sound basis for
understanding the steps in performing a bank reconiliation. Note the three reasons that they ascribe
to reconciling differences.

https://www.youtube.com/watch?v=zhmO3DM3YiY

According to Adams, Diale & Richard (2019:10/64) reperforming a bank reconcilation is a

substantive procedure for the assertions of rights, existence and completeness, and valuation.
Although substantive procedures are not examined in this module you must be able to prepare a
bank reconciliation for the auditors to perform their substantive procedures.

The objective of preparing a bank reconciliation is to prove the above assertions. When a bank
reconciliation is carried out, amounts deposited and paid out as shown in the cash receipts and
payments journal are in agreement with the particulars shown on the bank statement(s).

155
24.3 DOCUMENTS REQUIRED FOR THE BANK RECONCILATION

Document/
The purpose of the document
Records
Bank statement Supplied by the bank. The bank statement has an opening balance
(beginning of the month), a list of all the debits and credits transacted
during the month, and a closing balance (end of the month).
Cash receipts and A book of prime entry maintained by the business, accounting for all
payments journal receipts and payments.
(cash book)
General ledger The balance of the cash book is reflected in the bank account in the
general ledger.

24.4 THE STEPS IN PERFORMING A BANK RECONCILATION

The following activity is a typical example of how this topic may be assessed in an examination:

Activity 24.1

You are the bookkeeper of Mpo (Pty) Ltd. One way of reducing risk in bank transactions is to
perform regular bank reconciliations. You are going to perform the bank reconciliation for the
month ended 28 February 20XX.

You have the following records:

• Bank statements for 1 to 28 February 20XX

• The bank reconciliation for the previous month 31 December 20XX
• The cash receipts and payments journal (cash book)

Required

Describe the steps that you will follow to perform the bank reconciliation on 28 February 20XX.

Suggested Solution 24.1

Reference: Adams, Diale & Richard (2019:11/62)

1. Obtain the previous month’s reconciliation (December 20XX).

2. Obtain the cash book and balance for the month under review (28 February 20XX).

3. Obtain the bank statements for the month under review (1–28 February 20XX).

4. Agree the previous month’s reconciliation with the opening balance of the cash book and

156
 AUE1501/501/3/2021

bank statements.

5. Tick off the month’s bank statements with the cash book and the reconciling items of the
previous month’s reconciliation.

6. Identify the reconciling items:

• Outstanding payments not yet reflected on the bank statement
• Outstanding deposits not yet reflected on the bank statement
• Bank charges on the bank statement not yet reflected on the cash book

7. Make the necessary adjustments to the cashbooks e.g. entering the bank charges not yet
reflected in the cash book.

8. Compile the reconciliation by setting it out as follows:

• Balance per cashbook
• Add: Outstanding payments
• Deduct: Outstanding deposits
• Balance per bank statement

Activity 24.2

How is it possible for a year-end bank reconciliation to include a number of EFTs as reconciling
items?

Suggested Solution 24.2

Reference: Adams, Diale & Richard (2019:11/62)

This will happen where the company prepares the EFTs, enters them in the cash book, but
does not “release” the payments until after year-end. As the EFT has not been processed by
the bank at year-end, the cash book and bank account balances will not agree.

24.5 SUMMARY AND CONCLUSION

In this learning unit we examined the bank reconciliation.

After having worked through the learning unit and the study references, are you able to

• identify the objectives (assertions) for a bank reconciliation?

• identify the documents/records used in a bank reconciliation?
• describe the steps in performing a bank reconciliation?

157
TOPIC 10

10 PAYROLL AND PERSONNEL CYCLE

TOPIC OVERVIEW

In this topic we are going to examine the payroll and personnel cycle – in particular, salaries.
The payment of salaries is an integral part of any business and therefore it is important to
prevent the potential significant misappropriation of funds.

This topic is consists of the following learning unit:

Learning unit Title Page

25 Personnel and payroll preparation and payment 159

158
 AUE1501/501/3/2021

LEARNING UNIT 25
LU 25: PERSONNEL AND PAYROLL PREPARATION AND PAYMENT

In this learning unit we are going to

• explain the overall risk of the payroll and personnel cycle
• list the activities, documents, risks and controls for the personnel (human
resource function)
• list the activities, documents, risks and controls for the payroll preparation and
payment function

25.1 INTRODUCTION

In this learning unit we will focus on salaries (not wages). According to Adams, Diale & Richard
(2019:13/2) salaries are expressed as a fixed monthly amount, whereas wages are calculated
based on the hours worked by an employee. Furthermore, salaries are paid by a direct transfer
into the employee’s bank account.

This learning unit will focus on two payroll functions, namely personnel (human resources) and
payroll preparation. We will continue to follow the structure (four steps) that we applied to
revenue and receipts and acquisitions and payments cycles. The notes in this section are
based on the book by Adams, A, Diale, T & Richard, G (2019) Auditing Notes for South African
Students 11th edition. The book is not a prescribed book, but I do recommend it as additional
reading material for those of you who wish to go into more detail.

25.2 THE OVERALL OBJECTIVE OF THE PAYROLL AND PERSONNEL CYCLE

You should view this learning unit from the perspective of a business owner and not a salary
earner. Salary fraud mainly occurs when fictitious employees are created and paid.
Furthermore, many statutory requirements must be complied with, for example, the vast
requirements that fall under SARS and the Department of Labour. Therefore, the overall
objective of the payroll and personnel cycle is to avoid payments to fictitious employees and to
comply with the legal requirements e.g. income tax deductions, compliance with dismissal
procedures, etc.

We are going to examine the personnel (human resources), payroll preparation and payment
functions.

We are going to do the following:

Step 1: Identify the activities and purpose of each function.

Step 2: Identify the documents involved in each function and their purpose.

Step 3: Identify the risks involved in each function.

159
Step 4: Describe the controls to mitigate (reduce/prevent) the risks.

25.3 CERTAIN FUNCTIONS FOR THE PAYROLL AND PERSONNEL CYCLE

The payroll and personnel function consists of six functions, but we are only going to focus on
the personnel and payment preparation and payment. The six functions of the payroll and
personnel cycle are:
• Personnel (human resources) (focus)
• Timekeeping
• Payroll preparation - wages
• Payment preparation and payment - salaries (focus)
• Deductions: Payment and recording

25.3.1 Identify the activities and documents within the personnel and payment
preparation and payment functions

For the two functions we are going to describe the activities (job description) and identify the
documents used to execute the activity.

The payroll and personnel function

Functions Activities Documents/records
Personnel • Assist in the recruitment, dismissal, negotiation, disputes and skill • Payroll amendment form
(human resources) development processes • Personnel file
• Keep accurate, valid and complete record of all employees: • Employee list
• number of employees • Employment contract
• renumeration rate
Payment preparation and • Identify the employees • Authorised overtime schedule
payment • Apply correct remuneration rate • PAYE Deduction tables
• Calculate gross salaries and deductions • Updated list of employees
• Calculate authorised overtime • Payroll journal
• Use correct deduction tables e.g. PAYE • Payslips
• Pay the correct employee the correct amount

25.4 THE DOCUMENTS

The documents and records are self-explanitory. Therefore, the payroll amendment form and
personnel file are described.

Document/ Definition of the document

Records
Payroll amendment A pre-numbered form used to indicate authorised changes to be made in the
form employee register and is used by payroll preparation and contains:
• Appointments
• Dismissals
• Change in rates
Personnel file A file for each employee and contains:
• A copy of the latest payroll amendment form
• Employment contract
• Performance appraisals
• Employee details and background checks
• Tax registration certificate
• Banking details

160
 AUE1501/501/3/2021

25.5 THE RISKS AND CONTROLS

You were introduced to the activities and documents of the two functions that we are focussing
on. In the next section we will look at the risks and controls.

25.5.1 Personnel function (human resources)

The personnel function is about appointing the right people, the dismissal of people within the
requirements of the law and maintaining personnel records. Go to the above table and examine
the activities of the personnel function. By merely focussing on those activities think of what
can go wrong in that function. See how many of the risks you were able to identify on your own.

Risks associated with the personnel function (human resources)

• Recruiting and retaining the wrong employees

• Appointing too many employees for the job
• Applying incorrect dismissal procedures
• Unauthorised changes to the employee records by adding fictitious employees and
changing the approved rates
• Inaccurate or incomplete records

We have identified the risks; the next step is to design controls to mitigate the risks.

Controls associated with the personnel function

• Requests for appointments and dismissals must originate from the relevant section
manager and must be in writing with substantiation and signed.
• Promotions to higher salary levels, change in salary and change in service conditions
must be finalised by the personnel department. This occurs after consultation with unions
and in compliance with the relevant laws and regulations.
• All changes must be in writing and approved by a salary committee.
• The approved changes are transcribed to the sequenced payroll amendment form. The
payroll amendment form is cross-referenced to the supporting approval for the required
changes and other formal procedures that were followed.
• The sequenced payroll amendment file must be reviewed by a senior employee from
personnel for gaps and visible irregularities.
• Acceptable interview practices should be followed and supported with background
checks.
• A personnel file must be maintained and include:
• A copy of the relevant payroll amendment form
• Employment contract
• Performance appraisals
• Employee details and background checks

161
 Discussion 23.4

E-tutor assistance required

Are you able to make a connection between the identified risks and the suggested
controls intended to prevent those risks?

(Hint: Think about what the control is trying to achieve/prevent)

25.5.2 Payment preparation and payment

On a monthly basis, the salaries and deductions are calculated and the net salary due to the
employee is transferred via EFT.

Risks associated with the payment preparation and payment function

• Paying fictitious employees (misappropriation of funds)

• Using incorrect pay rates and deduction tables
• Cast and calculation errors
• Transferring funds to the wrong employee

Controls associated with the payment preparation and payment function

• The salary clerk should prepare the payroll and salary advices
• A supervisor should authorise the above payroll preperation.
• A monthly reconciliation must be performed of the difference between the prior month's
salaries and the current period's salaries for the number of employees and amounts for net
wages and deductions.
• The head of payroll preparation should review and sign the payroll and monthy reconciliation
and verify amendments to the authorised PAFs and vice versa.
• The salary advices should be prepared and the EFT shedule should be authorised and
presented for payment.

25.6 TYPICAL EXAMINATION QUESTIONS

The following are examples of how this learning unit can be assessed in an examination:
• List the six functions in the payroll and personnel cycle.
• Describe the functions of the payroll amendment form or personnel file.
• List the risks associated with risks associated with the personnel function (human resources)
or payment preparation and payment function.
• Describe the controls associated with the personnel function (human resources) or payment
preparation and payment function.

162
 AUE1501/501/3/2021

25.7 SUMMARY AND CONCLUSION

In this learning unit we examined two payroll functions, namely personnel (human resources)
and payroll preparation and payment functions.

After having worked through the learning unit and the study references, are you able to

• explain the overall risk of the payroll and personnel cycle?

• list the activities, documents, risks and controls for the personnel (human resource function?
• list the activities, documents, risks and controls for the payroll preparation and payment
function?

163