Study Notes: Internal Controls in Accounting

These notes are based on the content from the provided PDF files, "Chapter-11-Auditors-
Consideration-of-Internal-Control.pdf" and "Chapter-12-Specific-Control-Procedures-Test-of-
Controls-Part-1.pdf" and "Chapter-13-Specific-Control-Procedures-Test-of-Controls-Part-2.pdf"

1. Auditor's Consideration of Internal Control

Purpose:
- Primary: To gain knowledge for audit planning and control risk assessment.
- Secondary: To inform management and those charged with governance about significant
internal control deficiencies.

Steps:
1. Obtain Understanding: Understand the client's internal controls relevant to the audit.
2. Preliminary Assessment: Assess control risk and inherent risk to determine the risk of
material misstatement.
3. Determine Procedures: Design audit procedures based on assessed risks.
4. Revise Assessment: Revise the preliminary risk assessment if necessary.
5. Finalize Strategy: Finalize the audit strategy, plan, and program.

Control Risk:
- The risk that material misstatement will not be prevented, detected, or corrected by internal
controls.
- Assessed at either high (no test of controls) or low (tests of controls are performed).

Test of Control:
- Audit procedures to evaluate the effectiveness of controls in preventing or detecting material
misstatements.
- Performed when:
- Controls are expected to be effective.
- Substantive procedures alone are insufficient.

Types of Tests of Control:

- Inquiries of client personnel.
- Inspection of documents and reports.
- Observation of employees performing procedures.
- Reperformance of client procedures.
- Walk-through tests.
Extent of Tests of Control:
Determined by factors such as:
- Frequency of control performance.
- Length of reliance period.
- Expected deviation rate.
- Reliability of audit evidence.
- Extent of testing other related controls.

Timing of Tests of Control:

- Usually performed at an interim date.
- Additional tests may be performed during the remaining period based on factors like risk
assessment and control changes.

Deviations:
When deviations from controls are detected, the auditor should:
- Investigate the cause and consequences.
- Determine if additional tests are necessary.
- Consider adjusting substantive procedures.

Documentation:
The auditor should document:
- Understanding of internal controls.
- Control risk assessment (high or less than high).
- Basis for control risk assessment (if less than high).

2. Specific Control Procedures - Test of Controls (Part 1)

Transaction Cycles:
- Revenue/Receipt Cycle:
- Customer orders and sales.
- Delivery of goods and services.
- Accounts receivable accounting.
- Cash collection and deposit.
- Bank statement reconciliation.
- Expenditure/Disbursement Cycle:
- Acquisition of goods and services.
- Receipt of goods.
- Liability recording.
- Cash disbursement.
Control Procedures by Department:

Customer Order Department:

- Clear policies for order acceptance and approval.
- Consecutively numbered sales orders.
- Proper control and accounting for sales orders.
- Copies of sales orders sent to relevant parties.
- Proper control of back orders.
- Communication of important information to customers.
- Credit Department:
- Independence from accounting, billing, sales, and cash receipts.
- Proper examination of customer credit before approval.
- Information about past due accounts.
- Copy of approved sales order sent to inventory control.
- Credit manager reviews receivables and investigates past due accounts.
- Inventory Control Department:
- Review of sales orders to confirm stock availability.
- Release of goods to shipping only with approved credit and legitimate orders.
- Tracking and updating stock on hand.
- Ordering necessary items through purchasing.
- Shipping Department:
- Independence from billing, cash receipts, and accounting.
- Shipping only with approved sales orders.
- Preparation of shipping documents (bill of lading).
- Inclusion of packing slip with shipments.
- Reconciliation of shipping documents with sales invoices.
- Careful counting and checking of goods shipped.
Billing Department:
- Preparation of consecutively numbered sales invoices.
- Independence from credit and cash receipts.
- Accounting for all sales invoices.
- Retention of voided sales invoices.
- Preparation of invoices only after matching sales orders and shipping documents.
- Examination of credit terms, quantities billed, prices, extensions, and footings.
- General Accounting Department:
- Preparation of sales summaries.
- Preparation of pre-numbered credit memos for returned goods.
- Periodic reconciliation of accounts receivable subsidiary ledger with the general ledger.
- Regular sending of billing statements to customers.
- Review and mailing of monthly statements by an independent employee.
- Approval of accounts receivable write-offs by an independent employee.
- Preparation of monthly aging schedule of accounts receivable by an independent employee.
Mailroom:
- Opening of collections by a receptionist independent of shipping, billing, and accounting.
- Preparation of a list of receipts (remittance advice).
- Restrictive endorsement of checks.
- Prompt forwarding of collections to the cashier.
- Cash Receipts Department:
- Separation of cash receipts from cash disbursements.
- Daily recording and deposit of all cash receipts.
- Bonding of cash handlers.
- Centralization of cash collection.
- Preparation of deposit slips by the cashier.
- Preparation of cash summaries.
- Use of cash registers for cash sales.
- Verification of cash register totals by independent personnel.
- Monthly bank reconciliation by an independent person.
- Use of lockbox system if feasible.

3. Specific Control Procedures - Test of Controls (Part 2)

Personnel and Payroll Cycle:

- Activities: Hiring and terminations, maintenance of personnel records, payroll preparation,
and paycheck distribution.
- Departments: Personnel/HR, Payroll, Cash Disbursements.

Control Procedures:

Personnel Department:
- Responsibility for employee hiring, promotion, transfer, and termination.
- Initiation and updating of personnel records.
- Authorization of salary/wage rates and payroll deductions.
- Restriction of access to personnel records for payroll personnel.
- Prompt notification of termination settlements to payroll.
Payroll Department:
- Use of clock cards, magnetic identification cards, or job time tickets to track hours worked.
- Approval of payroll by supervisors.
- Collection of clock cards, pay rates, and deductions to compute payroll.
- Independence from personnel and treasurer's departments.
- Processing of gross and net earnings.
- Preparation of payroll register.
- Posting of payroll to appropriate accounts.
- Maintenance of separate payroll bank account.
- Monthly reconciliation of payroll bank account.
- Preparation of employee earnings records.
- Preparation of government reports on earnings and taxes.
- Review of payroll for reasonableness by management.
Cash Disbursements Department:
- Use of pre-numbered checks.
- Comparison of checks with payroll register.
- Signing of checks by the treasurer.
- Distribution of paychecks by a paymaster independent of operating and payroll departments.
- Employee identification verification.
- Receipt signing for cash payroll.
- Forwarding of unclaimed paychecks to the treasurer.
- Deposit of unclaimed cash paychecks.
- Preparation of payroll summary for general accounting.
- Bonding of cash handlers.

Conversion Cycle:
- Activities: Production of finished goods, inventory maintenance, fixed asset control, and
depreciation allocation.

Control Procedures:

Inventories:
- Statements of criteria for product production and quantities.
- Inventory processing manual.
- Restricted access to physical inventory.
- Prenumbered material release forms, production orders, and inventory movement logs.
- Perpetual inventory records for large items.
- Standard cost system.
- Physical controls over inventories.
- Bonding of employees handling valuable inventory.
- Adequate insurance coverage.
- Segregation of inventory handling, recording, and accounting.
- Physical controls over unused forms and records.
Fixed Assets:
- Written procedures for additions, disposals, and retirements.
- Procedures for operating, moving, and controlling fixed assets.
- Restricted access to movable fixed assets.
- Detailed fixed asset records.
- Reconciliation of fixed asset records with general ledger accounts.
- Investigation of variances.
- Policies for depreciation methods and calculations.
- Physical control over unused fixed assets.
- Segregation of custody and record-keeping.
- Safeguarding of fixed assets from deterioration and theft.
- Insurance coverage for major assets.
- Policies for capitalizing expenditures.

Investing Cycle:
- Activities: Acquisition, disposal, valuation, custody, and recording of investments.

Control Procedures:

Investments:
- Segregation of investment approval, accounting, and custody.
- Authorization of investment transactions by board or committee.
- List of authorized investments.
- Registration of securities in the company's name.
- Independent trust agents for custody.
- Bonding of personnel with access to securities.
- Record of visits to safe deposit boxes.
- Perpetual record of security additions and removals.
- Periodic comparison of securities with records.
- Recalculation and verification of interest and dividend income.

Financing Cycle:
- Activities: Issuance and repurchase of debt and equity, interest and dividend payment.
Control Procedures:

Debt and Equity:

- Authorization of transactions by the board of directors.
- Independent trustee for bond transactions.
- Schedule of interest and loan payment due dates.
- Cancellation of retired debt instruments.
- Defacing of canceled stock certificates.
- Independent stock registrar and transfer agent for share capital.
- Consecutive numbering and control of unissued bonds, notes, and stock certificates.
- Policies for obtaining capital funds.
- Physical barriers over forms and records.
- Detailed share capital records maintained independently.
- Proper control and accounting for treasury shares.
General Questions:
1. What is the primary purpose of an
auditor's study and evaluation of a client's
internal control?
- a) To express an opinion on the
effectiveness of internal control.
- b) To identify and assess the risks of
material misstatement.
- c) To design and implement internal
controls for the client.
- d) To provide assurance that the financial
statements are free from material
misstatement.
2. Which of the following is NOT a factor
relevant to the auditor's judgment about
whether a control is relevant to the audit?
- a) Materiality of the related risk
- b) Size of the entity
- c) Nature of the entity's business
- d) The auditor's personal opinion about
the control's effectiveness
3. What are the two main levels of control
risk assessment?
- a) High and Low
- b) Significant and Insignificant
- c) Material and Immaterial
- d) Effective and Ineffective
4. What is the purpose of performing a "test
of control" during an audit?
- a) To determine if the financial statements
are free from material misstatement.
- b) To evaluate the operating effectiveness
of controls in preventing or detecting
misstatements.
- c) To identify and assess the risks of
material misstatement.
- d) To express an opinion on the
effectiveness of internal control.
5. What is a "significant deficiency" in
internal control?
- a) Any deficiency that the auditor believes
is important enough to communicate to
management.
- b) A deficiency that is likely to result in a
material misstatement in the financial
statements.
- c) A deficiency that is not likely to result in
a material misstatement, but is still
important enough to communicate to
management.
- d) A deficiency that is not likely to result in
a material misstatement, and is not
important enough to communicate to
management.
Specific Questions (Revenue/Receipt Cycle):
6. Why is it important for the credit
department to be independent from the
sales and cash receipts departments?
7. What is the purpose of a "packing slip" in
the shipping department?
8. What are the benefits of using a lockbox
system for cash management?
Specific Questions (Personnel/Payroll
Cycle):
9. Why is it important for the payroll
department to be independent from the
personnel and treasurer's departments?
10. What is the purpose of a "paymaster" in
the cash disbursements department?
Specific Questions (Conversion Cycle):
11. What are the key control procedures for
maintaining physical control over
inventories?
12. Why is it important to segregate the
responsibility for handling fixed assets from
the responsibility for fixed asset records?
Specific Questions (Investing Cycle):
13. Why is it important for a company to
register its securities in its own name?
14. What are the key control procedures for
safeguarding investments in a bank safe
deposit box?
Specific Questions (Financing Cycle):
15. Why is it important for bond
transactions to be handled by an
independent trustee?
16. What are the key control procedures for
ensuring the proper control and accounting
for treasury shares?
Questions about Service Organizations:
17. What is a "service organization" in the
context of an audit?
18. What are the two types of reports that a
service auditor may issue in relation to a
service organization's internal controls?
19. What should a user auditor do if they
are unable to obtain a sufficient
understanding of the services provided by a
service organization?
Answers:
1. b) To identify and assess the risks of
material misstatement.
2. d) The auditor's personal opinion about
the control's effectiveness
3. a) High and Low
4. b) To evaluate the operating
effectiveness of controls in preventing or
detecting misstatements.
5. c) A deficiency that is not likely to result
in a material misstatement, but is still
important enough to communicate to
management.
6. Independence helps prevent fraud and
errors related to credit approvals, sales
transactions, and cash collections.
7. A packing slip provides a detailed list of
items shipped to the customer, ensuring
accuracy and reducing disputes.
8. A lockbox system improves cash flow,
reduces the risk of theft or loss, and
enhances internal control over cash
receipts.
9. Independence helps prevent fraud and
errors related to payroll calculations,
employee records, and cash disbursements.
10. A paymaster, independent of the
operating and payroll departments, helps
prevent fraud and ensure paychecks are
distributed securely and accurately.
11. Key control procedures include physical
barriers, restricted access, inventory counts,
and segregation of duties.
12. Segregation of duties helps prevent
fraud and errors related to asset
acquisition, disposal, and recordkeeping.
13. Registering securities in the company's
name prevents unauthorized transfer or
loss and provides clear ownership.
14. Key procedures include dual control
over access to the safe deposit box, periodic
reconciliation of securities, and
maintenance of a record of visits.
15. An independent trustee provides
oversight and protection against fraud or
misuse of bond proceeds.
16. Key procedures include consecutive
numbering and control of treasury shares,
segregation of duties, and periodic
reconciliation of treasury share records.
17. A service organization is a third-party
entity that provides services to a user entity
that are part of the user entity's
information systems relevant to financial
reporting.
18. The two types of reports are Type 1
(description and design of controls) and
Type 2 (description, design, and operating
effectiveness of controls).
19. The user auditor should attempt to
obtain a Type 1 or Type 2 report, contact
the service organization, visit the service
organization, or use another auditor to
perform procedures.
General Questions:
1. Which of the following is NOT a
component of internal control?
- a) Control environment
- b) Risk assessment
- c) Control activities
- d) Information and communication
- e) Monitoring activities
- f) Financial reporting
2. What is the primary purpose of the
control environment?
- a) To identify and assess risks of material
misstatement.
- b) To establish a foundation for the other
components of internal control.
- c) To design and implement control
activities.
- d) To monitor the effectiveness of internal
control.
3. What is the purpose of risk assessment?
- a) To identify and analyze risks of material
misstatement.
- b) To design and implement control
activities to mitigate risks.
- c) To monitor the effectiveness of internal
control.
- d) To communicate information about
risks to management.
4. What are control activities?
- a) Policies and procedures that help
reduce risks of material misstatement.
- b) The process of monitoring the
effectiveness of internal control.
- c) The communication of information
about risks and controls.
- d) The foundation for the other
components of internal control.
5. What is the purpose of monitoring
activities?
- a) To identify and assess risks of material
misstatement.
- b) To design and implement control
activities.
- c) To evaluate the effectiveness of internal
control.
- d) To communicate information about
risks and controls.
Specific Questions (Revenue/Receipt Cycle):
6. Which of the following is NOT a control
procedure for the customer order
department?
- a) Consecutive numbering of sales orders Specific Questions (Personnel/Payroll
Cycle):
- b) Proper control and accounting for sales
orders

- c) Distribution of copies of sales orders to 9. Which of the following is NOT a control

relevant departments procedure for the payroll department?

- d) Approval of customer credit by the sales - a) Use of clock cards or magnetic

department identification cards

7. Which of the following is NOT a control - b) Approval of payroll by supervisors

procedure for the shipping department?
- c) Collection of clock cards and pay rates
- a) Shipment of goods only with approved
- d) Preparation of a payroll register
sales orders
- e) Distribution of paychecks by the payroll
- b) Preparation of shipping documents
department
- c) Inclusion of packing slips
10. Which of the following is NOT a control
- d) Reconciliation of shipping documents procedure for the cash disbursements
with sales invoices department (payroll)?

- e) Verification of customer credit by the - a) Use of pre-numbered checks

shipping department
- b) Comparison of checks with the payroll
8. Which of the following is NOT a control register
procedure for the cash receipts
- c) Signing of paychecks by the treasurer
department?
- d) Distribution of paychecks by an
- a) Separation of cash receipts from
independent paymaster
disbursements
- e) Approval of payroll by the cash
- b) Daily recording and deposit of receipts
disbursements department
- c) Bonding of cash handlers

- d) Preparation of deposit slips by the

Specific Questions (Conversion Cycle):
cashier

- e) Verification of customer credit by the

cash receipts department
11. Which of the following is NOT a control - c) Registration of securities in the
procedure for maintaining physical control company's name
over inventories?
- d) Use of independent trust agents
- a) Physical barriers
- e) Approval of investments by the finance
- b) Restricted access department

- c) Inventory counts 14. Which of the following is NOT a control

procedure for safeguarding investments in a
- d) Segregation of duties
bank safe deposit box?
- e) Approval of inventory purchases by the
- a) Dual control over access to the safe
production department
deposit box
12. Which of the following is NOT a control
- b) Periodic reconciliation of securities
procedure for fixed assets?
- c) Maintenance of a record of visits
- a) Written procedures for additions,
disposals, and retirements - d) Approval of access to the safe deposit
box by the finance department
- b) Procedures for operating, moving, and
controlling assets

- c) Restriction of access to movable assets Specific Questions (Financing Cycle):

- d) Detailed fixed asset records

- e) Approval of fixed asset purchases by the 15. Which of the following is NOT a control
production department procedure for debt and equity?

- a) Authorization of transactions by the

board
Specific Questions (Investing Cycle):
- b) Handling of bond transactions by an
independent trustee
13. Which of the following is NOT a control
- c) Preparation of a schedule of interest
procedure for investments?
and loan payment due dates
- a) Segregation of investment approval,
- d) Cancellation of retired debt instruments
accounting, and custody
- e) Approval of debt and equity
- b) Authorization of transactions by the
transactions by the finance department
board or investment committee
16. Which of the following is NOT a control
procedure for ensuring the proper control
and accounting for treasury shares?
- a) Consecutive numbering and control of
treasury shares
- b) Segregation of duties
- c) Periodic reconciliation of treasury share
records
- d) Approval of treasury share transactions
by the finance department
Questions about Service Organizations:
17. Which of the following is NOT a reason
why a user auditor might need to obtain an
understanding of the services provided by a
service organization?
- a) The services affect the user entity's
information systems relevant to financial
reporting.
- b) The services are material to the user
entity's financial statements.
- c) The services are provided by a company
that is related to the user entity.
- d) The services are provided by a company
that is not related to the user entity.
18. Which of the following is NOT a
procedure that a user auditor might use to
obtain an understanding of the services
provided by a service organization?
- a) Obtain a Type 1 or Type 2 report from
the service auditor.
- b) Contact the service organization
directly.
- c) Visit the service organization and
perform procedures.
- d) Use another auditor to perform
procedures.
- e) Review the service organization's
financial statements.
Answers:
1. f) Financial reporting (Financial reporting
is the result of internal controls, not a
component of it.)
2. b) To establish a foundation for the other
components of internal control.
3. a) To identify and analyze risks of
material misstatement.
4. a) Policies and procedures that help
reduce risks of material misstatement.
5. c) To evaluate the effectiveness of
internal control.
6. d) Approval of customer credit by the
sales department (Credit approval is
typically handled by a separate credit
department.)
7. e) Verification of customer credit by the
shipping department (Credit verification is
typically done by the credit department 15. e) Approval of debt and equity
before shipment.) transactions by the finance department
(Debt and equity transactions are typically
8. e) Verification of customer credit by the
approved by the board of directors.)
cash receipts department (Credit
verification is typically done by the credit 16. d) Approval of treasury share
department before goods are shipped.) transactions by the finance department
(Treasury share transactions are typically
9. e) Distribution of paychecks by the
approved by the board of directors or a
payroll department (Paychecks are typically
designated treasury share committee.)
distributed by a separate cash
disbursements department or an 17. c) The services are provided by a
independent paymaster.) company that is related to the user entity.
(The relationship between the service
10. e) Approval of payroll by the cash
organization and the user entity is not a
disbursements department (Payroll
primary factor in determining whether the
approval is typically done by supervisors or
user auditor needs to obtain an
a designated payroll authority.)
understanding of the services.)
11. e) Approval of inventory purchases by
18. e) Review the service organization's
the production department (Inventory
financial statements. (While reviewing the
purchases are typically approved by a
service organization's financial statements
separate purchasing department.)
might be helpful, it is not a primary
12. e) Approval of fixed asset purchases by procedure for obtaining an understanding
the production department (Fixed asset of the services provided.)
purchases are typically approved by a
separate capital expenditure committee or
management.)

13. e) Approval of investments by the

finance department (Investment approvals
are typically made by the board of directors
or an investment committee.)

14. d) Approval of access to the safe deposit

box by the finance department (Access to
the safe deposit box should be restricted to
authorized personnel, typically with dual
control.)