2021/2022 ACADEMIC YEAR

ACCT304: AUDITING
AUDIT EVIDENCE
 OUTLINE

• Concept of audit evidence

• Sufficient appropriate audit evidence
• The use of assertions in obtaining
evidence
• Audit procedures for obtaining audit
evidence
 Concept of audit evidence
•Audit evidence is all the information used by
the auditor in arriving at the conclusions on
which the audit opinion is based
•It includes:
o Information contained in the accounting
records underlying the financial statements
o Information obtained from outsiders
o Information obtained from mgt of client
o Information obtained from auditor’s tests
and procedures
Sufficient and Appropriate Audit
Evidence
–Sufficiency is the measure of
the quantity of audit evidence.
–Appropriateness is the
measure of the quality of audit
evidence; that is, its relevance
and its reliability in providing
support for, or detecting
misstatements
Sufficient and Appropriate Audit
Evidence
• Audit evidence is more reliable when it is
obtained from independent sources outside
the entity.
• Audit evidence that is generated internally is
more reliable when the related controls
imposed by the entity are effective.
• Audit evidence obtained directly by the
auditor is more reliable than audit evidence
obtained indirectly or by inference (for
example, inquiry about the application of a
control).
Sufficient and Appropriate Audit
Evidence
•Audit evidence is more reliable when it exists
in documentary form, whether paper,
electronic, or other medium (for example, a
contemporaneously written record of a
meeting is more reliable than a subsequent
oral representation of the matters discussed).
•Audit evidence provided by original
documents is more reliable than audit
evidence provided by photocopies or
facsimiles.
 The Use of Assertions in
Obtaining Audit Evidence[1 of 4]
• In presenting the financial
statements, management explicitly or
implicitly makes assertions regarding
the recognition, measurement,
presentation and disclosure of the
various elements of the FS
• The auditor uses these assertions in
obtaining relevant evidence
 The Use of Assertions in
Obtaining Audit Evidence[2 of 4]
Assertions about classes of transactions and events for the
period under audit:
• Occurrence – transactions and events that have been
recorded have occurred and pertain to the entity.
• Completeness – all transactions and events that should
have been recorded have been recorded.
• Accuracy – amounts and other data relating to recorded
transactions and events have been recorded
appropriately.
• Cutoff – transactions and events have been recorded in
the correct accounting period.
• Classification – transactions and events have been
recorded in the proper accounts.
 The Use of Assertions in
Obtaining Audit Evidence[3 of 4]
Assertions about account balances at the period end:
• Existence – assets, liabilities, and equity interests
exist.
• Rights and Obligations [Ownership] – the entity
holds or controls the rights to assets, and liabilities are
the obligations of the entity.
• Completeness – all assets, liabilities and equity
interests that should have been recorded have been
recorded
• Valuation and allocation – assets, liabilities and
equity interests are included in the financial statements
at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded.
 The Use of Assertions in
Obtaining Audit Evidence[4 of 4]
Assertions about presentation and disclosure:
• Occurrence and rights and obligations –
disclosed events, transactions, and other matters
have occurred and pertain to the entity.
• Completeness – all disclosures that should have
been included in the financial statements have
been included.
• Classification and understandability –
financial information is appropriately presented
and described, and disclosures are clearly
expressed.
Audit Procedures for Obtaining Audit Evidence [1 of 2]

• Inspection of tangible assets

• Inspection of records or documents
• Observation
• Inquiry
• Confirmations
• Re-calculations
• Re-performance
• Analytical procedures
When info is in electronic form, the auditor may
carry out some of the audit procedures through
CAATs
 Inspection of Assets

– Inspection of tangible assets that

are recorded in the accounting
records confirms existence, but
does not necessarily confirm rights
and obligations or valuation.
– Confirmation that assets seen are
recorded in accounting records
gives evidence of completeness
Inspection of Documents and
Records
• This is the examination of documents and
records, both internal and external, in
paper, electronic or other forms.
• This procedure provides evidence of
varying reliability, depending on the
nature, source and effectiveness of
controls over production (if internal).
• Inspection can provide evidence of
existence (e.g., a document constituting a
financial instrument), but not necessarily
about ownership or value
 Observation

• This involves watching a procedure or

process being performed (for example,
inventory counting).
• It is of limited use, as it only confirms
the procedure took place when the
auditor was watching, and because the
act of being observed could affect how
the procedure or process was performed
 Enquiry

• This involves seeking information from

client staff or external sources.
• Strength of evidence depends on the
knowledge and integrity of source of
information.
• Enquiry alone does not provide sufficient
audit evidence to detect a material
misstatement at assertion level, nor is it
sufficient to test the operating
effectiveness of controls
 Confirmation

– This is the process of obtaining a

representation of information or of
an existing condition directly from
a third party eg confirmation from
bank of bank balances.
 Re-calculation

– This consists of checking the

mathematical accuracy of
documents or records
– It can be performed manually or
using IT.
 Re-performance

– This is the auditor's

independent execution of
procedures or controls that
were originally performed as
part of the entity's internal
control
 Analytical Procedure

• Evaluating and comparing financial

and/or non-financial data for
plausible relationships.
• Also include the investigation of
identified fluctuations and
relationships that are inconsistent
with other relevant information or
deviate significantly from predicted
amounts
 Procedures for Obtaining Audit
Evidence
The procedures above are used for:
• Obtaining understanding of the entity
and its environment
• Tests of control
• Assessing risks of material misstatement
• Detect material misstatement at the
assertion level
• Substantive testing
• Verification of assets, liability and equity
INTERNAL CONTROL
SYSTEM
 Outline

• Nature and Scope of Internal

Control System
• Specific Internal Control Procedures
• Internal Control Report to
Management
• Internal Audit as a Control Factor
• Tests of Control
NATURE AND SCOPE OF INTERNAL
CONTROL
» Introduction
» Definition
» Components of Internal Control Systems
(ICS)
» Importance of Internal Control
Questionnaires
» Inherent Limitation of ICS
» Ascertaining ICS
» Recording/Documenting ICS
» Testing ICS
 INTRODUCTION
» For systems based auditing to work
effectively, the auditor will like to rely on
internal controls to reduce the volume of
substantive testing.
» It is therefore important for the auditor to
examine the internal control practice and
procedures that are in place in the client’s
business.
» Where weaknesses are revealed, the auditor
recommends ways of improving the systems
 Definition: Internal control
system
»Policies and procedures adopted by the
management of entity to assist in the
objective of achieving as far as practicable,
the orderly and efficient conduct of the business,
including
 adherence to internal policies,
 the safeguarding of assets,
 the prevention and detection of fraud and error,
 the accuracy and completeness of the accounting
records, and
 the timely preparation of reliable financial
information.
 COMPONENTS OF INTERNAL
CONTROL
» Control environment
» Risk assessment process
» Information system
» Control procedures/activities
» Monitoring of controls
 Components of internal control
Control environment
» The control environment includes:
– the governance and management functions
and the attitudes,
– awareness, and actions of those charged
with governance ,and
–management concerning the entity’s internal
control and its importance in the entity.
» The control environment sets the tone of an
organisation, influencing the control
consciousness of its people.
 Control environment

Control Environment
» The control environment has many elements such
as
– communication and enforcement of integrity
and ethical values,
– commitment to competence,
– participation of those charged with
governance, management’s philosophy and
operating style,
– organisational structure,
– assignment of authority and responsibility and
–human resource policies and practices
Entity’s risk assessment process

Entity’s risk assessment process

»For financial reporting purposes, the entity’s
risk assessment process includes how
management identifies business risks relevant
to the preparation of financial statements in
accordance with the entity’s applicable
financial reporting framework.
»It estimates their significance, assesses the
likelihood of their occurrence, and decides
upon actions to respond to and manage them
and the results thereof.
 The Information system

The Information system

»The information system relevant to
financial reporting objectives consists of
the procedures and records designed and
established to.
–Initiate , record, process and report
transactions
–Maintain accountability for access for
assets, liabilities and equity
– Resolve incorrect processing of transaction
 The Information system

The Information system

• Process and account for system
overrides
• Transfer information to the
general/nominal ledger
• Capture information relevant to
financial reporting for other events and
conditions, and
• Ensure information required to be
disclosed in appropriately reported
 Control activities/procedures

Control activities/procedures
»Control activities are the policies and
procedures that help ensure that
management directives are carried out.
» Control activities, whether within
information technology or manual systems,
have various objectives and are applied at
various organisational and functional levels.
 Control activities/procedures

Control activities/procedures
»Examples of specific control activities
include those relating to:
– Authorisation
– Maintaining controls accounts
– Checking the arithmetical accuracy of records
– Comparing internal data with external data
source of information
 Control activities/procedures

Control activities/procedures
– Performance review
– Reconciliations
– Information processing [General controls and
application controls]
– Limiting direct physical access to assets and
records
– Segregation of duties
 Control activities/procedures

»Preventive controls
– Setting authorisation limits
– Physical control [limiting access to assets]
– Segregation of duties
– Budgeting systems
»Detective controls
– Reconciliation
– Exception reports
– Variance analysis
 Control activities/procedures

»Corrective controls
– Sanctions
– Punishments
– Correcting variances to avoid recurrence
 Monitoring of controls
» Monitoring of controls is a process to assess the
effectiveness of internal control performance over
time.
» It involves assessing the effectiveness of controls on
a timely basis and taking necessary remedial actions.
» Management accomplishes the monitoring of controls
through ongoing activities, separate evaluations, or a
combination of the two.
» Ongoing monitoring activities are often built into the
normal recurring activities of an entity and include
regular management and supervisory activities.
 Importance Of ICS
» Directors of corporate bodies set up internal
controls in the accounting system to ensure that:
– Transactions are executed in accordance with proper
authorization,
– All transactions are promptly recorded at the correct
values in the appropriate accounts and in accordance
with relevant regulatory frameworks,
– Access to assets is permitted in accordance with
authorized procedures, and
– recorded assets are compared with physically
existing assets at reasonable intervals and
differences reconciled
 Need for internal controls

» The Need for Internal Controls:

– Mgt ‘s perspective
– Internal Auditor’s perspective
– External auditor’s perspective
 Inherent Limitation Of ICSs
»Any instituted internal control system only
provides management with reasonable assurance
but not absolute assurance because of inherent
limitations such as the following:
1. The requirement that the cost of an
internal control does not outweigh the
potential loss which may result from its
absence.
2. Most systematic internal controls tend to
be directed at routine transactions rather
than non-routine transactions.
 Inherent Limitation Of ICSs

3. The potential for human error in the

operation of internal controls due to
carelessness, distraction, mistakes of
judgment and the understanding of
instructions.
4. The possibility that a person
responsible for exercising an internal
control could abuse that
responsibility by overriding an
internal control.
 Inherent Limitation Of ICSs

5. The possibility of controls being by-

passed because two or more people
colluded. Collusion maybe between
people inside the organization but may
involve outsiders as well.
6. The possibility that procedures may
become inadequate due to changes in
conditions or that compliance with
procedures may deteriorate over time.
This may particularly apply if a business
is expanding.
 Ascertaining The System
» Procedures used to obtain evidence
regarding the design and implementation
of controls include:
– Examining previous audit work
– Client’s own documentation of the
system
– Interviews with client’s staff.
– Tracing transactions
– Examining client’s documents
– Observation of procedures
 Documenting Client System

»Methods of recording the system

may include
1. Narrative Notes
2. Organisational Chart
3. Internal Control
Questionnaire[ICQs]
4. Flow Charts and other
Diagrammatic Presentation
5. Risks and Control Forms
 ICQs
» ICQ remains the longest used internal control
assessment and recording technique.
» Its function is to highlight precisely the areas
of strength and weakness in internal control.
» The questionnaire is a standardize pre-printed
document designed by the audit firm using it,
and comprises a series of questions designed
to determine whether desirable controls are
present.
» They are formulated so that there is one to
cover each of the major transaction cycles.
 ICQs

» The following points are worth-

noting about the use of ICQ:.
– An ICQ will normally be used if the
size and complexity of the client
organization justifies it.
– A complete ICQ should have an
effective life of approximately three
years during which only updating
would be necessary.
 ICQs

» The completion of new ICQ would

be necessary if a major change in
the system had taken place (e.g. a
change over from manual)
» The ICQ should be completed by a
senior member of the audit staff
after putting the questions to the
responsible officers of the client
company
 ICQs
» Observation and selected tests will ensure
that the ICQ accurately reflects the
strengths and weaknesses within the
procedures that operate from day to day
» The auditor should not place reliance on
controls on the basis of this preliminary
evaluation.
» He should conduct further compliance tests
designated to give a reasonable assurance
that the controls are functioning properly
 ICQs
»The questions should be formulated in such a
way that the relevant internal control criteria
are implicit, so that no more than a yes/no
answer is required to indicate compliance or
non-compliance.
»This degree of simplicity is not possible for
every question, for example cases where it is
necessary to know the names of executive
officer authorized to sign cheques, or the limit
on the authority of a particular officer to
authorise expenditure.
 ICQs
Purchases &Trade Payables Yes No N/A Date

Are official orders issued

showing names of suppliers,
quantities ordered and prices?
Are copies of orders retained on
files?
Who authorizes orders and what
are their authority limits
Is a record kept of orders placed
but not executed?
 Testing The System
» Having documented the system, the auditor needs
to assess whether :
– They are actually being implemented, and
– They are effective
» In order to assess the operating effectiveness of
controls in preventing and detecting material
misstatement, the auditor performs tests of control.
» Tests of controls are designed to gather evidence
concerning:
– How controls were applied during the period;
– The consistency of application; and
– Who (or what they were applied by
 Testing The System

» Typical methods of control testing include:

– Walkthrough tests [Where a transaction
is followed through the system]
– Observation of control activities [eg the
inventory count]
– Computer assisted audit technique
[CAAT]
 SPECIFIC INTERNAL
CONTROL PROCEDURES
 OUTLINE

» General financial arrangements

» Cash and cheques (received and
paid)
» Wages and salaries
» Purchases and trade creditors
» Sales and trade debtors
» Stock and Work-in-progress
» Fixed assets and investments
 General Financial Arrangements

» Internal control considerations include the following:

– Devising an appropriate and properly integrated
system of accounts and records.
– Determining the form of general financial
supervisory budgetary control, regular interim
accounts of suitable frequency and special reports.
– Ensuring that adequate precautions are taken to
safeguard (and if necessary, to duplicate and store
separately) important records.
– Engaging training and allocating to specific duties,
management and staff competent to fulfill their
responsibilities during staff absence.
 Sales Order
» The orders should be checked against the
customers accounts; this should be evidenced by
initialing by a responsible official.
» Any new customer will be referred to the credit
control department before the order is accepted to
ensure agreement before the order is accepted to
ensure agreements are in place prior to processing
of any sales orders.
» Existing customers should be allocated a credit
limit and it should be ascertained whether the limit
is to be exceeded if the new order is accepted. If
so, the matter should be referred to credit control.
 Sales Order
» All orders should be recorded on pre-numbered sales
order documents.
» All orders should be authorized before any goods are
dispatched.
» The sales order should be used to produce a
dispatch note for the goods outwards department.
Mo goods may be dispatched without a dispatch
note.
» Discounts should be within procedures and clearly
authorized, with monitoring by management on
the level, type and reason for discounts.
 Sales Dispatch

»Dispatch notes should be pre-

numbered and a register kept of
them to relate to sales invoices and
orders.
»Goods dispatched notes should be
authorized as goods leave and
checked periodically to ensure they
are complete and that all have been
invoiced.
 Sales Invoicing
» Sales invoices should be authorized by a responsible
official and referenced to the original authorized order
and dispatch notes.
» All invoices and credit notes should be entered in sales
day records, the sales ledger, and sales ledger control
accounts. Batch totals should be maintained for the
purpose.
» Sales invoices and credit notes should be checked for
prices, casts and calculations by a person order than
the one preparing the invoice.
» All invoices and credit notes should be serially pre-
numbered and regular sequence checks should be
carried out.
 Sales Invoicing
» Credit notes should be authorized by someone
unconnected with dispatch or sales ledger
functions.
» Copies of cancelled invoices should be retained.
» Any invoice cancellation should lead to
cancellation of the appropriate dispatch note.
» Cancelled and free of charge invoices should be
signed by a responsible official.
» Each invoice should distinguish between different
types of sales and VAT. Any coding of invoices
should be periodically checked independently.
 Sales Return

» Any goods returned by a customer

should be checked for obvious
damage and when accepted, a
document should be raised.
» All goods returned should be used to
prepare appropriate credit notes
 Purchase Ordering
» Requisition notes for purchases should be authorized
» All orders should be authorized by a responsible official
whose authority limits should be pre-defined.
» Major items e.g. capital expenditure should be
authorized by the board
» All orders should be recorded on official documents
showing supplier’s names, quantities ordered and
price
» Copies of orders should be retained as a method of
following up late deliveries by suppliers.
» Re-order levels and quantities should be pre-set and
preferably recorded in advance on the requisition note.
 Receipt of Goods
»Goods inwards centres should be identified to
deal with receipts of all goods
»All goods should be checked for quantity and
quality. Goods Receive Notes should be raised
for all goods accepted. The GRN should be
signed by a responsible official,
»GRNs should be checked against purchase
orders and procedures should exist to notify the
supplier of under or over deliveries. GRNs
should be sequentially numbered and checked
periodically for completeness.
 Purchase Invoice and Purchase
Returns
» Purchases invoices received should be stamped with an
approval grid and given a unique serial number to ensure
purchase invoices do not go astray.
» Purchase invoices should be matched with GRNs and
should not be processed until this is done.
» The invoice should be checked against the order and the
GRN and casts and extensions should also be checked
» The invoices should be signed as approved for payment
by a responsible official independent of the ordering and
receipt of the goods function
» Invoice sequential numbers should be checked against
purchase daybook details
» Input VAT should be separated from the expense
 Receipt of Goods
»Invoices should be properly allocated to the
nominal ledger accounts, perhaps by
allocating expenditure codes. A portion of
such coding should be checked
independently.
»Batch controls should be maintained over
the posting of invoices to the purchases day
book, nominal ledger and purchase ledger
»A record of goods returned should be kept
and checked to the credit notes received
from suppliers
 Purchase Ledger and Suppliers
» The salaries and wages cheque should be signed by
two signatories and evidenced against the signed
payroll
» Where pay relates to hours worked , some form of time
recording should be used
» When employee has been absent for a long period,
their entitlement to salary should be checked against
personnel records.
» Direct bank transfers should also be signed and checked
regularly details on personnel files
» Personnel records should be kept for each employee, giving
details of engagements, retirements, or resignation, rates of
pay, holiday, etc with a specimen signature of the employee
 Purchase Ledger and Suppliers
»A purchase ledger control account should be
maintained and regularly checked against
balances in the ledger by an independent
official.
»Purchase ledger records should be kept by
person independent of the receiving of
goods, invoice authorization and payment
routines
»Statements from suppliers should be checked
against the purchase ledger account
 Controls relating to payroll

» Approval and Control of Documents

» There should be written authorization to employ
or dismiss any employee, in accordance with
company procedures and legal requirements
» Changes in rates of pay should be authorised in
writing by Human Resource Department
» Overtime worked should be authorized by a
responsible official in accordance with the entity’s
procedures
» An independent official (preferably the CFO or
CEO or HRD) should check the payroll and sign. It.
 Controls relating to payroll

» Arithmetic and accuracy

» Payroll should be prepared from time
recording system and a sample
checked for accuracy against current
rates of pay
» Payroll details should provide for the
accurate calculation of deduction
showing amounts paid over a period
of time , checked against
 Controls relating to payroll

Control Accounts
»Control accounts should be maintained in
respect of the deductions showing amounts paid
periodically to the revenue authorities, trade
unions, etc
»Overall checks should be carried out to
highlight major discrepancies, e.g. check against
budgets, changes in amounts paid over a period
of time, check against personnel records
»Management should exercise overall control
 Access to assets and records
» Where employees are paid in cash, there are a
number of specific control procedures as follows:
– Employees should sign for their wages
– No employee should be allowed to take the wages
of another employee.
– When wages are claimed late, the employee should
sign for the wages packet and the release of the
packet should be authorized.
– The system should preferably allow the wages to
be checked by the employee before the packet is
opened, by using specially designed wage packet.
 Wages and salaries
»The wages department should preferably be a
separate department with their personnel not
involved with receipts or payments functions.
»The duties of the wages staff should
preferably be rotated during the year, so as to
ensure that no employee is responsible for all
the functions in respect of any particular
department.
»The employee making up the wage packets
should not be employee who prepares the
payroll.
 Wages and salaries

»A surprise attendance at the pay-out

should be made periodically by an
independent official.
»Unclaimed wages should be recorded in a
register and held by someone outside the
wages department until claimed or until a
predefined period after which the money
should be re-banked. An official should
investigate the reason for unclaimed
wages as soon as possible.
 Salaries
» Personnel records should be kept similar
to those for hourly paid employees.
» Written authority should be required to
engage an employee or dismiss an
employee or change salary rate.
» Overtime should be authorized by
someone outside the payroll department.
» The usual checks on deductions are
required.
 Salaries

» When an employee has been absent for a

significant period, their entitlement to
salary should be checked against
personnel details.
» Cheques should have two signatures and
should be checked against an approved
payroll entry.
» Direct bank transfers should also be
signed and checked regularly against
details an personnel files
 Internal Controls Relating To
Cash System
Introduction
»Cash system refers to cash and
cheque receipts and payments.
» Entities should endeavour to conduct
all their cash transactions by means
of cheques or other forms of bank
transfers, as controls over cheque
transactions are easier to establish
and maintain
 Internal Controls Relating To
Cash System
Control Objectives
»The control of cash is of prime importance
to every business. The control objectives
are that:
–All sums due to the entity are received
and subsequently accounted for;
–No payments are made which should
not be made; and
–All payments and receipts are promptly
and correctly recorded.
Internal Controls Relating To Cash System

Controls over cash collected by salespeople and traveller

»Authority to collect cash should be clearly
defined.
»Salespersons should be required to remit cash
and report sales at regular intervals which
should be formally notified to each employees
»A responsible official should quickly follow up
salesmen who do not submit returns as required.
» Collections should be recorded when received, e.g., in a
rough cash book or copies of receipts which should be
given to the salespeople or travellers.
 Internal Controls Relating To
Cash System
» The collector’s cash receipts should be
reconciled to the eventual banking.
» Periodically, a responsible official
should check the salespeople’s own
receipt books with cash book entries.
» If salespeople hold inventories of
goods, an independent reconciliation
of inventory with sales and cash
received should be made
 Internal Controls Relating To
Cash System
Controls over cash sales
»Cash sales should be recorded when the sale
is made normally by means of cash till or the
use of cash sale invoices.
»If cash invoices are used they should be pre-
numbered, a register should be maintained
of cash sale invoice books and copies should
be retained.
»Cash received should be reconciled daily
with either the till roll or the invoice totals.
 Internal Controls Relating To
Cash System
Controls over cash sales
»This reconciliation should be carried out by
someone independent of those receiving the
cash and recording the sale.
»Daily banking should be checked against the till
roll or invoice total and differences
investigated.
»A responsible official should sign cancelled cash
sale invoices at the time of cancellation. All
such invoices should be checked periodically
for sequential numbering.
 Internal Controls Relating To
Cash System
Controls over banking
»Receipts should be banked intact daily.
»Each day’s receipts should be recorded
promptly in the cash book.
»Sales ledger personnel should have no access to
the cash or the preparation of the paying-in slip.
»Periodically a comparison should be made
between the split of cash and cheques
–received ( and recorded in rough cash book)
–banked (and recorded on paying-in slip).
Internal Controls Relating To Cash
System
Controls over cheque payments
• Unused cheques should be held in a
secure place.
• The person who prepares cheques should
have no responsibility over purchase
ledger or sales ledger.
• Cheques should be signed only when
evidence of a properly approved
transaction is available. Such evidence
may take the form of invoices, payroll;
petty cash book, etc.
Internal Controls Relating To Cash
System
Controls over cheque payments
• This check should be evidenced by
signing the supporting documentation.
• In a large concern those approving the
original document should be independent
of those signing cheques.
• Cheque signatories should be restricted to
the minimum practical number.
 Internal Controls Relating To
Cash System
1. Two signatories at least should be required except
perhaps for cheques of small amounts.
2. The signing of blank cheques and cheques in favour of
the signatory should be prohibited.
3. Cheques should be crossed before being signed.
4. Supporting documents should be cancelled as paid.
5. Cheques should preferably be dispatched immediately.
If not, they should be held in a safe place.
6. Returned cheques may be obtained from the bank and
a sample checked against cash book entries and
supporting documentation.
 Internal Controls Relating To
Cash System
Bank reconciliations
» Bank reconciliations should be prepared at least monthly.
» The person responsible for preparation should be
independent of the receipts and payment's function or,
alternatively, an independent person should check the
reconciliation.
» If the reconciliation is prepared by an independent
person, he or she should obtain bank statements directly
from the bank and hold them until the reconciliation is
completed.
» The preparation should preferably include a check of at
least a sample of receipts and payments against items on
the bank statement.
 Internal Controls Relating To
Cash System
Controls over petty cash
» The level and location of cash floats should be laid
down formally.
» There should be restricted access to the floats.
» Cash should be securely held, e.g., in a locked
drawer, with restricted access to keys.
» All expenditure should require a voucher signed by
a responsible official, not the petty cashier.
» The imprest system should be used to reimburse
the float, i.e., at any time the total cash and value
of vouchers not reimbursed equals a set amount.
 Internal Controls Relating To
Cash System
» Vouchers should be produced before the cheque is
signed for reimbursement.
» Vouchers should be cancelled once reimbursement
has taken place.
» A maximum amount should be placed on a petty
cash payment to discourage normal purchase
procedures being by-passed.
» Periodically, the petty cash should be reconciled by
an independent person.
» Rules should exist preferably preventing the issue
of IOUs or the cashing of cheques.
 Controls over inventories

Approval and control of documents

»Issues from inventories should be
made only on properly authorized
requisitions.
»Reviews of damaged, obsolete and
slow moving inventories should be
carried out.
»Any write-offs should be authorized.
 Controls over inventories
Arithmetical accuracy
» All receipts and issues should be recorded on inventory
cards, cross-referenced to the appropriate GRN or
requisition document.
» The costing department should allocate direct and
overhead costs to the value of work-in-progress according
to the stage of completion reached.
» To do this standard costs are normally used. Such
standards must be regularly reviewed to ensure that they
relate to actual costs being incurred.
» If the value of work-in-progress is directly comparable with
the number of units produced, checks should periodically
be made of actual units against work-in-progress records
 Controls over inventories

» Control accounts
» Total inventory records may be maintained
and integrated with the main accounting
system; if so, they should be reconciled to
detailed inventory records and
discrepancies investigated
 Controls over inventories
Comparison of assets to records
» Inventory levels should be periodically checked
against the records by a person independent of the
stores personnel, and material differences
investigated.
» Where continuous inventory records are not kept
adequately, a full stock take should be held at least
once a year.
» Maximum and minimum inventory levels should be
pre-determined and regularly reviewed for adequacy.
» Re-order quantities should be pre-determined and
regularly reviewed for adequacy.
 Controls over inventories
Access to assets and records
» Separate centres should be identified at which goods are
held.
» Deliveries of goods from suppliers should pass through a
goods inwards section to the stores. All goods should pass
through stores and hence be recorded and checked as
received.
» Inventories should be held in their locations so that they
are safe from damage or theft.
» All inventory lines should be identified and held together,
e.g. in bins which are marked with all relevant information
as to size, grade, origin, title for identification.
» Access to the stores should be restricted.
Internal Controls Relating To PPE
Control objectives
1. The control objectives are to ensure that:
2. fixed assets are correctly recorded, adequately
secured and properly maintained
3. acquisitions and disposals of fixed assets are
properly authorized
4. acquisitions and disposals of fixed assets are for
the most favourable price possible
5. fixed assets are properly recorded, appropriately
depreciated, and written down where necessary
Internal Controls Relating To PPE
Control procedures over non-current assets
» Annual capital expenditure budgets should be prepared
by someone directly responsible to the board of
directors.
» Such budgets should, if acceptable, be agreed by the
board and minuted.
» Applications for authority to incur capital expenditure
should be submitted to the board for approval and
should contain reasons for the expenditure, estimated
cost, and any non-current assets replaced.
» A document should show what is to be acquired and be
signed as authorized by the board or an authorized
official.
Internal Controls Relating To PPE
» Capital projects made by the company itself
should be separately identifiable in the
company’s costing records. They should reflect
direct costs plus relevant overhead but not
include any profit.
» Disposal of PPE should be authorized and any
proceeds from sale should be related to the
authority.
» A register of PPE should be maintained for each
major group of assets. The register should
identify each item within that group and contain
details of cost and depreciation.
Internal Controls Relating To PPE
» A physical inspection of fixed assets should be carried out
periodically and checked to the fixed asset register. Any
discrepancies should be noted and investigated.
» Assets should be properly maintained and adequately insured.
» Depreciation rates should be authorized and a written
statement of policy produced.
» Depreciation should be reviewed annually to assess the need
for changes in the light of profits or losses on disposal, new
technology, etc.
» The calculation of depreciation should be checked for
accuracy.
» Fixed assets should be reviewed for the need for any write-
down.
 Control as they apply to SMEs

» Control environment
» Risk assessment process
» Information systems
» Control procedures
» Monitoring of controls
 Control as they apply to SMEs

Control Environments
» Small entities may implement the control
environment elements differently than larger
entities.
» For example, small entities might not have a
written code of conduct but, instead, develop a
culture that emphasizes the importance of integrity
and ethical behaviour through oral communication
and by management example.
» Similarly, those charged with governance in small
entities may not include an independent or outside
member
 Control as they apply to SMEs

Risk assessment Process

» The basic concepts of the entity’s risk assessment
process are relevant to every entity, regardless of
size, but the risk assessment process is likely to be
less formal and less structured in small entities than
in larger ones.
» All entities should have established financial
reporting objectives, but they may be recognized
implicitly rather than explicitly in small entities.
» Management may be aware of risks related to these
objectives without the use of a formal process but
through direct personal involvement with employees
and outside parties.
 Control as they apply to SMEs
Information Systems
» Information systems and related business processes
relevant to financial reporting in small entities are
likely to be less formal than in larger entities, but their
role is just a significant.
» Small entities with active management involvement
may not need extensive descriptions of accounting
procedures, sophisticated accounting records, or
written policies.
» Communication may be less formal and easier to
achieve in a small entity than a larger entity due to the
small entity’s size and fewer levels as well as
management’s greater visibility and availability.
 Control as they apply to SMEs
Control Activities
» The concepts underlying control activities in small entities
are likely to be similar to those in larger entities, but the
formality with which they operate varies.
» Further, small entities may find that certain types of
control activities are not relevant because of controls
applied by management.
» For example, management’s retention of authority for
approving credit sales, significant purchases, and draw-
downs on lines of credit can provide strong control over
those activities.
» An appropriate segregation of duties often appears to
present difficulties in small entities.
 Control as they apply to SMEs
Monitoring of Controls
»Ongoing monitoring activities of small entities are more likely to be
informal and are typically performed as a part of the overall
management of the entity’s operations.
»Management’s close involvement in operations often will identify
significant variances from expectations and inaccuracies in financial
data leading to corrective action to the control.

»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
TESTS OF CONTROL
 Definition
» Tests of control are tests performed to obtain
audit evidence about the effectiveness of the:
– Design of the accounting and internal control
systems, ie whether they are suitably designed
to prevent, or detect and correct, material
misstatement at the assertion level
– Operation of the internal controls throughout
the period
» Tests of control are distinguished from
substantive tests which are designed to detect
material misstatements in the financial
statements.
 Nature of Tests of Control
» Tests of control may include the following.
– Inspection of documents supporting controls
or events to gain audit evidence that internal
controls have operated properly, e.g. verifying
that a transaction has been authorised
– Inquiries about internal controls which
leave no audit trail, e.g., determining who
performs each function not merely who is
supposed to perform it
– Reperformance of control procedures, e.g.,
reconciliation of bank accounts, to ensure they
were correctly performed by the entity
 Nature of Tests of Control
– Examination of evidence of management views,
e.g., minutes of management meetings
– Testing of internal controls operating on computerised
systems or over the overall IT function, e.g., access
controls
– Observation of controls to consider the way the
control is being operated Auditors should consider:
– How controls were applied
– The consistency with which they were applied during
the period
– By whom they were applied
– The use of computer-assisted audit techniques
(CAATs) may be appropriate in a computerized
accounting environment
 Scope of Tests of Control
» Tests of Control should be designed under the
following broad headings:
–Tests of Controls Relating to Sales and Receivables
–Tests of Controls Relating to Purchasing and
payables
–Tests of Controls Relating to Payroll
–Tests of Controls Relating to Cash
–Tests of Controls Relating to Inventories
–Tests of Controls relating to Property, Plant and
Equipment
Tests Of Control Relating To Sales

Sequence Test Checks

»Carry out sequence test checks
on invoices, credit notes,
dispatch notes and orders.
» Ensure that all items are
included and that there are no
omissions or duplications.
Authorisation
Check the authorisation for the:
» Acceptance of the order ( credit-
worthiness check)
»Discounts applied to orders
» Dispatch of goods
»Raising of the invoice or credit notes
»Pricing and discounts
»Write-off of bad debts
Arithmetical Accuracy
» Seek evidence of checking of the arithmetical
accuracy of:
– Invoices
– Credit notes
– VAT
» This is often done by means of a ‘grid stamp’
containing several signatures on the face of the
invoice. Ensure that the control has in fact been
applied by checking the accuracy of such
invoices and retail notes. This last test will also
serve as a substantive procedure.
» Control Account Reconciliations
» Check that control account reconciliations have been
performed and reviewed
» Re-perform the control by checking the reconciliation to
source documentation
» Ensure that batch total controls have been applied by
seeking signatures and tracing batches from inputs to
output.
» Check that exceptions and management information
reporting on sales have been produced and reviewed, with
evidence of action sales on unusual trends or level of
discounts or unusual prices.
» In all cases, tests should be performed on a sample basis.
The auditor should investigate errors and consider the need
for further testing to obtain comfort on the proper
application of the control procedure
 TESTS OF CONTROL RELATING TO PURCHASING SYSTEM

»Tests of control should be drawn up to check

that control procedures are being applied and
to achieve control objectives
» Test for evidence of a sequence check of
purchase order
»Test for evidence of approval of PO
»Test for adherence to authority limits in respect
of PO
»Test for evidence of sequence check of GRN
»Check for evidence of a sequence check of
goods returns note
 Purchase system control tests
» Test for serial numbering of purchase invoice
» Test for evidence of a sequence check of purchase invoice
» Test for evidence of matching purchase invoices with
goods received note
» Test for evidence of checking casts, extensions and VAT
treatment
» Test for approval purchase invoice for further processing
» Test for evidence of matching credit notes to goods
returned note
» Test for evidence of authorization of adjustments to
purchase ledger
» Test for evidence of authorization of adjustments to
purchase ledger listing
 TESTS OF CONTROL RELATING TO PAYROLL SYSTEM

» Test sample of time sheet, clock cards or other

records, for approval by responsible official. Pay
particular attention to the approval of overtime.
» Test authority for payment of causal labour,
particularly if in cash.
» Observe wage distribution for adherence to
procedures ensuring employees sign for wages,
that unclaimed wages re-banked, etc.
» Test authorisation for payroll amendments by
reference to personnel records.
» Test control over payroll amendments.
 Test of payroll controls
» Examine evidence of checking of payroll calculation (e.g., a
signature of the financial controller).
» Examine evidence of approval of payroll by a responsible
official.
» Examine evidence of independent checks of payrolls (e.g., by
internal audit).
» Inspect payroll reconciliations.
» Examine explanations for payroll expense variances.
» Test authorities for payroll deductions.
» Test controls over unclaimed wages.
» Test controls over calculation of bonus and one-off payments
to ensure evidence of authorisation.
» Check exception reporting to ensure evidence of review and
action taken to investigate and redress and discrepancies.
 TESTS OF CONTROL RELATING TO CASH SYSTEM

Cash receipts
»Attend mail opening and ensure procedures
are adhered to.
»Test independent check of cash receipts to
bank lodgements,
»Test for evidence of a sequence check on any
pre-numbered receipts for cash.
»Test authorization of cash receipts.
»Test for evidence of arithmetical check on
cash received records.
 Cash payments

Cash payments
» Inspect current cheque books for:
– sequential use of cheques
– controlled custody of unused cheques
– any signatures on blank cheques.
 Test (to avoid double payment) to ensure that
paid invoices are marked ‘paid’.
 Test for evidence of arithmetical check on cash
payments records, including cashbook.
 Examine evidence of authority for current
standing orders and direct debits.
 Bank reconciliations

Bank reconciliations
» Examine evidence of regular bank reconciliations
(usually one per month).
» Examine evidence of independent check of bank
reconciliations (e.g., a signature).
» Examine evidence of follow-up of outstanding
items on bank reconciliations.
» Pay particular attention to old outstanding
reconciling items that should be written back such
as old, unpresented cheques.
 Petty cash

Petty cash
»Test petty cash vouchers for approval.
»Test cancellation of paid petty cash
vouchers.
»Test for evidence of arithmetical
check on petty cash records.
»Examine evidence of independent
check of petty cash balance.
 TESTS OF CONTROLS RELATING TO INVENTORIES

»Observe physical security of inventories

and environment in which they are held.
»Test procedure for recording of inventory
movements in and out of inventory.
»Test authorization for adjustments to
inventory records.
»Test authorization for write-off or scrapping
of inventories.
»Test controls over recording of inventory
movements belonging to third parties.
 Inventory controls tests
» Test procedures for authorization for inventory
movements, i.e., the use made of authorized
goods received and dispatch notes.
» Inspect reconciliations of inventory counts to
inventory records (this gives overall comfort on
the adequacy of controls over the recording of
inventory).
» Check sequences of dispatch and goods
received notes for completeness.
» Assess adequacy of inventory taking procedures
and attend count to ensure they are carried out.
 TESTS OF CONTROLS RELATING TO PROPERTY, PLANT AND
EQUIPMENT

» Check authorization of purchase to board minutes, capital

expenditure budgets and capital expenditure form.
» Check authorization for disposals of significant assets.
» Confirm existence of fixed asset register which adequately
identifies assets and comments on their current condition.
Ensure register reconciles to nominal ledger.
» Test evidence of reconciliation of register to physical
checks of existence and condition of assets.
» Check authorization of depreciation rates, and particularly
changes in rates.
» Examine evidence of checking of correct calculations of
depreciation.