Audit - Chap 6

Solutions Manualto accompany Auditing: a practical approach 2nd edition by Jane Hamilton CHAPTER 6 Gaining an understanding of the client's system of internal controls © John Wiley & Sons Australia, Ltd 2013 Solutions manual to accompany Auditing: a practical approach 2e Chapter 6 - Gaining an understanding of the client's system of internal controls REVIEW QUESTIONS 6.11 If an auditor does not intend to rely on internal controls in the audit, does the auditor need to obtain an understanding of internal control? Explain. ASA 315 requires the auditor to obtain an understanding of internal control on all audit engagements. Therefore, even if the auditor intends to take an entirely substantive approach to the audit and not rely on internal controls, the auditor must obtain an understanding of internal control. This is because without gaining this understanding, the auditor will not fully understand the risks of material misstatement of the financial report. ASA 315 states that gaining an understanding of the entity and its environment, including its internal control, establishes a frame of reference within which the auditor plans the audit and exercises professional judgement throughout the audit. The standard allows the auditor to use professional judgement to determine the extent of the understanding of internal controls required in each case. 6.12 Explain the difference between entity-level controls and transaction-level controls. Is an auditor interested in both? Entity-level controls are: 1. the control environment 2. the entity’s risk assessment process 3. the information system, including the related business processes, relevant to financial reporting, and communication 4. control activities 5. monitoring of controls Each of these controls relates to the whole organisation. Transaction-level controls are controls that impact a particular transaction or group of transactions. Therefore, the difference is that entity-level controls have the potential to impact all of the processes in the organisation, including those that have a direct impact on the financial report and others, while transaction-level controls impact only a specific group of transactions. Transactions make up the financial report that the auditor is auditing, and can be impacted by both entity-level and transaction-level controls. This is why an auditor would be interested in both types of controls. © John Wiley and Sons Australia, Ltd 2013 6.2 supply risks. Even the best control system is not 100% effective. An entity’s risk assessment process would consider risks to its achievement of its objectives at all levels. and all systems are less effective if the people working with them do not support the systems. staff risks relating to attracting and retaining the right type of staff for all shifts. counselling.14 Explain why an auditor would be interested in the functioning of the human resources department within an organisation. product quality risks which would lead to sales returns and/or warranty claims.13 Discuss the contention that the control environment is the most important part of a system of internal controls because it provides the foundation. training. commitment to quality. the HR department sets policies and procedures which have a direct effect on the organisation’s control environment. transport interruption risks (both freight and passenger transport delays affecting staff and customers). As such.3 . 6. to attracting and retaining staff. competitive risks from other retailers in the same location or servicing the same type of customer. exchange rate risks.15 What sort of risks would an entity’s risk assessment process consider? Give some examples for a retailer. all components of an internal control system are important. Which of these risks would be relevant to financial reporting? Explain. and experienced employees to discharge the duties required for the effective operation of the internal control systems. The HR department influences the ability of the organisation to retain trained. A retailer would have a particular focus on the risk of not being able to buy the appropriate products from reputable suppliers. People. competent. and the likelihood of effective control by studying the operation of the HR department. 6. promoting and compensating employees. If the control environment does not encourage ethical behaviour and high quality work. This means that the HR department is responsible for ensuring that the organisation’s employees are competent and honest. However. determine the effectiveness of internal controls. the HR department ensures that employees have the required skills and qualifications for the position they are appointed to. Having a strong control environment will not be sufficient by itself to ensure that an organisation is able to achieve its objectives. inducting. transport risk affecting imports. evaluating.Chapter 7: Gaining an understanding of the client’s system of internal controls 6. These would include: risks to revenue through product competition. physical risks including power interruption. The human resources department within an organisation is responsible for hiring. shopping centre building issues. and risks relating to protection of assets from theft and fraud etc. The control environment sets the tone of the entity and influences the control consciousness of its people. financing risks relating © John Wiley and Sons Australia. through their actions. An auditor can gain an understanding of the organisation’s standards. financing risk (obtaining and servicing loans). climate change risk. the people within an organisation could fail to implement controls or override them when performing their duties. For example. Ltd 2013 6. exposure to exchange rate risks if suppliers are located in other countries. Therefore. The concept of segregation of incompatible duties is that no one employee or group of employees should be in a position both to perpetrate and hide errors or fraud in the normal course of their duties. The auditor must consider the risk to the accounts so that the audit can be planned with appropriate consideration of the risk of material misstatement 6. the employee stealing the assets would have to get the cooperation of another employee to adjust the records to hide the theft. What sort of duties would be segregated within the sales process? Why? Segregation of incompatible duties is a part of the control activities of an organisation. be a going concern).Solutions manual to accompany Auditing: a practical approach 2e to funding product purchases and paying expenses prior to receipt of cash from customers. If these duties were not segregated.17 Why would an auditor be interested in a client’s control monitoring processes? A client should have processes for monitoring the effectiveness of its internal controls because circumstances and conditions change over time and controls need to adjust accordingly. If these duties are not segregated. Within the sales process.4 .16 Explain the importance of segregation of incompatible duties. All uncontrolled risks for the entity could affect the ability of the entity to survive (i. The auditor will also be able to assess the client’s management attitude to internal control systems through evaluation of the monitoring processes within the client. the auditor is most directly concerned with risks relating to protection of assets and the integrity of transactions in the accounts. Therefore. or control new types of transactions. The retailer would be interested in identifying and controlling risks to its ability to operate and achieve its objectives. and should not be able to process a sales return or other adjustment to a debtors account balance. © John Wiley and Sons Australia. an employee could steal assets (such as cash or stock) and adjust the records to conceal the theft. 6. The monitoring process allows the client to assess the need for changes to internal controls. If the duties are segregated. the person making the sale is not responsible for recording the sale. To conceal the theft. all risks are of interest to the auditor. and protection of assets and the integrity of sales and other transactions in the accounts. Control activities are policies and procedures that help make sure management’s directives are carried out. An out-of-date control system may not be able to alert management to new risks. Ltd 2013 6. the employee would later process a sales return or adjustment to eliminate the balance in the fictitious debtor’s account.e. the auditor will be interested in the effectiveness of the monitoring system and whether the client’s management are able to be sure that internal controls remain current and valid. As such. the sales employee could record a sale to a fictitious customer and take the goods for themselves. However. it is very important for the effective operation of a control system that incompatible duties are split between different employees. its strengths and weakness. The disadvantage is that it can inhibit an experienced auditor and slow down the process. 3.5 . the advantage is that complex systems can be described using standardised symbols. with additional narrative to explain steps that are hard to chart. Although internal audit departments are usually separate to other functions within the client. 6. they are not independent of the client. Not all organisations have an internal audit department. Smaller organisations usually do not have an internal audit function and many larger organisations outsource the internal audit function to a third party. as organisations become larger. Is internal audit an essential element of a control system? Explain. Internal auditors provide information about the functioning of the entity’s internal control system. Narratives.19 Four approaches to internal control documentation are discussed in the chapter. Combinations of narratives and flow charts or logic diagrams. The disadvantage is that both the diagram and narrative have to be prepared and checked for consistency. © John Wiley and Sons Australia.Chapter 7: Gaining an understanding of the client’s system of internal controls 6. 2.18 Discuss the role of internal audit in an entity’s system of internal controls. Checklists and preformatted questionnaires. Internal audit is a part of an entity with responsibility for assessing the performance of the entity’s control systems and making evaluations of client’s activities. the disadvantage is that it can take many words to describe a process in full. The disadvantage is that the reader may not understand the symbols or require additional clarification. it is easier to review and understand. Ltd 2013 6. the advantage is that the standardised graphics allow a large amount of information to be presented on a single page to represent complex flows of transactions and the key controls. the level of importance placed by an entity on its internal audit function can be a guide to its overall commitment to internal control. However. Flowcharts or logic diagrams. How would documentation assist the auditor to identify strengths and weaknesses of an entity’s system of internal controls? The four approaches to internal control documentation are: 1. The documentation assists the auditor because the process of preparing the documentation prompts the auditor to ask detailed questions in order to gain a full understanding. and make recommendations’ for improvements. 4. the advantage is that it is helpful to inexperienced auditors because the checklist guides the process and assists in identifying critical controls. the advantage is that the process can be described in full. An experienced auditor would be able to identify departures from the systems used at similar organisations and the graphical forms of documentation reveal quickly the destination of all copies of documents. If there is common understanding of the symbols. to the entity’s management. Assess the advantages and disadvantages of each. 22 In the sales transaction process.20 Why do auditors prepare management letters? ASA 260 requires the auditor to communicate matters from the audit with those charged with governance. The entity level controls exist at an organisational or entity level rather than at a more detailed transaction level. management is able to use a letter written at an interim stage of the audit as a basis for a response before the end of the audit. entity-level controls by themselves are not usually sensitive enough to prevent or detect and rectify material errors. 6. The feedback is provided in written form so that there is no confusion about the fact of the report or the observations and recommendations being made. To satisfy the requirements in these standards.000. if a data entry error is made so that a sale for $500 is incorrectly entered as $5. such as controls over large sales transactions would prevent an incorrect sales figure entering the system. They are not specifically tested because of the difficulty in trying to do so. In addition. a key control affecting the accuracy assertion for sales is ‘Credit committee review and approve all applications for credit over $1000’. in the same way that there would be evidence that sales transactions above a specified level must be authorised by the sales manager. Sometimes. but should be entered as $500. A control such as ‘Credit committee review and approve all applications for credit over $1000’ will require applications for credit over the specified amount being separately authorised. entity’s risk assessment process. This control is related to the accuracy assertion for sales because it prevents sales transactions being recorded that are incorrectly processed. the auditor will prepare a management letter to those charged with governance. the transaction would not be accepted until it had been authorised.Solutions manual to accompany Auditing: a practical approach 2e 6. and ASA 265 governs communicating deficiencies in internal control to those charged with governance and management. Because there is a data entry error. but they are not specifically tested. the deficiencies in internal control revealed during the audit that are either being communicated to those in governance or are not. the person responsible for authorising the transaction should notice that it is not for $5. Ltd 2013 6. control activities.6 . The management of the entity is able to use the written report as a basis for a response. The auditor uses their professional expertise to inform management about deficiencies in the internal control system which could affect the integrity of the financial report either in the current financial period or in the future. the information system. For example.000. Explain the impact of this control on the valuation assertion for sales receivable (debtors).21 Why don’t auditors usually test entity-level controls as part of the audit? Entity level controls are the collection of the internal control components of control environment. For example. The auditor is required to gain an understanding of the entity level controls. The control also impacts © John Wiley and Sons Australia. where appropriate. 6. and control monitoring (ASA 315/ISA315). The auditor will also communicate on a timely basis with management of the entity. there is rarely audit evidence that a control such as the ethics/tone at the top of an organisation is in existence and operating effectively. 000. and thus prevent it from being overstated. © John Wiley and Sons Australia.Chapter 7: Gaining an understanding of the client’s system of internal controls on the valuation assertion for sales receivable because it would prevent the incorrect sale being entered to the debtors account. if sales are genuinely being made for amounts over $1. In addition.7 . Ltd 2013 6. Procedures to check the credit-worthiness of debtors is likely to improve the chances of the amounts being paid by the debtors (because only debtors that can and will pay their debts are allowed to buy on credit). the authorising person has a chance to consider if the debtor has capacity to pay large amounts. increasing the likelihood that debtors are valued correctly. equipment and labour could help Powersys avoid these problems. (b) Suggest ways that good internal control over parts. The auditor should also consider whether the controls are able to provide sufficient control in the current circumstances.Solutions manual to accompany Auditing: a practical approach 2e PROFESSIONAL APPLICATION QUESTIONS 6. (a) Potential problems include:  Problems with communication systems stop emergency reports reaching the response teams in a timely manner  Police or other emergency services are unable to contact Powersys during an emergency because they do not have the required contact information or staff at Powersys are not rostered on to respond to emergencies  Trained staff are not available to respond to emergencies through mismanagement of leave or failure to recruit and train staff  Storms. Ltd 2013 6. fires or other emergencies are more extensive than anticipated and not enough staff and equipment are available to respond  Equipment.23 Understanding client controls Required Explain why the junior auditor’s suggestion is not appropriate. the auditor would need evidence that the conditions remained the same and that the controls had not altered. It is likely that additional work is required for the controls to be assessed for their effectiveness at preventing or detecting material misstatements at the assertion level because this is a different objective. Any change in either the controls or the conditions would make last year’s evidence not applicable to the current period. 6. The junior auditor’s suggestion is not appropriate because the auditor needs to have sufficient appropriate evidence about the effectiveness of controls in the current year. In this particular case. are not operational due to lack of suitable maintenance  Not sufficient supplies of specialised tools and parts are held in stores  The large warehouse is not accessible in an emergency because the key holder is away sick or on leave  Too many staff are rostered onto normal maintenance and not enough available for emergency response in a particular geographic location  Changes are made to the electricity distribution system so that different parts are required for maintenance and these new parts are not ordered in time © John Wiley and Sons Australia.24 Importance of internal control Required (a) Make a list of the potential problems that could occur in Powersys’ maintenance and improvements program. such as vehicles. Even if there had been no changes since last period. the auditor should evaluate the effectiveness of the controls and draw a conclusion on the degree to which they can be relied upon. diggers and cherry pickers. the controls were assessed with respect to their ability to ensure compliance with the regulations. At a minimum.8 . Although Betty is responsible for technical issues. this means that the management’s attitudes towards internal controls in general. Max appears to have been unaware of the problems. such as repairing computers. Ltd 2013 6. The accounts are not up to date and client statements have not been issued for four months.9 . are not good. she is also an owner of the business and as such should be involved in setting the tone of the organisation. debtors and cash receipts are not good. This means that Max and Betty must be personally © John Wiley and Sons Australia. Sally. (b) Which duties should be segregated in this business? Recommend an appropriate allocation of duties for the staff at Big State Computers. suggesting that he is not monitoring the processes very closely. taking into account population growth and climatic conditions  Schedule of maintenance for equipment coordinated with senior staff responsible for emergency response  Stores report on holdings of various parts. Overall. with integration with new equipment purchases  Stores maintain security systems and assign responsibility for staff member to coordinate with emergency response teams  Staff schedules and rosters approved by senior management with consideration of balance between maintenance and emergency response 6. There is no evidence of any unethical behaviour by the staff. These tasks were apparently the responsibility of the junior trainee. management involvement is a substitute for a large system of formal controls. under the supervision of Max. and the accounts in particular. rather than the administration side of the business. Max and Betty appear to have failed to establish good internal controls and to communicate and enforce the importance of the systems to their staff. (a) The accounts show that the controls over sales. In a small business.Chapter 7: Gaining an understanding of the client’s system of internal controls (b) suggested internal controls include:  responsibility for maintaining communication systems with emergency services assigned to a senior staff member at Powersys who also has information about staff rosters  HR department is made aware of staffing requirements for emergency response and reports to senior management on achievement of staff targets  HR department oversees policies and procedures for staff training to ensure that sufficient staff within the organisation have the required skills and qualifications  Scientific modelling of emergency situations.25 Segregation of duties in small business Required (a) Discuss the attitude and control consciousness of Big State Computers’ management. such as this. The fact that the bank has asked them to meet to discuss their worsening cash position also suggests that they are not managing their cash flow adequately. but they do not appear to have been adequately trained and/or appropriately selected for the positions they hold. An alternative would be for Max to do the banking and leave Sally responsible for transaction processing.10 . If there is a poor ethics/tone at the top. For example. It will be difficult to adequately segregate duties with only two staff in the area. Specifically. if Sally retains the task of banking. is there a commitment to integrity and ethical values in the organisation? What is management’s philosophy and operating style? Is there a win at all costs attitude and lack of respect for laws that affect the business? At the time of the audit there is an investigation by the ACCC. Max and Betty must perform additional review tasks. the auditor should consider whether the client is one that they wish to continue to audit.26 Control environment Required How does the above information affect your understanding of the control system at Cheetah Airways? The information available to the auditor raises questions over the tone at the top of Cheetah Airways because it is alleged to have engaged in cartel activities (activities relating to distorting the market for freight or passengers). has the auditor had any © John Wiley and Sons Australia. there could be questions about the audit client’s ability to continue as a going concern (although this would require many more customers to also leave). However. what did the auditor’s investigations disclose etc. monthly reports of debtor’s balances and transactions. Therefore. several customers of the audit client have taken their business elsewhere. This means that Sally and Max are the only two staff currently with administrative responsibilities. the auditor will have to document the action taken to investigate the matter and consider the integrity of the client. and could impact on the auditor’s opinion. (b) Segregation of duties should follow the broad principle that the following duties are segregated:  Authorisation or approval of transactions affecting assets  Custody of assets  Recording or reporting of transactions  Control over processing of a transaction should be separated from recording or reporting a transaction Sally is employed to help with administration. she should not be involved in recording transactions. but no prosecution against the client. Betty could take responsibility for stock control. particularly cash receipts. bank reconciliations etc. In the extreme case. This fact also raises questions for the auditor because it suggests that the client’s revenue has been adversely affected. such as separately reviewing all transactions over a certain limit. The other staff is a computer technician and a sales part-timer. In addition. and could be more adversely affected if other customers also take this action. or evidence of fraudulent or illegal activities. Ultimately. so that the sales staff are not involved in maintaining stock records as well as having access to the stock for making sales. 6.Solutions manual to accompany Auditing: a practical approach 2e involved in authorising and supervising transactions to a greater extent than if there were more staff. The auditor should reconsider the information it gathered at the time of taking over the client – what did the prior auditor disclose. Ltd 2013 6. and any impact on the auditor’s ability to perform the audit. Auditors should investigate the flight schedules for aircraft to determine if the distances flown are lower. or could be further evidence of poor control procedures at the client. 6. What could go wrong? The main risk for depreciation costs is that they are understated. Depreciation expense could also be understated if the rate is reduced or new additions to assets are not depreciated. Auditors should determine if the accounting policy to capitalise maintenance and amortisation over the maintenance period is reasonable under the accounting standards. What are the circumstances of the spill? Was there evidence of suitable precautions being taken or was management treating the potential problem lightly because the country is poor (currency devaluation issues suggest economic problems in Bangaloo)? Was there evidence of appropriate consideration of the risks of a chemical spill and the impact of the cost of clean-up on the company? What action has management taken to repair the damage? Is the company’s failure to repair the damage evidence of financial problems at the client? The petty theft could be simply a problem isolated to several dishonest employees. The information suggests that there are problems with the client’s control environment surrounding the chemical spill incident.27 Expense transaction risk Required Discuss the risk of misstatement for depreciation costs. Ltd 2013 6. Depreciation costs have decreased even though the cost of aircraft and engines has not changed. Alternatively.11 .Chapter 7: Gaining an understanding of the client’s system of internal controls difficulties in getting access to records and personnel it requires in order to do the audit? Has the client been able to offer the auditor any assurances about their integrity? The auditor may conclude that the bad publicity is unwarranted and the departure of several customers is more related to activities by the client’s competitors. ‘What could go wrong’ is that it will overstate profits and overstate the written down value for assets. Capitalising expenditure on maintenance that should be a cost of the period by designating it as improvements would understate expenses.28 Control environment Required Discuss the impact of the background material for Red Minerals on your likely assessment of entity-wide controls at Red Minerals. Is the resignation of the COO related to either the chemical spill or the theft? Does it signify that there are further problems at the client which the client has not provided information about to the auditor? What procedures have been adopted to find a replacement? © John Wiley and Sons Australia. the auditor may decide to resign from the audit engagement if the client is unable to provide the assurances required. This suggests that the scheduled period for maintenance is greater (a longer period before the next major maintenance is scheduled). 6. This would be justified if the aircraft are flying fewer kilometres each year (a possibility if the GFC has led to flight cancellations). been communicated from the board to management and more widely in the organization? 6.29 Revenue fraud risk Required Explain why the revenue in income statements is at significant risk of fraudulent financial reporting by management. However. Ltd 2013 6. In the case of Leopard Airways. as well as the ethical values of the organization. Has the board established suitable policies for dealing with the risk of operating in Bangaloo? What evidence can the auditor gather about Red Minerals’ management’ philosophy and operating style? What approach has management taken to establishing procedures to implement policies around the risk of chemical spills and control over company assets? How have the policies and procedures. © John Wiley and Sons Australia. Although both type of account are lower than previous years.12 . the decrease is not evenly distributed across the two types of account. The evidence from the financial statements suggests that there is a greater fall in revenue received in advance than in revenue. there is a risk that the amount of revenue received in advance is transferred to revenue too early because it would help management achieve their revenue and profit targets. The GFC creates additional pressures on management to achieve performance targets. including revenue growth and profit. as would be expected. This could occur if revenue received in advance is incorrectly treated as revenue of the period (revenue in advance would be decreased and revenue for the period would be increased). an alternative explanation is that the revenue in advance is lower because bookings for the next period have fallen even further than bookings for the current period.Solutions manual to accompany Auditing: a practical approach 2e The auditor should consider whether those charged with governance (board of directors) are aware of the problems and taking action. at wrong rates.13 . new purchases recorded as repairs © John Wiley and Sons Australia.30 Objectives of internal control Required (a) Give examples of transactions that would occur at Emerald Spa.Chapter 7: Gaining an understanding of the client’s system of internal controls 6. as required  Failure to record purchase of supplies. charging depreciation on furniture and equipment no longer used by the business. or claims for the wrong services  Ordering wrong supplies or sufficient supplies to meet demand  Failure to keep supplies safely locked away. Ltd 2013 6. services provided but not charged to customers or recorded in the accounts. failure to record depreciation because equipment not recorded as asset  Repairs to furniture and equipment recorded as new purchases of assets. (b) Explain what could go wrong with these transactions if the system of internal controls could not meet any of the seven generally accepted objectives of internal controls. such as oils. through inefficient use of equipment  Equipment and furniture not accounted for. electricity. duplicate receipts recorded  Not all cash receipts are banked intact in a timely manner  Failure to claim reimbursements from health insurance companies on behalf of clients. insurances. tax remittances. hair products  Electronic funds transfers to pay wages  Cheque payments for rent. advertising  Depreciation for furniture and equipment (b) Potential problems in transactions if control system does not meet objectives include:  Incorrect pricing used for customer services. or for staff that do not work for the business  Failure to control costs such as electricity. furniture purchases. incorrect cost of supplies recorded  Branch manager approves salary payments for hours not worked by staff. payment for supplies not received. not kept secure at the premises. (a) Transactions would include:  Cash receipts from customers for services  Reimbursement from health insurance companies for counselling and massage services  Credit purchases of supplies. Questions must be asked about more senior levels in IB if senior management of one department has a poor ethical attitude. rather than with an individual trader. should have detected the common occurrence of the risky trading behaviour. The organisation structure at IB could be deficient if there was not effective supervision of the foreign currency department. or at least have addressed them in full. how was this viewed by higher levels of management and those charged with governance? Did senior levels in the foreign currency department hide their attitudes from their supervisors.31 Control environment at a large company Required Discuss the control environment at International Bank assuming the press reports are correct. The attitude at senior levels was that if the trader was able to make a profit. or alerted senior management to excessive profitability based on risky activity. In addition. transaction level controls should have prevented or detected the large trades and unbalanced positions. through measures such as codes of conduct. The press reports do not suggest that the rogue trader or the supervisors lacked technical knowledge about foreign currency trading. adding weight to the view that more senior management were likely to have poor attitudes to ethical conduct. Control activities. © John Wiley and Sons Australia. There should have been stronger communication and enforcement of integrity and ethical values through the organisation. Ltd 2013 6. and encouraged risk taking in pursuit of profit. Other considerations: The risk assessment processes at IB appear to not have considered the potential problems in the foreign currency department. the official policies and procedures could be ignored. Which parts appear to be most deficient? The problems at International Bank (IB) appear to begin at the most senior levels of the foreign currency department. or overridden. such as performance reviews. Internal audit department of IB should have provided information on the risky trades to those charged with governance. HR policies and practices were either ignored or were nonexistent with respect to inculcating ethical attitudes and behaviour. The information system should have produced reports to more senior levels of these irregularities. Finally. or did those supervisors ‘turn a blind eye’ to the issue provided the department was profitable? The press reports suggest that the poor ethical attitudes are not confined to the foreign currency department.Solutions manual to accompany Auditing: a practical approach 2e 6.14 . Overall the most significant problem was with communication and enforcement of integrity and ethical values. This suggests that the control environment in the department did not reinforce integrity and ethical values. (b) Which duties in the above process should be segregated? (a) Requisition for stock prepared by stores sent to purchases department Approved vendor available? Refer to purchases manager to source approved supplier No Yes Funds available? No Request approval to exceed purchases limit Request approved? No Reject purchase requisition Yes Yes Create purchase order and send to vendor Stock receival process Receiving report.15 .Chapter 7: Gaining an understanding of the client’s system of internal controls 6. unit price and shipping agree to purchase order? Yes No Contact supplier to resolve discrepancy Supplier payment process Process purchase in purchase ledger © John Wiley and Sons Australia.32 Segregation of duties and documentation Required (a) Create a flowchart to represent the flow of transactions from the raising of a purchase order to cash payment. Ltd 2013 6. packing list and supplier invoice received Do quantities. Although some documentation is now being done. With direct monitoring. the stores which create the requisition and receive the goods are separate from the purchasing process. What advantages and disadvantages does this bring? (b) Assess the internal controls at Featherbed. The lines of accountability should be stronger and because of the © John Wiley and Sons Australia. Not shown on this flowchart. Ltd 2013 6. (b) There is little separation between the board and the senior management – Sarah is both CFO and director of both Featherbed and the Morris Group. Managers may also be tempted to override systems because they do not distinguish between their interests and the interests of the entity. which could be low. and supplier invoice are matched and reconciled. However. Only approved suppliers are used to ensure that they are reliable and the items meet the entity’s specifications. managers of smaller entities (who are usually also the owners) are able to have a greater personal involvement in all aspects of the business and are therefore able to monitor activities directly. The store’s manager is not permitted to make purchases directly with suppliers because there needs to be a segregation of the authority to commit the entity to purchasing goods and the custody of the goods.Solutions manual to accompany Auditing: a practical approach 2e (b) As indicated on the flowchart. permission is sought from purchases manager and the accountant for action. The accountant gives permission to create purchase orders if the purchases department does not have approved funds available. it is being done at a low level rather than being designed by senior management. Payment is not approved for processing until the purchase order. The control environment would be stronger if the CFO and the director positions were split Management philosophy and operating style are ‘laid back’. and there is a lack of clear information on whether Sarah is adequately supervising Peter. What changes would you recommend? (a) Small entities have limitations in their ability to implement a comprehensive control system. In addition. many departures from control systems could be detected. receiving report and packing list. approval for processing the payment would be required before the supplier is paid. without the necessary review procedures. The recording of purchases into the stock account is separated from the record keeping at the stores. making assessment of their design effectiveness more difficult. suggesting that formal control structures are not in place. There is a risk that the documentation will be incomplete. The purchases manager arranges for suppliers to be selected and approved. the payment process is separate from the purchases process. There are fewer employees in small entities. small entities usually do not have formal documentation of their control systems. Peter Pinn does not appear to be very active in reviewing the performance of the more junior staff.33 Internal control components (a) Explain how the internal control components are usually adjusted to meet the needs of small entities. At various points in the process. which means that segregation of incompatible duties is harder to organise. Also. The effectiveness of this direct monitoring is dependent on managers’ knowledge and interest in controls. 6.16 . Internal audit were involved in all stages of the installation of the new manufacturing costing system. The high level of security around information relating to product design.g. Bank reconciliations and reviews of journal postings should be done by Sarah or Peter. both Kristen and Julie are involved in opening mail. These duties should be segregated so that staff handling cash are also not able to record transactions. with the appropriate recommendations with respect to segregating duties and completion of documentation of policies and procedures. Ltd 2013 6. banking. and they should also be authorising transactions. The highly secure environment indicates that the control environment at Securimax has a focus on clear assignment of authority and responsibility and a formalised organisational structure.33. It also reflects management’s philosophy and operating style which rates security highly. as outlined in Professional Application Question 6. 6. Their role would have been to ensure that the integration with other systems (e. 6. the internal controls appear to have deficiencies. Consistent with this approach it would be expected that internal audit have a formal and important role in the organisation. processing transactions. It would be addressed to the chair of the board of Featherbed (Justin Morris). manufacturing and costing. efficiency and effectiveness) of the new system.17 . should include periodic reviews of transactions authorised and processed at lower levels. and payroll. The secure environment provides the foundation for the successful implementation of the new manufacturing costing system because data are secure and only certain personnel will have access to it.35 Components of internal control Required Select two (2) components of internal control. The documentation should be completed by Sarah and she should take more responsibility for overseeing the operations of the accounts department. sales) is correct.Chapter 7: Gaining an understanding of the client’s system of internal controls small size of the accounts department. There appears to be no separate HR function and there is a danger that payroll is not valid. Overall. The management letter would conform to the example in the text. Explain how the role of internal and external audit would differ in assessing these components in relation to the new manufacturing costing system.e. and the client identity and transactions is a key part of the internal control system at Securimax. Internal audit will also be interested in maintaining the secure environment and assessing the performance (i. It would explain the deficiencies in internal control. External audit would focus on understanding the control environment and assessing whether the control environment means that management has positive attitudes © John Wiley and Sons Australia. (1) Control Environment. Peter does not appear to be performing the necessary authorisation and supervision roles.34 Communication with management Write a management letter to Justin and Sarah Morris. There appears to be a lack of adequate segregation of duties. bank reconciliations. © John Wiley and Sons Australia. (3) Control activities The information provided does not explain the segregation of duties and physical controls relating to the new manufacturing costing system. A bonus structure can work against management attempts to communicate and enforce integrity and ethical values because it implies a reward for ‘cutting corners’ in order to increase sales. and whether the secure environment was maintained.Solutions manual to accompany Auditing: a practical approach 2e towards internal control systems. External audit would require an understanding of these matters in order to assess control risk for transactions relating to the costing system. 6. When such a bonus system is in place management have to work hard to communicate the core values and show through their philosophy and operating style that there is not a focus on increasing sales at all costs.18 . are authorised by appropriately senior staff. internal audit would assess the level of segregation and physical controls when determining the success of the implementation process. However. (2) Risk assessment process. Management will need to ensure that there is a commitment to competence through mechanisms such as HR recruitment and review policies and practices. What special factors would management have to have to consider? The sales bonus system would impact on the control environment at HCHG because it increases the focus on recorded sales and provides incentives for personnel to take actions to increase their bonus through increasing sales. The internal audit department would be involved in assessing how management handle the implementation and other risks. The external audit department would use the information from the internal audit department’s assessment to evaluate the level of risk to the financial accounts from any problems with the manufacturing costing system. The auditors would be interested in assessing how well the implementation of the new costing system was executed. The risk assessment process refers to management’s processes to identifying and responding to business risks. Management would also pay attention to ensuring that sales. Securimax has responded to the risk of using inaccurate costing data by installing the new manufacturing costing system. and performance reviews are used to guide sales staff towards the organisation’s objectives. However.36 Control environment Discuss the implications of the sales bonus system for the control environment within HCHG. Ltd 2013 6. there are risks involved with the installation and these would need to be managed. particularly those on credit to new customers. and its compliance with the relevant accounting standards. meeting the objectives of the internal control system (real. Therefore. the external auditor would have questions to address the control risks in the new manufacturing costing system. Ltd 2013 6. the potential questions would address the accuracy of information from the new system. Examples include:  How did the performance indicators address the effectiveness of the switchover? Who was responsible for the switch-over and how was the effectiveness measured for the purpose of performance review?  What changes were made to the information processing activities and how was their effectiveness assessed?  What physical controls are used to prevent unauthorised changes to the manufacturing costing system? The external auditor is required to gather evidence to support an opinion about the truth and fairness of the financial report. and not just making sure it was completed at the lowest possible cost. authorising transactions. The internal audit department was required to ‘make sure the switch-over worked without any problems’.19 . Therefore.Chapter 7: Gaining an understanding of the client’s system of internal controls 6. summarised.37 Control risks in new IT systems With reference to the ‘control activities’ component of internal control. reporting costs?  What controls exist to ensure that all product movements are recorded accurately?  What controls exist to ensure that invoices to customers are based on correct costs?  What controls exist to ensure that the correct labour costs are added to the manufacturing costs assigned to products? © John Wiley and Sons Australia. The auditor would require evidence that the transactions are processed accurately. including:  How are duties segregated with respect to approving changes to programs. formulate one question that each of internal audit and external audit will ask regarding the switch-over of the patient revenue systems by Gardens Nursing Home. recorded. valued. timely). classified. This means that the internal audit department was primarily focussed on the effectiveness of the switch-over. custody of raw materials and work in process. posted. Identify any follow-up questions you would like to ask the client if aspects of the process are not adequately explained. When stock balances at retailers get below a pre-determined amount (which is established and updated by the customer). Swift does not allow quantities to be ordered greater than the amount on hand in the warehouse. and cash receipt transactions for wholesale customers. NARRATIVE – Cloud 9 wholesale sales to cash receipts: A sales transaction begins with the receipt of the customer purchase order via the inventory management system.) Significant process Potential misstatement Assertions Transaction level internal controls Solution 1. you are asked to: 1. 3. To answer requirements 3 and 4. which is provided as a transcript (see appendix). Ltd 2013 6. Carla Johnson. Use as many rows as you need. Only those 3 employees have access to the file. In your absence. and received permission to tape the interview. draw up a worksheet using the following format. (You will complete the fourth column of the worksheet in the next chapter. Swift is a custom-made software package that has an interface through a secured site key to retailer inventory systems.Solutions manual to accompany Auditing: a practical approach 2e Case Study Cloud 9 You have been assigned the task of documenting the understanding of the process for recording sales. the financial report assertion that is affected. © John Wiley and Sons Australia. 2. accounts receivable. The price file is maintained by the sales manager and is reviewed monthly. Purchase orders are initiated in Swift based on a master price file and the available stock in the warehouse. Use the first three columns of the following worksheet to present your findings. Josh met with the Cloud 9 Pty Ltd financial controller. 4. Changes to the master file must be approved by the sales director and the finance director. Identify the potential misstatement that could occur in the sales to cash receipts process for wholesale sales. Identify.20 . the system automatically alerts the customer to complete a purchase order on-line. Using this interview transcript and other information presented in the case. for the misstatements in 3. Swift. Prepare a flowchart or narrative documenting your understanding of the sales to cash receipts process for wholesale sales. You could address such questions to Carla Johnson or any other employee you deem appropriate. Warehouse personnel collect the goods and take them to the packaging staging area. they scan the bar codes of each product with the hand held computer that is linked to Swift. When goods are returned. does the approval box get activated. the warehouse manager reviews the unfilled sales order report and contacts the customer service representative to notify the customer of when the expected delivery for their items would be. They sign off on the top copy of the dispatch note and leave it with the shipping supervisor prior to departure. This may result in credit limit increases being approved. Only when there is match. the system will generate the sales order. Upon delivery. The Shipping Supervisor electronically signs off on the dispatch note by entering his passcode to approve the dispatch note. Any undelivered items are returned to the cage. a warranty decline notice is printed and sent with the original goods back to the customer. This creates the dispatch note in Swift. © John Wiley and Sons Australia. a special sales order with $0 price is generated. For sales returns (where stores have over purchased). the sales manager reviews a listing of rejected purchase orders to follow up with the customer regarding the order. they confirm the total number of boxes in the staging area against the dispatch notes prior to loading in the truck/van. they are received in the warehouse and scanned. an exception report is generated to catch any shipments for which the final bill was not issued. The signed dispatch note file is checked regularly to catch any unmatched notes. if the return date is within 12 months of the sale date. In the morning. For warranty returns. Final invoices are printed in duplicate at 4pm each day and mailed to the customer. the customer signs the dispatch note confirming receipt of goods. The goods are boxed up and placed in the secure caged areas for the Cloud 9 drivers to pick up the following day.000 are also approved by the financial controller. the system automatically generates the invoice. That copy is sent to the billing team. At the end of the day. which is automatically matched to the sales order. The goods are tagged in the system as either “Warranty Return” or “Sales Return”. which is maintained in “draft” status for the billing team. After the print run.21 . a credit limit check is automatically performed by the system against pre-determined limits maintained in the customer master file. triggering a replacement pair to be sent to the customer following the normal shipment procedures. the warehouse manager downloads the outstanding sales orders to hand held computers for his team. the system will reject the order. Here. If the customer exceeds their limit. Ltd 2013 6. Once the credit check is successful. If the return date is greater than 12 months. Once the dispatch report is signed. All credit memos are electronically approved by the receiving manager.Chapter 7: Gaining an understanding of the client’s system of internal controls Once the purchase order is completed by the customer. Any credit memos greater than $10. a credit memo is generated in the system and the product is returned to inventory. The invoice copy and signed dispatch note are stapled and put on the customer’s file. For each order. The billing team matches the draft sales invoice to the returned dispatch note. drivers print the approved dispatch notes and arrange their delivery schedule. Each day. Daily. Bank reconciliations are prepared on a monthly basis by Carla and reviewed by David. backups) as well as help understand exactly what happens to the data that gets entered. there is such a reliance on the IT systems that the audit team would want to get an IT specialist involved to help review the general controls (access.Solutions manual to accompany Auditing: a practical approach 2e Once the invoice is printed. how are they packaged?  Do the drivers check their loads against the dispatch notes prior to departing the warehouse or during their deliveries? How is this evidenced? For the warehouse manager  How do you ensure all sales orders are filled?  What happens if a product is returned? For Carla Johnson (to represent finance)  What happens if the batch posting report doesn’t reconcile to the bank report?  How do you know to what invoice the payment relates?  Do you ever have cash that you can’t determine what customer or invoice against which it should be applied? For an IT Manager Overall. The amounts are applied to the customer’s accounts receivable balance in the sub-ledger system. Ltd 2013 6. students should ask the following questions for further information or clarification: For the sales manager  How often are prices changed? What is the process for making a change to the master price list? Who has access to the master price lists?  What are the mechanics of the credit check the system performs? Who set the limits? What happens if they are over their limits? How are the limits changed? For the shipping supervisor  How are the goods prepared for delivery – i. The system automatically posts the sales in the subledger to general ledger. the AR clerk downloads from on-line banking the receipts received the previous day. change management.22 . 2. Most customers pay by EFT. Additional questions: From the interview transcript.e. The dummy account balance is reviewed weekly for unapplied balances that need follow-up. Each morning. That reconciliation is reviewed and approved by Carla. Once each receipt is entered. the receivables and sales entries are recorded automatically by the system. Any unapplied cash receipts are posted to a dummy account until they can be cleared against a specific customer. © John Wiley and Sons Australia. a batch report of postings to Accounts Receivable is generated and reconciled back to the direct banking receipts. Completeness Accounts Receivable Completeness. Inventory .Completeness.Valuation Cash receipts in foreign currencies are incorrectly valued (e. Accounts Receivable and Cash. Inventory .Valuation. Sales transaction is not recorded upon shipment of goods.Existence Sales . Ltd 2013 6. COGS Accuracy Allowance for Bad Debt Completeness Sales . Cash . Accounts Receivable . COGS . Cash receipts recorded differ from Accounts Receivable amounts deposited.Completeness.Chapter 7: Gaining an understanding of the client’s system of internal controls 3 & 4: Potential misstatements and assertions The Wholesale Sales to Cash Receipts process includes transactions recorded in Sales. Students should have identified the following potential errors: Significant Potential Misstatements Process Sales/Accounts Credit memos are not issued or Receivable recorded for returns on a timely basis or at all.g.Occurrence.Occurrence. Duplicate/false sales transactions are recorded. Cash Receipts Cash receipts are not recorded when received. Sales transaction is recorded when goods not shipped. Accounts Receivable .Existence. Accounts Receivable Completeness. Accounts Receivable . Completeness and Existence. Invoice misstates the quantity of goods shipped or incorrect pricing.Completeness and Existence © John Wiley and Sons Australia. Accounts Receivable .23 . Sales journal/sub-ledger is incorrectly posted to G/L or does not reconcile.Completeness Sales . Assertions Sales . Allowance for Bad Debt Completeness Sales .Accuracy.Occurrence. Cash . by using the incorrect exchange rate). COGS – Occurrence Sales .Valuation. Cash Completeness Accounts Receivable Valuation.Existence. Proper credit authorisation is not obtained for wholesaler transactions. Inventory Existence. This would lead to a discrepancy between the general ledger and the underlying AR subledger.24 . Cash Completeness Cash .Existence Cash . Accounts Receivable Completeness. Ltd 2013 6. Duplicate postings of cash receipts are made to the general ledger. Totals in cash receipts journal are incorrectly posted.Completeness © John Wiley and Sons Australia.Solutions manual to accompany Auditing: a practical approach 2e Cash receipts and transfers are recorded in the wrong period.