Chapter 6 Internal Control Evaluation

Chapter 6 Internal Control Evaluation

(I)Multiple Choice Questions

1. /

D

2. /

D

3. /

A

4. /

C

5. /

A

6. /

C

7. /

D

8. /

C.

9. /

A

10. /

D

11. /

D

12. /

D

13. /

B

14. /

D

15. /

C

16. /

D

17. /

B

18. /

D

19. /

B

20. /

B

21. /

C

22. /

D

23. /

A

24. /

C

25. /

D

26. /

C

27. /

D

/ Confirmation of completeness of recording in the company’s accounting records is a particular problem for an auditor, where theinternal controls are weak. This is because lack of adequate controls leads to systems objectives not being met and there is oftena lack of an audit trail to evidence the inception of transactions through to completion.
28. /

D

/ Internal Control Evaluation Questionnaires contain key control questions which focus on the objectives of the system under review.Questions (2), (3) and (4) all focus on the objectives of a payroll system, whilst question (1) focuses on a control procedure only.

(II)Examination Style Questions

Answer 1

(a)

Internal control questionnaire (ICQ) asks a series of questions[1 mark]about the internal control procedures in each audit area. [1 mark] It is designed to require a “yes” or “no” response[1 mark], with “no” response indicating potential internal control deficiencies. [1 mark]

(b)

The following are advantages of an ICQ:

(i)As the design of an ICQ covers each audit area, the auditor can thoroughly cover each audit area reasonably quickly at the beginning of the audit.

(ii)The questions are simple, so they can be completed by less senior staff.

(iii)Weaknesses in the internal control systems are easily identified, as all the “no” responses are potential weaknesses.

[Any two points, each 1 mark, maximum 2 marks]

The are following are limitations of an ICQ:

(i)ICQ is a standard set of questions, which may not apply to the particular system being audited. The questions are likely to be too detailed for small companies and may be inadequate for large companies. [1 mark]

(ii)ICQ does not provide an overall view because ICQs are evaluated in part by audit area. [1 mark]

(c)

(i)Weakness

The personnel file is not maintained for all workers. [1 mark]

Potential misstatement

Payroll cheques may be distributed to non-existent workers[1 mark], resulting in the overstatement of wages and fraud. [1 mark]

Audit tests

Select individual workers from monthly payroll list, trace them to the personnel file for personnel details and pay rate, and to the time card to confirm whether the worker was actually employed during that period. [1 mark]

For examples without a personnel file:

Arrange to meet the worker at the workplace and inspect proof of identity or attend payroll distribution. [1 mark]

Trace the time card for evidence of work done, check for the reasonableness of number of hours worked as compared with other workers doing the same job, and check for an authorized signature approving any overtime and hours on the time card. [1 mark]

(ii)Weakness

Neither a detailed output check on the monthly payroll report [1 mark] nor a high level reconciliation between payroll amounts of two consecutive months is carried out. [1 mark]

Potential misstatement

Input errors may not be detected. [1 mark] The payroll amount may be overstated or understated. [1 mark]

Audit tests

Perform analytical review (or analytical procedure) on each monthly payroll. [1 mark]

Investigate all material fluctuations. [1 mark]

Answer 2

(a)

Nature / Purposes
(i) / Test of control / Tests of controls are concerned with how internal control policies or procedures are applied, the consistency of application during the period audited, and by whom they are applied.
[Any two points, 1 mark each, maximum 2 marks] / To obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control systems to prevent and detect any material misstatements; [1 mark] and
Operation of internal controls throughout the period. [1 mark]
(ii) / Substantive tests / These tests of transactions and balances and review procedures[1 mark] are intended to detect material misstatements[1 mark] or to identify accounts likely to contain material misstatements. / To seek to provide audit evidence[1 mark] as to the completeness, accuracy and validity of the information contained in the books of accounts or in the financial statements. [1 mark]

(b)

Answer 3

Answer 4

(a)

Characteristics of a good system of internal control may include:

(i)Competent, reliable personnel who possess integrity:

The quality of the entity’s personnel is an important factor in safeguarding an entity’s assets and records and in securing reliable financial data. If the entity’s directors, managers and other employees are competent, they are able to fulfil their responsibilities efficiently and effectively.

(ii)Clearly defined areas of authority and responsibility:

The authority and responsibility of each employee should be clearly defined. This ensures that employees know what is expected of them and it also facilitates identifying responsibility in cases where tasks are not performed properly. Such identification of responsibility motivates employees to work carefully and also enables management to ascertain where corrective action is required.

(iii)Proper authorization procedures:

An entity must have proper authorization procedures to safeguard its physical assets and to protect the integrity of its records. For example, an entity may establish procedures for all credit sales to be authorized in writing by the credit manager before the goods are sold.

(iv)Performance reviews:

These control activities include reviewing and analyzing actual performance versus budgets, forecasts, and prior period performance; relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigate and corrective actions; comparing internal data with external sources of information; and reviewing functional or activity performance, such as a bank’s consumer loan manager’s review of reports by branch, region, and loan type for loan approvals and collections.

(v)Segregation of duties:

Incompatible duties must be vested in different people, such as:

No one person should have custody of assets and also maintain the records of those assets;

No one person should have custody of assets and also authorize transactions relating to those assets;

No one person should have responsibility for all the entries in the accounting records;

No one person should be given responsibility for both computer program and computer operations.

(vi)Information processing:

A variety of controls are performed to check accuracy, completeness, and authorization of transactions. The two broad groupings of information systems control activities are application controls and general IT-controls.

Application controls apply to the processing of individual applications. These controls help ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed. Examples of application controls include checking the arithmetical accuracy of records, maintaining and reviewing accounts and trial balances, automated controls such as edit checks of input data and numerical sequence checks, and manual follow-up of exception reports.

General IT-controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General IT-controls include control over data centre and network operations; system software acquisition, change and maintenance; access security; and application system acquisition, development, and maintenance. These controls apply to mainframe, miniframe, and end user change controls, controls that restrict access to programmes or data, controls over the implementation of new releases of packaged software applications, and controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail.

(vii)Physical safeguarding of assets and records:

The most effective way to safeguard the entity’s assets and records is to provide physical protection for assets and records, combined with restricted access. For example, inventory and supplies may be stored in a locked store room with access restricted to a limited number of authorized personnel. The same applies to computer hardware, programs, data and files.

[Any five items, each 2 marks: 1 mark for the characteristics and 1 mark for the elaboration or example, maximum 10 marks]

(b)

Examples of inherent limitations of internal control system of Metercape Limited are:

(i)Reduction of employees

Internal control procedures may become inadequate or inappropriate as a result of changes in the entity’s internal environment. For example, after the 50% cut in employees within the accounting department of Metercape Limited, there may not be an adequate or appropriate number of employees to perform all the laid down internal control procedures.

(ii)Inexperienced team

Internal control procedures may become ineffective because of changes in the entity’s internal environment. For example, the existing accounting personnel or Metercape Limited are inexperienced and may not be competent to carry out high level checks or reviews.

(iii)Human errors

The potential for error is always present because accounting personnel are human and therefore prone to make mistakes. For example, the long working hours of accounting personnel and their heavy workload may increase the chance of human errors.

(iv)Management override

There may be collusion between two or more employees which results in the controls being circumvented. For example, although Metercape Limited has established procedures for checking the customer’s credit and the adequacy of inventory before the goods are sold, the middle management overrides the laid down internal controls. This may create a breakdown of the internal control system.

(v)Increase in manual adjustments and bad debt entries

Internal controls are designed to prevent and detect errors and irregularities in the normal, frequently recurring transactions. However, errors are more likely to occur in relation to infrequent or unusual transactions. For example, the increase in manual adjustments and bad debt entries may indicate problems, which may not be effectively detected by Metercape Limited’s internal control system.

[Any four items, 2 marks each: 1 mark for the limitation and 1 mark for the example, maximum 8 marks]

(c)

Metercape Limited’s auditors should perform substantive procedures so as to reduce the audit risk. Auditors can never rely on the system to prevent and/or detect all material errors and irregularities in the accounting data because of the inherent limitations of all internal control systems. Auditors will have to evaluate, at least to some extent, the accuracy, validity and completeness of the information presented in the financial statements. [2 marks]

A6-1