7.

SYSTEMS
AND
CONTROLS

Muhammed Jazeem ACCA, MCOM, PGDM

 Internal control system

Understanding the controls

Internal controls are measures/steps/procedures adopted by the client in order to
prevent, detect and correct misstatement caused by fraud, error or other
irregularities.

Auditor has to take the understanding of Internal controls of organization so that

they can determine what audit procedures will be required. Understanding of
internal controls means you can trust the information which gives the information
if the control system is reliable.

It can be seen in two ways:

Helping fraud and Error:

It means that internal control system help prevent fraud and error which would
make the accounting information incorrect.
It records substance not form:
Internal control ensures that when business undertake a transaction such as sale,
the final recording of on the accounting system reflect the true substance of the
transaction. In this way internal control system has direct impact on audit risk.

Muhammed Jazeem ACCA, MCOM, PGDM

 Five key components of an internal control system
Internal controls are measures/steps/procedures adopted by the client in order to
prevent, detect and correct misstatement caused by fraud, error or other
irregularities. auditors need to understand an entity's internal controls. To assist this
process, it identifies five components of an internal control system:

1. Control Environment

Control environment is the management attitude, awareness and actions

fordesigning, implementing and monitoring internal controls. If management
for example over – ride controls on a frequent basis, this would be an
indication of poor control environment.
When assessing the control environment, the auditor may also consider how
management has responded to the findings and recommendations of the
internal audit function regarding identified deficiencies in internal control
relevant to the audit, including whether and how such responses have been
implemented, and whether they have been subsequently evaluated by the
internal audit function.

2. Risk assessment process

Management should undertake regular risk assessments to ensure that all
risks are identified and mitigated. Auditor should understand how
management assess risk and how they take action to mitigate risks
discovered. (Risk Identification, analysis, response)

Muhammed Jazeem ACCA, MCOM, PGDM

 The client assesses risk by looking at the business risk faced by the client.th
business risk is any risk faced due to the client working environment which
is explained as follows:
A. Compliance risk
It is the risk arising from non – compliance with laws and regulation
surrounding the business
Example: failing to comply with health and safety
B. Operational risk
It is the risk arising from operations of the company.
Example: major supplier compromising, going concern, obsolete machinery.
C. Financial risk
It is the risk arising from financial activities or financial consequences of an
operation
Example: cash flow problems.
3. Information System
The auditor must obtain an understanding of the information system,
including the related business processes relevant to financial reporting.
Information system includes all procedures includes all procedures and
records designed to do everything from the initiation of the transaction
through to the reporting. The auditor must decide what areas of information
system are relevant to the financial reporting of the entity and only
concentrate on those systems. The classes of transactions in the entities
operations which are significant to the financial statements.

4. Control Activities

It includes all procedures designed to ensure risk do not materialize. There

are both manual controls and computerized controls. Now technology is so
widely utilized within businesses, many controls are computerized.

Muhammed Jazeem ACCA, MCOM, PGDM

AUTHORISATION - Approval and Control of Documents by an appropriate
person. For example: -

 A manager signing off an employee's timesheet to confirm that the hours

stated have been worked and can be paid. This should ensure the employee
is not claiming for hours not worked.

 A manager signing a purchase order to confirm the order can be placed with
the supplier. This should ensure that the goods are for a valid business use
and the items are needed.

COMPARISONS- Budgets, forecast, industry information, prior periods. Items

such as cash and inventory should be counted periodically and compared to the
amount in the accounting records (cash book).

 Managers should compare actual spend against budgeted spend to detect

unusual fluctuations. If actual spend is significantly higher than budget the
department may have spent more than it should or it could indicate an error
when processing the transactions.

 Management may compare the company's results with those of competitors

as a benchmark.

COMPUTER CONTROLS- IT Controls such as Passwords, usernames, backups

should be in place.
 Password restrictions to prevent unauthorised access to computer files.

ARITHMETIC CONTROLS- Items such as invoices etc. should be checked to

ensure they are arithmetically correct.

• Batch totals used when inputting data to ensure items are not omitted.

MAINTAING TB AND LEDGER- TB-transactions for organizations a whole

and control-transactions in individual ledger.

Muhammed Jazeem ACCA, MCOM, PGDM

ACCOUNT RECONCILIATIONS- Key account balances such as bank and
debtors should be reconciled on a regular basis.

 Preparation of a bank reconciliation to ensure cash transactions have been

recorded completely and accurately.

PHYSICAL CONTROLS- authorized staff should have access to certain areas of

the business.it is to prevent unauthorised access.

 Restrictions on access to assets such as keeping cash in a safe to prevent

theft.

SEGREGATION OF DUTIES- Assigning the responsibility for recording

transactions, authorising transactions and maintaining custody of assets
to different employees to prevent the risk of fraud and error. Responsibilities
should be divided to reduce the risk of fraud and error by employees.

 Warehouse staff should not be responsible for the inventory count as this
would not detect if goods were being stolen by staff throughout the year.

 Employees who authorise transactions should not be the ones who originate
the transaction.

5. Monitoring of Controls

Controls may be monitored either by management or by the internal audit

function if one exists. The auditor may be able to rely on some of the work of
internal audit as we will see later, but must first gain an understanding of how
controls are monitored and how effective the monitoring is

Muhammed Jazeem ACCA, MCOM, PGDM

 IT Controls

It is important that auditors assess how controls over IT maintain the integrity and
security of information held. Such controls are normally divided into application
and general controls.

An effective IT system should include both application and general control

procedures.

1. Application controls

These controls are built into the system and may be computerized or manual.
These controls are applied to the processing of transactions.

 Arithmetic check (to verify arithmetical accuracy).

 Authorization (to ensure the transaction is valid and should be processed)

 Batch total checks (e.g. when entering invoices onto the system the system
may give a batch total i.e. the number of invoices actually entered. The clerk
entering the invoices can then double check that the correct number of
invoices has been entered and none have been missed or entered twice).

 Sequential numbering (to ensure the number sequence is complete and no

items are missing)

2. General controls

General controls are policies and procedures relating to applications that

support the effective functioning of the IT application controls.

 Password
 Backup procedure
 Software maintenance
 Access security

Muhammed Jazeem ACCA, MCOM, PGDM

 How Auditors record INTERNAL CONTROL systems
The first auditor is to document the system which can be done in several ways:

1. Organizational charts
2. Flow charts
3. Narrative notes.
4. Internal control questionnaire
5. Internal control evaluation questionnaire

1. Organizational charts
Diagram sh0owing roles, responsibilities and reporting lines.

2. Flowcharts
These diagrammatically illustrate the internal control system
Advantages:
1.It is easy to view the as a whole as whole business presented in one diagram
2.Missing internal controls are easy to spot

Disadvantages:
1.Changes can be difficult as often whole chart need to be re draw
2.Need for narrative notes to be accompanied leading to increase time involved.

3. Narrative notes
It is a method of using words to describe the controls.

Advantages:
1.They are simple to record after discussion with management
2.They are simple to understand.

Disadvantages:
1.They don’t identify exceptions it just records what's there only.
2.It can be time consuming.
3.Difficult to identify missing controls.

Muhammed Jazeem ACCA, MCOM, PGDM

 4&5. Internal Control Questionnaire ICQ and Internal Control
Evaluation Questionnaire ICEQ

These are simply a list of questions.

ICQ tests if controls exist. list of controls is given to the client and they are asked
whether or not those controls are in place.

ICEQ test the controls effectiveness. the client is asked to describe the controls
they have in place for a given control objective. A control objective identifies the
risk that the entity needs to manage.

ICQ ICEQ
Does a supervisor authorise all weekly How does the company ensure that
timesheets? only hours worked are recorded on
timesheets?
Does the company perform a regular How does the company try to minimize
credit check on all customers? the risk of irrecoverable debts?
Does a manager or director authorise How does the company ensure goods
purchase orders before an order is are only purchased for a valid business
place? use?
Is a bank reconciliation performed How does the company ensure
regularly? discrepancies in the cash book are
identified and resolved?
Is a regular inventory count performed? How does the company ensure its
inventory system is up to date and
discrepancies in the inventory records
are identified?
Is a regular reconciliation performed How does the company ensure the
between the physical non-current assets non-current asset register is up to date
and the noncurrent asset register? and accurate?

Muhammed Jazeem ACCA, MCOM, PGDM

ICQ
Advantages
1. Super quick to prepare
2. They ensure all controls are present - so any deficiencies are highlighted
Disadvantages
1. Too easy for staff to overstate controls present, client may say a control is in
place when it is not
2. A standard list of questions may miss out unusual controls.
3. May contain a number of irrelevant controls

ICEQ
Advantages
1.The client has to respond with the control they have in place rather than a yes/no
answer which should mean controls are less likely to be overstated
2.Quick to prepare
Disadvantages

1.The client may still overstate controls as they may say a control is in place for the
control objective even if it is not
2.The checklist may contain control objectives not relevant to the client
3.Unusual risks and therefore objectives may not be identified

Muhammed Jazeem ACCA, MCOM, PGDM

 INTERNAL CONTROL DEFFICIENCIES
The auditor needs to assess if the system is implemented correctly and is effective
So now the system is documented it is time to see if:

• The controls are implemented?

• The controls are effective?

To do this we use tests of controls

Tests of Controls will be performed to test the effectiveness of controls and would
not focus on the monetary amounts. A test of control involves the auditor obtaining
evidence that the client has implemented the controls they say they have, and that
they have worked effectively, during the period.

TEST OF CONTROL PROCEDURES

• Walkthrough tests (follow a transaction through the system)

• Observation (E.g. Observe the stock count)
• Computer aided audit techniques
• Inspection of documents
• CAAT
• Observation
• Re-performance
• Enquiry

LIMITATIONS OF AN INTERNAL CONTROL SYSTEM

• Costs over benefits

• Human error
• Collusion between employees
• Controls overridden (bypassed) by management
• Designed to cope only with routine transactions

CONTROL SYSTEMS
1. Sales system
2. Purchase system
3. Payroll system
4. Inventory system
5. Non – current asset (capital expenditure)
6. Cash system

Muhammed Jazeem ACCA, MCOM, PGDM

 Sales Cycle
Objective to ensure all valid sales recorded accurately and cash received promptly

Tests of Control - Sales Cycle - These include:

•Review new customers’ files for references, credit checks, authorization by senior
staff

• Ensure credit limits for customers are not exceeded by trying to post a sale which
is beyond the credit limit

• Match GDN with sales invoices for checking prices, quantities, arithmetical
accuracy, VAT and postings

• Verify credit notes with correspondence, original invoices, amounts and

authorization

• Check numerical sequence of invoices, credit notes, GDN’s and sales orders –
enquire into missing number

• Review sales ledger reconciliation.

• Agree sample of accounts in sales ledger re-performing additions and balances

carried Down.

• Inspect correspondence on overdue accounts.

• Review process for dispatch of statements and ensure regularly sent.

• Ensure bad debt write offs are authorised by manage

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
Orders should be raised accurately All orders should be in written form
Order from customer or confirm with
Taken customer.
The customer should be credit All customer undergoes credit
worthy checks
Credit limit should not be exceeded. Credit limit should be checked
before accepting an order.
The company should be able to Inventory should be checked before
fulfil the order. issuing an order.

Control objective Control Procedure

All orders should be sent to the Order pads or computer generated
warehouse. orders should be sequentially
numbered to ensure none go
Goods missing.
dispatched Goods should be selected from
inventory using customer’s order
The order should be authorized and
The correct goods should be sent to signed when goods selected.
correct customers. Match GDN with customer order
Customer sign GDN and return to
company.
GDN recorded and filed with
sequential numbers

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
All invoices should be raised for all GDN sent to Invoice department.
deliveries Invoice raised to match and copy
Raising of attached to GDN and filed
Invoice sequentially.
The invoice should be for the correct Order agreed to GDN – GDN agreed
amount to invoice – Invoice agreed to price
list.
Above checked and signed by person
Any credit notes should be valid and in authority
authorized. All credit note allocated and copy
attached to invoice to which it
relates.
All credit notes authorized by line
manager

Control objective Control Procedure

All sales should be recorded Review debtor’s ledger for credit
balance where invoice may not have
Recording been recorded.
of the sale Correct amount should be recorded Reconcile the debtor ledger
for each sale
The sale should be recorded for the Check all entries to invoices
correct customer Send out statements to customers
regularly

Control objective Control Procedure

All customers should pay the correct
amount
All invoices should be paid
Payment is All receipts should be recorded
received and The payment received should
recorded allocated to the correct customer
All money banked properly
Cash received agreed to invoice
Review aged listing and investigate
old balances
Chase up old outstanding balances
Perform regular bank reconciliations
Ensure that segregation of duties exist
Review customer statements
Lodge cash and cheque to bank
regularly
Retention of customer remittance
details

Muhammed Jazeem ACCA, MCOM, PGDM

Sample gdn

Muhammed Jazeem ACCA, MCOM, PGDM

 Purchase cycle
The main control objectives for the purchases cycle are as follows:
1. Purchases made only when needed.
2. Purchased at a reasonable price.
3. The goods have satisfactory quality.
4. The goods delivered match those ordered.
5. Purchases are recorded accurately.
6. Payments are valid and paid for in a reasonable timescale.

Test of controls:
 Review Purchase ledger reconciliations

 Verify debit notes with purchase invoices checking prices, quantities,

arithmetical accuracy, VAT and postings
 Match GRN with Purchase invoices checking prices, quantities, arithmetical
accuracy, VAT and postings

 Agree sample of accounts in Purchase ledger re performing additions and

balances carried down
 Ensure Purchases are authorized

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
The requisition should be for valid Line manager authorises all
Raise business reason requisitions
All purchasing is centralized
requisition
The cost of the requisition should be Suppliers used are approved
and order
reasonable
placed
Items should only be requisitioned Inventory levels checked before
when required ordering
Sequentially pre numbered
requisition pads with order matched
Orders should be raised for all to requisition
requisitions Orders confirmed in writing
Check price is same as price list
being used

Control objective Control Procedure

For all orders made, goods are Sequentially numbered purchase
Goods
actually received order matched to the GRN and
received checked correct
The goods received are those which Records are updated as soon as goods
are ordered are arrived
The quality of the goods should be Inspect the goods received to ensure
acceptable quality and quantity
The quantity of goods received Sign and authorize GRN
should be as ordered Goods received are delivered to area
which is secure

Control objective Control Procedure

Receipt Invoices should be received for all When goods received a copy of the
of invoice goods received GRN sent to the invoicing department
All invoices received are for valid and match to the invoice
purchases
All invoices have the correct items, Invoices checked, signed and
quantities and prices authorize for payment
All invoices should be arithmetically Items checked to invoice to ensure
correct validity.

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
Recording
Correct amount should be recorded for All invoices should be checked and
of purchase all objectives stamped
All purchases should be recorded Reconcile purchase ledger control
account
The transaction should be recorded in Supplier statements should be
correct supplier account reconciled regularly
All invoices filled away should
therefore be stamped

Payment Control objective Control Procedure

made to All invoices should be paid
supplier
All invoices should be paid on time
All invoices should be paid only once
All invoices should be paid at the
correct amount
All invoices should be for valid
business expense
All invoices stamped as paid when
done
Ensure system is in place to pay on
time to retain credit limit and supplier
goodwill.
Ensure stamp invoice is not paid again
by keeping it separate once paid
Vouch payment amount to invoice
amount
All invoices should be authorized
before payment
All payment should be authorised.

Muhammed Jazeem ACCA, MCOM, PGDM

sample GRN

Muhammed Jazeem ACCA, MCOM, PGDM

 Payroll cycle
The control objective for payroll cycle are:
1.Pay is authorized
2.Pay is correctly made
3.Pay is accurately calculated
4.Only work done is paid for
5.Deductions are correctly calculated and paid

Payroll –Test of control:

1.Test controls over unclaimed wages
2.Ensure changes to payroll are authorized
3.Check reasonableness of payroll deductions and ensure authorised
4.Attend a cash payout looking for two people present and one wager per person
5.Review wages reconciliation and ensure done regularly
6.The sample of wages and salaries should be re performed
7.The calculation will agree with authorised pay rates and time sheets

Control objective Control Procedure

All of the cards or sheets received The number of sheets or cards should
be submitted to ensure the number
Clock cards
matched the number of employees
or time
All cards or sheet should be valid Access to additional cards or sheets
sheets should be restricted
submitted All of the hours submitted should All sheets and cards should be
have been actually worked authorised by managers

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
All information should be input with Totals should be checked
none missed or omitted Sheets should be signed once input
Information Information should be input No duplicate employees should be
input onto accurately possible on system
No information should be included Username and passwords should
computer
twice restrict access to data
No bogus employees should exist Segregation of duties exist
New employees should only be setup
on the computer by a senior manager

Control objective Control Procedure

Leavers payments should cease once Managers should authorize and
they have left promptly inform the payroll
department about joiners and leavers
Standing Regular checks of standing data
data input should be undertaken by senior
The data on the system should be management
accurate Forms should be signed to verify
joiners/leavers are recorded on
system
Changes should be authorise by
senior member of staff

Control objective Control Procedure

Processing The payroll calculations should beA sample printed out and checked
correct manually
and
System produces report automatically
recording The correct wages, PAYE and NIC’S about over or under payments
payroll should be recorded on the system Print out signed by clerk to check
accuracy
Senior management review to ensure
reasonable

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
All staff should receive payment If cashes wages are paid ensure that
Payment people are present when payment is
made to made
staff No bogus employees should be paid BACS summary should be review by
manager and authorised prior to
payment
The correct amount should be paid to List of BACS payments should be
staff reviewed to verify all payments made

Inventory
The control objective for inventory are:
1.Inventory movements are recorded and authorised
2.Inventory records are accurate
3.Cuttoff procedures are correct
4.Inventory is valued correctly
5.Liabilities are recorded accurately
6.Inventory levels are neither too low nor too high
7.Allowance is made for slow moving and obsolete inventory
8.Only items belonging to clients are included in inventory

Test of control –Inventory:

1.Ensuring environment suitably secure and safe
2.Attend inventory count to ensure it is carried our correctly
3.For a sample of inventory records and agree to GRN and GDN
4.Review sequentially numbered GRN and GDN for completeness
5.Confirm that all movements are authorised
6.Test inventory count and investigate discrepancies

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
All Goods should be protected from Locations kept secure with access
Goods theft on arrival restricted
arrive into New deliveries should be kept Separate areas for new deliveries and
inventory separate from returns returns
Goods received should be of suitable Goods checked for quality on arrival
quality
Inventory should be recorded Purchase cycle controls should be in
Only inventory ordered should be place
accepted (SEE ABOVE)

Control objective Control Procedure

Inventory should be stored safely and Ensure that storage area is weather
Inventory securely to ensure good condition proof, has fire protection and is at the
stored until correct temperature
needed Oldest inventory should be used first Ensure inventory system is based on
to prevent obsolence FIFO
Inventory should be protected from Access to stores should be restricted
theft

Material Control objective Control Procedure

Leaves Correct amount of material sent to the The production manager should
stores to go production department authorise all requisition from stores
to Requisition orders should be checked
production Correct type of material should be sent to goods sent out
Standard quantities of material could
be used

Control objective Control Procedure

Finish The correct goods should be sent
goods sent Quality should be maintained The same procedures as the sales cycle
to Records should be updated promptly apply here
customers and accurately

Muhammed Jazeem ACCA, MCOM, PGDM

 Control objective Control Procedure
Counted areas marked to avoid double
counting
Inventory Managers check accuracy by spot
is counted The count should be accurate counts
Counting done in pairs
Employees don’t count areas for what
they are responsible for
Count sheet sequentially numbered
Controls over inventory arrivals during
the count

Inventory count
Inventory count is where the client takes account of the physical stock and
compare physical stock to that recorded in ledger. Inventory counts can take place
throughout the year however the client should always have a year-end stock count
to ensure the stock value in the FS is accurate.
Before the stock count
 The auditor should review the prior year audit file for evidence of issues and
follow up with management as required.

 The auditor should obtain a copy of the stock take instructions and ensure they
review the instructions for observation during the stock count.

 The auditor should compare instructions with the prior year for changes and
make enquiries of management as required

 The auditor should make specific enquiries regarding stock being held off the
client premises but still belonging to the client.

 An approximate value of yearend stock should be obtained per location.

 Audit staff should be identified to attend the stock take and should be allocated
to client locations as required.

 The audit program should be prepared for the inventory counts.

Muhammed Jazeem ACCA, MCOM, PGDM

During the stock count
 Stock area should be well laid out and each area should be given a code to
identify that area.
 Stock count sheets should be pre-printed and sequentially numbered
however details of stock should not be included on the sheets as independent
counts should be conducted.
 Stock sheets should be completed in pen so changes cannot be made and
covered up,
 Teams of 2 people should be established with 1 of the members not dealing
with the stock which should reduce the chances of theft,
 One team of 2 should be allocated to perform the first count and another
team of 2 should perform a second count,
 All teams should sign the sheet to identify who did the first and second
counts and any subsequent reviews by management,
 After the area has been counted, the area should be identified as completed,
 Management should perform random counts as should the audit team,
 All damaged/obsolete stock should be separated from the main stock.

After the stock count

 Results should be written up as soon after the count as possible,
 Items selected for testing during the count should be traced through to the
final count stock in the ledger. Enquiries should be made of management
where variances are identified.
 Sales post yearend for a sample of stock should be reviewed to ensure
that the value the stock was sold for (NRV- net realizable value) post
yearend is not less than the value of stock at the yearend. Stock should be
valued at lower of cost or NRV.
 Records should be reviewed to ensure that damaged/obsolete stock is
dealt with appropriately for the final stock.

Muhammed Jazeem ACCA, MCOM, PGDM

Perpetual Inventory
Perpetual inventory is the recording as they occur of receipts, issues and the
resulting balances of individual items of inventory in both quantity and value.
These inventory records are updated using stores ledger cards and bin cards.

Stocktaking
The process of stocktaking involves checking the physical quantity of inventory
held on a certain data with the balance on the stores ledger cards or bin cards.

Stocktaking can be carried out either on a periodic basis or continuous basis.

Periodic stocktaking
Periodic stocktaking involves checking the balance of every item in inventory at a
set point in time, usually at the end of an accounting year.

Continuous stocktaking
This involves counting and valuing selected items of inventory on a rotating basis.
Each item is checked at least once a year.

Control procedures to minimize discrepancies and losses

Inventories cost a considerable amount of money and therefore, control procedures
must be in place.
Such control procedures would include:
1. physical security procedures, regular stocktaking and recording of all issues to
eliminate unnecessary losses from inventory;
2. separation of ordering and purchasing activities to eliminate fictitious purchases;
3. quotation for special order to reduce the probability of ordering goods at inflated
prices.
Inventory losses arising from theft, pilferage or damage must be written off against
profits as soon as they occur.

Muhammed Jazeem ACCA, MCOM, PGDM

 Non – current asset (Capital expenditure)
The auditor will test the controls in place over capital expenditure. The tests used
will vary according to the entity being audited and are similar to the tests of control
over purchases, but will usually include:
• Capital expenditure will usually be substantial, and as such should be authorised
by senior management.
• The asset register should contain all information surrounding the asset such as
invoice for the purchase, location, value etc.
• The existence of the assets should be checked on a regular basis.
• The documents confirming the ownership of the assets should be kept safe in a
fire proof environment.

Control objective Control Procedure

Asset are purchased at an appropriate
value and for business purpose
Company can afford the capital
expenditure
Capital expenditure is accurately
recorded and treated in the accounting
records.
Asset are covered by adequate
insurance to prevent loss to the
company
Document related to the asset are
safeguarded from theft or damage
Requisition for capital expenditure
should be made by an approved person
and authorised by a senior individual.
Several quotations should be obtained
before purchases to obtain the best
price.
A capital expenditure budget should be
prepared for every department and
ensure that the expenditure does not
exceed the budget.
Regular review of the revenue
expenditure should be carried out to
ensure that capital expenditures are not
written off to income statement
Adequate insurance cover should be
purchased.
Documentation such as ownership
document, title deed , vehicle
registration etc. have been stored in a
secure place.

Muhammed Jazeem ACCA, MCOM, PGDM

 BANK & CASH
Control objective Control Procedure Test of control
Cash should be locked in Perform surprise cash
safe. count.
Access to cash restricted. Ensure only authorised staff
have access to cash.
Cash amounts should Security movements for Check mail is opened by
be large amounts. two members of staff to
safeguarded reduce the chance of fraud.
Banking times/routes Check sequential
varied. numbering of cash receipts.
Check all cash lodged intact
Cash should be banked to bank regularly.
regularly. All lodgments are
authorised.
Cash held at premises is Examine bank
kept to a minimum Cash balances in tills reconciliations and ensure
should regularly performed.
be emptied regularly Investigate old outstanding
items.
Limited number of Cheque book should be
authorised signatories. reviewed to ensure no
Banking online should cheques are missing and no
Amounts can only be have cheques are signed in
extracted from bank restricted access. advance.
accounts for authorised Cheques should not be Verify that cash payments
purposes. signed in advance. are arithmetically correct.
Cheque books should be Direct debits should be
kept under lock and key. consistent and authorised.
Petty cash balances should
be counted and checks
made that controls are in
place over petty cash.

Muhammed Jazeem ACCA, MCOM, PGDM

 INTERNAL CONTROL REPORTING

Control weaknesses will form part of the letter to management which the auditor
provides to the management. The management letter will express the fact that the
weaknesses found are not necessarily all weaknesses but just those found by the
auditor. The report will also express that it is for the sole use of management and
no disclosure will be made to third parties. The aim of the letter to management is
to ensure the audit runs smoothly and to highlight weaknesses and problems.

The structure of the report will be:

1. Weakness
2. Consequence
3. Recommendation
Significant deficiencies should always be reported to those charged with
governance
In the Exam
Often you have to report deficiencies in the form of a management letter in the
exam...
So use this structure.
• Deficiency
Clear description of what is wrong
• Consequence
What would happen if this is not corrected?
Look at this from the client viewpoint - not the audit
So think of costs, time, reputation, lost sales etc.
• Recommendation
Be specific here - on the actual deficiency in the scenario
Also make sure that the benefit of the recommended action outweighs the cost
Don't just think of what to do, also think of who and when

Muhammed Jazeem ACCA, MCOM, PGDM

• A table format is perfect for the exam...
Deficiency Consequence Recommendation
I'm an idiot I will fail my ACCA exam study well

The need for auditors to communicate with TCWG

Those charged with governance are basically those responsible for running the
company those responsible for good corporate governance too therefore

Why communicate with TCWG?

1. Help build a working relationship between each other

2. Help the Auditor get information about specific transactions etc
3. Help TCWG oversee the FR process, which is their responsibility
Objectives of the Auditor

1. To communicate clearly with TCWG the responsibilities of the auditor in

relation to the
financial statement audit, and an overview of the planned scope and timing of the
audit;
2. To obtain from TCWG information relevant to the audit;
3. To provide TCWG with timely observations arising from the audit that are
significant
and relevant to their responsibility to oversee the financial reporting process
4. To promote effective two-way communication between the auditor and those
charged
with governance.

Communication with Shareholders

• Board is responsible for ensuring satisfactory dialogue with shareholders
• The AGM should be used to encourage communication with investors

Auditors Reporting Responsibilities

• Review and report on system of internal control.

• Report on whether Audit Committee review and monitor internal control system

Muhammed Jazeem ACCA, MCOM, PGDM

The external auditor is also required by ISA 260 Communication of audit matters
to those charged with governance to provide management periodically with
observations arising from the audit that are significant and relevant to
management’s responsibility to oversee the financial reporting process.

These observations might include:

• Weaknesses in internal control

• Inappropriate accounting policies
Communication takes the form of the letter of engagement and the management
letter sent at the beginning and end or the audit respectively.
Ongoing communication should be undertaken throughout the audit.

Those charged with governance are responsible for overseeing:

1. The strategic direction of the entity

2. Obligations related to the accountability of the entity
3. Good corporate governance
4. Risk assessment
• the establishment and monitoring of internal controls
• compliance with applicable law and regulations
• implementation of controls to prevent and detect fraud and errors

What should be communicated?

1. Auditor's responsibility for providing the opinion etc.

2. Auditors plan & approach
3. Key risks identified at planning
4. Any significant difficulties or matters arising during the audit
5. Any significant adjustments
6. Any written representations needed
7. Any suspected frauds
8. Any modification to the opinion
9. Compliance with ethical standards

Muhammed Jazeem ACCA, MCOM, PGDM

Expectations Gap

In order to avoid an ‘expectation gap’ the auditor should ensure that management
are aware that the external auditor is not responsible for:

1. The preparation of the financial statements

2. Selection of accounting policies
3. Implementing or ensuring good standards of corporate governance
4. Systems and controls implementation

Muhammed Jazeem ACCA, MCOM, PGDM

SUMMARY

Muhammed Jazeem ACCA, MCOM, PGDM